Freeing the new H.264 specific fields has been forgotten.
(This leak only appears in case the encoder has not been completely
drained.)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Up until now, it has only been freed when the QSVFrame is reused,
so that the last one contained in it leaked at the end.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Since commit 3bbe0c210b, the Payloads
array of every QSVFrame leaks as soon as the frame is reused;
the leak is small and not very noticeable, but if there is an attempt
to use said array the ensuing crash is much more noticeable.
This happens when encoding H.264 with A53 CC side data.
Furthermore, if said array can not be allocated at all, an AVFrame
leaks.
Fix all of this by not allocating the array separately at all; put it
in QSVFrame instead and restore the Payloads array upon reusing the
frame.
Finally, use av_freep() instead of av_free() to free the payload
entries.
Reviewed-by: Xiang, Haihao <haihao.xiang@intel.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
If fifo_thread_recover() succeeds immediately after
fifo_thread_dispatch_message() fails, the dts of the packet is scaled
twice, causing cur_dts to be abnormally large and "Application provided
invalid, non monotonically increasing dts to muxer in stream" to occur
repeatedly.
Steps to reproduce:
1. ffmpeg -f lavfi -i testsrc -c:v libx264 -map 0:v -flags +global_header -f fifo -fifo_format flv -attempt_recovery 1 -recover_any_error 1 rtmp://example.com/livekey
2. set a breakpoint on fifo_thread_recover
3. force disconnect from the rtmp server
4. wait for break
5. reconnect to the rtmp server
6. resume execution of ffmpeg
Signed-off-by: Ryoji Gyoda <gy.cft4@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
FLV AMF tags have a 24bit field for timestamps plus an 8bit for extended
timestamps.
All FLV AMF tags except when we write metadata handle this correctly
using the put_timestamp function.
Until now when writing metadata we were only using the first
24 bits and thus the timestamp value was wraping around 4 hours 40
minutes (16,800,000 ms, max 24 bit value 16,777,216) of playback.
This commit fixes this applying this same function put_timestamp
for the metadata FLV tag.
Signed-off-by: Marton Balint <cus@passwd.hu>
This debug code can be quite slow on constructed streams
Fixes: Timeout
Fixes: 38907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6334628852531200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -776522110086937600 * 16 cannot be represented in type 'long'
Fixes: 40563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644829447127040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: Timeout
Fixes: 40481/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-6502647583080448
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This was almost completely redundant. The only functionality that's no longer
available after this removal is the videotoolbox_pixfmt arg, which has been
obsolete for several years.
In order to know that the earlier code did not use uninitialized
values one needs to know that the lowest four bits of each used
value of pframe_block4x4_coefficients_tab do not vanish identically.
E.g. Coverity did not get this and warned about it in ticket #1466632.
Fix this by slightly rewriting the code.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes a mistake in dea673d0d5.
GCC emitted a -Wint-in-bool-context warning because of that.
Reviewed-by: Soft Works <softworkz@hotmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Due to reasons, mpv doesn't pass filename when probing. mpv also sets
default probescore threshold to 26. Since the current jpeg_probe
implementation returns 25 until EOI, it means that the whole image needs
to be probed to succeed. Worse, the whole image is not passed at once;
increasingly large buffers are tried before that. Adding it up together,
if many demuxers are enabled, moderately large JPEG files (few MB) can
take several seconds to open, despite taking less than 1 second to
actually decode.
Therefore, adjust the heuristic to be more optimistic if proper JFIF or
Exif segments are found. While not strictly required, the vast majority
of JPEG-ish files have one or the other or both.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The check for m->size >= 0xF000 is intended to avoid skipping too much
garbage data between JPEG frames in test_roman (thus missing next SOI),
but it erroneously also skips valid markers between SOI and SOS. Instead
of this, we should simply skip parsing markers other than SOI after EOI.
That way, we will not accidentally skip over SOI due to some garbage
between frames. There is still a small risk of encountering FFD8 in the
garbage data, but the chance of this is fairly low.
Fixes: https://trac.ffmpeg.org/ticket/8967
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
For most check_bitstream() functions this just avoids having
to dereference s->streams[pkt->stream_index] themselves; but for
meta-muxers it will allow to forward the packet to stream with
a different stream_index (belonging to a different AVFormatContext)
without using a spare packet.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The types used by the AVFifo API are inconsistent:
av_fifo_(space|size)() returns an int; av_fifo_alloc() takes an
unsigned, other parts use size_t. This commit therefore ensures
that the size of the muxing_queue FIFO never exceeds INT_MAX.
While just at it, also make sure not to call av_fifo_size()
unnecessarily often.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This reverts commit 5258f64a14.
The premise of said commit (that conversions from pointer to int
are ok) is wrong: C99/C11 6.3.2.3 5: "Any pointer type may be converted
to an integer type. [...] If the result cannot be represented in the
integer type, the behavior is undefined." (C90 6.3.4 contains a similar
restriction.) So don't disable -Wpointer-to-int-cast.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
h263_get_motion_length() forgot to take an absolute value;
as a consequence, a negative index was used to access an array.
This leads to potential crashes, but mostly it just accesses what
is to the left of ff_mvtab (unless one uses ASAN), thereby defeating
the purpose of the AV_CODEC_FLAG2_NO_OUTPUT because the sizes of
the returned packets differ from the sizes the encoder would actually
have produced.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Andreas Rheinhardt
Ryoji Gyoda
softworkz
asilvestre
Michael Niedermayer
Limin Wang
James Almer
rcombs
Alex Xu (Hello71)
Lynne