The JPEG XL parser has an entropy decoder inside, which supports LZ77
length-distance pairs. If the first symbol from the entropy stream is an
LZ77 pair, the bitstream is invalid, so we should abort immediately rather
than attempt to read it anyway (which would read from the uninitialized
starting window).
Reported-by: Kacper Michajłow <kasper93@gmail.com>
Found-by: ossfuzz
Fixes: 368725676/clusterfuzz-testcase-minimized-fuzzer_protocol_file-6022251122589696-cut
Fixes: 42537758/clusterfuzz-testcase-minimized-fuzzer_protocol_file-5818969469026304-cut
Signed-off-by: Leo Izen <leo.izen@gmail.com>
This commit introduced a regression to VVC_HDR_UHDTV1_OpenGOP_3840x2160_50fps_HLG10_mosaic.ts.
Root Cause:
The AV_CEIL_RSHIFT(a, b) macro uses bit tricks that work only when -a is a negative value.
However, due to integer promotion rules, this behavior does not extend to the unsigned int type.
See "6.3.1.1 Boolean, characters, and integers" in the "ISO/IEC 9899" for details.
Reported-by: Frank Plowman <post@frankplowman.com>
(cherry picked from commit c49001e338)
And wrap the implemtation in preprocessor checks.
Should fix ticket #11282.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 9ec042c1aa)
When vulkan rendering is requested by the user and fails, ffplay should
exit graciously instead of crash due to a null pointer deref.
Signed-off-by: Leandro Santiago <leandrosansilva@gmail.com>
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
(cherry picked from commit fd0cacc472)
Fixes compile error on windows with decklink:
In file included from ./libavformat/os_support.h:175,
from ./libavformat/internal.h:30,
from libavdevice/decklink_common.cpp:25:
./libavutil/wchar_filename.h: In function 'int wchartocp(unsigned int, const wchar_t*, char**)':
./libavutil/wchar_filename.h:59:32: error: invalid conversion from 'void*' to 'char*' [-fpermissive]
59 | *filename = av_malloc_array(num_chars, sizeof **filename);
| ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| void*
Regression since e9e8bea2e7.
Fixes ticket #11103.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 9b0128aa76)
This test utilizes an MPEG-TS sample from FATE suite, yet was
marked as not requiring samples.
Reviewed-by: Jan Ekström <jeebjp@gmail.com>
(cherry picked from commit 3565903c63)
Ideally lavfi should have a dedicated API for detecting this.
Fixes#11168 and #11061
(cherry picked from commit 9e2a231236)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Broken after 7753a9d627. Apply only the
whitelist early, and the rest with a single call to av_opt_set_dict2()
with AV_OPT_SEARCH_CHILDREN, which should be equivalent to the original
behaviour.
Reported-by: Cameron Gutman <aicommander@gmail.com>
(cherry picked from commit 9ce63e65d6)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Note1: when the EOF pts is not accurate enough, the last frame
can be dropped by vf_fps with default rounding.
Note2: vf_scale use framesync since e82a3997cd,
so this is a very commonplace scenario.
For example:
./ffprobe -f lavfi testsrc=d=1,scale,fps -of flat \
-count_frames -show_entries stream=nb_read_frames
Before:
streams.stream.0.nb_read_frames="24"
After:
streams.stream.0.nb_read_frames="25"
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit de976eaf30)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This adds VAAPIEncodeContext *ctx that has been removed
in aa82340b0c.
Signed-off-by: Ingo Brückl <ib@oddnet.de>
(cherry picked from commit 5557c673ea)
This file is never included explicitly anywhere else, it's only
included implicitly by passing -Pconfig.asm on the command line.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5c4ede6b4f)
Depending on the magnitude of the output values, the potential
errors can be larger.
This fixes errors in the lls tests on x86_32 for some seeds,
observed with GCC 11 (on Ubuntu 22.04, with the distro compiler,
with -m32).
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 6668268e16)
Use "bx lr", or "pop {lr}", which do proper mode switching
between thumb and arm modes. A plain "mov pc, lr" does not switch
from thumb mode to arm mode (while in arm mode, it does switch
mode for a thumb caller).
This is normally not an issue, as CONFIG_THUMB only is enabled if
the C compiler defaults to thumb; but stick to patterns that can
do mode switching if needed, for consistency.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 77e6293735)
The log message was logged for `filtergraphs[j]` which would cause a
heap buffer overflow in certain circumstances.
Correctly it should be logged for the current filtergraph, so just
use `fg` here.
(cherry picked from commit 5beeb3a1f9)
When crop is skipped, av_strlcatf will access `str` which isn't
initialized properly.
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
(cherry picked from commit eff9ed7bff)
It's similar to av_get_frame_filename2 but with int64_t number
support. Make av_get_frame_filename* a wrapper over
ff_get_frame_filename.
Co-authored-by: Filip Mašić <shoutplenty@gmail.com>
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
(cherry picked from commit a2d9663241)
Otherwise, things like ICC profiles as read from the colr box meant for an item
with no stream (like a grid) may end up being added to the wrong stream.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 04182b5549)
Fixes: Ticket5405
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a9c83e43f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The unaligned width test cases fail on i386; we have an assembly
function of rgb24toyv12 which is enabled only within
"#if ARCH_X86_32 && HAVE_7REGS", which seems to fail these new
test cases for unaligned widths.
As that assembly function has existed for a long time in that form,
the issue probably isn't very recent, thus skip testing these cases
for now.
Once the assembly function has been fixed, these test cases can
be readded.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 157ce21939)
Signed-off-by: Martin Storsjö <martin@martin.st>
In case of errors in this function, the allocated context
was not properly freed in several cases.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 8e76c99301)
In the early return when both draw_bars and signal_loss_action
options are used, the context allocated previously was not
properly freed.
Introduced in 9bcb86b0fa
Fixes CID1619296
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 7554346cb5)
An error from read_number() is non-fatal here and should not be
forwarded.
(cherry picked from commit 505fea34e5)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This was broken in 2fb2cd5c79 and
74553f0026, making a simple make fate-mov fail
and most of the test not run with a simple make fate.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 8b4e32f30b)
Fixes: OOM and Timeout
Fixes: 71254/clusterfuzz-testcase-minimized-ffmpeg_SWR_fuzzer-5941896977907712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Rémi Denis-Courmont
Leo Izen
Kacper Michajłow
Nuo Mi
James Almer
Anton Khirnov
Leandro Santiago
Marton Balint
Emily
Nicolas Gaullier
Ingo Brückl
Martin Storsjö
Gyan Doshi
Marvin Scholz
Zhao Zhili
Michael Niedermayer
Brad Smith
Lynne