Fixes: signed integer overflow: 8398407 * 300 cannot be represented in type 'int'
Fixes: 23914/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4702539290509312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fill the array with the software pix_fmt and move the avctx->hwaccel
check back to the proper place.
Also remove the avoid probing flag to ensure an external av1 decoder
will not set a pix_fmt we don't want during format probing.
Signed-off-by: James Almer <jamrial@gmail.com>
Let the internal decoder take care of it, as frame reordering
may result in different values exported by either module.
Signed-off-by: James Almer <jamrial@gmail.com>
This AV1 decoder is currently only used for hardware accelerated decoding.
It can be extended into a native decoder in the future, so set its name to
"av1" and temporarily give it the lowest priority in the codec list.
Signed-off-by: Fei Wang <fei.w.wang@intel.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: -2.4187e+09 is outside the range of representable values of type 'int'
Fixes: signed integer overflow: -14512205 + -2147483648 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Fixes: 23528/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: index -1 out of bounds for type 'const uint8_t [6][16]'
Fixes: out of array read
Fixes: shift exponent -21 is negative
Fixes: 25422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5748258226569216
Fixes: shift exponent 8039082 is too large for 32-bit type 'int'
Fixes: 25430/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5698567770210304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
show all input/output names when the input or output name not correct
Signed-off-by: Ting Fu <ting.fu@intel.com>
Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
ff_formats_ref() takes a pointer to an AVFilterFormats and a pointer to
a pointer to an AVFilterFormats as arguments and adds the latter as an
owner to the list pointed to by the former; the latter is hereby always
the address of a list contained in an AVFilterFormatsConfig and can
therefore not be NULL. So remove the check for whether it is NULL; also
do the same for ff_channel_layouts_ref().
Also do the same for the unref functions where argument is never NULL
because it is always the address of an existing lvalue.
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Before commit 2f76476549, avfilter.h
contained no typedef for AVFilterChannelLayouts; all references to it
were done using its struct tag. formats.h meanwhile contained the
definition of the struct and a typedef for it. Said commit now added a
typedef in avfilter.h, too, bringing it in line with AVFilterFormats;
yet this means that there are two typedefs for AVFilterChannelLayouts
(in contrast to AVFilterFormats which is only typedef'ed in avfilter.h).
The problem is that older versions of GCC don't like this and error out:
http://fate.ffmpeg.org/history.cgi?slot=x86_64-openbsd5.6-gcc4.2-conf2
is one of the FATE boxes that now fail to compile. So just remove the
typedef in formats.h.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
The user has no business modifying the underlying AVCodec.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
libavcodec major version is already 58.
Reviewed-by: Nicolas George <george@nsup.org>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
av_read_frame() can handle uninitialized packets.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
init_subtitles() sometimes returned directly upon error without cleaning
up after itself. The easiest way to trigger this is by using
picture-based subtitles; it is also possible to run into this in case of
missing decoders or allocation failures.
Furthermore, return the proper error code in case of missing decoder.
Reviewed-by: Nicolas George <george@nsup.org>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
av_read_frame() can handle uninitialized packets.
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Happened on several error conditions, e.g. if there is just no decoder
for the format (like with svg images).
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Instead move the extradata contained in packet side-data to its
destination. This is possible because the side data already has zeroed
padding.
Notice that the check for FF_MAX_EXTRADATA_SIZE has been dropped,
because said constant is from libavcodec/internal.h. If libavcodec
wanted to enforce this, it should do so in the extract_extradata BSF
instead.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
If a sequence header has already been found, it is certain that next
startcode (being disjoint from the sequence header startcode) can begin
at index four at the earliest.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Fixes: Regression since 1f20969457
Found-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
There are compiler and runtime check for MSA and MMI.
Remove the redundant setting of MSA and MMI for cores specified by "--cpu".
Signed-off-by: Shiyou Yin <yinshiyou-hf@loongson.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Test case fate-checkasm-h264pred failed in latest community code.
This patch fixed the bug.
Signed-off-by: Shiyou Yin <yinshiyou-hf@loongson.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
If allocating the AVFrame to contain a decoded frame fails, the AVPacket
containing the data intended to be decoded leaks. This commit fixes
this.
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
The movie and amovie filters currently use two packets. One of the two,
pkt0, is the owner of the returned packet; it is also the destination
packet for av_read_frame(). The other one pkt is initially (i.e. after
av_read_frame()) a copy of pkt0; copy means that the contents of both
are absolutely the same: They both point to the same AVBufferRef and the
same side data. This violation of the refcounted packet API is only
possible because pkt is not considered to own its data. Only pkt0 is
ever unreferenced.
The reason for pkt's existence seems to be historic:
The API used for decoding audio (namely avcodec_decode_audio4()) could
consume frames partially, i.e. it could return multiple frames for one
packet and therefore it returned how much of the input buffer had been
consumed. The caller was then supposed to update the packet's data and
size pointer to reflect this and call avcodec_decode_audio4() again with
the updated packet to get the next frame.
But before the introduction of refcounted AVPackets where knowledge and
responsibility about what to free lies with the underlying AVBuffer such
a procedure required a spare packet (or one would need to record the
original data and size fields separately to restore them before freeing
the packet; notice that this code has been written when AVPackets still
had a destruct field). But these times are long gone, so just remove the
secondary AVPacket.
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
av_read_frame() already returns clean packets on error.
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This code mostly duplicates code in the deinit function; the only
exception is av_opt_free(): The options are freed generically lateron.
Reviewed-by: Ridley Combs <rcombs@rcombs.me>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>