It is actually supposed to go negative in the loop over num_negative
pics, but underflow does not break anything as the result is then
assigned to a signed int.
There are lots of files that don't need it: The number of object
files that actually need it went down from 2011 to 884 here.
Keep it for external users in order to not cause breakages.
Also improve the other headers a bit while just at it.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
HEVCHdrParams* receives a pointer which points to a dynamically
allocated memory block. It causes the memcmp always returning 1.
Add a function to do the comparision. A condition is also added to
avoid malloc(0).
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Tong Wu <tong1.wu@intel.com>
Signed-off-by: James Almer <jamrial@gmail.com>
These were defined in a way compatible with the Vulkan HEVC acceleration, which
expects bitmasks, yet the fields were being overwritting on each loop with the
latest read value.
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: index 32 out of bounds for type 'uint32_t [32]'
Fixes: 63003/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4685160840560640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Avoids allocations and error checks for these allocations;
e.g. syncing buffers across threads can't fail any more
and needn't be checked. It also gets rid of casts and
indirections.
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: fc429d785e
cpb_cnt used to be initialized to 1 before
fc429d785e so cpb_cnt_minus1 should be
initialized to 0.
Also add +1 to the decode_sublayer_hrd call to account for the change to
the offset
These defines are also used in other contexts than just AVCodecContext
ones, e.g. in libavformat. Furthermore, given that these defines are
public, the AV-prefix is the right one, so deprecate (and not just move)
the FF-macros.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
From the spec: "It is a requirement of bitstream conformance that
the value of luma_bit_depth_entry_minus8 shall be equal to
the value of bit_depth_luma_minus8"; similarly for chroma.
Also fixes Coverity ticket #1529226 (complaining about the fact
that chroma_bit_depth_entry is checked twice).
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: signed integer overflow: -2147483648 - 5 cannot be represented in type 'int'
Fixes: 58066/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5312995835379712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Also remove the _minus8 part of the name to be in line with the rest of the
decoder, and fix the storage type for pps_palette_predictor_initializer,
to support hbd values.
Signed-off-by: James Almer <jamrial@gmail.com>
num_ref_idx_l0_active_minus1, num_ref_idx_l1_active_minus1,
num_ref_idx_l0_default_active_minus1, and num_ref_idx_l1_default_active_minus1
are all in the range 0 to 14, inclusive.
Signed-off-by: James Almer <jamrial@gmail.com>
Also remove the _plus* and _minus* parts of some of these to be in line with
other similar fields in the decoder.
Signed-off-by: James Almer <jamrial@gmail.com>
The spec says: "The value of num_ref_loc_offsets shall be in the range of 0 to
vps_max_layers_minus1, inclusive".
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: Writing arbitrarily over the array end
Fixes: 57812/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4536557859373056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
1. Add extension syntax according to 7.3.2.2.3/7.3.2.3.3 in T-REC-H.265-201911.
2. Keep using parsed PPS when bitstream overread for compatibility. For
example, the clip PS_A_VIDYO_3.bit in FATE test has incomplete extension
syntax which will be overread and un-decodable if without this change.
3. Format brace in pps_range_extensions().
Signed-off-by: Linjie Fu <linjie.justin.fu@gmail.com>
Signed-off-by: Haihao Xiang <haihao.xiang@intel.com>
Signed-off-by: Fei Wang <fei.w.wang@intel.com>
Described in HEVC spec A.3.7. Bump minor version and add APIchanges
entry for new added profile.
Signed-off-by: Linjie Fu <linjie.justin.fu@gmail.com>
Signed-off-by: Fei Wang <fei.w.wang@intel.com>
Fixes: signed integer overflow: 2147483640 + 8 cannot be represented in type 'int'
Fixes: 28449/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5686013259284480
Reviewed-by: James Almer <jamrial@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Parse all the constraint flags according to ITU-T Rec. H.265 (02/2018).
They have to be passed to hw decoders to determine the exact profile for Range
Extension HEVC.
Signed-off-by: Linjie Fu <linjie.fu@intel.com>
Since reading 4 bits always returns a value in the range [0, 15], the
check for vps_id >= HEVC_MAX_VPS_COUNT, where HEVC_MAX_VPS_COUNT = 16, is redundant.
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
From 7.4.3.3.1:
num_tile_columns_minus1 shall be in the range of 0 to PicWidthInCtbsY - 1, inclusive.
num_tile_rows_minus1 shall be in the range of 0 to PicHeightInCtbsY - 1, inclusive.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
Anton Khirnov
Michael Niedermayer
Andreas Rheinhardt
James Almer
Tong Wu
llyyr
Lynne
Clement Lecigne
Linjie Fu
Andriy Gelman