Re: [FFmpeg-devel] [PATCH v1] lavf/url: fix rel path’s query string contains :/
蔡昊凝 (12020-10-16): > Scheme can't contain ?. Scheme in standard URLs cannot contain ?, but these are not standard URLs, and the protocol part can contain ?. > Marton Balint 于2020年10月16日周五 上午3:15写道: Please remember that top-posting is not allowed here; if you don't know what it means look it up. Regards, -- Nicolas George ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v1] libavcodec/pthread_frame: fix crash that call method ff_frame_thread_init failed because of mem insufficient
From: xuhuishu
Signed-off-by: xuhuishu
---
libavcodec/pthread_frame.c | 23 ---
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
index f8a01ad8cd..2babeb4a6a 100644
--- a/libavcodec/pthread_frame.c
+++ b/libavcodec/pthread_frame.c
@@ -795,6 +795,11 @@ int ff_frame_thread_init(AVCodecContext *avctx)
pthread_cond_init(&p->progress_cond, NULL);
pthread_cond_init(&p->output_cond, NULL);
+if (!copy) {
+err = AVERROR(ENOMEM);
+goto error;
+}
+
p->frame = av_frame_alloc();
if (!p->frame) {
av_freep(©);
@@ -802,22 +807,18 @@ int ff_frame_thread_init(AVCodecContext *avctx)
goto error;
}
-p->parent = fctx;
-p->avctx = copy;
-
-if (!copy) {
+AVCodecInternal *internal = av_malloc(sizeof(AVCodecInternal));
+if (!internal) {
+av_freep(©);
err = AVERROR(ENOMEM);
goto error;
}
-*copy = *src;
+p->parent = fctx;
+p->avctx = copy;
-copy->internal = av_malloc(sizeof(AVCodecInternal));
-if (!copy->internal) {
-copy->priv_data = NULL;
-err = AVERROR(ENOMEM);
-goto error;
-}
+*copy = *src;
+copy->internal = internal;
*copy->internal = *src->internal;
copy->internal->thread_ctx = p;
copy->internal->last_pkt_props = &p->avpkt;
--
2.21.1 (Apple Git-122.3)
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 5/5] fate: add test for adpcm_swf in wav
On 16/10/20 4:23 pm, Zane van Iperen wrote: > > Signed-off-by: Zane van Iperen > --- > tests/fate/acodec.mak | 7 +-- > tests/ref/acodec/adpcm-swf-flv | 4 > tests/ref/acodec/adpcm-swf-wav | 4 > 3 files changed, 13 insertions(+), 2 deletions(-) > create mode 100644 tests/ref/acodec/adpcm-swf-flv > create mode 100644 tests/ref/acodec/adpcm-swf-wav > Disregard this patch, breaks fate-seek. Follow-up incoming. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v1] lavf/url: fix rel path’s query string contains :/
Marton Balint (12020-10-15): > Why not simply add ? and # to the list of delimiters instead? > > Nevertheless that would disallow ? and # in lavf specific scheme options. Is > it an acceptable tradeoff? I think that would be an acceptable constraint, and I think it is a more correct fix indeed. Regards, -- Nicolas George ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v1.1 5/5] fate: add test for adpcm_swf in wav
Signed-off-by: Zane van Iperen --- tests/fate/acodec.mak | 4 tests/ref/acodec/adpcm-swf-wav | 4 2 files changed, 8 insertions(+) create mode 100644 tests/ref/acodec/adpcm-swf-wav diff --git a/tests/fate/acodec.mak b/tests/fate/acodec.mak index 50932095dc..8ac71b1b27 100644 --- a/tests/fate/acodec.mak +++ b/tests/fate/acodec.mak @@ -52,6 +52,7 @@ FATE_ACODEC_ADPCM-$(call ENCDEC, ADPCM_IMA_SSI, KVAG) += ima_ssi FATE_ACODEC_ADPCM-$(call ENCDEC, ADPCM_IMA_WAV, WAV) += ima_wav FATE_ACODEC_ADPCM-$(call ENCDEC, ADPCM_MS, WAV) += ms FATE_ACODEC_ADPCM-$(call ENCDEC, ADPCM_SWF, FLV) += swf +FATE_ACODEC_ADPCM-$(call ENCDEC, ADPCM_SWF, WAV) += swf-wav FATE_ACODEC_ADPCM-$(call ENCDEC, ADPCM_YAMAHA, WAV) += yamaha FATE_ACODEC_ADPCM := $(FATE_ACODEC_ADPCM-yes:%=fate-acodec-adpcm-%) @@ -70,6 +71,9 @@ fate-acodec-adpcm-ms: FMT = wav fate-acodec-adpcm-swf: FMT = flv fate-acodec-adpcm-yamaha: FMT = wav +fate-acodec-adpcm-swf-wav: FMT = wav +fate-acodec-adpcm-swf-wav: CODEC = adpcm_swf + FATE_ACODEC_ADPCM_TRELLIS-$(call ENCDEC, ADPCM_ADX, ADX) += adx FATE_ACODEC_ADPCM_TRELLIS-$(call ENCDEC, ADPCM_IMA_QT, AIFF) += ima_qt FATE_ACODEC_ADPCM_TRELLIS-$(call ENCDEC, ADPCM_IMA_WAV, WAV) += ima_wav diff --git a/tests/ref/acodec/adpcm-swf-wav b/tests/ref/acodec/adpcm-swf-wav new file mode 100644 index 00..553e0bac54 --- /dev/null +++ b/tests/ref/acodec/adpcm-swf-wav @@ -0,0 +1,4 @@ +af5ffee897bad0174f4c7fc16c54aa5d *tests/data/fate/acodec-adpcm-swf-wav.wav +266948 tests/data/fate/acodec-adpcm-swf-wav.wav +628089745a7059ae4055c2515b6d668b *tests/data/fate/acodec-adpcm-swf-wav.out.wav +stddev: 933.58 PSNR: 36.93 MAXDIFF:51119 bytes: 1058400/ 1064960 -- 2.25.4 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v1] libavcodec/pthread_frame: fix crash that call method ff_frame_thread_init failed because of mem insufficient
javashu2...@gmail.com:
> From: xuhuishu
>
> Signed-off-by: xuhuishu
> ---
> libavcodec/pthread_frame.c | 23 ---
> 1 file changed, 12 insertions(+), 11 deletions(-)
>
> diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
> index f8a01ad8cd..2babeb4a6a 100644
> --- a/libavcodec/pthread_frame.c
> +++ b/libavcodec/pthread_frame.c
> @@ -795,6 +795,11 @@ int ff_frame_thread_init(AVCodecContext *avctx)
> pthread_cond_init(&p->progress_cond, NULL);
> pthread_cond_init(&p->output_cond, NULL);
>
> +if (!copy) {
> +err = AVERROR(ENOMEM);
> +goto error;
> +}
> +
> p->frame = av_frame_alloc();
> if (!p->frame) {
> av_freep(©);
> @@ -802,22 +807,18 @@ int ff_frame_thread_init(AVCodecContext *avctx)
> goto error;
> }
>
> -p->parent = fctx;
> -p->avctx = copy;
> -
> -if (!copy) {
> +AVCodecInternal *internal = av_malloc(sizeof(AVCodecInternal));
> +if (!internal) {
> +av_freep(©);
> err = AVERROR(ENOMEM);
> goto error;
> }
>
> -*copy = *src;
> +p->parent = fctx;
> +p->avctx = copy;
>
> -copy->internal = av_malloc(sizeof(AVCodecInternal));
> -if (!copy->internal) {
> -copy->priv_data = NULL;
> -err = AVERROR(ENOMEM);
> -goto error;
> -}
> +*copy = *src;
> +copy->internal = internal;
> *copy->internal = *src->internal;
> copy->internal->thread_ctx = p;
> copy->internal->last_pkt_props = &p->avpkt;
>
How did you test this? Because it does not completely fix the issue:
ff_frame_thread_free() thinks that i+1 AVCodecContexts are to be freed,
but in case of error the last one is not properly initialized. E.g. if
allocating the copy's priv_data fails, ff_frame_thread_free() will
nevertheless attempt to call the codec's close function. And the same
happens when init fails even when the codec does not have the
FF_CODEC_CAP_INIT_CLEANUP set.
- Andreas
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v4] Unbreak av_malloc_max(0) API/ABI
From https://bugs.chromium.org/p/chromium/issues/detail?id=1095962
This seems to be caused by the custom handling of "av_max_alloc(0)" in
Chromium's ffmpeg fork to mean unlimited (added in [1]).
Upstream ffmpeg doesn't treat 0 as a special value; versions before 4.3
seemingly worked
because 32 was subtracted from max_alloc_size (set to 0 by Chromium) resulting
in an
integer underflow, making the effective limit be SIZE_MAX - 31.
Now that the above underflow doesn't happen, the tab just crashes. The upstream
change
for no longer subtracting 32 from max_alloc_size was included in ffmpeg 4.3. [2]
[1]
https://chromium-review.googlesource.com/c/chromium/third_party/ffmpeg/+/73563
[2] https://github.com/FFmpeg/FFmpeg/commit/731c77589841
---
Restore av_malloc_max(0) to MAX_INT fixing MS Teams, Discord older chromium etc.
Signed-off-by: Joakim Tjernlund
---
v2: Cover the full API range 0-31
v3: Closer compat with < 4.3 ffmpeg
v4: Adjust size accoriding to Andreas Rheinhardt comments
libavutil/mem.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavutil/mem.c b/libavutil/mem.c
index cfb6d8a..44870a9 100644
--- a/libavutil/mem.c
+++ b/libavutil/mem.c
@@ -71,6 +71,8 @@ void free(void *ptr);
static size_t max_alloc_size= INT_MAX;
void av_max_alloc(size_t max){
+if (max < 32)
+max = SIZE_MAX - 32 + max; /* be compatible to older(< 4.3) versions */
max_alloc_size = max;
}
--
2.26.2
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v1] libavcodec/pthread_frame: fix crash that call method ff_frame_thread_init failed because of mem insufficient
From: bevis
Signed-off-by: bevis
---
libavcodec/pthread_frame.c | 23 ---
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
index f8a01ad8cd..2babeb4a6a 100644
--- a/libavcodec/pthread_frame.c
+++ b/libavcodec/pthread_frame.c
@@ -795,6 +795,11 @@ int ff_frame_thread_init(AVCodecContext *avctx)
pthread_cond_init(&p->progress_cond, NULL);
pthread_cond_init(&p->output_cond, NULL);
+if (!copy) {
+err = AVERROR(ENOMEM);
+goto error;
+}
+
p->frame = av_frame_alloc();
if (!p->frame) {
av_freep(©);
@@ -802,22 +807,18 @@ int ff_frame_thread_init(AVCodecContext *avctx)
goto error;
}
-p->parent = fctx;
-p->avctx = copy;
-
-if (!copy) {
+AVCodecInternal *internal = av_malloc(sizeof(AVCodecInternal));
+if (!internal) {
+av_freep(©);
err = AVERROR(ENOMEM);
goto error;
}
-*copy = *src;
+p->parent = fctx;
+p->avctx = copy;
-copy->internal = av_malloc(sizeof(AVCodecInternal));
-if (!copy->internal) {
-copy->priv_data = NULL;
-err = AVERROR(ENOMEM);
-goto error;
-}
+*copy = *src;
+copy->internal = internal;
*copy->internal = *src->internal;
copy->internal->thread_ctx = p;
copy->internal->last_pkt_props = &p->avpkt;
--
2.21.1 (Apple Git-122.3)
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v3] Unbreak av_malloc_max(0) API/ABI
On Fri, 2020-10-16 at 01:38 +0200, Andreas Rheinhardt wrote:
> CAUTION: This email originated from outside of the organization. Do not click
> links or open attachments unless you recognize the sender and know the
> content is safe.
>
>
> Joakim Tjernlund:
> > From
> > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Fdetail%3Fid%3D1095962&data=02%7C01%7Cjoakim.tjernlund%40infinera.com%7Cb1993f8740d849953d7908d871638074%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C0%7C637384019459705602&sdata=Lcc%2BcVTlLU1y6EqrMXwfXJ0enHYlIRTBJyGkQgQEviA%3D&reserved=0
> >
> > This seems to be caused by the custom handling of "av_max_alloc(0)" in
> > Chromium's ffmpeg fork to mean unlimited (added in [1]).
> >
> > Upstream ffmpeg doesn't treat 0 as a special value; versions before 4.3
> > seemingly worked
> > because 32 was subtracted from max_alloc_size (set to 0 by Chromium)
> > resulting in an
> > integer underflow, making the effective limit be SIZE_MAX - 31.
> >
> > Now that the above underflow doesn't happen, the tab just crashes. The
> > upstream change
> > for no longer subtracting 32 from max_alloc_size was included in ffmpeg
> > 4.3. [2]
> >
> > [1]
> > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromium-review.googlesource.com%2Fc%2Fchromium%2Fthird_party%2Fffmpeg%2F%2B%2F73563&data=02%7C01%7Cjoakim.tjernlund%40infinera.com%7Cb1993f8740d849953d7908d871638074%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C0%7C637384019459705602&sdata=4%2BwE%2FMIcFSZlTdgzbVdbEBdYlO6Cdx%2Fh%2BLfjtrxCGec%3D&reserved=0
> > [2]
> > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FFFmpeg%2FFFmpeg%2Fcommit%2F731c77589841&data=02%7C01%7Cjoakim.tjernlund%40infinera.com%7Cb1993f8740d849953d7908d871638074%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C0%7C637384019459705602&sdata=fuSKAPgqOiDsqwjl1m6P5IPF4a1K%2ByUK1c9e518aV6c%3D&reserved=0
> > ---
> >
> > Restore av_malloc_max(0) to MAX_INT fixing MS Teams, Discord older chromium
> > etc.
> >
> > Signed-off-by: Joakim Tjernlund
> > ---
> >
> > v2: Cover the full API range 0-31
> >
> > v3: Closer compat with < 4.3 ffmpeg
> >
> > libavutil/mem.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/libavutil/mem.c b/libavutil/mem.c
> > index cfb6d8a..bd1fb85 100644
> > --- a/libavutil/mem.c
> > +++ b/libavutil/mem.c
> > @@ -71,6 +71,8 @@ void free(void *ptr);
> > static size_t max_alloc_size= INT_MAX;
> >
> > void av_max_alloc(size_t max){
> > +if (max < 32)
> > +max = SIZE_MAX - max; /* be compatible to older(< 4.3) versions */
> > max_alloc_size = max;
> > }
> >
> >
> For full compatibility it should be SIZE_MAX - 32 + max.
>
OK, v4 sent.
> But why don't you go the way of fixing the broken apps?
Because they are binary apps, in my case from Microsoft.
Their MS Teams is based on a Chromium/Electron framework that(I hope) will
be updated at some point.
>
> - Andreas
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v1] lavf/url: fix rel path’s query string contains :/
Although not a standard URL, is it necessary that protocol can contain "?" Regards, Nicolas George 于2020年10月16日周五 下午4:13写道: > 蔡昊凝 (12020-10-16): > > Scheme can't contain ?. > > Scheme in standard URLs cannot contain ?, but these are not standard > URLs, and the protocol part can contain ?. > > > Marton Balint 于2020年10月16日周五 上午3:15写道: > > Please remember that top-posting is not allowed here; if you don't know > what it means look it up. > > Regards, > > -- > Nicolas George > ___ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 1/3] avformat/av1dec: Fix padding in obu_get_packet()
Fixes: stack buffer overflow (read)
Fixes:
26369/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5721057325219840
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
---
libavformat/av1dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c
index 10c4560968..395eef6522 100644
--- a/libavformat/av1dec.c
+++ b/libavformat/av1dec.c
@@ -382,7 +382,7 @@ static int obu_read_header(AVFormatContext *s)
static int obu_get_packet(AVFormatContext *s, AVPacket *pkt)
{
ObuContext *c = s->priv_data;
-uint8_t header[MAX_OBU_HEADER_SIZE];
+uint8_t header[MAX_OBU_HEADER_SIZE + AV_INPUT_BUFFER_PADDING_SIZE];
int64_t obu_size;
int size = av_fifo_space(c->fifo);
int ret, len, type;
--
2.17.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 3/3] tools/target_dem_fuzzer: Set format independent of c
Signed-off-by: Michael Niedermayer
---
tools/target_dem_fuzzer.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c
index 79d572a6dc..a4d69bb230 100644
--- a/tools/target_dem_fuzzer.c
+++ b/tools/target_dem_fuzzer.c
@@ -104,14 +104,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t
size) {
int seekable = 0;
int ret;
AVInputFormat *fmt = NULL;
-
-if (!c) {
#ifdef FFMPEG_DEMUXER
#define DEMUXER_SYMBOL0(DEMUXER) ff_##DEMUXER##_demuxer
#define DEMUXER_SYMBOL(DEMUXER) DEMUXER_SYMBOL0(DEMUXER)
-extern AVInputFormat DEMUXER_SYMBOL(FFMPEG_DEMUXER);
-fmt = &DEMUXER_SYMBOL(FFMPEG_DEMUXER);
+extern AVInputFormat DEMUXER_SYMBOL(FFMPEG_DEMUXER);
+fmt = &DEMUXER_SYMBOL(FFMPEG_DEMUXER);
#endif
+
+if (!c) {
av_register_all();
avcodec_register_all();
av_log_set_level(AV_LOG_PANIC);
--
2.17.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 2/3] avformat/asfdec_f: Check for negative ext_len
Fixes: Infinite loop
Fixes:
26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
---
libavformat/asfdec_f.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
index 103155e9e7..4fba6c08b0 100644
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -607,6 +607,8 @@ static int asf_read_ext_stream_properties(AVFormatContext
*s, int64_t size)
ff_get_guid(pb, &g);
size = avio_rl16(pb);
ext_len = avio_rl32(pb);
+if (ext_len < 0)
+return AVERROR_INVALIDDATA;
avio_skip(pb, ext_len);
if (stream_num < 128 && i <
FF_ARRAY_ELEMS(asf->streams[stream_num].payload)) {
ASFPayload *p = &asf->streams[stream_num].payload[i];
--
2.17.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v1] lavf/url: fix rel path’s query string contains :/
蔡昊凝 (12020-10-16): > Although not a standard URL, is it necessary that protocol can contain "?" > > Regards, > > Nicolas George 于2020年10月16日周五 下午4:13写道: Please remember that top-posting is not allowed here; if you don't know what it means look it up. -- Nicolas George signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 3/3] tools/target_dem_fuzzer: Set format independent of c
On Fri, Oct 16, 2020 at 12:46:14PM +0200, Michael Niedermayer wrote: > Signed-off-by: Michael Niedermayer > --- > tools/target_dem_fuzzer.c | 8 > 1 file changed, 4 insertions(+), 4 deletions(-) I intend to apply this one soon as it should fix the fuzzer behaving a bit broken [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Awnsering whenever a program halts or runs forever is On a turing machine, in general impossible (turings halting problem). On any real computer, always possible as a real computer has a finite number of states N, and will either halt in less than N cycles or never halt. signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 1/3] avformat/av1dec: Fix padding in obu_get_packet()
Michael Niedermayer:
> Fixes: stack buffer overflow (read)
> Fixes:
> 26369/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5721057325219840
>
Sure this is the right testcase?
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer
> ---
> libavformat/av1dec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c
> index 10c4560968..395eef6522 100644
> --- a/libavformat/av1dec.c
> +++ b/libavformat/av1dec.c
> @@ -382,7 +382,7 @@ static int obu_read_header(AVFormatContext *s)
> static int obu_get_packet(AVFormatContext *s, AVPacket *pkt)
> {
> ObuContext *c = s->priv_data;
> -uint8_t header[MAX_OBU_HEADER_SIZE];
> +uint8_t header[MAX_OBU_HEADER_SIZE + AV_INPUT_BUFFER_PADDING_SIZE];
> int64_t obu_size;
> int size = av_fifo_space(c->fifo);
> int ret, len, type;
>
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 1/3] avcodec/hevc_mvs: Cleanup ff_hevc_set_neighbour_available()
Signed-off-by: Michael Niedermayer --- libavcodec/hevc_mvs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/hevc_mvs.c b/libavcodec/hevc_mvs.c index fd0dbd9a56..1f6ca5a314 100644 --- a/libavcodec/hevc_mvs.c +++ b/libavcodec/hevc_mvs.c @@ -48,9 +48,9 @@ void ff_hevc_set_neighbour_available(HEVCContext *s, int x0, int y0, lc->na.cand_up = (lc->ctb_up_flag || y0b); lc->na.cand_left = (lc->ctb_left_flag || x0b); -lc->na.cand_up_left = (!x0b && !y0b) ? lc->ctb_up_left_flag : lc->na.cand_left && lc->na.cand_up; +lc->na.cand_up_left = (x0b || y0b) ? lc->na.cand_left && lc->na.cand_up : lc->ctb_up_left_flag; lc->na.cand_up_right_sap = -((x0b + nPbW) == (1 << s->ps.sps->log2_ctb_size)) ? +(x0b + nPbW == 1 << s->ps.sps->log2_ctb_size) ? lc->ctb_up_right_flag && !y0b : lc->na.cand_up; lc->na.cand_up_right = lc->na.cand_up_right_sap -- 2.17.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 3/3] avcodec/utils: Check for overflow with ATRAC* in get_audio_frame_duration()
Fixes: signed integer overflow: 1024 * 13129048 cannot be represented in type 'int' Fixes: 26378/clusterfuzz-testcase-minimized-ffmpeg_dem_CODEC2RAW_fuzzer-5634018353348608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index a43474d437..93ac1cd9f0 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1614,7 +1614,10 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba, case AV_CODEC_ID_MP1: return 384; case AV_CODEC_ID_ATRAC1: return 512; case AV_CODEC_ID_ATRAC9: -case AV_CODEC_ID_ATRAC3: return 1024 * framecount; +case AV_CODEC_ID_ATRAC3: +if (framecount > INT_MAX/1024) +return 0; +return 1024 * framecount; case AV_CODEC_ID_ATRAC3P: return 2048; case AV_CODEC_ID_MP2: case AV_CODEC_ID_MUSEPACK7:return 1152; -- 2.17.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 2/3] avcodec/hevcpred_template: Fix diagonal chroma availability in 4:2:2 edge case in intra_pred
Fixes: pixel decode issue.ts
Fixes: raw frame.hevc
Signed-off-by: Michael Niedermayer
---
libavcodec/hevcpred_template.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavcodec/hevcpred_template.c b/libavcodec/hevcpred_template.c
index 6fe33546b1..f1a1f4c1f0 100644
--- a/libavcodec/hevcpred_template.c
+++ b/libavcodec/hevcpred_template.c
@@ -83,6 +83,7 @@ do { \
int y = y0 >> vshift;
int x_tb = (x0 >> s->ps.sps->log2_min_tb_size) & s->ps.sps->tb_mask;
int y_tb = (y0 >> s->ps.sps->log2_min_tb_size) & s->ps.sps->tb_mask;
+int spin = c_idx && !size_in_tbs_v && ((2 * y0) & (1 <<
s->ps.sps->log2_min_tb_size));
int cur_tb_addr = MIN_TB_ADDR_ZS(x_tb, y_tb);
@@ -103,11 +104,11 @@ do { \
pixel *top = top_array + 1;
pixel *filtered_left = filtered_left_array + 1;
pixel *filtered_top = filtered_top_array + 1;
-int cand_bottom_left = lc->na.cand_bottom_left && cur_tb_addr >
MIN_TB_ADDR_ZS( x_tb - 1, (y_tb + size_in_tbs_v) & s->ps.sps->tb_mask);
+int cand_bottom_left = lc->na.cand_bottom_left && cur_tb_addr >
MIN_TB_ADDR_ZS( x_tb - 1, (y_tb + size_in_tbs_v + spin) & s->ps.sps->tb_mask);
int cand_left= lc->na.cand_left;
int cand_up_left = lc->na.cand_up_left;
int cand_up = lc->na.cand_up;
-int cand_up_right= lc->na.cand_up_right&& cur_tb_addr >
MIN_TB_ADDR_ZS((x_tb + size_in_tbs_h) & s->ps.sps->tb_mask, y_tb - 1);
+int cand_up_right= lc->na.cand_up_right && !spin && cur_tb_addr >
MIN_TB_ADDR_ZS((x_tb + size_in_tbs_h) & s->ps.sps->tb_mask, y_tb - 1);
int bottom_left_size = (FFMIN(y0 + 2 * size_in_luma_v, s->ps.sps->height) -
(y0 + size_in_luma_v)) >> vshift;
--
2.17.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v2] libavcodec/pthread_frame: fix crash that call method ff_frame_thread_init failed because of mem insufficient
From: bevis
Start planning to submit in two, This is my complete modification.
Signed-off-by: bevis
---
libavcodec/pthread_frame.c | 25 +
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
index f8a01ad8cd..3331fa0f6f 100644
--- a/libavcodec/pthread_frame.c
+++ b/libavcodec/pthread_frame.c
@@ -687,7 +687,7 @@ void ff_frame_thread_free(AVCodecContext *avctx, int
thread_count)
pthread_join(p->thread, NULL);
p->thread_init=0;
-if (codec->close && p->avctx)
+if (codec->close && p->avctx && p->avctx->priv_data)
codec->close(p->avctx);
release_delayed_buffers(p);
@@ -795,6 +795,11 @@ int ff_frame_thread_init(AVCodecContext *avctx)
pthread_cond_init(&p->progress_cond, NULL);
pthread_cond_init(&p->output_cond, NULL);
+if (!copy) {
+err = AVERROR(ENOMEM);
+goto error;
+}
+
p->frame = av_frame_alloc();
if (!p->frame) {
av_freep(©);
@@ -802,22 +807,18 @@ int ff_frame_thread_init(AVCodecContext *avctx)
goto error;
}
-p->parent = fctx;
-p->avctx = copy;
-
-if (!copy) {
+AVCodecInternal *internal = av_malloc(sizeof(AVCodecInternal));
+if (!internal) {
+av_freep(©);
err = AVERROR(ENOMEM);
goto error;
}
-*copy = *src;
+p->parent = fctx;
+p->avctx = copy;
-copy->internal = av_malloc(sizeof(AVCodecInternal));
-if (!copy->internal) {
-copy->priv_data = NULL;
-err = AVERROR(ENOMEM);
-goto error;
-}
+*copy = *src;
+copy->internal = internal;
*copy->internal = *src->internal;
copy->internal->thread_ctx = p;
copy->internal->last_pkt_props = &p->avpkt;
--
2.21.1 (Apple Git-122.3)
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v1] lavf/url: fix rel path’s query string contains :/
Excuse me, what does this mean for your last reply. I submitted the patch for the first time. Regards, Nicolas George 于2020年10月16日周五 下午6:55写道: > 蔡昊凝 (12020-10-16): > > Although not a standard URL, is it necessary that protocol can contain > "?" > > > > Regards, > > > > Nicolas George 于2020年10月16日周五 下午4:13写道: > > Please remember that top-posting is not allowed here; if you don't know > what it means look it up. > > -- > Nicolas George > ___ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v1] libavformat/hls: During operation, the user exits and interrupts, causing pls->segment to be released, resulting in a null pointer crash
From: bevis
Signed-off-by: bevis
---
libavformat/hls.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 72e28ab94f..0a522a4595 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -1979,17 +1979,18 @@ static int hls_read_header(AVFormatContext *s)
pls->ctx->interrupt_callback = s->interrupt_callback;
url = av_strdup(pls->segments[0]->url);
ret = av_probe_input_buffer(&pls->pb, &in_fmt, url, NULL, 0, 0);
-av_free(url);
if (ret < 0) {
/* Free the ctx - it isn't initialized properly at this point,
* so avformat_close_input shouldn't be called. If
* avformat_open_input fails below, it frees and zeros the
* context, so it doesn't need any special treatment like this. */
-av_log(s, AV_LOG_ERROR, "Error when loading first segment '%s'\n",
pls->segments[0]->url);
+av_log(s, AV_LOG_ERROR, "Error when loading first segment '%s'\n",
url);
avformat_free_context(pls->ctx);
pls->ctx = NULL;
+av_free(url);
goto fail;
}
+av_free(url);
pls->ctx->pb = &pls->pb;
pls->ctx->io_open = nested_io_open;
pls->ctx->flags |= s->flags & ~AVFMT_FLAG_CUSTOM_IO;
--
2.21.1 (Apple Git-122.3)
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 1/3] avformat/av1dec: Fix padding in obu_get_packet()
On Fri, Oct 16, 2020 at 01:20:15PM +0200, Andreas Rheinhardt wrote: > Michael Niedermayer: > > Fixes: stack buffer overflow (read) > > Fixes: > > 26369/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5721057325219840 > > > > Sure this is the right testcase? yes, thats related to the other patch about the fuzer behaving a bit broken thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I know you won't believe me, but the highest form of Human Excellence is to question oneself and others. -- Socrates signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 1/3] avformat/av1dec: Fix padding in obu_get_packet()
On 10/16/2020 7:46 AM, Michael Niedermayer wrote:
> Fixes: stack buffer overflow (read)
> Fixes:
> 26369/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5721057325219840
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer
> ---
> libavformat/av1dec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c
> index 10c4560968..395eef6522 100644
> --- a/libavformat/av1dec.c
> +++ b/libavformat/av1dec.c
> @@ -382,7 +382,7 @@ static int obu_read_header(AVFormatContext *s)
> static int obu_get_packet(AVFormatContext *s, AVPacket *pkt)
> {
> ObuContext *c = s->priv_data;
> -uint8_t header[MAX_OBU_HEADER_SIZE];
> +uint8_t header[MAX_OBU_HEADER_SIZE + AV_INPUT_BUFFER_PADDING_SIZE];
> int64_t obu_size;
> int size = av_fifo_space(c->fifo);
> int ret, len, type;
Where is header being overread? All reads and writes are always
constrained to MAX_OBU_HEADER_SIZE bytes at most by the fifo.
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH V2] dnn_backend_tf.c: add option sess_config for tf backend
> -Original Message-
> From: Guo, Yejun
> Sent: 2020年10月15日 21:17
> To: ffmpeg-devel@ffmpeg.org
> Cc: Guo, Yejun
> Subject: [PATCH V2] dnn_backend_tf.c: add option sess_config for tf backend
>
> TensorFlow C library accepts config for session options to set different
> parameters for the inference. This patch exports this interface.
>
> The config is a serialized tensorflow.ConfigProto proto, so we need two steps
> to
> use it:
> 1. generate the serialized proto with python (see script example below) the
> output looks like: 0xab...cd where 0xcd is the least significant byte and
> 0xab is
> the most significant byte.
>
> 2. pass the python script output into ffmpeg with
> dnn_processing=options=sess_config=0xab...cd
>
> The following script is an example to specify one GPU. If the system contains
> 3 GPU cards, the visible_device_list could be '0', '1', '2', '0,1' etc.
> '0' does not mean physical GPU card 0, we need to try and see.
> And we can also add more opitions here to generate more serialized proto.
>
> script example to generate serialized proto which specifies one GPU:
> import tensorflow as tf
> gpu_options = tf.GPUOptions(visible_device_list='0')
> config = tf.ConfigProto(gpu_options=gpu_options)
> s = config.SerializeToString()
> b = ''.join("%02x" % int(ord(b)) for b in s[::-1]) print('0x%s' % b)
>
> Signed-off-by: Guo, Yejun
> ---
> v2: add the script example as comment within the code
>
> libavfilter/dnn/dnn_backend_tf.c | 94 ++--
> 1 file changed, 88 insertions(+), 6 deletions(-)
will push next Monday if no other comment, thanks.
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v3 4/6] ffmpeg: pass decoded or filtered AVFrame to output stream initialization
Additionally, reap the first rewards by being able to set the
color related encoding values based on the passed AVFrame.
The only tests that seem to have changed their results with this
change seem to be the MXF tests. There, the muxer writes the
limited/full range flag to the output container if the encoder
is not set to "unspecified".
---
fftools/ffmpeg.c| 42 +++--
tests/ref/lavf/mxf_d10 | 2 +-
tests/ref/lavf/mxf_dv25 | 2 +-
tests/ref/lavf/mxf_dvcpro50 | 2 +-
tests/ref/lavf/mxf_opatom | 2 +-
5 files changed, 35 insertions(+), 15 deletions(-)
diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index 08db67a6ab..b2e210c814 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -941,9 +941,11 @@ early_exit:
return float_pts;
}
-static int init_output_stream(OutputStream *ost, char *error, int error_len);
+static int init_output_stream(OutputStream *ost, AVFrame *frame,
+ char *error, int error_len);
-static int init_output_stream_wrapper(OutputStream *ost, unsigned int fatal)
+static int init_output_stream_wrapper(OutputStream *ost, AVFrame *frame,
+ unsigned int fatal)
{
int ret = AVERROR_BUG;
char error[1024] = {0};
@@ -951,7 +953,7 @@ static int init_output_stream_wrapper(OutputStream *ost,
unsigned int fatal)
if (ost->initialized)
return 0;
-ret = init_output_stream(ost, error, sizeof(error));
+ret = init_output_stream(ost, frame, error, sizeof(error));
if (ret < 0) {
av_log(NULL, AV_LOG_ERROR, "Error initializing output stream %d:%d --
%s\n",
ost->file_index, ost->index, error);
@@ -1125,7 +1127,7 @@ static void do_video_out(OutputFile *of,
InputStream *ist = NULL;
AVFilterContext *filter = ost->filter->filter;
-init_output_stream_wrapper(ost, 1);
+init_output_stream_wrapper(ost, next_picture, 1);
sync_ipts = adjust_frame_pts_to_encoder_tb(of, ost, next_picture);
if (ost->source_index >= 0)
@@ -1507,7 +1509,7 @@ static int reap_filters(int flush)
* the encoder earlier than receiving the first AVFrame.
*/
if (av_buffersink_get_type(filter) == AVMEDIA_TYPE_AUDIO)
-init_output_stream_wrapper(ost, 1);
+init_output_stream_wrapper(ost, NULL, 1);
if (!ost->filtered_frame && !(ost->filtered_frame = av_frame_alloc()))
{
return AVERROR(ENOMEM);
@@ -1930,7 +1932,7 @@ static void flush_encoders(void)
finish_output_stream(ost);
}
-init_output_stream_wrapper(ost, 1);
+init_output_stream_wrapper(ost, NULL, 1);
}
if (enc->codec_type != AVMEDIA_TYPE_VIDEO && enc->codec_type !=
AVMEDIA_TYPE_AUDIO)
@@ -3302,7 +3304,7 @@ static void init_encoder_time_base(OutputStream *ost,
AVRational default_time_ba
enc_ctx->time_base = default_time_base;
}
-static int init_output_stream_encode(OutputStream *ost)
+static int init_output_stream_encode(OutputStream *ost, AVFrame *frame)
{
InputStream *ist = get_input_stream(ost);
AVCodecContext *enc_ctx = ost->enc_ctx;
@@ -3399,6 +3401,23 @@ static int init_output_stream_encode(OutputStream *ost)
enc_ctx->bits_per_raw_sample = FFMIN(dec_ctx->bits_per_raw_sample,
av_pix_fmt_desc_get(enc_ctx->pix_fmt)->comp[0].depth);
+if (frame) {
+if (!av_dict_get(ost->encoder_opts, "color_range", NULL, 0))
+enc_ctx->color_range = frame->color_range;
+
+if (!av_dict_get(ost->encoder_opts, "color_primaries", NULL, 0))
+enc_ctx->color_primaries = frame->color_primaries;
+
+if (!av_dict_get(ost->encoder_opts, "color_trc", NULL, 0))
+enc_ctx->color_trc = frame->color_trc;
+
+if (!av_dict_get(ost->encoder_opts, "colorspace", NULL, 0))
+enc_ctx->colorspace = frame->colorspace;
+
+if (!av_dict_get(ost->encoder_opts, "chroma_sample_location",
NULL, 0))
+enc_ctx->chroma_sample_location = frame->chroma_location;
+}
+
enc_ctx->framerate = ost->frame_rate;
ost->st->avg_frame_rate = ost->frame_rate;
@@ -3456,7 +3475,8 @@ static int init_output_stream_encode(OutputStream *ost)
return 0;
}
-static int init_output_stream(OutputStream *ost, char *error, int error_len)
+static int init_output_stream(OutputStream *ost, AVFrame *frame,
+ char *error, int error_len)
{
int ret = 0;
@@ -3465,7 +3485,7 @@ static int init_output_stream(OutputStream *ost, char
*error, int error_len)
AVCodecContext *dec = NULL;
InputStream *ist;
-ret = init_output_stream_encode(ost);
+ret = init_output_stream_encode(ost, frame);
if (ret < 0)
return ret;
@@ -3717,7 +3737,7 @@ static int transcode_init
[FFmpeg-devel] [PATCH v3 1/6] ffmpeg: deduplicate init_output_stream usage logic
Adds a wrapper function, which handles any errors depending on how
fatal a failure would be.
---
fftools/ffmpeg.c | 51
1 file changed, 25 insertions(+), 26 deletions(-)
diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index 84306818a2..cb7644de6a 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -1392,6 +1392,26 @@ static void do_video_stats(OutputStream *ost, int
frame_size)
static int init_output_stream(OutputStream *ost, char *error, int error_len);
+static int init_output_stream_wrapper(OutputStream *ost, unsigned int fatal)
+{
+int ret = AVERROR_BUG;
+char error[1024] = {0};
+
+if (ost->initialized)
+return 0;
+
+ret = init_output_stream(ost, error, sizeof(error));
+if (ret < 0) {
+av_log(NULL, AV_LOG_ERROR, "Error initializing output stream %d:%d --
%s\n",
+ ost->file_index, ost->index, error);
+
+if (fatal)
+exit_program(1);
+}
+
+return ret;
+}
+
static void finish_output_stream(OutputStream *ost)
{
OutputFile *of = output_files[ost->file_index];
@@ -1428,15 +1448,7 @@ static int reap_filters(int flush)
continue;
filter = ost->filter->filter;
-if (!ost->initialized) {
-char error[1024] = "";
-ret = init_output_stream(ost, error, sizeof(error));
-if (ret < 0) {
-av_log(NULL, AV_LOG_ERROR, "Error initializing output stream
%d:%d -- %s\n",
- ost->file_index, ost->index, error);
-exit_program(1);
-}
-}
+init_output_stream_wrapper(ost, 1);
if (!ost->filtered_frame && !(ost->filtered_frame = av_frame_alloc()))
{
return AVERROR(ENOMEM);
@@ -1860,7 +1872,6 @@ static void flush_encoders(void)
// Maybe we should just let encoding fail instead.
if (!ost->initialized) {
FilterGraph *fg = ost->filter->graph;
-char error[1024] = "";
av_log(NULL, AV_LOG_WARNING,
"Finishing stream %d:%d without any data written to it.\n",
@@ -1886,12 +1897,7 @@ static void flush_encoders(void)
finish_output_stream(ost);
}
-ret = init_output_stream(ost, error, sizeof(error));
-if (ret < 0) {
-av_log(NULL, AV_LOG_ERROR, "Error initializing output stream
%d:%d -- %s\n",
- ost->file_index, ost->index, error);
-exit_program(1);
-}
+init_output_stream_wrapper(ost, 1);
}
if (enc->codec_type != AVMEDIA_TYPE_VIDEO && enc->codec_type !=
AVMEDIA_TYPE_AUDIO)
@@ -3669,7 +3675,7 @@ static int transcode_init(void)
if (output_streams[i]->filter)
continue;
-ret = init_output_stream(output_streams[i], error, sizeof(error));
+ret = init_output_stream_wrapper(output_streams[i], 0);
if (ret < 0)
goto dump_format;
}
@@ -4580,15 +4586,8 @@ static int transcode_step(void)
}
if (ost->filter && ost->filter->graph->graph) {
-if (!ost->initialized) {
-char error[1024] = {0};
-ret = init_output_stream(ost, error, sizeof(error));
-if (ret < 0) {
-av_log(NULL, AV_LOG_ERROR, "Error initializing output stream
%d:%d -- %s\n",
- ost->file_index, ost->index, error);
-exit_program(1);
-}
-}
+init_output_stream_wrapper(ost, 1);
+
if ((ret = transcode_from_filter(ost->filter->graph, &ist)) < 0)
return ret;
if (!ist)
--
2.26.2
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 1/3] avformat/av1dec: Fix padding in obu_get_packet()
James Almer:
> On 10/16/2020 7:46 AM, Michael Niedermayer wrote:
>> Fixes: stack buffer overflow (read)
>> Fixes:
>> 26369/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5721057325219840
>>
>> Found-by: continuous fuzzing process
>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>> Signed-off-by: Michael Niedermayer
>> ---
>> libavformat/av1dec.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c
>> index 10c4560968..395eef6522 100644
>> --- a/libavformat/av1dec.c
>> +++ b/libavformat/av1dec.c
>> @@ -382,7 +382,7 @@ static int obu_read_header(AVFormatContext *s)
>> static int obu_get_packet(AVFormatContext *s, AVPacket *pkt)
>> {
>> ObuContext *c = s->priv_data;
>> -uint8_t header[MAX_OBU_HEADER_SIZE];
>> +uint8_t header[MAX_OBU_HEADER_SIZE + AV_INPUT_BUFFER_PADDING_SIZE];
>> int64_t obu_size;
>> int size = av_fifo_space(c->fifo);
>> int ret, len, type;
>
> Where is header being overread? All reads and writes are always
> constrained to MAX_OBU_HEADER_SIZE bytes at most by the fifo.
read_obu_with_size() reads it via a GetBitContext which overreads (even
when not using the unchecked bitstream reader).
- Andreas
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v3 2/6] ffmpeg: move AVFrame time base adjustment into a function
This will have to be called later for video down the line.
---
fftools/ffmpeg.c | 72 +++-
1 file changed, 47 insertions(+), 25 deletions(-)
diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index cb7644de6a..0d8ed26912 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -897,6 +897,50 @@ static int check_recording_time(OutputStream *ost)
return 1;
}
+static double adjust_frame_pts_to_encoder_tb(OutputFile *of, OutputStream *ost,
+ AVFrame *frame)
+{
+double float_pts = AV_NOPTS_VALUE; // this is identical to frame.pts but
with higher precision
+AVCodecContext *enc = ost->enc_ctx;
+if (!frame || frame->pts == AV_NOPTS_VALUE ||
+!enc || !ost->filter || !ost->filter->graph->graph)
+goto early_exit;
+
+{
+AVFilterContext *filter = ost->filter->filter;
+
+int64_t start_time = (of->start_time == AV_NOPTS_VALUE) ? 0 :
of->start_time;
+AVRational filter_tb = av_buffersink_get_time_base(filter);
+AVRational tb = enc->time_base;
+int extra_bits = av_clip(29 - av_log2(tb.den), 0, 16);
+
+tb.den <<= extra_bits;
+float_pts =
+av_rescale_q(frame->pts, filter_tb, tb) -
+av_rescale_q(start_time, AV_TIME_BASE_Q, tb);
+float_pts /= 1 << extra_bits;
+// avoid exact midoints to reduce the chance of rounding differences,
this can be removed in case the fps code is changed to work with integers
+float_pts += FFSIGN(float_pts) * 1.0 / (1<<17);
+
+frame->pts =
+av_rescale_q(frame->pts, filter_tb, enc->time_base) -
+av_rescale_q(start_time, AV_TIME_BASE_Q, enc->time_base);
+}
+
+early_exit:
+
+if (debug_ts) {
+av_log(NULL, AV_LOG_INFO, "filter -> pts:%s pts_time:%s exact:%f
time_base:%d/%d\n",
+ frame ? av_ts2str(frame->pts) : "NULL",
+ frame ? av_ts2timestr(frame->pts, &enc->time_base) : "NULL",
+ float_pts,
+ enc ? enc->time_base.num : -1,
+ enc ? enc->time_base.den : -1);
+}
+
+return float_pts;
+}
+
static void do_audio_out(OutputFile *of, OutputStream *ost,
AVFrame *frame)
{
@@ -1473,37 +1517,15 @@ static int reap_filters(int flush)
av_frame_unref(filtered_frame);
continue;
}
-if (filtered_frame->pts != AV_NOPTS_VALUE) {
-int64_t start_time = (of->start_time == AV_NOPTS_VALUE) ? 0 :
of->start_time;
-AVRational filter_tb = av_buffersink_get_time_base(filter);
-AVRational tb = enc->time_base;
-int extra_bits = av_clip(29 - av_log2(tb.den), 0, 16);
-
-tb.den <<= extra_bits;
-float_pts =
-av_rescale_q(filtered_frame->pts, filter_tb, tb) -
-av_rescale_q(start_time, AV_TIME_BASE_Q, tb);
-float_pts /= 1 << extra_bits;
-// avoid exact midoints to reduce the chance of rounding
differences, this can be removed in case the fps code is changed to work with
integers
-float_pts += FFSIGN(float_pts) * 1.0 / (1<<17);
-
-filtered_frame->pts =
-av_rescale_q(filtered_frame->pts, filter_tb,
enc->time_base) -
-av_rescale_q(start_time, AV_TIME_BASE_Q, enc->time_base);
-}
+
+float_pts = adjust_frame_pts_to_encoder_tb(of, ost,
+ filtered_frame);
switch (av_buffersink_get_type(filter)) {
case AVMEDIA_TYPE_VIDEO:
if (!ost->frame_aspect_ratio.num)
enc->sample_aspect_ratio =
filtered_frame->sample_aspect_ratio;
-if (debug_ts) {
-av_log(NULL, AV_LOG_INFO, "filter -> pts:%s pts_time:%s
exact:%f time_base:%d/%d\n",
-av_ts2str(filtered_frame->pts),
av_ts2timestr(filtered_frame->pts, &enc->time_base),
-float_pts,
-enc->time_base.num, enc->time_base.den);
-}
-
do_video_out(of, ost, filtered_frame, float_pts);
break;
case AVMEDIA_TYPE_AUDIO:
--
2.26.2
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v3 0/6] ffmpeg: late A/V encoder init, AVFrame metadata usage
This patch set started with a very simple wish to not have to set color related values manually each time when utilizing ffmpeg.c. As of the third iteration, the following changes were done since the second: 1. A simple mistake was corrected, fixing `debug_ts`. 2. As I noticed such a change enabling a fix for the interlaced flag writing for Y4M, switched the location of the field order and interlaced/progressive logic to where the encoder is initialized. 3. First attempt at fixing cases where the difference between stream copy and re-encoding leads to the muxer queue filling up, breaking cases where a stream with lots of small packets (such as audio) is copied, and a seek ends up multiple seconds before the actual requested seek time. Unfortunately, audio still needs two locations where the encoder is initialized, due to how avfilter_graph_request_oldest peeks and already puts one AVFrame to be available from the filter graph (which is then utilized as-is as an early return inside both av_buffersink_get_frame_flags and av_buffersink_get_samples). If this would be improved in lavfi (or the call to avfilter_graph_request_oldest removed), we could at least remove one of these. Currently limited to using values for video and started with the basic values, more can be added later if needed. This probably fixes some trac issues, but with a quick look I couldn't find anything that explicitly was due to lack of video color metadata passthrough. Jan Example 1: I have an RGB 3-D render, which I would like to encode into BT.709 YCbCr. The video filter I'm generally using for this (zscale) does flag the matrix in the output AVFrame. Yet to have the video encoder have the correct metadata set, I have to set the value(s) manually. With this patch set, the value(s) from the first AVFrame fed to do_video_out will be utilized. Example 2: I have an input video that sets one or more of the following: matrix/primaries/transfer function/range/chroma location. I just want to re-encode it. All of this metadata gets stripped. With this patch set, the value(s) from the first AVFrame fed to do_video_out will be utilized. Example 3: I have a video which has incorrect metadata tagged. Before, I had to set the correct data data manually. With this patch set, since ffmpeg.c takes color related options as dictionary keys, the AVFrame values will only be utilized if the user has not set the option for a given stream. Thus, this use case still works. Jan Ekström (6): ffmpeg: deduplicate init_output_stream usage logic ffmpeg: move AVFrame time base adjustment into a function ffmpeg: move A/V non-streamcopy initialization to a later point ffmpeg: pass decoded or filtered AVFrame to output stream initialization ffmpeg: move field order decision making to encoder initialization ffmpeg: add a data size threshold for muxing queue size doc/ffmpeg.texi | 5 + fftools/ffmpeg.c | 249 -- fftools/ffmpeg.h | 11 + fftools/ffmpeg_opt.c | 8 + .../fate/concat-demuxer-extended-lavf-mxf_d10 | 2 +- .../fate/concat-demuxer-simple1-lavf-mxf_d10 | 2 +- tests/ref/fate/rgb24-mkv | 4 +- tests/ref/lavf/mxf_d10| 2 +- tests/ref/lavf/mxf_dv25 | 2 +- tests/ref/lavf/mxf_dvcpro50 | 2 +- tests/ref/lavf/mxf_opatom | 2 +- 11 files changed, 202 insertions(+), 87 deletions(-) -- 2.26.2 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v3 5/6] ffmpeg: move field order decision making to encoder initialization
We now have the possibility of getting AVFrames here, and we should
not touch the muxer's codecpar after writing the header.
---
fftools/ffmpeg.c | 27 ++-
.../fate/concat-demuxer-extended-lavf-mxf_d10 | 2 +-
.../fate/concat-demuxer-simple1-lavf-mxf_d10 | 2 +-
tests/ref/fate/rgb24-mkv | 4 +--
tests/ref/lavf/mxf_d10| 2 +-
5 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index b2e210c814..1c95890f08 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -1117,7 +1117,6 @@ static void do_video_out(OutputFile *of,
int ret, format_video_sync;
AVPacket pkt;
AVCodecContext *enc = ost->enc_ctx;
-AVCodecParameters *mux_par = ost->st->codecpar;
AVRational frame_rate;
int nb_frames, nb0_frames, i;
double delta, delta0;
@@ -1279,18 +1278,6 @@ static void do_video_out(OutputFile *of,
if (!check_recording_time(ost))
return;
-if (enc->flags & (AV_CODEC_FLAG_INTERLACED_DCT |
AV_CODEC_FLAG_INTERLACED_ME) &&
-ost->top_field_first >= 0)
-in_picture->top_field_first = !!ost->top_field_first;
-
-if (in_picture->interlaced_frame) {
-if (enc->codec->id == AV_CODEC_ID_MJPEG)
-mux_par->field_order = in_picture->top_field_first ?
AV_FIELD_TT:AV_FIELD_BB;
-else
-mux_par->field_order = in_picture->top_field_first ?
AV_FIELD_TB:AV_FIELD_BT;
-} else
-mux_par->field_order = AV_FIELD_PROGRESSIVE;
-
in_picture->quality = enc->global_quality;
in_picture->pict_type = 0;
@@ -3435,6 +3422,20 @@ static int init_output_stream_encode(OutputStream *ost,
AVFrame *frame)
enc_ctx->field_order = AV_FIELD_TT;
}
+if (frame) {
+if (enc_ctx->flags & (AV_CODEC_FLAG_INTERLACED_DCT |
AV_CODEC_FLAG_INTERLACED_ME) &&
+ost->top_field_first >= 0)
+frame->top_field_first = !!ost->top_field_first;
+
+if (frame->interlaced_frame) {
+if (enc_ctx->codec->id == AV_CODEC_ID_MJPEG)
+enc_ctx->field_order = frame->top_field_first ?
AV_FIELD_TT:AV_FIELD_BB;
+else
+enc_ctx->field_order = frame->top_field_first ?
AV_FIELD_TB:AV_FIELD_BT;
+} else
+enc_ctx->field_order = AV_FIELD_PROGRESSIVE;
+}
+
if (ost->forced_keyframes) {
if (!strncmp(ost->forced_keyframes, "expr:", 5)) {
ret = av_expr_parse(&ost->forced_keyframes_pexpr,
ost->forced_keyframes+5,
diff --git a/tests/ref/fate/concat-demuxer-extended-lavf-mxf_d10
b/tests/ref/fate/concat-demuxer-extended-lavf-mxf_d10
index e3e76f217a..f6efc00ca4 100644
--- a/tests/ref/fate/concat-demuxer-extended-lavf-mxf_d10
+++ b/tests/ref/fate/concat-demuxer-extended-lavf-mxf_d10
@@ -1 +1 @@
-d66177ea3922692bc91cd0f8aa907650
*tests/data/fate/concat-demuxer-extended-lavf-mxf_d10.ffprobe
+84496cfe2d668db395280ea67e5c6fbe
*tests/data/fate/concat-demuxer-extended-lavf-mxf_d10.ffprobe
diff --git a/tests/ref/fate/concat-demuxer-simple1-lavf-mxf_d10
b/tests/ref/fate/concat-demuxer-simple1-lavf-mxf_d10
index 79ce1e2306..8f3f2e5265 100644
--- a/tests/ref/fate/concat-demuxer-simple1-lavf-mxf_d10
+++ b/tests/ref/fate/concat-demuxer-simple1-lavf-mxf_d10
@@ -78,5 +78,5 @@
video|0|34|1.36|34|1.36|1|0.04|N/A|N/A|15|1924096|K_|1
Strings Metadata
audio|1|65280|1.36|65280|1.36|1920|0.04|N/A|N/A|7680|2074624|K_|1
Strings Metadata
-0|mpeg2video|0|video|1/25|[0][0][0][0]|0x|720|608|0|0|0|0|1:1|45:38|yuv422p|5|tv|unknown|unknown|unknown|topleft|tt|N/A|1|N/A|25/1|25/1|1/25|0|0.00|N/A|N/A|3000|N/A|N/A|N/A|N/A|35|0|0|0|0|0|0|0|0|0|0|0|0|0x060A2B340101010501010D001301
+0|mpeg2video|0|video|1/25|[0][0][0][0]|0x|720|608|0|0|0|0|1:1|45:38|yuv422p|5|tv|unknown|unknown|unknown|topleft|tb|N/A|1|N/A|25/1|25/1|1/25|0|0.00|N/A|N/A|3000|N/A|N/A|N/A|N/A|35|0|0|0|0|0|0|0|0|0|0|0|0|0x060A2B340101010501010D001301
1|pcm_s16le|unknown|audio|1/48000|[0][0][0][0]|0x|s16|48000|2|unknown|16|N/A|0/0|0/0|1/48000|0|0.00|N/A|N/A|1536000|N/A|N/A|N/A|N/A|35|0|0|0|0|0|0|0|0|0|0|0|0|0x060A2B340101010501010D001301
diff --git a/tests/ref/fate/rgb24-mkv b/tests/ref/fate/rgb24-mkv
index 34d028cbfd..3b14cd0ef0 100644
--- a/tests/ref/fate/rgb24-mkv
+++ b/tests/ref/fate/rgb24-mkv
@@ -1,5 +1,5 @@
-fdc02d700dbe99315a9f0d928a9b935e *tests/data/fate/rgb24-mkv.matroska
-58213 tests/data/fate/rgb24-mkv.matroska
+fde8903c4df0ba8235dafcfd8a2f368c *tests/data/fate/rgb24-mkv.matroska
+58216 tests/data/fate/rgb24-mkv.matroska
#tb 0: 1/10
#media_type 0: video
#codec_id 0: rawvideo
diff --git a/tests/ref/lavf/mxf_d10 b/tests/ref/lavf/mxf_d10
index 85e337d15
[FFmpeg-devel] [PATCH v3 3/6] ffmpeg: move A/V non-streamcopy initialization to a later point
- For video, this means a single initialization point in do_video_out.
- For audio we unfortunately need to do it in two places just
before the buffer sink is utilized (if av_buffersink_get_samples
would still work according to its specification after a call to
avfilter_graph_request_oldest was made, we could at least remove
the one in transcode_step).
Other adjustments to make things work:
- As the AVFrame PTS adjustment to encoder time base needs the encoder
to be initialized, so it is now moved to do_{video,audio}_out,
right after the encoder has been initialized. Due to this,
the additional parameter in do_video_out is removed as it is no
longer necessary.
---
fftools/ffmpeg.c | 112 ---
1 file changed, 77 insertions(+), 35 deletions(-)
diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index 0d8ed26912..08db67a6ab 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -941,6 +941,28 @@ early_exit:
return float_pts;
}
+static int init_output_stream(OutputStream *ost, char *error, int error_len);
+
+static int init_output_stream_wrapper(OutputStream *ost, unsigned int fatal)
+{
+int ret = AVERROR_BUG;
+char error[1024] = {0};
+
+if (ost->initialized)
+return 0;
+
+ret = init_output_stream(ost, error, sizeof(error));
+if (ret < 0) {
+av_log(NULL, AV_LOG_ERROR, "Error initializing output stream %d:%d --
%s\n",
+ ost->file_index, ost->index, error);
+
+if (fatal)
+exit_program(1);
+}
+
+return ret;
+}
+
static void do_audio_out(OutputFile *of, OutputStream *ost,
AVFrame *frame)
{
@@ -952,6 +974,8 @@ static void do_audio_out(OutputFile *of, OutputStream *ost,
pkt.data = NULL;
pkt.size = 0;
+adjust_frame_pts_to_encoder_tb(of, ost, frame);
+
if (!check_recording_time(ost))
return;
@@ -1086,8 +1110,7 @@ static void do_subtitle_out(OutputFile *of,
static void do_video_out(OutputFile *of,
OutputStream *ost,
- AVFrame *next_picture,
- double sync_ipts)
+ AVFrame *next_picture)
{
int ret, format_video_sync;
AVPacket pkt;
@@ -1097,10 +1120,14 @@ static void do_video_out(OutputFile *of,
int nb_frames, nb0_frames, i;
double delta, delta0;
double duration = 0;
+double sync_ipts = AV_NOPTS_VALUE;
int frame_size = 0;
InputStream *ist = NULL;
AVFilterContext *filter = ost->filter->filter;
+init_output_stream_wrapper(ost, 1);
+sync_ipts = adjust_frame_pts_to_encoder_tb(of, ost, next_picture);
+
if (ost->source_index >= 0)
ist = input_streams[ost->source_index];
@@ -1434,28 +1461,6 @@ static void do_video_stats(OutputStream *ost, int
frame_size)
}
}
-static int init_output_stream(OutputStream *ost, char *error, int error_len);
-
-static int init_output_stream_wrapper(OutputStream *ost, unsigned int fatal)
-{
-int ret = AVERROR_BUG;
-char error[1024] = {0};
-
-if (ost->initialized)
-return 0;
-
-ret = init_output_stream(ost, error, sizeof(error));
-if (ret < 0) {
-av_log(NULL, AV_LOG_ERROR, "Error initializing output stream %d:%d --
%s\n",
- ost->file_index, ost->index, error);
-
-if (fatal)
-exit_program(1);
-}
-
-return ret;
-}
-
static void finish_output_stream(OutputStream *ost)
{
OutputFile *of = output_files[ost->file_index];
@@ -1492,7 +1497,17 @@ static int reap_filters(int flush)
continue;
filter = ost->filter->filter;
-init_output_stream_wrapper(ost, 1);
+/*
+ * Unlike video, with audio the audio frame size matters.
+ * Currently we are fully reliant on the lavfi filter chain to
+ * do the buffering deed for us, and thus the frame size parameter
+ * needs to be set accordingly. Where does one get the required
+ * frame size? From the initialized AVCodecContext of an audio
+ * encoder. Thus, if we have gotten to an audio stream, initialize
+ * the encoder earlier than receiving the first AVFrame.
+ */
+if (av_buffersink_get_type(filter) == AVMEDIA_TYPE_AUDIO)
+init_output_stream_wrapper(ost, 1);
if (!ost->filtered_frame && !(ost->filtered_frame = av_frame_alloc()))
{
return AVERROR(ENOMEM);
@@ -1500,7 +1515,6 @@ static int reap_filters(int flush)
filtered_frame = ost->filtered_frame;
while (1) {
-double float_pts = AV_NOPTS_VALUE; // this is identical to
filtered_frame.pts but with higher precision
ret = av_buffersink_get_frame_flags(filter, filtered_frame,
AV_BUFFERSINK_FLAG_NO_REQUEST);
if (ret < 0) {
@@ -1509,7 +1523,7 @@ static int reap_filters(int flush)
"Error in
Re: [FFmpeg-devel] [PATCH 1/3] avformat/av1dec: Fix padding in obu_get_packet()
On 10/16/2020 10:23 AM, Andreas Rheinhardt wrote:
> James Almer:
>> On 10/16/2020 7:46 AM, Michael Niedermayer wrote:
>>> Fixes: stack buffer overflow (read)
>>> Fixes:
>>> 26369/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5721057325219840
>>>
>>> Found-by: continuous fuzzing process
>>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>>> Signed-off-by: Michael Niedermayer
>>> ---
>>> libavformat/av1dec.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c
>>> index 10c4560968..395eef6522 100644
>>> --- a/libavformat/av1dec.c
>>> +++ b/libavformat/av1dec.c
>>> @@ -382,7 +382,7 @@ static int obu_read_header(AVFormatContext *s)
>>> static int obu_get_packet(AVFormatContext *s, AVPacket *pkt)
>>> {
>>> ObuContext *c = s->priv_data;
>>> -uint8_t header[MAX_OBU_HEADER_SIZE];
>>> +uint8_t header[MAX_OBU_HEADER_SIZE + AV_INPUT_BUFFER_PADDING_SIZE];
>>> int64_t obu_size;
>>> int size = av_fifo_space(c->fifo);
>>> int ret, len, type;
>>
>> Where is header being overread? All reads and writes are always
>> constrained to MAX_OBU_HEADER_SIZE bytes at most by the fifo.
>
> read_obu_with_size() reads it via a GetBitContext which overreads (even
> when not using the unchecked bitstream reader).
I thought about that too, which would mean this fuzzer forcefully
disables the checked bitstream reader at configure time? (Why do we even
have such a configure option anyway? It breaks all kinds of assumptions.
It should be done internally at the module level exclusively).
Defining UNCHECKED_BITSTREAM_READER to 0 in av1dec.c before including
get_bits.h would be a better fix.
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v1] libavformat/hls: During operation, the user exits and interrupts, causing pls->segment to be released, resulting in a null pointer crash
javashu2...@gmail.com:
> From: bevis
>
> Signed-off-by: bevis
> ---
> libavformat/hls.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/libavformat/hls.c b/libavformat/hls.c
> index 72e28ab94f..0a522a4595 100644
> --- a/libavformat/hls.c
> +++ b/libavformat/hls.c
> @@ -1979,17 +1979,18 @@ static int hls_read_header(AVFormatContext *s)
> pls->ctx->interrupt_callback = s->interrupt_callback;
> url = av_strdup(pls->segments[0]->url);
> ret = av_probe_input_buffer(&pls->pb, &in_fmt, url, NULL, 0, 0);
> -av_free(url);
> if (ret < 0) {
> /* Free the ctx - it isn't initialized properly at this point,
> * so avformat_close_input shouldn't be called. If
> * avformat_open_input fails below, it frees and zeros the
> * context, so it doesn't need any special treatment like this.
> */
> -av_log(s, AV_LOG_ERROR, "Error when loading first segment
> '%s'\n", pls->segments[0]->url);
> +av_log(s, AV_LOG_ERROR, "Error when loading first segment
> '%s'\n", url);
> avformat_free_context(pls->ctx);
> pls->ctx = NULL;
> +av_free(url);
> goto fail;
> }
> +av_free(url);
> pls->ctx->pb = &pls->pb;
> pls->ctx->io_open = nested_io_open;
> pls->ctx->flags |= s->flags & ~AVFMT_FLAG_CUSTOM_IO;
>
The change itself seems fine to me (I wonder why this hasn't been
noticed when writing/reviewing b5e39880fb), but your commit message is
way too long: The first line should be a short description followed by a
more detailed description lateron (in the next lines).
How exactly did you find this?
- Andreas
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 1/3] avformat/av1dec: Fix padding in obu_get_packet()
James Almer:
> On 10/16/2020 10:23 AM, Andreas Rheinhardt wrote:
>> James Almer:
>>> On 10/16/2020 7:46 AM, Michael Niedermayer wrote:
Fixes: stack buffer overflow (read)
Fixes:
26369/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5721057325219840
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
---
libavformat/av1dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c
index 10c4560968..395eef6522 100644
--- a/libavformat/av1dec.c
+++ b/libavformat/av1dec.c
@@ -382,7 +382,7 @@ static int obu_read_header(AVFormatContext *s)
static int obu_get_packet(AVFormatContext *s, AVPacket *pkt)
{
ObuContext *c = s->priv_data;
-uint8_t header[MAX_OBU_HEADER_SIZE];
+uint8_t header[MAX_OBU_HEADER_SIZE + AV_INPUT_BUFFER_PADDING_SIZE];
int64_t obu_size;
int size = av_fifo_space(c->fifo);
int ret, len, type;
>>>
>>> Where is header being overread? All reads and writes are always
>>> constrained to MAX_OBU_HEADER_SIZE bytes at most by the fifo.
>>
>> read_obu_with_size() reads it via a GetBitContext which overreads (even
>> when not using the unchecked bitstream reader).
>
> I thought about that too, which would mean this fuzzer forcefully
> disables the checked bitstream reader at configure time? (Why do we even
> have such a configure option anyway? It breaks all kinds of assumptions.
> It should be done internally at the module level exclusively).
>
> Defining UNCHECKED_BITSTREAM_READER to 0 in av1dec.c before including
> get_bits.h would be a better fix.
You misunderstood: Even the checked bitstream reader overreads
(otherwise every get_bits() call would need special code to handle the
case in which less than four bytes are available). The only difference
between the checked and the unchecked bitstream reader is that the
former checks when updating the counter:
#if UNCHECKED_BITSTREAM_READER
# define SKIP_COUNTER(name, gb, num) name ## _index += (num)
#else
# define SKIP_COUNTER(name, gb, num) \
name ## _index = FFMIN(name ## _size_plus8, name ## _index + (num))
#endif
- Andreas
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v3 6/6] ffmpeg: add a data size threshold for muxing queue size
This way the old max queue size limit based behavior for streams
where each individual packet is large is kept, while for smaller
streams more packets can be buffered (current default is at 50
megabytes per stream).
For some explanation, by default ffmpeg copies packets from before
the appointed seek point and puts them into the local muxing queue.
Before, it getting utilized was much less likely since as soon as
the filter chain was initialized, the encoder (and thus output
stream) was also initialized.
Now, since we have pushed the encoder initialization to when the
first AVFrame is decoded and filtered - which only happens after
the exact seek point is hit - this queue is seeing much more usage.
This attempts to fix cases such as where:
- seek point ends up being 5 seconds before requested time.
- audio is set to copy, and thus immediately begins filling the
muxing queue.
- video is being encoded, and thus all received packets are skipped
until the requested time is hit.
---
doc/ffmpeg.texi | 5 +
fftools/ffmpeg.c | 11 +--
fftools/ffmpeg.h | 11 +++
fftools/ffmpeg_opt.c | 8
4 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/doc/ffmpeg.texi b/doc/ffmpeg.texi
index 96b3257e79..95d6463685 100644
--- a/doc/ffmpeg.texi
+++ b/doc/ffmpeg.texi
@@ -1746,6 +1746,11 @@ this buffer, in packets, for the matching output stream.
The default value of this option should be high enough for most uses, so only
touch this option if you are sure that you need it.
+@item -muxing_queue_data_threshold @var{bytes} (@emph{output,per-stream})
+This is a minimum threshold until which the muxing queue size is not taken into
+account. Defaults to 50 megabytes per stream, and is based on the overall size
+of packets passed to the muxer.
+
@item -auto_conversion_filters (@emph{global})
Enable automatically inserting format conversion filters in all filter
graphs, including those defined by @option{-vf}, @option{-af},
diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index 1c95890f08..c57f0a43ad 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -725,8 +725,13 @@ static void write_packet(OutputFile *of, AVPacket *pkt,
OutputStream *ost, int u
AVPacket tmp_pkt = {0};
/* the muxer is not initialized yet, buffer the packet */
if (!av_fifo_space(ost->muxing_queue)) {
-int new_size = FFMIN(2 * av_fifo_size(ost->muxing_queue),
- ost->max_muxing_queue_size);
+unsigned int are_we_over_size =
+(ost->muxing_queue_data_size + pkt->size) >
ost->muxing_queue_data_threshold;
+int new_size = are_we_over_size ?
+ FFMIN(2 * av_fifo_size(ost->muxing_queue),
+ ost->max_muxing_queue_size) :
+ 2 * av_fifo_size(ost->muxing_queue);
+
if (new_size <= av_fifo_size(ost->muxing_queue)) {
av_log(NULL, AV_LOG_ERROR,
"Too many packets buffered for output stream %d:%d.\n",
@@ -741,6 +746,7 @@ static void write_packet(OutputFile *of, AVPacket *pkt,
OutputStream *ost, int u
if (ret < 0)
exit_program(1);
av_packet_move_ref(&tmp_pkt, pkt);
+ost->muxing_queue_data_size += tmp_pkt.size;
av_fifo_generic_write(ost->muxing_queue, &tmp_pkt, sizeof(tmp_pkt),
NULL);
return;
}
@@ -3013,6 +3019,7 @@ static int check_init_output_file(OutputFile *of, int
file_index)
while (av_fifo_size(ost->muxing_queue)) {
AVPacket pkt;
av_fifo_generic_read(ost->muxing_queue, &pkt, sizeof(pkt), NULL);
+ost->muxing_queue_data_size -= pkt.size;
write_packet(of, &pkt, ost, 1);
}
}
diff --git a/fftools/ffmpeg.h b/fftools/ffmpeg.h
index 8665218dcf..3b54dab7fc 100644
--- a/fftools/ffmpeg.h
+++ b/fftools/ffmpeg.h
@@ -215,6 +215,8 @@ typedef struct OptionsContext {
intnb_passlogfiles;
SpecifierOpt *max_muxing_queue_size;
intnb_max_muxing_queue_size;
+SpecifierOpt *muxing_queue_data_threshold;
+intnb_muxing_queue_data_threshold;
SpecifierOpt *guess_layout_max;
intnb_guess_layout_max;
SpecifierOpt *apad;
@@ -547,6 +549,15 @@ typedef struct OutputStream {
/* the packets are buffered here until the muxer is ready to be
initialized */
AVFifoBuffer *muxing_queue;
+/*
+ * The size of the AVPackets' buffers in queue.
+ * Updated when a packet is either pushed or pulled from the queue.
+ */
+size_t muxing_queue_data_size;
+
+/* Threshold after which max_muxing_queue_size will be in effect */
+size_t muxing_queue_data_threshold;
+
/* packet picture type */
int pict_type;
diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
index 19f719e3ff..39e0a31ea2 100644
--- a/fftools/ffmpeg_opt.c
+++ b/fftools/ffmpeg_opt.c
@@ -87,6 +87,7 @@ sta
Re: [FFmpeg-devel] [PATCH 1/3] avformat/av1dec: Fix padding in obu_get_packet()
On 10/16/2020 10:35 AM, Andreas Rheinhardt wrote:
> James Almer:
>> On 10/16/2020 10:23 AM, Andreas Rheinhardt wrote:
>>> James Almer:
On 10/16/2020 7:46 AM, Michael Niedermayer wrote:
> Fixes: stack buffer overflow (read)
> Fixes:
> 26369/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5721057325219840
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer
> ---
> libavformat/av1dec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c
> index 10c4560968..395eef6522 100644
> --- a/libavformat/av1dec.c
> +++ b/libavformat/av1dec.c
> @@ -382,7 +382,7 @@ static int obu_read_header(AVFormatContext *s)
> static int obu_get_packet(AVFormatContext *s, AVPacket *pkt)
> {
> ObuContext *c = s->priv_data;
> -uint8_t header[MAX_OBU_HEADER_SIZE];
> +uint8_t header[MAX_OBU_HEADER_SIZE + AV_INPUT_BUFFER_PADDING_SIZE];
> int64_t obu_size;
> int size = av_fifo_space(c->fifo);
> int ret, len, type;
Where is header being overread? All reads and writes are always
constrained to MAX_OBU_HEADER_SIZE bytes at most by the fifo.
>>>
>>> read_obu_with_size() reads it via a GetBitContext which overreads (even
>>> when not using the unchecked bitstream reader).
>>
>> I thought about that too, which would mean this fuzzer forcefully
>> disables the checked bitstream reader at configure time? (Why do we even
>> have such a configure option anyway? It breaks all kinds of assumptions.
>> It should be done internally at the module level exclusively).
>>
>> Defining UNCHECKED_BITSTREAM_READER to 0 in av1dec.c before including
>> get_bits.h would be a better fix.
>
> You misunderstood: Even the checked bitstream reader overreads
How useful and expected. It's not like the get_bits.h doxy says the
checked bitstream reader "ensures that we don't read past input buffer
boundaries" or anything like that.
Guess the padding works, then.
> (otherwise every get_bits() call would need special code to handle the
> case in which less than four bytes are available). The only difference
> between the checked and the unchecked bitstream reader is that the
> former checks when updating the counter:
>
> #if UNCHECKED_BITSTREAM_READER
> # define SKIP_COUNTER(name, gb, num) name ## _index += (num)
> #else
> # define SKIP_COUNTER(name, gb, num) \
> name ## _index = FFMIN(name ## _size_plus8, name ## _index + (num))
> #endif
>
> - Andreas
> ___
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
>
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 1/3] avformat/av1dec: Fix padding in obu_get_packet()
James Almer:
> On 10/16/2020 10:35 AM, Andreas Rheinhardt wrote:
>> James Almer:
>>> On 10/16/2020 10:23 AM, Andreas Rheinhardt wrote:
James Almer:
> On 10/16/2020 7:46 AM, Michael Niedermayer wrote:
>> Fixes: stack buffer overflow (read)
>> Fixes:
>> 26369/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5721057325219840
>>
>> Found-by: continuous fuzzing process
>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>> Signed-off-by: Michael Niedermayer
>> ---
>> libavformat/av1dec.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c
>> index 10c4560968..395eef6522 100644
>> --- a/libavformat/av1dec.c
>> +++ b/libavformat/av1dec.c
>> @@ -382,7 +382,7 @@ static int obu_read_header(AVFormatContext *s)
>> static int obu_get_packet(AVFormatContext *s, AVPacket *pkt)
>> {
>> ObuContext *c = s->priv_data;
>> -uint8_t header[MAX_OBU_HEADER_SIZE];
>> +uint8_t header[MAX_OBU_HEADER_SIZE + AV_INPUT_BUFFER_PADDING_SIZE];
>> int64_t obu_size;
>> int size = av_fifo_space(c->fifo);
>> int ret, len, type;
>
> Where is header being overread? All reads and writes are always
> constrained to MAX_OBU_HEADER_SIZE bytes at most by the fifo.
read_obu_with_size() reads it via a GetBitContext which overreads (even
when not using the unchecked bitstream reader).
>>>
>>> I thought about that too, which would mean this fuzzer forcefully
>>> disables the checked bitstream reader at configure time? (Why do we even
>>> have such a configure option anyway? It breaks all kinds of assumptions.
>>> It should be done internally at the module level exclusively).
>>>
>>> Defining UNCHECKED_BITSTREAM_READER to 0 in av1dec.c before including
>>> get_bits.h would be a better fix.
>>
>> You misunderstood: Even the checked bitstream reader overreads
>
> How useful and expected. It's not like the get_bits.h doxy says the
> checked bitstream reader "ensures that we don't read past input buffer
> boundaries" or anything like that.
>
"* Initialize GetBitContext.
* @param buffer bitstream buffer, must be AV_INPUT_BUFFER_PADDING_SIZE
bytes larger than the actual read bits because some optimized bitstream
readers read 32 or 64 bit at once and could read over the end"
(Actually AV_INPUT_BUFFER_PADDING_SIZE is much bigger than 64bit
nowadays. This requirement probably comes from a time when it was
smaller. Maybe we should add a smaller constant?)
> Guess the padding works, then.
>
>> (otherwise every get_bits() call would need special code to handle the
>> case in which less than four bytes are available). The only difference
>> between the checked and the unchecked bitstream reader is that the
>> former checks when updating the counter:
>>
>> #if UNCHECKED_BITSTREAM_READER
>> # define SKIP_COUNTER(name, gb, num) name ## _index += (num)
>> #else
>> # define SKIP_COUNTER(name, gb, num) \
>> name ## _index = FFMIN(name ## _size_plus8, name ## _index + (num))
>> #endif
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avcodec/hevcdec: constrained intra predict, do not check top left IS_INTRA if it's not available
fix ticket: 8932
For poc 2, we have tile boundary at x = 640.
When we predict cu(640,912),the top left pixel is not avaliable to the cu.
So, we can not check it's intra or not. We need set top[-1] = top[0] directly.
see 8.4.4.2.1 for details
---
libavcodec/hevcpred_template.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/hevcpred_template.c b/libavcodec/hevcpred_template.c
index 6fe33546b1..e550707874 100644
--- a/libavcodec/hevcpred_template.c
+++ b/libavcodec/hevcpred_template.c
@@ -213,7 +213,7 @@ do { \
while (j < size_max_x && !IS_INTRA(j, -1))
j++;
if (j > 0)
-if (x0 > 0) {
+if (cand_up_left) {
EXTEND_LEFT_CIP(top, j, j + 1);
} else {
EXTEND_LEFT_CIP(top, j, j);
--
2.17.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 2/2] avcodec/movtextenc: Don't presume every style to have a font
Fixes segfaults in the absence of fonts; this can happen because the
file didn't contain any or because the allocation of the font-string
failed.
Signed-off-by: Andreas Rheinhardt
---
Do ASS files actually have to prescribe the font?
libavcodec/movtextenc.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavcodec/movtextenc.c b/libavcodec/movtextenc.c
index 3cf308aac8..dc2715951f 100644
--- a/libavcodec/movtextenc.c
+++ b/libavcodec/movtextenc.c
@@ -279,10 +279,14 @@ static int encode_sample_description(AVCodecContext
*avctx)
// is avaiable in the ASS header
if (style && ass->styles_count) {
// Find unique font names
-av_dynarray_add(&s->fonts, &s->font_count, style->font_name);
-font_names_total_len += strlen(style->font_name);
+if (style->font_name) {
+av_dynarray_add(&s->fonts, &s->font_count, style->font_name);
+font_names_total_len += strlen(style->font_name);
+}
for (i = 0; i < ass->styles_count; i++) {
int found = 0;
+if (!ass->styles[i].font_name)
+continue;
for (j = 0; j < s->font_count; j++) {
if (!strcmp(s->fonts[j], ass->styles[i].font_name)) {
found = 1;
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 1/2] avcodec/movtextdec: Reset array counter after freeing array
Otherwise the mov_text muxer can segfault when given subtitles with more
than one AVSubtitleRect if one of the first nb_rects - 1 rects contained
a style attribute.
Signed-off-by: Andreas Rheinhardt
---
I wonder whether we should also reset the STYL_BOX flag of s->box_flags.
libavcodec/movtextenc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/movtextenc.c b/libavcodec/movtextenc.c
index 67d29a09ca..3cf308aac8 100644
--- a/libavcodec/movtextenc.c
+++ b/libavcodec/movtextenc.c
@@ -102,6 +102,7 @@ static void mov_text_cleanup(MovTextContext *s)
av_freep(&s->style_attributes[j]);
}
av_freep(&s->style_attributes);
+s->count = 0;
}
if (s->style_attributes_temp) {
*s->style_attributes_temp = s->d;
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 1/5] avcodec/mobiclip: Avoid signed integer overflows in idct()
Fixes: signed integer overflow: 536870912 + 1610612736 cannot be represented in
type 'int'
Fixes:
26288/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6194364759670784
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
---
libavcodec/mobiclip.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/libavcodec/mobiclip.c b/libavcodec/mobiclip.c
index 82ff39e958..48467614ab 100644
--- a/libavcodec/mobiclip.c
+++ b/libavcodec/mobiclip.c
@@ -422,7 +422,8 @@ static void inverse4(unsigned *rs)
static void idct(int *arr, int size)
{
-int e, f, g, h, x3, x2, x1, x0;
+int e, f, g, h;
+unsigned x3, x2, x1, x0;
int tmp[4];
if (size == 4) {
@@ -437,14 +438,14 @@ static void idct(int *arr, int size)
inverse4(tmp);
-e = arr[7] + arr[1] - arr[3] - (arr[3] >> 1);
-f = arr[7] - arr[1] + arr[5] + (arr[5] >> 1);
-g = arr[5] - arr[3] - arr[7] - (arr[7] >> 1);
-h = arr[5] + arr[3] + arr[1] + (arr[1] >> 1);
-x3 = g + (h >> 2);
-x2 = e + (f >> 2);
-x1 = (e >> 2) - f;
-x0 = h - (g >> 2);
+e = (unsigned)arr[7] + arr[1] - arr[3] - (arr[3] >> 1);
+f = (unsigned)arr[7] - arr[1] + arr[5] + (arr[5] >> 1);
+g = (unsigned)arr[5] - arr[3] - arr[7] - (arr[7] >> 1);
+h = (unsigned)arr[5] + arr[3] + arr[1] + (arr[1] >> 1);
+x3 = (unsigned)g + (h >> 2);
+x2 = (unsigned)e + (f >> 2);
+x1 = (e >> 2) - (unsigned)f;
+x0 = (unsigned)h - (g >> 2);
arr[0] = tmp[0] + x0;
arr[1] = tmp[1] + x1;
--
2.17.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 5/5] avformat/boadec: Check that channels and block_align are set
Fixes: Infinite loop Fixes: 26381/clusterfuzz-testcase-minimized-ffmpeg_dem_BOA_fuzzer-5745789089087488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/boadec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/boadec.c b/libavformat/boadec.c index 495090c485..74a6ceecb1 100644 --- a/libavformat/boadec.c +++ b/libavformat/boadec.c @@ -54,12 +54,12 @@ static int read_header(AVFormatContext *s) avio_rl32(s->pb); st->codecpar->sample_rate = avio_rl32(s->pb); st->codecpar->channels= avio_rl32(s->pb); -if (st->codecpar->channels > FF_SANE_NB_CHANNELS) +if (st->codecpar->channels > FF_SANE_NB_CHANNELS || st->codecpar->channels <= 0) return AVERROR(ENOSYS); s->internal->data_offset = avio_rl32(s->pb); avio_r8(s->pb); st->codecpar->block_align = avio_rl32(s->pb); -if (st->codecpar->block_align > INT_MAX / FF_SANE_NB_CHANNELS) +if (st->codecpar->block_align > INT_MAX / FF_SANE_NB_CHANNELS || st->codecpar->block_align <= 0) return AVERROR_INVALIDDATA; st->codecpar->block_align *= st->codecpar->channels; -- 2.17.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 2/5] avcodec/exr: Check limits to avoid overflow in delta computation
Fixes: signed integer overflow: 553590816 - -2145378049 cannot be represented
in type 'int'
Fixes:
26315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5938755121446912
Fixes:
26340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5644316208529408
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
---
libavcodec/exr.c | 20
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index 80117deb8a..cf7824402a 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1520,15 +1520,27 @@ static int decode_header(EXRContext *s, AVFrame *frame)
continue;
} else if ((var_size = check_header_variable(s, "dataWindow", "box2i",
31)) >= 0) {
+int xmin, ymin, xmax, ymax;
if (!var_size) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
-s->xmin = bytestream2_get_le32(&s->gb);
-s->ymin = bytestream2_get_le32(&s->gb);
-s->xmax = bytestream2_get_le32(&s->gb);
-s->ymax = bytestream2_get_le32(&s->gb);
+xmin = bytestream2_get_le32(&s->gb);
+ymin = bytestream2_get_le32(&s->gb);
+xmax = bytestream2_get_le32(&s->gb);
+ymax = bytestream2_get_le32(&s->gb);
+
+if (xmin > xmax || ymin > ymax ||
+(unsigned)xmax - xmin >= INT_MAX ||
+(unsigned)ymax - ymin >= INT_MAX) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+s->xmin = xmin;
+s->xmax = xmax;
+s->ymin = ymin;
+s->ymax = ymax;
s->xdelta = (s->xmax - s->xmin) + 1;
s->ydelta = (s->ymax - s->ymin) + 1;
--
2.17.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 4/5] avformat/icodec: Change order of operations to avoid NULL dereference
Fixes: SEGV on unknown address 0x Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/icodec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/icodec.c b/libavformat/icodec.c index b47fa98f80..c061f3ec42 100644 --- a/libavformat/icodec.c +++ b/libavformat/icodec.c @@ -156,12 +156,14 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt) IcoDemuxContext *ico = s->priv_data; IcoImage *image; AVIOContext *pb = s->pb; -AVStream *st = s->streams[0]; +AVStream *st; int ret; if (ico->current_image >= ico->nb_images) return AVERROR_EOF; +st = s->streams[0]; + image = &ico->images[ico->current_image]; if ((ret = avio_seek(pb, image->offset, SEEK_SET)) < 0) -- 2.17.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 3/5] avformat/asfdec_f: Check for negative ext_len
Fixes: Infinite loop
Fixes:
26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016
Fixes:
26377/clusterfuzz-testcase-minimized-ffmpeg_dem_TY_fuzzer-4838195726123008
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
---
libavformat/asfdec_f.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
index 103155e9e7..4fba6c08b0 100644
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -607,6 +607,8 @@ static int asf_read_ext_stream_properties(AVFormatContext
*s, int64_t size)
ff_get_guid(pb, &g);
size = avio_rl16(pb);
ext_len = avio_rl32(pb);
+if (ext_len < 0)
+return AVERROR_INVALIDDATA;
avio_skip(pb, ext_len);
if (stream_num < 128 && i <
FF_ARRAY_ELEMS(asf->streams[stream_num].payload)) {
ASFPayload *p = &asf->streams[stream_num].payload[i];
--
2.17.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v3 3/6] ffmpeg: move A/V non-streamcopy initialization to a later point
On Fri, Oct 16, 2020 at 04:16:46PM +0300, Jan Ekström wrote:
> - For video, this means a single initialization point in do_video_out.
> - For audio we unfortunately need to do it in two places just
> before the buffer sink is utilized (if av_buffersink_get_samples
> would still work according to its specification after a call to
> avfilter_graph_request_oldest was made, we could at least remove
> the one in transcode_step).
>
> Other adjustments to make things work:
> - As the AVFrame PTS adjustment to encoder time base needs the encoder
> to be initialized, so it is now moved to do_{video,audio}_out,
> right after the encoder has been initialized. Due to this,
> the additional parameter in do_video_out is removed as it is no
> longer necessary.
> ---
> fftools/ffmpeg.c | 112 ---
> 1 file changed, 77 insertions(+), 35 deletions(-)
This breaks:
./ffmpeg -ss 30.0 -i ~/tickets/1745/1745-Sample.mkv -f vob -c:a copy -f
framecrc -
"Too many packets buffered for output stream 0:1."
i assume the sample is here:
http://www.spirton.com/uploads/FFmpeg/1745-Sample.mkv
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
If you drop bombs on a foreign country and kill a hundred thousand
innocent people, expect your government to call the consequence
"unprovoked inhuman terrorist attacks" and use it to justify dropping
more bombs and killing more people. The technology changed, the idea is old.
signature.asc
Description: PGP signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v3 1/6] ffmpeg: deduplicate init_output_stream usage logic
On Fri, Oct 16, 2020 at 04:16:44PM +0300, Jan Ekström wrote: > Adds a wrapper function, which handles any errors depending on how > fatal a failure would be. > --- > fftools/ffmpeg.c | 51 > 1 file changed, 25 insertions(+), 26 deletions(-) LGTM thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB If a bugfix only changes things apparently unrelated to the bug with no further explanation, that is a good sign that the bugfix is wrong. signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 4/5] avformat/icodec: Change order of operations to avoid NULL dereference
On Fri, Oct 16, 2020 at 07:35:29PM +0200, Michael Niedermayer wrote: > Fixes: SEGV on unknown address 0x > Fixes: > 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavformat/icodec.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/libavformat/icodec.c b/libavformat/icodec.c > index b47fa98f80..c061f3ec42 100644 > --- a/libavformat/icodec.c > +++ b/libavformat/icodec.c > @@ -156,12 +156,14 @@ static int read_packet(AVFormatContext *s, AVPacket > *pkt) > IcoDemuxContext *ico = s->priv_data; > IcoImage *image; > AVIOContext *pb = s->pb; > -AVStream *st = s->streams[0]; > +AVStream *st; > int ret; > > if (ico->current_image >= ico->nb_images) > return AVERROR_EOF; > > +st = s->streams[0]; > + > image = &ico->images[ico->current_image]; > > if ((ret = avio_seek(pb, image->offset, SEEK_SET)) < 0) > -- > 2.17.1 looks good -- Peter (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B) signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 5/6] avformat/udp: clarify option description for timeout unit
On Wed, 14 Oct 2020, lance.lmw...@gmail.com wrote:
From: Limin Wang
Signed-off-by: Limin Wang
---
libavformat/udp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/udp.c b/libavformat/udp.c
index 30d8041..ee5fa84 100644
--- a/libavformat/udp.c
+++ b/libavformat/udp.c
@@ -138,7 +138,7 @@ static const AVOption options[] = {
{ "connect","set if connect() should be called on socket",
OFFSET(is_connected), AV_OPT_TYPE_BOOL, { .i64 = 0 }, 0, 1, .flags = D|E },
{ "fifo_size", "set the UDP receiving circular buffer size, expressed as a
number of packets with size of 188 bytes", OFFSET(circular_buffer_size), AV_OPT_TYPE_INT,
{.i64 = 7*4096}, 0, INT_MAX, D },
{ "overrun_nonfatal", "survive in case of UDP receiving circular buffer
overrun", OFFSET(overrun_nonfatal), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1,D },
-{ "timeout","set raise error timeout (only in read mode)",
OFFSET(timeout),AV_OPT_TYPE_INT,{ .i64 = 0 }, 0, INT_MAX, D },
+{ "timeout","set raise error timeout, in microseconds(only in read
mode)",OFFSET(timeout), AV_OPT_TYPE_INT, {.i64 = 0}, 0, INT_MAX, D },
a space got removed ^^^
Thanks,
Marton
{ "sources","Source list",
OFFSET(sources),AV_OPT_TYPE_STRING, { .str = NULL }, .flags = D|E },
{ "block", "Block list",
OFFSET(block), AV_OPT_TYPE_STRING, { .str = NULL }, .flags = D|E },
{ NULL }
--
1.8.3.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] avformat/udp: remove redundant setting of h->max_packet_size
On Thu, 24 Sep 2020, myp...@gmail.com wrote:
On Thu, Sep 24, 2020 at 12:15 AM Zhao Zhili wrote:
h->max_packet_size is being reset in the following code.
---
libavformat/udp.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/libavformat/udp.c b/libavformat/udp.c
index 30d8041433..96d8b8ee11 100644
--- a/libavformat/udp.c
+++ b/libavformat/udp.c
@@ -650,9 +650,6 @@ static int udp_open(URLContext *h, const char *uri, int
flags)
goto fail;
}
-if (s->pkt_size > 0)
-h->max_packet_size = s->pkt_size;
-
p = strchr(uri, '?');
if (p) {
if (av_find_info_tag(buf, sizeof(buf), "reuse", p)) {
--
LGTM
Will apply, thanks.
Marton
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] avformat/libsrt: fix cleanups on failed libsrt_open() and libsrt_setup()
On Fri, 9 Oct 2020, Marton Balint wrote:
- Call srt_epoll_release() to avoid fd leak on libsrt_setup() error.
- Call srt_cleanup() on libsrt_open() failure.
- Fix return value and method on mode parsing failure.
Based on a patch by Nicolas Sugino .
Will apply.
Regards,
Marton
Signed-off-by: Marton Balint
---
libavformat/libsrt.c | 21 ++---
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
index 4025b24976..f73e7dbfa5 100644
--- a/libavformat/libsrt.c
+++ b/libavformat/libsrt.c
@@ -373,11 +373,6 @@ static int libsrt_setup(URLContext *h, const char *uri,
int flags)
int64_t open_timeout = 0;
int eid;
-eid = srt_epoll_create();
-if (eid < 0)
-return libsrt_neterrno(h);
-s->eid = eid;
-
av_url_split(proto, sizeof(proto), NULL, 0, hostname, sizeof(hostname),
&port, path, sizeof(path), uri);
if (strcmp(proto, "srt"))
@@ -413,6 +408,11 @@ static int libsrt_setup(URLContext *h, const char *uri,
int flags)
cur_ai = ai;
+eid = srt_epoll_create();
+if (eid < 0)
+return libsrt_neterrno(h);
+s->eid = eid;
+
restart:
fd = srt_socket(cur_ai->ai_family, cur_ai->ai_socktype, 0);
@@ -495,6 +495,7 @@ static int libsrt_setup(URLContext *h, const char *uri, int
flags)
if (listen_fd >= 0)
srt_close(listen_fd);
freeaddrinfo(ai);
+srt_epoll_release(s->eid);
return ret;
}
@@ -584,7 +585,8 @@ static int libsrt_open(URLContext *h, const char *uri, int
flags)
} else if (!strcmp(buf, "rendezvous")) {
s->mode = SRT_MODE_RENDEZVOUS;
} else {
-return AVERROR(EIO);
+ret = AVERROR(EINVAL);
+goto err;
}
}
if (av_find_info_tag(buf, sizeof(buf), "sndbuf", p)) {
@@ -632,10 +634,15 @@ static int libsrt_open(URLContext *h, const char *uri,
int flags)
s->linger = strtol(buf, NULL, 10);
}
}
-return libsrt_setup(h, uri, flags);
+ret = libsrt_setup(h, uri, flags);
+if (ret < 0)
+goto err;
+return 0;
+
err:
av_freep(&s->smoother);
av_freep(&s->streamid);
+srt_cleanup();
return ret;
}
--
2.26.2
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] Revert "aviobuf: Discard old buffered, previously read data in ffio_read_partial"
On Thu, 15 Oct 2020, Marton Balint wrote:
On Fri, 9 Oct 2020, Marton Balint wrote:
This is unneeded after 2ca48e466675a8a3630061cd2c15325eab8eda97 and it
breaks
ffio_ensure_seekback().
This reverts commit 53c25ee0736497b46bb76064cc2c84c976b2d295.
---
libavformat/aviobuf.c | 7 ---
1 file changed, 7 deletions(-)
diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
index a77517d712..b55b206be2 100644
--- a/libavformat/aviobuf.c
+++ b/libavformat/aviobuf.c
@@ -719,13 +719,6 @@ int avio_read_partial(AVIOContext *s, unsigned char
*buf, int size)
len = s->buf_end - s->buf_ptr;
if (len == 0) {
-/* Reset the buf_end pointer to the start of the buffer, to make
sure
- * the fill_buffer call tries to read as much data as fits into
the
- * full buffer, instead of just what space is left after buf_end.
- * This avoids returning partial packets at the end of the buffer,
- * for packet based inputs.
- */
-s->buf_end = s->buf_ptr = s->buffer;
fill_buffer(s);
len = s->buf_end - s->buf_ptr;
}
Ping, will apply soon.
Applied.
Regards,
Marton
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] lavf/mpeg: replace magic descriptor_tag values with defines
On Sun, 11 Oct 2020, Michael Niedermayer wrote: On Sat, Oct 10, 2020 at 05:04:30PM +1100, Brad Hards wrote: This takes the used values from ISO/IEC 13818-1 Table 2-45 and adds them to the mpegts.h header. No functional changes. Signed-off-by: Brad Hards --- libavformat/mpegts.c| 16 libavformat/mpegts.h| 10 ++ libavformat/mpegtsenc.c | 6 +++--- 3 files changed, 21 insertions(+), 11 deletions(-) should be ok Will apply. Thanks, Marton ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v3 3/6] ffmpeg: move A/V non-streamcopy initialization to a later point
On Fri, Oct 16, 2020, 22:47 Michael Niedermayer
wrote:
> On Fri, Oct 16, 2020 at 04:16:46PM +0300, Jan Ekström wrote:
> > - For video, this means a single initialization point in do_video_out.
> > - For audio we unfortunately need to do it in two places just
> > before the buffer sink is utilized (if av_buffersink_get_samples
> > would still work according to its specification after a call to
> > avfilter_graph_request_oldest was made, we could at least remove
> > the one in transcode_step).
> >
> > Other adjustments to make things work:
> > - As the AVFrame PTS adjustment to encoder time base needs the encoder
> > to be initialized, so it is now moved to do_{video,audio}_out,
> > right after the encoder has been initialized. Due to this,
> > the additional parameter in do_video_out is removed as it is no
> > longer necessary.
> > ---
> > fftools/ffmpeg.c | 112 ---
> > 1 file changed, 77 insertions(+), 35 deletions(-)
>
> This breaks:
>
> ./ffmpeg -ss 30.0 -i ~/tickets/1745/1745-Sample.mkv -f vob -c:a copy -f
> framecrc -
>
I put the first attempt at a fix for this as a separate commit in this
patch set since it clearly is separate from this change by itself, as well
as if someone would give a better recommendation on how to handle it, it
would be simpler to adjust.
But yes, this specific sample uses more than 128 packets of the codec copy
audio since the resulting seek point is 5+ seconds before the requested
time.
Jan
>
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v2] lavf/url: fix rel path’s query string contains :/
From: "ruiquan.crq"
Signed-off-by: ruiquan.crq
---
libavformat/tests/url.c | 1 +
libavformat/url.c | 2 +-
tests/ref/fate/url | 4
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavformat/tests/url.c b/libavformat/tests/url.c
index 2440ae08bc..c294795fa2 100644
--- a/libavformat/tests/url.c
+++ b/libavformat/tests/url.c
@@ -90,6 +90,7 @@ int main(void)
test_decompose("http://[::1]/dev/null";);
test_decompose("http://[::1]:8080/dev/null";);
test_decompose("//ffmpeg/dev/null");
+test_decompose("test?url=http://server/path";);
printf("Testing ff_make_absolute_url:\n");
test(NULL, "baz");
diff --git a/libavformat/url.c b/libavformat/url.c
index 3c858f0257..da5950723e 100644
--- a/libavformat/url.c
+++ b/libavformat/url.c
@@ -97,7 +97,7 @@ int ff_url_decompose(URLComponents *uc, const char *url,
const char *end)
/* scheme */
uc->scheme = cur;
-p = find_delim(":/", cur, end); /* lavf "schemes" can contain options */
+p = find_delim(":/?", cur, end); /* lavf "schemes" can contain options, or
"schemes" can't contains characters['?']*/
if (*p == ':')
cur = p + 1;
diff --git a/tests/ref/fate/url b/tests/ref/fate/url
index 7e6395c47b..a9db0251f1 100644
--- a/tests/ref/fate/url
+++ b/tests/ref/fate/url
@@ -43,6 +43,10 @@ http://[::1]:8080/dev/null =>
host: ffmpeg
path: /dev/null
+test?url=http://server/path =>
+ path: test
+ query: ?url=http://server/path
+
Testing ff_make_absolute_url:
(null) baz => baz
/foo/bar baz =>
/foo/baz
--
2.24.1 (Apple Git-126)
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 5/6] avformat/udp: clarify option description for timeout unit
On Fri, Oct 16, 2020 at 11:03:00PM +0200, Marton Balint wrote:
>
>
> On Wed, 14 Oct 2020, lance.lmw...@gmail.com wrote:
>
> > From: Limin Wang
> >
> > Signed-off-by: Limin Wang
> > ---
> > libavformat/udp.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavformat/udp.c b/libavformat/udp.c
> > index 30d8041..ee5fa84 100644
> > --- a/libavformat/udp.c
> > +++ b/libavformat/udp.c
> > @@ -138,7 +138,7 @@ static const AVOption options[] = {
> > { "connect","set if connect() should be called on socket",
> > OFFSET(is_connected), AV_OPT_TYPE_BOOL, { .i64 = 0 }, 0, 1,
> > .flags = D|E },
> > { "fifo_size", "set the UDP receiving circular buffer size,
> > expressed as a number of packets with size of 188 bytes",
> > OFFSET(circular_buffer_size), AV_OPT_TYPE_INT, {.i64 = 7*4096}, 0, INT_MAX,
> > D },
> > { "overrun_nonfatal", "survive in case of UDP receiving circular buffer
> > overrun", OFFSET(overrun_nonfatal), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1,
> > D },
> > -{ "timeout","set raise error timeout (only in read mode)",
> > OFFSET(timeout),AV_OPT_TYPE_INT,{ .i64 = 0 }, 0, INT_MAX,
> > D },
> > +{ "timeout","set raise error timeout, in microseconds(only in
> > read mode)",OFFSET(timeout), AV_OPT_TYPE_INT, {.i64 = 0}, 0,
> > INT_MAX, D },
>
>a space got removed ^^^
>
thanks, have fixed locally.
> Thanks,
> Marton
>
> > { "sources","Source list",
> > OFFSET(sources),AV_OPT_TYPE_STRING, { .str = NULL },
> > .flags = D|E },
> > { "block", "Block list",
> > OFFSET(block), AV_OPT_TYPE_STRING, { .str = NULL },
> > .flags = D|E },
> > { NULL }
> > --
> > 1.8.3.1
> >
> > ___
> > ffmpeg-devel mailing list
> > ffmpeg-devel@ffmpeg.org
> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> > To unsubscribe, visit link above, or email
> > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
--
Thanks,
Limin Wang
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v1] libavformat/hls: During operation, the user exits and interrupts, causing pls->segment to be released, resulting in a null pointer crash
It was found in the crash logs of online users, and it was also simulated
locally. In China, we have a very large number of users, and the hls
protocol is widely used, with hundreds of millions of views every day, and
every small problem becomes more obvious.
Andreas Rheinhardt 于2020年10月16日周五 下午9:32写道:
> javashu2...@gmail.com:
> > From: bevis
> >
> > Signed-off-by: bevis
> > ---
> > libavformat/hls.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavformat/hls.c b/libavformat/hls.c
> > index 72e28ab94f..0a522a4595 100644
> > --- a/libavformat/hls.c
> > +++ b/libavformat/hls.c
> > @@ -1979,17 +1979,18 @@ static int hls_read_header(AVFormatContext *s)
> > pls->ctx->interrupt_callback = s->interrupt_callback;
> > url = av_strdup(pls->segments[0]->url);
> > ret = av_probe_input_buffer(&pls->pb, &in_fmt, url, NULL, 0, 0);
> > -av_free(url);
> > if (ret < 0) {
> > /* Free the ctx - it isn't initialized properly at this
> point,
> > * so avformat_close_input shouldn't be called. If
> > * avformat_open_input fails below, it frees and zeros the
> > * context, so it doesn't need any special treatment like
> this. */
> > -av_log(s, AV_LOG_ERROR, "Error when loading first segment
> '%s'\n", pls->segments[0]->url);
> > +av_log(s, AV_LOG_ERROR, "Error when loading first segment
> '%s'\n", url);
> > avformat_free_context(pls->ctx);
> > pls->ctx = NULL;
> > +av_free(url);
> > goto fail;
> > }
> > +av_free(url);
> > pls->ctx->pb = &pls->pb;
> > pls->ctx->io_open = nested_io_open;
> > pls->ctx->flags |= s->flags & ~AVFMT_FLAG_CUSTOM_IO;
> >
> The change itself seems fine to me (I wonder why this hasn't been
> noticed when writing/reviewing b5e39880fb), but your commit message is
> way too long: The first line should be a short description followed by a
> more detailed description lateron (in the next lines).
>
> How exactly did you find this?
>
> - Andreas
> ___
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v1] libavformat/hls: During operation, the user exits and interrupts, causing pls->segment to be released, resulting in a null pointer crash
Andreas Rheinhardt 于2020年10月16日周五 下午9:32写道:
> javashu2...@gmail.com:
> > From: bevis
> >
> > Signed-off-by: bevis
> > ---
> > libavformat/hls.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavformat/hls.c b/libavformat/hls.c
> > index 72e28ab94f..0a522a4595 100644
> > --- a/libavformat/hls.c
> > +++ b/libavformat/hls.c
> > @@ -1979,17 +1979,18 @@ static int hls_read_header(AVFormatContext *s)
> > pls->ctx->interrupt_callback = s->interrupt_callback;
> > url = av_strdup(pls->segments[0]->url);
> > ret = av_probe_input_buffer(&pls->pb, &in_fmt, url, NULL, 0, 0);
> > -av_free(url);
> > if (ret < 0) {
> > /* Free the ctx - it isn't initialized properly at this
> point,
> > * so avformat_close_input shouldn't be called. If
> > * avformat_open_input fails below, it frees and zeros the
> > * context, so it doesn't need any special treatment like
> this. */
> > -av_log(s, AV_LOG_ERROR, "Error when loading first segment
> '%s'\n", pls->segments[0]->url);
> > +av_log(s, AV_LOG_ERROR, "Error when loading first segment
> '%s'\n", url);
> > avformat_free_context(pls->ctx);
> > pls->ctx = NULL;
> > +av_free(url);
> > goto fail;
> > }
> > +av_free(url);
> > pls->ctx->pb = &pls->pb;
> > pls->ctx->io_open = nested_io_open;
> > pls->ctx->flags |= s->flags & ~AVFMT_FLAG_CUSTOM_IO;
> >
> The change itself seems fine to me (I wonder why this hasn't been
> noticed when writing/reviewing b5e39880fb), but your commit message is
> way too long: The first line should be a short description followed by a
> more detailed description lateron (in the next lines).
>
> How exactly did you find this?
>
> - Andreas
>
It was found in the crash logs of online users, and it was also simulated
locally. In China, we have a very large number of users, and the hls
protocol is widely used, with hundreds of millions of views every day, and
every small problem becomes more obvious.
> ___
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
