Age | Commit message (Collapse) | Author |
|
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
|
Fixes: Timeout (long -> 5sec)
Fixes: 30269/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP7_fuzzer-5430325004075008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
|
That is a more appropriate place for it.
|
|
Fix the issue: https://github.com/intel/media-driver/issues/317
the root cause is update_dimensions will be called multple times
when decoder thread number is not only 1, but update_dimensions
call get_pixel_format in each decode thread will trigger the
hwaccel_uninit/hwaccel_init more than once. But only one hwaccel
should be shared with all decode threads.
in current context,
there are 3 situations in the update_dimensions():
1. First time calling. No matter single thread or multithread,
get_pixel_format() should be called after dimensions were
set;
2. Dimention changed at the runtime. Dimention need to be
updated when macroblocks_base is already allocated,
get_pixel_format() should be called to recreate new frames
according to updated dimension;
3. Multithread first time calling. After decoder init, the
other threads will call update_dimensions() at first time
to allocate macroblocks_base and set dimensions.
But get_pixel_format() is shouldn't be called due to low
level frames and context are already created.
In this fix, we only call update_dimensions as need.
Signed-off-by: Wang, Shaofei <shaofei.wang@intel.com>
Reviewed-by: Jun, Zhao <jun.zhao@intel.com>
Reviewed-by: Haihao Xiang <haihao.xiang@intel.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
|
|
This already applied to decoders as well as hwaccels, and adding encoder
support was going to make the name even more inaccurate.
|
|
init_thread_copy
The current design, where
- proper init is called for the first per-thread context
- first thread's private data is copied into private data for all the
other threads
- a "fixup" function is called for all the other threads to e.g.
allocate dynamically allocated data
is very fragile and hard to follow, so it is abandoned. Instead, the
same init function is used to init each per-thread context. Where
necessary, AVCodecInternal.is_copy can be used to differentiate between
the first thread and the other ones (e.g. for decoding the extradata
just once).
|
|
This is a constant codec property, so a capability flag is more appropriate.
|
|
webp decoder doesn't set update_thread_context field
$ ffmpeg -i rgb_q80.webp -f null -
[webp @ 0x7ffbd5823200] Multiple ff_thread_finish_setup() calls
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: Timeout (100sec -> 5sec)
Fixes: 15073/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP7_fuzzer-5649257362620416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: Timeout
Fixes: 10313/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP7_fuzzer-5637719389110272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
operation
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
72->60 seconds
Testcase: 8680/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP7_fuzzer-5861504418054144
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: Timeout
Fixes: 5653/clusterfuzz-testcase-5497680018014208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Use the following command to reproduce this issue:
make fate-vp8-size-change HWACCEL="vaapi -vaapi_device \
/dev/dri/renderD128 -hwaccel_output_format yuv420p"
SAMPLES=../fate-suite/.
At the same time, reconstruct the public logic as a function.
Signed-off-by: Yun Zhou <yunx.z.zhou@intel.com>
Signed-off-by: Jun Zhao <jun.zhao@intel.com>
Signed-off-by: Mark Thompson <sw@jkqxz.net>
|
|
|
|
|
|
Also adds some extra fields to the main context structure that may
be needed by a hwaccel decoder.
The current behaviour of the WebP decoder is maintained by adding an
additional field to the VP8 decoder private context to indicate that
it is actually being used as WebP (no hwaccel is supported for that
case).
|
|
* commit 'fd9212f2edfe9b107c3c08ba2df5fd2cba5ab9e3':
Mark some arrays that never change as const.
Merged-by: James Almer <jamrial@gmail.com>
|
|
Fixes: out of array access
Fixes: 1434/clusterfuzz-testcase-minimized-6314998085189632
Fixes: 1435/clusterfuzz-testcase-minimized-6483783723253760
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes tsan warnings like this in fate-vp8-test-vector-007:
WARNING: ThreadSanitizer: data race (pid=65909)
Write of size 4 at 0x7d8c0000e088 by thread T1:
#0 vp8_decode_mb_row_sliced vp8.c:2519 (ffmpeg:x86_64+0x100995ede)
[..]
Previous write of size 4 at 0x7d8c0000e088 by thread T2:
#0 vp8_decode_mb_row_sliced vp8.c:2519 (ffmpeg:x86_64+0x100995ede)
|
|
Fixes tsan warnings like this in fate-vp8-test-vector-007:
WARNING: ThreadSanitizer: data race (pid=3590)
Write of size 4 at 0x7d8c0000e07c by thread T2:
#0 decode_mb_row_no_filter src/libavcodec/vp8.c:2330 (ffmpeg+0x000000ffb59e)
[..]
Previous write of size 4 at 0x7d8c0000e07c by thread T1:
#0 decode_mb_row_no_filter src/libavcodec/vp8.c:2330 (ffmpeg+0x000000ffb59e)
|
|
* commit '87c6c78604e4dd16f1f45862b27ca006da010527':
vp8: Change type of stride parameters to ptrdiff_t
Merged-by: James Almer <jamrial@gmail.com>
|
|
Fixes: 447860.webm
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: timeout in 730/clusterfuzz-testcase-5265113739165696 (part 2 of 2)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: timeout in 730/clusterfuzz-testcase-5265113739165696 (part 1 of 2)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes timeout with 686/clusterfuzz-testcase-5853946876788736
this shortcuts (i.e. speeds up) the error and
return-to-user when decoding a truncated frame
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Previous version reviewed by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
Also adds some extra fields to the main context structure that may
be needed by a hwaccel decoder.
|
|
ptrdiff_t is the correct type for array strides and similar.
|
|
* commit '5afb94c817abffad030c6b94d7003dca8aace3d5':
Mark read-only tables as static
Merged-by: Clément Bœsch <u@pkh.me>
|
|
|
|
* commit 'f4d581cda3897f66c1dda7586b93f86a591dbbef':
lavc: Deduplicate zigzag_scan table
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
|
|
|
|
When compiled with --disable-pthreads, e.g
http://fate.ffmpeg.org/report.cgi?time=20150917015044&slot=alpha-debian-qemu-gcc-4.7,
a bunch of -Wunused-functions are reported due to missing header guards
around threading related functions.
This patch should silence such warnings.
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
|
|
The variable is not a constant and can lead to race conditions
Fixes: repro.webm (not reproducable with FFmpeg alone)
Found-by: Dale Curtis <dalecurtis@google.com>
Tested-by: Dale Curtis <dalecurtis@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
* commit '7bf9647264308d2df74b2b50669f2d02a7ecc90b':
vp7: bound checking in vp7_decode_frame_header
Only partially merged, see 46f72ea507afee6adb0d2324848159063d0e7afc
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
|
|
CC: libav-stable@libav.org
|
|
* commit 'def97856de6021965db86c25a732d78689bd6bb0':
lavc: AV-prefix all codec capabilities
Conflicts:
cmdutils.c
ffmpeg.c
ffplay.c
libavcodec/8svx.c
libavcodec/aacenc.c
libavcodec/ac3dec.c
libavcodec/adpcm.c
libavcodec/alac.c
libavcodec/atrac3plusdec.c
libavcodec/bink.c
libavcodec/dnxhddec.c
libavcodec/dvdec.c
libavcodec/dvenc.c
libavcodec/ffv1dec.c
libavcodec/ffv1enc.c
libavcodec/fic.c
libavcodec/flacdec.c
libavcodec/flacenc.c
libavcodec/flvdec.c
libavcodec/fraps.c
libavcodec/frwu.c
libavcodec/gifdec.c
libavcodec/h261dec.c
libavcodec/hevc.c
libavcodec/iff.c
libavcodec/imc.c
libavcodec/libopenjpegdec.c
libavcodec/libvo-aacenc.c
libavcodec/libvorbisenc.c
libavcodec/libvpxdec.c
libavcodec/libvpxenc.c
libavcodec/libx264.c
libavcodec/mjpegbdec.c
libavcodec/mjpegdec.c
libavcodec/mpegaudiodec_float.c
libavcodec/msmpeg4dec.c
libavcodec/mxpegdec.c
libavcodec/nvenc_h264.c
libavcodec/nvenc_hevc.c
libavcodec/pngdec.c
libavcodec/qpeg.c
libavcodec/ra288.c
libavcodec/rv10.c
libavcodec/s302m.c
libavcodec/sp5xdec.c
libavcodec/takdec.c
libavcodec/tiff.c
libavcodec/tta.c
libavcodec/utils.c
libavcodec/v210dec.c
libavcodec/vp6.c
libavcodec/vp9.c
libavcodec/wavpack.c
libavcodec/yop.c
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Express bitfields more simply.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
|
|
avoids null pointer dereference
Fixes: signal_sigsegv_d5de40_964_vp80-00-comprehensive-010.ivf with memlimit of 1048576
Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: signal_sigsegv_d5de23_967_vp80_00_comprehensive_010.ivf with memlimit 524288
Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
If one of the dimensions is larger than 8176, s->mb_width or
s->mb_height is larger than 511, leading to an int16_t overflow of
s->mv_max.{x,y}. This then causes av_clip to be called with amin > amax.
Changing the type to int avoids the overflow and has no negative
effect, because s->mv_max is only used in clamp_mv for clipping.
Since mv_max.{x,y} is positive and mv_min.{x,y} negative, av_clip can't
increase the absolute value. The input to av_clip is an int16_t, and
thus the output fits into int16_t as well.
For additional safety, s->mv_{min,max}.{x,y} are clipped to int16_t range
before use.
Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
|
|
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
The later may yield incorrect code for on-stack variables.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Found-by: Clang -fsanitize=shift
Reported-by: Thierry Foucu <tfoucu@google.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
|