- 27 Aug, 2020 7 commits
-
-
Paul B Mahol authored
-
Andreas Rheinhardt authored
Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
It will be changed later anyway, and in case inlink have 0 channels (should never happen) it will not pick some random value.
-
Paul B Mahol authored
-
Paul B Mahol authored
-
- 26 Aug, 2020 27 commits
-
-
Limin Wang authored
This reverts commit 2a9b9346.
-
Andreas Rheinhardt authored
In case the multichannel HRIR mode was enabled, an error could happen between allocating a channel layouts list and attaching it to its target destination. If an error happened, the list would leak. This is fixed by attaching the list to its target directly after its allocation. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
The headphone filter uses a variable number of inpads and allocates them in its init function; if all goes well, the number of inpads coincides with a number stored in the filter's private context. Yet if allocating a subsequent inpad fails, the uninit function nevertheless uses the number stored in the private context to determine the number of inpads to free and not the AVFilterContext's nb_inputs. This will lead to an access beyond the end of the allocated AVFilterContext.input_pads array and an invalid free. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
The signature filter uses qsort, but its compare function doesn't have the signature required of such a function; therefore it casts the function pointer to void. Yet this is wrong: C90 only guarantees that one can convert a pointer to any incomplete type or object type to void* and back with the result comparing equal to the original which makes pointers to void generic pointers to incomplete or object type. Yet C90 lacks a generic function pointer type. C99 additionally guarantees that a pointer to a function of one type may be converted to a pointer to a function of another type with the result and the original comparing equal when converting back. This makes any function pointer type a generic function pointer type. Yet even this does not make pointers to void generic function pointers. Both GCC and Clang emit warnings for this when in pedantic mode. This commit fixes this by modifying the compare function to comply with the expected signature. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
If an error happens between allocating a string intended to be used as an inpad's name and attaching it to its input pad, the string leaks. Fix this by inserting the inpad directly after allocating its string. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
If the names are always the same, they need not be duplicated; doing so saves allocations, checks for the allocations as well as frees. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
The aiir filter adds output pads in its init function. Each of these output pads had a name which was allocated and to be freed in the uninit function. Given that the aiir filter has between one and two outputs, one output pad's name was freed unconditionally and a second was freed conditionally. Yet if adding output pads fails, there are no output pads at all and trying to free a nonexistent pad's name will lead to a segfault. Furthermore, if the name could be successfully allocated, yet adding the new pad fails, the name would leak. This commit fixes this by not allocating the pads' names at all any more: They are constant anyway. This allows to remove the code to free them and hence fixes the aforementioned bugs. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
These names are always the same, so not using duplicates saves allocations, checks for the allocations as well as frees. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
These names are always the same, so not using duplicates saves allocations, checks for the allocations as well as frees. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
These names are mostly the same, so not using duplicates saves allocations, checks for the allocations as well as frees. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
These names are always the same, so not using duplicates saves allocations, checks for the allocations as well as frees. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
These names are always the same, so not using duplicates saves allocations, checks for the allocations as well as frees. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
These names leak because freeing them in the uninit function has been forgotten. Instead of adding the freeing code, this commit stops allocating these names. They are constants anyway. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
These names are always the same, so not using duplicates saves allocations, checks for the allocations as well as frees. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
It has been forgotten to free the name of the second outpad if attaching the first one to the AVFilterContext fails. Fixing this is easy: Only prepare the second outpad after (and if) the first outpad has been successfully attached to the AVFilterContext. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
Overall speed changes for 1920x1080, yuv422p10le, 60fps from: 0.19x to 0.343x
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
"The entries in an IFD must be sorted in ascending order by Tag. Note that this is not the order in which the fields are described in this document." This way various dimensions, sample and bit sizes cannot be changed at arbitrary times which reduces the potential for bugs. The tag reading code also on various places assumes that numerically previous tags have already been parsed, so this needs to be enforced one way or another. If this commit causes problems with real world files which are not easy to fix then some other form of checks are needed to ensure the various dependencies in the tag reading are not violated. Fixes: out of array access Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Assertion failure Fixes: 24707/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5179910197608448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 24604/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4843529818603520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Derek Buitenhuis authored
Similar to what we do in libaomdec.c. Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
-
Limin Wang authored
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
-
Limin Wang authored
Reviewed-by: Marton Balint <cus@passwd.hu> Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
-
Limin Wang authored
Some DVB and ATSC captures are using the official MPEG2 registration descriptor in addition to using the correct stream type and the AC-3_audio_stream_descriptor/AC3_descriptor. So let's add it even if it is not strictly needed for DVB/ATSC. Reviewed-by: Marton Balint <cus@passwd.hu> Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
-
- 25 Aug, 2020 6 commits
-
-
Andreas Rheinhardt authored
The amerge filter uses a variable number of inpads and allocates them in its init function; if all goes well, the number of inpads coincides with a number stored in the filter's private context. Yet if allocating a subsequent inpad fails, the uninit function nevertheless uses the number stored in the private context to determine the number of inpads to free and not the AVFilterContext's nb_inputs. This will lead to an access beyond the end of the allocated AVFilterContext.input_pads array and an invalid free. Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Forgotten after fdd93eab. Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
James Almer authored
Section 5.9.7 of the spec states UpscaledWidth = RefUpscaledWidth[ ref_frame_idx[ i ] ] FrameWidth = UpscaledWidth FrameHeight = RefFrameHeight[ ref_frame_idx[ i ] ] RenderWidth = RefRenderWidth[ ref_frame_idx[ i ] ] RenderHeight = RefRenderHeight[ ref_frame_idx[ i ] ] Meaning FrameWidth must not be set to RefFrameWidth[ ref_frame_idx[ i ] ] like we're currently doing. Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
Regression since c8716b50Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
frame is more commonly used for AV1RawFrameHeader and AV1RawFrame. Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
Implement Section 7.21 "Reference frame loading process" and Section 7.20 "Reference frame update process" for show_existing_frame frames, as required by the definition in Section 7.4 "Decode frame wrapup process". Signed-off-by: James Almer <jamrial@gmail.com>
-