[FFmpeg-devel] [PATCH] lavc/vvc: Use pps->{width, height} over sps->{width, height}

From: Frank Plowman The PPS should be used instead of the SPS to get the current picture's dimensions. Using the SPS can cause issues if the resolution changes mid-sequence. In particular, it was leading to invalid memory accesses if the resolution decreased. Patch replaces sps->{width,height}

[FFmpeg-devel] [PATCH] lavc/vvc: Check fc->ref contains valid reference

From: Frank Plowman Depending on where exactly decode_nal_unit failed, it is possible that fc->ref holds a VVCFrame which has had ff_vvc_unref_frame called on it and not yet had ref_frame called on it. In this case, fc->ref most of the fields of fc->ref are NULL and attempting to call ff_vvc_rep

[FFmpeg-devel] [PATCH] lavu/thread: Check HAVE_PTHREAD_SET_?NAME_NP is defined

From: Frank Plowman Check HAVE_PTHREAD_SETNAME_NP and HAVE_PTHREAD_SET_NAME_NP are defined before using them in macro conditions. Gets rid of lots of -Wundef warnings present when building on MacOS since fd16d8c68cd7b820eda76c407b0645b7cf470efd. Signed-off-by: Frank Plowman --- libavutil/thre

[FFmpeg-devel] [PATCH] lavc/vvc: Fix slice_idx out-of-bounds memset

From: Frank Plowman If the number of CTUs reduces between one picture and the next, the slice_idx table is reduced in size in the frame_context_for_each_tl call on vvcdec.c:321. When initialising the slice_idx table on vvcdec.c:325, the old code uses fc->tab.sz.ctu_count when calculating the tab

[FFmpeg-devel] [PATCH v2] lavc/vvc: Validate alf_list indexes

From: Frank Plowman Signed-off-by: Frank Plowman --- libavcodec/vvc/vvc_ps.c | 37 + 1 file changed, 37 insertions(+) diff --git a/libavcodec/vvc/vvc_ps.c b/libavcodec/vvc/vvc_ps.c index 4ef8f9f9b9..9c4a74fc9c 100644 --- a/libavcodec/vvc/vvc_ps.c +++ b/libav

[FFmpeg-devel] [PATCH] lavc/vvc: Validate alf_list indexes

From: Frank Plowman Fixes crashes when decoding illegal bitstreams found by fuzzing. Signed-off-by: Frank Plowman --- libavcodec/vvc/vvc_ctu.c | 17 +++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/libavcodec/vvc/vvc_ctu.c b/libavcodec/vvc/vvc_ctu.c index d166b1

[FFmpeg-devel] [PATCH] lavc/vvc: Error pps_single_slice_per_subpic_flag

From: Frank Plowman pps_single_slice_per_subpic_flag is not yet supported. Support is WIP, but in the meantime throw an error when trying to decode a bitstream with it set, avoiding an out-of-bounds array access. Fixes: out-of-bounds array access for conformance bitstreams SUBPIC_C_ERICSSON_1,

[FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss

From: Frank Plowman Check that vps_each_layer_is_an_ols_flag, which indicates that "at least one OLS specified by the VPS contains more than one layer," is set if num_multi_layer_olss is non-zero. Fixes: 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360 Found

[FFmpeg-devel] [PATCH] lavc/vvc: Fix emulation prevention byte handling

From: Frank Plowman nal->skipped_bytes_pos contains the positions of errors relative to the start of the slice header, whereas the position they were tested against is relative to the start of the slice data, i.e. one byte after the end of the slice header. Patch fixes this by storing the size o

[FFmpeg-devel] [PATCH] lavc/vvc: Clamp shift RHS

From: Frank Plowman Resolves the following undefined behavior sanitiser error: runtime error: shift exponent 32 is too large for 32-bit type 'int' Signed-off-by: Frank Plowman --- libavcodec/vvc/vvc_intra_template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec

[FFmpeg-devel] [PATCH] lavc/vvc: Use av_log2 when destination is integer

From: Frank Plowman Signed-off-by: Frank Plowman --- libavcodec/vvc/vvc_ctu.c | 4 ++-- libavcodec/vvc/vvc_ps.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/vvc/vvc_ctu.c b/libavcodec/vvc/vvc_ctu.c index 307bc3490e..d166b16a19 100644 --- a/libavcodec/vvc/vv

[FFmpeg-devel] [PATCH] lavc/vvc: Remove left shifts of negative values

From: Frank Plowman VVC specifies << as arithmetic left shift, i.e. x << y is equivalent to x * pow2(y). C's << on the other hand has UB if x is negative. This patch removes all UB resulting from this, mostly by replacing x << y with x * (1 << y), but there are also a couple places where the OO

[FFmpeg-devel] [PATCH v2] libavformat/vvc: Make probe more conservative

From: Frank Plowman Reduce false positives for VVC files by adding additional checks in `vvc_probe`. Specifically, `nuh_temporal_id_plus1` is tested for valid values in extra cases depending on the NAL unit type, as per ITU-T H.266 section 7.4.2.2. Resolves trac #10703. Signed-off-by: Frank Plo

[FFmpeg-devel] [PATCH] libavformat/vvc: Make probe more conservative

From: Frank Plowman Reduce false positives for VVC files by adding additional checks in `vvc_probe`. Specifically, `nuh_temporal_id_plus1` is tested for valid values in extra cases depending on the NAL unit type, as per ITU-T H.266 section 7.4.2.2. Resolves trac #10703. Signed-off-by: Frank Plo

[FFmpeg-devel] [PATCH] doc/t2h: Support texinfo 7.0

From: Frank Plowman Texinfo 7.0, released in November 2022, changed the names of various functions. Compiling docs with Texinfo 7.0 results in warnings and improperly formatted documentation. More old names appear to have been removed in Texinfo 7.1, released October 2023, which causes docs compi