[FFmpeg-cvslog] avcodec/vp9_raw_reorder_bsf: Check for existence of data before reading it
ffmpeg | branch: master | Andreas Rheinhardt |
Thu May 28 16:57:06 2020 +0200| [ab25b6aee6295b6fb77c076c85c89df9f2af08e7] |
committer: Andreas Rheinhardt
avcodec/vp9_raw_reorder_bsf: Check for existence of data before reading it
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ab25b6aee6295b6fb77c076c85c89df9f2af08e7
---
libavcodec/vp9_raw_reorder_bsf.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavcodec/vp9_raw_reorder_bsf.c b/libavcodec/vp9_raw_reorder_bsf.c
index f98752c775..e7d301cb85 100644
--- a/libavcodec/vp9_raw_reorder_bsf.c
+++ b/libavcodec/vp9_raw_reorder_bsf.c
@@ -292,6 +292,11 @@ static int vp9_raw_reorder_filter(AVBSFContext *bsf,
AVPacket *out)
return err;
}
+if (!in->size) {
+av_packet_free(&in);
+return AVERROR_INVALIDDATA;
+}
+
if ((in->data[in->size - 1] & 0xe0) == 0xc0) {
av_log(bsf, AV_LOG_ERROR, "Input in superframes is not "
"supported.\n");
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp9_superframe_bsf: Check for existence of data before reading it
ffmpeg | branch: master | Andreas Rheinhardt |
Wed May 27 10:54:44 2020 +0200| [c12e8c97b13f33897bd9c6095432c9740504f5c7] |
committer: Andreas Rheinhardt
avcodec/vp9_superframe_bsf: Check for existence of data before reading it
Packets without data need to be handled specially in order to avoid
undefined reads. Pass these packets through unchanged in case there
are no cached packets* and error out in case there are cached packets:
Returning the packet would mess with the order of the packets;
if one returned the zero-sized packet before the superframe that will
be created from the packets in the cache, the zero-sized packet would
overtake the packets in the cache; if one returned the packet later,
the packets that complete the superframe will overtake the zero-sized
packet.
*: This case e.g. encompasses the scenario of updated extradata
side-data at the end.
Fixes: Out of array read
Fixes:
45722/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_SUPERFRAME_fuzzer-5173378975137792
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c12e8c97b13f33897bd9c6095432c9740504f5c7
---
libavcodec/vp9_superframe_bsf.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/libavcodec/vp9_superframe_bsf.c b/libavcodec/vp9_superframe_bsf.c
index 349d43d62e..a0978c7ef0 100644
--- a/libavcodec/vp9_superframe_bsf.c
+++ b/libavcodec/vp9_superframe_bsf.c
@@ -108,6 +108,15 @@ static int vp9_superframe_filter(AVBSFContext *ctx,
AVPacket *pkt)
if (res < 0)
return res;
+if (!pkt->size) {
+/* In case the cache is empty we can pass side-data-only packets
+ * through unchanged. Otherwise, such a packet makes no sense. */
+if (!s->n_cache)
+return 0;
+res = AVERROR_INVALIDDATA;
+goto done;
+}
+
marker = pkt->data[pkt->size - 1];
if ((marker & 0xe0) == 0xc0) {
int nbytes = 1 + ((marker >> 3) & 0x3);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp9_superframe_split_bsf: Discard invalid zero-sized frames
ffmpeg | branch: master | Andreas Rheinhardt |
Thu May 28 15:53:56 2020 +0200| [d20ef30f534151ce749b064034c339562724cc34] |
committer: Andreas Rheinhardt
avcodec/vp9_superframe_split_bsf: Discard invalid zero-sized frames
They are invalid in VP9. If any of the frames inside a superframe
had a size of zero, the code would either read into the next frame
or into the superframe index; so check for the length to stop this.
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d20ef30f534151ce749b064034c339562724cc34
---
libavcodec/vp9_superframe_split_bsf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/vp9_superframe_split_bsf.c
b/libavcodec/vp9_superframe_split_bsf.c
index 2a068a6898..98f5cc83d0 100644
--- a/libavcodec/vp9_superframe_split_bsf.c
+++ b/libavcodec/vp9_superframe_split_bsf.c
@@ -70,7 +70,7 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx,
AVPacket *out)
frame_size |= bytestream2_get_byte(&bc) << (j * 8);
total_size += frame_size;
-if (frame_size < 0 || total_size > in->size - idx_size) {
+if (frame_size <= 0 || total_size > in->size - idx_size) {
av_log(ctx, AV_LOG_ERROR,
"Invalid frame size in a superframe: %d\n",
frame_size);
ret = AVERROR(EINVAL);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp9_superframe_split_bsf: Don't read inexistent data
ffmpeg | branch: master | Andreas Rheinhardt |
Tue Mar 22 23:50:54 2022 +0100| [d311d820a77550740d3b868440e476adaf12a872] |
committer: Andreas Rheinhardt
avcodec/vp9_superframe_split_bsf: Don't read inexistent data
Fixes: Out of array read
Fixes:
45137/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_SUPERFRAME_SPLIT_fuzzer-4984270639202304
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d311d820a77550740d3b868440e476adaf12a872
---
libavcodec/vp9_superframe_split_bsf.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/vp9_superframe_split_bsf.c
b/libavcodec/vp9_superframe_split_bsf.c
index 98f5cc83d0..cddd48119c 100644
--- a/libavcodec/vp9_superframe_split_bsf.c
+++ b/libavcodec/vp9_superframe_split_bsf.c
@@ -51,6 +51,9 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx,
AVPacket *out)
return ret;
in = s->buffer_pkt;
+if (!in->size)
+goto passthrough;
+
marker = in->data[in->size - 1];
if ((marker & 0xe0) == 0xc0) {
int length_size = 1 + ((marker >> 3) & 0x3);
@@ -121,6 +124,7 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx,
AVPacket *out)
out->pts = AV_NOPTS_VALUE;
} else {
+passthrough:
av_packet_move_ref(out, s->buffer_pkt);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_libplacebo: update for new tone mapping API
ffmpeg | branch: master | Niklas Haas | Fri Mar 25 13:18:39
2022 +0100| [e301a24fa191ad19574289b765ff1946b23c03f3] | committer: Niklas Haas
avfilter/vf_libplacebo: update for new tone mapping API
Upstream gained a new tone-mapping API, which we never switched to. We
don't need a version bump for this because it was included as part of
the v4.192 release we currently already depend on.
Some of the old options can be moderately approximated with the new API,
but specifically "desaturation_base" and "max_boost" cannot. Remove
these entirely, rather than deprecating them. They have actually been
non-functional for a while as a result of the upstream deprecation.
Signed-off-by: Niklas Haas
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e301a24fa191ad19574289b765ff1946b23c03f3
---
libavfilter/vf_libplacebo.c | 112 +++-
1 file changed, 89 insertions(+), 23 deletions(-)
diff --git a/libavfilter/vf_libplacebo.c b/libavfilter/vf_libplacebo.c
index 31ae28ac38..8ce6462c66 100644
--- a/libavfilter/vf_libplacebo.c
+++ b/libavfilter/vf_libplacebo.c
@@ -26,6 +26,33 @@
#include
#include
+enum {
+TONE_MAP_AUTO,
+TONE_MAP_CLIP,
+TONE_MAP_BT2390,
+TONE_MAP_BT2446A,
+TONE_MAP_SPLINE,
+TONE_MAP_REINHARD,
+TONE_MAP_MOBIUS,
+TONE_MAP_HABLE,
+TONE_MAP_GAMMA,
+TONE_MAP_LINEAR,
+TONE_MAP_COUNT,
+};
+
+static const struct pl_tone_map_function * const
tonemapping_funcs[TONE_MAP_COUNT] = {
+[TONE_MAP_AUTO] = &pl_tone_map_auto,
+[TONE_MAP_CLIP] = &pl_tone_map_clip,
+[TONE_MAP_BT2390] = &pl_tone_map_bt2390,
+[TONE_MAP_BT2446A] = &pl_tone_map_bt2446a,
+[TONE_MAP_SPLINE] = &pl_tone_map_spline,
+[TONE_MAP_REINHARD] = &pl_tone_map_reinhard,
+[TONE_MAP_MOBIUS] = &pl_tone_map_mobius,
+[TONE_MAP_HABLE]= &pl_tone_map_hable,
+[TONE_MAP_GAMMA]= &pl_tone_map_gamma,
+[TONE_MAP_LINEAR] = &pl_tone_map_linear,
+};
+
typedef struct LibplaceboContext {
/* lavfi vulkan*/
FFVulkanContext vkctx;
@@ -91,12 +118,16 @@ typedef struct LibplaceboContext {
/* pl_color_map_params */
int intent;
+int gamut_mode;
int tonemapping;
float tonemapping_param;
+int tonemapping_mode;
+int inverse_tonemapping;
+float crosstalk;
+int tonemapping_lut_size;
+/* for backwards compatibility */
float desat_str;
float desat_exp;
-float desat_base;
-float max_boost;
int gamut_warning;
int gamut_clipping;
@@ -281,6 +312,8 @@ static int process_frames(AVFilterContext *avctx, AVFrame
*out, AVFrame *in)
int err = 0, ok;
LibplaceboContext *s = avctx->priv;
struct pl_render_params params;
+enum pl_tone_map_mode tonemapping_mode = s->tonemapping_mode;
+enum pl_gamut_mode gamut_mode = s->gamut_mode;
struct pl_frame image, target;
ok = pl_map_avframe_ex(s->gpu, &image, pl_avframe_params(
.frame= in,
@@ -305,6 +338,24 @@ static int process_frames(AVFilterContext *avctx, AVFrame
*out, AVFrame *in)
pl_rect2df_aspect_set(&target.crop, aspect, s->pad_crop_ratio);
}
+/* backwards compatibility with older API */
+if (!tonemapping_mode && (s->desat_str >= 0.0f || s->desat_exp >= 0.0f)) {
+float str = s->desat_str < 0.0f ? 0.9f : s->desat_str;
+float exp = s->desat_exp < 0.0f ? 0.2f : s->desat_exp;
+if (str >= 0.9f && exp <= 0.1f) {
+tonemapping_mode = PL_TONE_MAP_RGB;
+} else if (str > 0.1f) {
+tonemapping_mode = PL_TONE_MAP_HYBRID;
+} else {
+tonemapping_mode = PL_TONE_MAP_LUMA;
+}
+}
+
+if (s->gamut_warning)
+gamut_mode = PL_GAMUT_WARN;
+if (s->gamut_clipping)
+gamut_mode = PL_GAMUT_DESATURATE;
+
/* Update render params */
params = (struct pl_render_params) {
PL_RENDER_DEFAULTS
@@ -338,14 +389,13 @@ static int process_frames(AVFilterContext *avctx, AVFrame
*out, AVFrame *in)
.color_map_params = pl_color_map_params(
.intent = s->intent,
-.tone_mapping_algo = s->tonemapping,
+.gamut_mode = gamut_mode,
+.tone_mapping_function = tonemapping_funcs[s->tonemapping],
.tone_mapping_param = s->tonemapping_param,
-.desaturation_strength = s->desat_str,
-.desaturation_exponent = s->desat_exp,
-.desaturation_base = s->desat_base,
-.max_boost = s->max_boost,
-.gamut_warning = s->gamut_warning,
-.gamut_clipping = s->gamut_clipping,
+.tone_mapping_mode = tonemapping_mode,
+.inverse_tone_mapping = s->inverse_tonemapping,
+.tone_mapping_crosstalk = s->crosstalk,
+.lut_size = s->tonemapping_lut_size,
),
.dither_params = s->dithering < 0 ? NULL : pl_dither_params(
@@ -616,21 +666,37 @@ static const AVOption libplacebo_options[] = {
{ "
[FFmpeg-cvslog] MAINTAINERS: add myself as maintainer for libsrt protocol
ffmpeg | branch: master | Zhao Zhili | Fri Mar 25 15:40:33 2022 +0800| [54a4c58dd6ede1c338f42b17dd434c1f01d9830e] | committer: Limin Wang MAINTAINERS: add myself as maintainer for libsrt protocol Reviewed-by: Steven Liu Reviewed-by: Marton Balint Signed-off-by: Zhao Zhili Signed-off-by: Limin Wang > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=54a4c58dd6ede1c338f42b17dd434c1f01d9830e --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index 76e1332ad8..8c71605339 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -517,6 +517,7 @@ Protocols: bluray.c Petri Hintukainen ftp.c Lukasz Marek http.cRonald S. Bultje + libsrt.c Zhao Zhili libssh.c Lukasz Marek libzmq.c Andriy Gelman mms*.cRonald S. Bultje ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
