[FFmpeg-devel] [PATCH] avfilter/vf_fps: Avoid inlink fifo build up.
When duplicating frames we need to schedule for activation again, otherwise frames can build up in the inlink fifo. --- libavfilter/vf_fps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/vf_fps.c b/libavfilter/vf_fps.c index 6b99f20d2b..cf1e36726a 100644 --- a/libavfilter/vf_fps.c +++ b/libavfilter/vf_fps.c @@ -256,7 +256,7 @@ static int write_frame(AVFilterContext *ctx, FPSContext *s, AVFilterLink *outlin av_log(ctx, AV_LOG_DEBUG, "Writing frame with pts %"PRId64" to pts %"PRId64"\n", s->frames[0]->pts, frame->pts); s->cur_frame_out++; - +*again = 1; return ff_filter_frame(outlink, frame); } } -- 2.23.0.187.g17f5b7556c-goog ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avformat: Fix probing on some JPEGs
Fixes "Invalid data found when processing input" on some JPEGs. Some large extensionless JPEGs can get probe score collisions. eg $ ffprobe -loglevel trace /tmp/foo [NULL @ 0x55c130ab04c0] Opening '/tmp/foo' for reading [file @ 0x55c130ab0f40] Setting default whitelist 'file,crypto' Probing jpeg_pipe score:6 size:2048 Probing jpeg_pipe score:6 size:4096 Probing jpeg_pipe score:6 size:8192 Probing jpeg_pipe score:6 size:16384 Probing jpeg_pipe score:25 size:32768 Probing jpeg_pipe score:25 size:65536 Probing jpeg_pipe score:25 size:131072 Probing jpeg_pipe score:25 size:262144 Probing jpeg_pipe score:25 size:524288 Probing mpeg score:25 size:1048576 Probing jpeg_pipe score:25 size:1048576 [AVIOContext @ 0x55c130ab9300] Statistics: 1048576 bytes read, 0 seeks /tmp/foo: Invalid data found when processing input This patch fixes this by bumping the score in the start-of-scan data. --- Fixes adsadasda asd libavformat/img2dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c index f8b4a655a5..cb582f97cb 100644 --- a/libavformat/img2dec.c +++ b/libavformat/img2dec.c @@ -767,7 +767,7 @@ static int jpeg_probe(const AVProbeData *p) if (state == EOI) return AVPROBE_SCORE_EXTENSION + 1; if (state == SOS) -return AVPROBE_SCORE_EXTENSION / 2; +return AVPROBE_SCORE_EXTENSION / 2 + 1; return AVPROBE_SCORE_EXTENSION / 8; } -- 2.23.0.rc1.153.gdeed80330f-goog ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avcodec/bintext: Add error message when resolution is too small for font.
---
libavcodec/bintext.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/bintext.c b/libavcodec/bintext.c
index d85f2c2dd4..49b75c9e27 100644
--- a/libavcodec/bintext.c
+++ b/libavcodec/bintext.c
@@ -93,8 +93,10 @@ static av_cold int decode_init(AVCodecContext *avctx)
break;
}
}
-if (avctx->width < FONT_WIDTH || avctx->height < s->font_height)
+if (avctx->width < FONT_WIDTH || avctx->height < s->font_height) {
+av_log(avctx, AV_LOG_ERROR, "Resolution too small for font.\n");
return AVERROR_INVALIDDATA;
+}
return 0;
}
--
2.21.0.392.gf8f6787159e-goog
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avfilter/af_asetnsamples: fix sample queuing.
When asetnsamples uses output samples < input samples, remaining samples build
up in the fifo over time.
Fix this by marking the filter as ready again if there are enough samples.
Regression since ef3babb2c70f564dc1634b3f29c6e35a2b2dc239
---
libavfilter/af_asetnsamples.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavfilter/af_asetnsamples.c b/libavfilter/af_asetnsamples.c
index c60ce3063f..cab02d56f6 100644
--- a/libavfilter/af_asetnsamples.c
+++ b/libavfilter/af_asetnsamples.c
@@ -67,8 +67,12 @@ static int activate(AVFilterContext *ctx)
return ret;
if (ret > 0) {
-if ((!s->pad || (s->pad && frame->nb_samples == s->nb_out_samples)))
-return ff_filter_frame(outlink, frame);
+if ((!s->pad || (s->pad && frame->nb_samples == s->nb_out_samples))) {
+ret = ff_filter_frame(outlink, frame);
+if (ff_framequeue_queued_samples(inlink) >= s->nb_out_samples)
+ff_filter_set_ready(ctx, 100);
+return ret;
+}
pad_frame = ff_get_audio_buffer(outlink, s->nb_out_samples);
if (!pad_frame) {
--
2.21.0.392.gf8f6787159e-goog
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avformat/movenc: Fix muxing EAC3 with delay_moov
When using delay_moov mov_write_moov_tag gets called multiple times. Therefore we need to keep eac3_priv around for subsequent calls. Signed-off-by: Nikolas Bowe --- libavformat/movenc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 65be2968a1..ba811ddbc3 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -579,7 +579,6 @@ static int mov_write_eac3_tag(AVIOContext *pb, MOVTrack *track) end: av_packet_unref(>pkt); -av_freep(>eac3_priv); return size; } @@ -5956,6 +5955,9 @@ static void mov_free(AVFormatContext *s) av_freep(>tracks[i].vos_data); ff_mov_cenc_free(>tracks[i].cenc); + +if (mov->tracks[i].eac3_priv) +av_freep(>tracks[i].eac3_priv); } av_freep(>tracks); -- 2.20.1.611.gfbb209baf1-goog ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] avformat/movenc: Add more error checking when writing sample entries.
Fixes a problem where a sample entry which cannot be written correctly appears
to succeed, but produces an invalid file.
For example, this command:
ffmpeg -f lavfi -i sine=frequency=1000:duration=5 -codec:a ac3 -movflags
+empty_moov -frag_duration 500 /tmp/foo.mp4
produced a file with the ac-3 sample entry, but no AC3SpecificBox (dac3) child,
which is invalid according to ETSI TS 102 366.
---
libavformat/movenc.c | 73
1 file changed, 47 insertions(+), 26 deletions(-)
diff --git a/libavformat/movenc.c b/libavformat/movenc.c
index 65be2968a1..3a1ce40e4f 100644
--- a/libavformat/movenc.c
+++ b/libavformat/movenc.c
@@ -320,8 +320,12 @@ static int mov_write_ac3_tag(AVIOContext *pb, MOVTrack
*track)
uint8_t buf[3];
int fscod, bsid, bsmod, acmod, lfeon, frmsizecod;
-if (track->vos_len < 7)
-return -1;
+if (track->vos_len < 7) {
+av_log(pb, AV_LOG_ERROR,
+ "Cannot write moov atom before AC3 packets."
+ " Set the delay_moov flag to fix this.\n");
+return AVERROR(EINVAL);
+}
avio_wb32(pb, 11);
ffio_wfourcc(pb, "dac3");
@@ -538,8 +542,11 @@ static int mov_write_eac3_tag(AVIOContext *pb, MOVTrack
*track)
struct eac3_info *info;
int size, i;
-if (!track->eac3_priv)
+if (!track->eac3_priv) {
+av_log(pb, AV_LOG_ERROR,
+ "Cannot write moov atom before EAC3 packets parsed.\n");
return AVERROR(EINVAL);
+}
info = track->eac3_priv;
size = 2 + ((34 * (info->num_ind_sub + 1) + 7) >> 3);
@@ -1022,6 +1029,7 @@ static int mov_write_audio_tag(AVFormatContext *s,
AVIOContext *pb, MOVMuxContex
int64_t pos = avio_tell(pb);
int version = 0;
uint32_t tag = track->tag;
+int ret = 0;
if (track->mode == MODE_MOV) {
if (track->timescale > UINT16_MAX || !track->par->channels) {
@@ -1125,34 +1133,41 @@ static int mov_write_audio_tag(AVFormatContext *s,
AVIOContext *pb, MOVMuxContex
track->par->codec_id == AV_CODEC_ID_QDM2 ||
(mov_pcm_le_gt16(track->par->codec_id) && version==1) ||
(mov_pcm_be_gt16(track->par->codec_id) && version==1)))
-mov_write_wave_tag(s, pb, track);
+ret = mov_write_wave_tag(s, pb, track);
else if (track->tag == MKTAG('m','p','4','a'))
-mov_write_esds_tag(pb, track);
+ret = mov_write_esds_tag(pb, track);
else if (track->par->codec_id == AV_CODEC_ID_AMR_NB)
-mov_write_amr_tag(pb, track);
+ret = mov_write_amr_tag(pb, track);
else if (track->par->codec_id == AV_CODEC_ID_AC3)
-mov_write_ac3_tag(pb, track);
+ret = mov_write_ac3_tag(pb, track);
else if (track->par->codec_id == AV_CODEC_ID_EAC3)
-mov_write_eac3_tag(pb, track);
+ret = mov_write_eac3_tag(pb, track);
else if (track->par->codec_id == AV_CODEC_ID_ALAC)
-mov_write_extradata_tag(pb, track);
+ret = mov_write_extradata_tag(pb, track);
else if (track->par->codec_id == AV_CODEC_ID_WMAPRO)
-mov_write_wfex_tag(s, pb, track);
+ret = mov_write_wfex_tag(s, pb, track);
else if (track->par->codec_id == AV_CODEC_ID_FLAC)
-mov_write_dfla_tag(pb, track);
+ret = mov_write_dfla_tag(pb, track);
else if (track->par->codec_id == AV_CODEC_ID_OPUS)
-mov_write_dops_tag(pb, track);
+ret = mov_write_dops_tag(pb, track);
else if (track->vos_len > 0)
-mov_write_glbl_tag(pb, track);
+ret = mov_write_glbl_tag(pb, track);
-if (track->mode == MODE_MOV && track->par->codec_type ==
AVMEDIA_TYPE_AUDIO)
-mov_write_chan_tag(s, pb, track);
+if (ret < 0)
+return ret;
-if (mov->encryption_scheme != MOV_ENC_NONE) {
-ff_mov_cenc_write_sinf_tag(track, pb, mov->encryption_kid);
+if (track->mode == MODE_MOV && track->par->codec_type ==
AVMEDIA_TYPE_AUDIO
+&& ((ret = mov_write_chan_tag(s, pb, track)) < 0)) {
+return ret;
}
-return update_size(pb, pos);
+if (mov->encryption_scheme != MOV_ENC_NONE
+&& ((ret = ff_mov_cenc_write_sinf_tag(track, pb,
mov->encryption_kid)) < 0)) {
+return ret;
+}
+
+ret = update_size(pb, pos);
+return ret;
}
static int mov_write_d263_tag(AVIOContext *pb)
@@ -2217,22 +2232,27 @@ static int mov_write_gpmd_tag(AVIOContext *pb, const
MOVTrack *track)
static int mov_write_stsd_tag(AVFormatContext *s, AVIOContext *pb,
MOVMuxContext *mov, MOVTrack *track)
{
int64_t pos = avio_tell(pb);
+int ret = 0;
avio_wb32(pb, 0); /* size */
ffio_wfourcc(pb, "stsd");
avio_wb32(pb, 0); /* version & flags */
avio_wb32(pb, 1); /* entry count */
if (track->par->codec_type == AVMEDIA_TYPE_VIDEO)
-mov_write_video_tag(pb, mov, track);
+ret = mov_write_video_tag(pb, mov, track);
else if (track->par->codec_type == AVMEDIA_TYPE_AUDIO)
-
[FFmpeg-devel] [PATCH] movenc: Fix VPCC bitdepth for hardware pixel formats
If a hardware encoder is used, the pixel format may be a hardware pixel format.
This leads to invalid VPCC atom being written, due to depth of hardware pixel
formats being 0.
To work around this, fallback on bits_per_raw_sample.
Signed-off-by: Nikolas Bowe
---
libavcodec/vaapi_encode.c | 2 +-
libavformat/vpcc.c| 13 +
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/libavcodec/vaapi_encode.c b/libavcodec/vaapi_encode.c
index b4e9fadaee..cfd9413f0f 100644
--- a/libavcodec/vaapi_encode.c
+++ b/libavcodec/vaapi_encode.c
@@ -1116,7 +1116,7 @@ static av_cold int
vaapi_encode_profile_entrypoint(AVCodecContext *avctx)
ctx->input_frames->sw_format);
return AVERROR(EINVAL);
}
-depth = desc->comp[0].depth;
+avctx->bits_per_raw_sample = depth = desc->comp[0].depth;
for (i = 1; i < desc->nb_components; i++) {
if (desc->comp[i].depth != depth) {
av_log(avctx, AV_LOG_ERROR, "Invalid input pixfmt (%s).\n",
diff --git a/libavformat/vpcc.c b/libavformat/vpcc.c
index e0b7f288a6..f667ca9c00 100644
--- a/libavformat/vpcc.c
+++ b/libavformat/vpcc.c
@@ -51,15 +51,20 @@ static int get_vpx_chroma_subsampling(AVFormatContext *s,
return -1;
}
-static int get_bit_depth(AVFormatContext *s, enum AVPixelFormat pixel_format)
+static int get_bit_depth(AVFormatContext *s, AVCodecParameters *par)
{
+enum AVPixelFormat pixel_format = par->format;
const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(pixel_format);
if (desc == NULL) {
av_log(s, AV_LOG_ERROR, "Unsupported pixel format (%d)\n",
pixel_format);
return -1;
}
-return desc->comp[0].depth;
+if (desc->comp[0].depth) {
+return desc->comp[0].depth;
+}
+// Fallback on bits_per_raw_sample if pix_fmt is a hw format.
+return par->bits_per_raw_sample;
}
static int get_vpx_video_full_range_flag(enum AVColorRange color_range)
@@ -119,13 +124,13 @@ int ff_isom_get_vpcc_features(AVFormatContext *s,
AVCodecParameters *par,
int profile = par->profile;
int level = par->level == FF_LEVEL_UNKNOWN ?
get_vp9_level(par, frame_rate) : par->level;
-int bit_depth = get_bit_depth(s, par->format);
+int bit_depth = get_bit_depth(s, par);
int vpx_chroma_subsampling =
get_vpx_chroma_subsampling(s, par->format, par->chroma_location);
int vpx_video_full_range_flag =
get_vpx_video_full_range_flag(par->color_range);
-if (bit_depth < 0 || vpx_chroma_subsampling < 0)
+if (bit_depth <= 0 || vpx_chroma_subsampling < 0)
return AVERROR_INVALIDDATA;
if (profile == FF_PROFILE_UNKNOWN) {
--
2.20.1.611.gfbb209baf1-goog
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] lavc/svq3: Fix regression decoding some files.
Fixes some SVQ3 encoded files which fail to decode correctly after 6d6faa2a2d.
These files exhibit lots of artifacts and logs show "Media key encryption is
not implemented".
However they decode without artifacts before 6d6faa2a2d.
The attatched patch allows these files to successfully decode, but also reject
media key files.
Tested on the files in #6094 and
http://samples.mplayerhq.hu/V-codecs/SVQ3/Vertical400kbit.sorenson3.mov
---
libavcodec/svq3.c | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
index fc17081ecf..18a4448ffa 100644
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -1064,16 +1064,15 @@ static int svq3_decode_slice_header(AVCodecContext
*avctx)
av_log(s->avctx, AV_LOG_ERROR, "illegal slice type %u \n", slice_id);
return -1;
}
-if (get_bits1(>gb_slice)) {
-avpriv_report_missing_feature(s->avctx, "Media key encryption");
-return AVERROR_PATCHWELCOME;
-}
s->slice_type = ff_h264_golomb_to_pict_type[slice_id];
if ((header & 0x9F) == 2) {
-i = (s->mb_num < 64) ? 5 : av_log2(s->mb_num - 1);
+i = (s->mb_num < 64) ? 6 : (1 + av_log2(s->mb_num - 1));
get_bits(>gb_slice, i);
+} else if (get_bits1(>gb_slice)) {
+avpriv_report_missing_feature(s->avctx, "Media key encryption");
+return AVERROR_PATCHWELCOME;
}
s->slice_num = get_bits(>gb_slice, 8);
--
2.18.0.345.g5c9ce644c3-goog
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] avformat/flvdec: Set broken_sizes for FlixEngine.
---
libavformat/flvdec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index 0217cef842..b86451fcbf 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -598,7 +598,9 @@ static int amf_parse_object(AVFormatContext *s, AVStream
*astream,
if (version > 0 && version <= 655)
flv->broken_sizes = 1;
}
-} else if (!strcmp(key, "metadatacreator") && !strcmp(str_val,
"MEGA")) {
+} else if (!strcmp(key, "metadatacreator")
+&& (!strcmp(str_val, "MEGA")
+|| !strncmp(str_val, "FlixEngine", 10))) {
flv->broken_sizes = 1;
}
}
--
2.16.1.291.g4437f3f132-goog
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] Fix crash in join filter
Previously if ff_outlink_frame_wanted() returned 0 it could dereference a null
pointer when trying to read nb_samples.
---
libavfilter/af_join.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavfilter/af_join.c b/libavfilter/af_join.c
index cf5131e8dc..4f86e13558 100644
--- a/libavfilter/af_join.c
+++ b/libavfilter/af_join.c
@@ -485,6 +485,9 @@ static int activate(AVFilterContext *ctx)
return 0;
}
}
+if (!s->input_frames[0]) {
+return 0;
+}
}
nb_samples = s->input_frames[0]->nb_samples;
--
2.16.0.rc1.238.g530d649a79-goog
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] Fix signed integer overflow undefined behavior
Found via fuzzing --- libavformat/rpl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/rpl.c b/libavformat/rpl.c index d373600478..df449bfc29 100644 --- a/libavformat/rpl.c +++ b/libavformat/rpl.c @@ -194,7 +194,7 @@ static int rpl_read_header(AVFormatContext *s) if (ast->codecpar->bits_per_coded_sample == 0) ast->codecpar->bits_per_coded_sample = 4; -ast->codecpar->bit_rate = ast->codecpar->sample_rate * +ast->codecpar->bit_rate = (uint64_t)ast->codecpar->sample_rate * ast->codecpar->bits_per_coded_sample * ast->codecpar->channels; -- 2.16.0.rc1.238.g530d649a79-goog ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] Fix memory leak in lrcdec.c
--- libavformat/lrcdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/lrcdec.c b/libavformat/lrcdec.c index 12f74b22a0..f4e9a4efa9 100644 --- a/libavformat/lrcdec.c +++ b/libavformat/lrcdec.c @@ -212,6 +212,7 @@ static int lrc_read_header(AVFormatContext *s) } ff_subtitles_queue_finalize(s, >q); ff_metadata_conv_ctx(s, NULL, ff_lrc_metadata_conv); +av_bprint_finalize(, NULL); return 0; } -- 2.16.0.rc1.238.g530d649a79-goog ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] Fix float-cast-overflow undefined behavior in matroskadec
---
libavformat/matroskadec.c | 12 ++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 496499b553..cd9e1f56c2 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -2096,8 +2096,16 @@ static int matroska_parse_tracks(AVFormatContext *s)
}
if (track->type == MATROSKA_TRACK_TYPE_VIDEO) {
-if (!track->default_duration && track->video.frame_rate > 0)
-track->default_duration = 10 / track->video.frame_rate;
+if (!track->default_duration && track->video.frame_rate > 0) {
+double default_duration = 10 / track->video.frame_rate;
+if (default_duration > UINT64_MAX || default_duration < 0) {
+ av_log(matroska->ctx, AV_LOG_WARNING,
+ "Invalid frame rate %e. Cannot calculate default
duration.\n",
+ track->video.frame_rate);
+} else {
+ track->default_duration = default_duration;
+}
+}
if (track->video.display_width == -1)
track->video.display_width = track->video.pixel_width;
if (track->video.display_height == -1)
--
2.16.0.rc1.238.g530d649a79-goog
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] Fix leak discovered via fuzzing
---
libavcodec/extract_extradata_bsf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/extract_extradata_bsf.c
b/libavcodec/extract_extradata_bsf.c
index ed6509c681..d40907a675 100644
--- a/libavcodec/extract_extradata_bsf.c
+++ b/libavcodec/extract_extradata_bsf.c
@@ -78,7 +78,7 @@ static int extract_extradata_h2645(AVBSFContext *ctx,
AVPacket *pkt,
ret = ff_h2645_packet_split(_pkt, pkt->data, pkt->size,
ctx, 0, 0, ctx->par_in->codec_id, 1);
if (ret < 0)
-return ret;
+goto fail;
for (i = 0; i < h2645_pkt.nb_nals; i++) {
H2645NAL *nal = _pkt.nals[i];
--
2.15.0.531.g2ccb3012c9-goog
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] Fix quadratic memory use in ff_h2645_extract_rbsp() when multiple NALUs exist in packet.
Found via fuzzing.
/tmp/poc is a 1 MB mpegts file generated via fuzzing, where 1 packet has many
NALUs
Before this change:
$ /usr/bin/time -f "\t%M Max Resident Set Size (Kb)" ./ffprobe /tmp/poc 2>&1
| tail -n 1
2158192 Max Resident Set Size (Kb)
After this change:
$ /usr/bin/time -f "\t%M Max Resident Set Size (Kb)" ./ffprobe /tmp/poc 2>&1
| tail -n 1
1046812 Max Resident Set Size (Kb)
---
libavcodec/h2645_parse.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c
index b0d9ff66f0..e77689f347 100644
--- a/libavcodec/h2645_parse.c
+++ b/libavcodec/h2645_parse.c
@@ -32,7 +32,7 @@
int ff_h2645_extract_rbsp(const uint8_t *src, int length,
H2645NAL *nal, int small_padding)
{
-int i, si, di;
+int i, si, di, nsc;
uint8_t *dst;
int64_t padding = small_padding ? 0 : MAX_MBPAIR_SIZE;
@@ -91,8 +91,17 @@ int ff_h2645_extract_rbsp(const uint8_t *src, int length,
} else if (i > length)
i = length;
+// Find next NAL start code, if present, to reduce rbsp_buffer size when
+// multiple NALUs.
+for (nsc = i; nsc + 2 < length; nsc++) {
+if (src[nsc] == 0 && src[nsc + 1] == 0 && src[nsc + 2] == 1)
+ break;
+}
+if (nsc + 2 == length)
+nsc = length;
+
av_fast_padded_malloc(>rbsp_buffer, >rbsp_buffer_size,
- length + padding);
+ nsc + padding);
if (!nal->rbsp_buffer)
return AVERROR(ENOMEM);
--
2.15.0.rc1.287.g2b38de12cc-goog
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] Fix memory leak when reading DDTS box.
---
libavformat/mov.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 63f84be782..c02caf6719 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -889,6 +889,7 @@ static int mov_read_ddts(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
init_get_bits(, buf, 8*ddts_size);
if (c->fc->nb_streams < 1) {
+av_free(buf);
return 0;
}
st = c->fc->streams[c->fc->nb_streams-1];
@@ -896,6 +897,7 @@ static int mov_read_ddts(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
st->codecpar->sample_rate = get_bits_long(, 32);
if (st->codecpar->sample_rate <= 0) {
av_log(c->fc, AV_LOG_ERROR, "Invalid sample rate %d\n",
st->codecpar->sample_rate);
+av_free(buf);
return AVERROR_INVALIDDATA;
}
skip_bits_long(, 32); /* max bitrate */
@@ -923,6 +925,7 @@ static int mov_read_ddts(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
((channel_layout_code & 0x8) ? AV_CH_LOW_FREQUENCY : 0);
st->codecpar->channels =
av_get_channel_layout_nb_channels(st->codecpar->channel_layout);
+av_free(buf);
return 0;
}
--
2.14.1.480.gb18f417b89-goog
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] Fix target_level for EAC3.
Currently when using target_level with EAC3 it produces silence. This small
patch fixes target_level for decoding EAC3.
Example:
ffmpeg -y -i /tmp/test.wav -acodec eac3 -dialnorm -14 -ac 6 -b:a 384000
/tmp/test.m2ts
ffmpeg -y -target_level -24 -i /tmp/test.m2ts -acodec pcm_s16le -f matroska
/tmp/out.mkv
ffplay /tmp/out.mkv
---
libavcodec/ac3.h | 2 +-
libavcodec/ac3dec.c | 9 ++---
libavcodec/ac3dec.h | 4
libavcodec/eac3dec.c | 14 +++---
4 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/libavcodec/ac3.h b/libavcodec/ac3.h
index 747f2f5..5c9c377 100644
--- a/libavcodec/ac3.h
+++ b/libavcodec/ac3.h
@@ -87,7 +87,7 @@ typedef int16_t SHORTFLOAT;
#define AC3_NORM(norm) (1.0f/(norm))
#define AC3_MUL(a,b)((a) * (b))
#define AC3_RANGE(x)(dynamic_range_tab[(x)])
-#define AC3_HEAVY_RANGE(x) (heavy_dynamic_range_tab[(x)])
+#define AC3_HEAVY_RANGE(x) (ff_ac3_heavy_dynamic_range_tab[(x)])
#define AC3_DYNAMIC_RANGE(x)(powf(x, s->drc_scale))
#define AC3_SPX_BLEND(x)(x)* (1.0f/32)
#define AC3_DYNAMIC_RANGE1 1.0f
diff --git a/libavcodec/ac3dec.c b/libavcodec/ac3dec.c
index fac189b..a95c204 100644
--- a/libavcodec/ac3dec.c
+++ b/libavcodec/ac3dec.c
@@ -63,9 +63,11 @@ static const uint8_t quantization_tab[16] = {
5, 6, 7, 8, 9, 10, 11, 12, 14, 16
};
+#if (!USE_FIXED)
/** dynamic range table. converts codes to scale factors. */
static float dynamic_range_tab[256];
-static float heavy_dynamic_range_tab[256];
+float ff_ac3_heavy_dynamic_range_tab[256];
+#endif
/** Adjustments in dB gain */
static const float gain_levels[9] = {
@@ -159,6 +161,7 @@ static av_cold void ac3_tables_init(void)
b5_mantissas[i] = symmetric_dequant(i, 15);
}
+#if (!USE_FIXED)
/* generate dynamic range table
reference: Section 7.7.1 Dynamic Range Control */
for (i = 0; i < 256; i++) {
@@ -170,9 +173,9 @@ static av_cold void ac3_tables_init(void)
reference: Section 7.7.2 Heavy Compression */
for (i = 0; i < 256; i++) {
int v = (i >> 4) - ((i >> 7) << 4) - 4;
-heavy_dynamic_range_tab[i] = powf(2.0f, v) * ((i & 0xF) | 0x10);
+ff_ac3_heavy_dynamic_range_tab[i] = powf(2.0f, v) * ((i & 0xF) | 0x10);
}
-
+#endif
}
/**
diff --git a/libavcodec/ac3dec.h b/libavcodec/ac3dec.h
index c2b867e..6cd67c0 100644
--- a/libavcodec/ac3dec.h
+++ b/libavcodec/ac3dec.h
@@ -260,4 +260,8 @@ static void
ff_eac3_decode_transform_coeffs_aht_ch(AC3DecodeContext *s, int ch);
*/
static void ff_eac3_apply_spectral_extension(AC3DecodeContext *s);
+#if (!USE_FIXED)
+extern float ff_ac3_heavy_dynamic_range_tab[256];
+#endif
+
#endif /* AVCODEC_AC3DEC_H */
diff --git a/libavcodec/eac3dec.c b/libavcodec/eac3dec.c
index 47e5aa6..83a54bc 100644
--- a/libavcodec/eac3dec.c
+++ b/libavcodec/eac3dec.c
@@ -339,9 +339,17 @@ static int ff_eac3_parse_header(AC3DecodeContext *s)
/* volume control params */
for (i = 0; i < (s->channel_mode ? 1 : 2); i++) {
-skip_bits(gbc, 5); // skip dialog normalization
-if (get_bits1(gbc)) {
-skip_bits(gbc, 8); // skip compression gain word
+s->dialog_normalization[i] = -get_bits(gbc, 5);
+if (s->dialog_normalization[i] == 0) {
+s->dialog_normalization[i] = -31;
+}
+if (s->target_level != 0) {
+s->level_gain[i] = powf(2.0f,
+(float)(s->target_level - s->dialog_normalization[i])/6.0f);
+}
+s->compression_exists[i] = get_bits1(gbc);
+if (s->compression_exists[i]) {
+s->heavy_dynamic_range[i] = AC3_HEAVY_RANGE(get_bits(gbc, 8));
}
}
--
2.8.0.rc3.226.g39d4020
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
