Re: [FFmpeg-devel] [PATCH] apng: use correct size for output buffer
On 06.11.2015 22:29, wm4 wrote: > On Fri, 6 Nov 2015 22:18:04 +0100 > Andreas Cadhalpunwrote: > >> This fixes a stack buffer overflow. >> >> Signed-off-by: Andreas Cadhalpun >> --- >> libavcodec/pngdec.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c >> index 689aa2b..c974654 100644 >> --- a/libavcodec/pngdec.c >> +++ b/libavcodec/pngdec.c >> @@ -1010,13 +1010,13 @@ static int handle_p_frame_apng(AVCodecContext >> *avctx, PNGDecContext *s, >> memcpy(buffer + row_start, p->data[0] + row_start, s->bpp * >> s->cur_w); >> } >> } else { // APNG_BLEND_OP_OVER >> +uint8_t *output = av_malloc(s->bpp); >> for (y = s->y_offset; y < s->y_offset + s->cur_h; ++y) { >> uint8_t *foreground = p->data[0] + s->image_linesize * y + >> s->bpp * s->x_offset; >> uint8_t *background = buffer + s->image_linesize * y + s->bpp * >> s->x_offset; >> for (x = s->x_offset; x < s->x_offset + s->cur_w; ++x, >> foreground += s->bpp, background += s->bpp) { >> size_t b; >> uint8_t foreground_alpha, background_alpha, output_alpha; >> -uint8_t output[4]; >> >> // Since we might be blending alpha onto alpha, we use the >> following equations: >> // output_alpha = foreground_alpha + (1 - foreground_alpha) >> * background_alpha >> @@ -1069,6 +1069,7 @@ static int handle_p_frame_apng(AVCodecContext *avctx, >> PNGDecContext *s, >> memcpy(background, output, s->bpp); >> } >> } >> +av_freep(); >> } >> >> // Copy blended buffer into the frame and free > > This seems wasteful, can't it just be output[8]? I think s->bpp can be up to 10: size_t byte_depth = s->bit_depth > 8 ? 2 : 1; // maximal 2 ... s->channels = ff_png_get_nb_channels(s->color_type); // maximal 4 s->bits_per_pixel = s->bit_depth * s->channels;// bit_depth is maximal 16 s->bpp= (s->bits_per_pixel + 7) >> 3; // maximal 8 ... if (s->has_trns && s->color_type != PNG_COLOR_TYPE_PALETTE) { ... s->bpp += byte_depth; // maximal 10 > It also adds a bug (unchecked malloc). Right, sorry for that. Attached is a patch increasing the buffer size to 10 and adding an assert that s->bpp is not larger. Best regards, Andreas >From bf724da5da5efe778225e61a786cc9b8cb86a91f Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Fri, 6 Nov 2015 23:44:01 +0100 Subject: [PATCH] apng: use correct size for output buffer The buffer needs s->bpp bytes, at maximum currently 10. Assert that s->bpp is not larger. This fixes a stack buffer overflow. Signed-off-by: Andreas Cadhalpun --- libavcodec/pngdec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 689aa2b..feb1763 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -1016,7 +1016,7 @@ static int handle_p_frame_apng(AVCodecContext *avctx, PNGDecContext *s, for (x = s->x_offset; x < s->x_offset + s->cur_w; ++x, foreground += s->bpp, background += s->bpp) { size_t b; uint8_t foreground_alpha, background_alpha, output_alpha; -uint8_t output[4]; +uint8_t output[10]; // Since we might be blending alpha onto alpha, we use the following equations: // output_alpha = foreground_alpha + (1 - foreground_alpha) * background_alpha @@ -1056,6 +1056,8 @@ static int handle_p_frame_apng(AVCodecContext *avctx, PNGDecContext *s, output_alpha = foreground_alpha + FAST_DIV255((255 - foreground_alpha) * background_alpha); +av_assert0(s->bpp <= 10); + for (b = 0; b < s->bpp - 1; ++b) { if (output_alpha == 0) { output[b] = 0; -- 2.6.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 04/11] libavformat/mxfdec.c: Try to increment current edit before rejecting a klv that spans onto next edit unit.
On Sun, 2015-10-25 at 21:43 +0100, Tomas Härdin wrote: > On Thu, 2015-10-22 at 19:47 +0200, Alexis Ballier wrote: > > On Wed, 21 Oct 2015 23:45:07 +0200 > > Tomas Härdinwrote: > > > > > On Wed, 2015-10-21 at 18:00 +0200, Alexis Ballier wrote: > > > > Some files such as those from tickets #2817 & #2776 claim to have > > > > constant edit unit size but, in fact, have some of them that are > > > > smaller. This confuses the demuxer that tries to infer the current > > > > edit unit from the position in the file. By trying to increment the > > > > current edit unit before rejecting the packet for this reason, we > > > > try to make it fit into its proper edit unit, which fixes demuxing > > > > of those files while preserving the check for misprobed OpAtom > > > > files. Seeking is not accurate but the files provide no way to > > > > properly find the relevant edit unit. > > > > > > > > Fixes tickets #2817 & #2776. > > > > --- > > > > libavformat/mxfdec.c | 12 > > > > 1 file changed, 12 insertions(+) > > > > > > > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > > > > index 593604e..526eca6 100644 > > > > --- a/libavformat/mxfdec.c > > > > +++ b/libavformat/mxfdec.c > > > > @@ -2956,6 +2956,18 @@ static int > > > > mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt) next_ofs = > > > > mxf_set_current_edit_unit(mxf, klv.offset); > > > > if (next_ofs >= 0 && next_klv > next_ofs) { > > > > +/* Samples from tickets #2817 and #2776 claim to > > > > have > > > > + * constant edit unit size. However, some of them > > > > are smaller. > > > > > > What does "them" refer to here? The edit units or the KLVs? > > > > > > > + * Just after those smaller edit units, > > > > > > Right, the edit units. Maybe rework the grammar slightly. > > > > > > > + * Just after those smaller edit units, klv.offset > > > > is still in > > > > + * the same edit unit according to the > > > > computations from the > > > > + * constant edit unit size. If the klv finishes > > > > after, the next > > > > + * check would truncate the packet and prevent > > > > proper demuxing. > > > > + * Try to increment the current edit unit before > > > > doing that. */ > > > > > > Let's see if I understand this correctly. For say EUBC = 10, there can > > > still be KLVs that are some size larger than 10, but smaller than > > > 2*EUBC = 20? So that the next edit unit would extend past the end of > > > the KLV, and thus be bogus? > > > > > > KLV: |header|---|header|--| > > > Edit unit:|0123456789|bogus<10| |0123456789|bgs| > > > > > > IIRC with MXF the bogus parts should still count as part of the > > > essence stream. Maybe I'm missing something. > > > > It's simpler than that, and if you don't understand then the comment > > likely needs improving :) let's see: > > > > H = header, V = video, A,B,C = audio tracks, F = fill item > > > > mxf file defines a proper edit unit, with EUBC = 10 to be something > > like: > > > > 1234567890 > > HVVVAFBFCF > > > > now, in the samples, in some edit units, video is shorter; mxf spec > > says it should be padded by fill items, but they're not and look like: > > > > 1234567890 > > HVAFBFCF > > > > when continuing to read, we have: > > > > 12345678901234567890 > > HVAFBFCFHVVVAFBFCF > > | eu 1 || eu 2 | > > > > as you can see, 2nd video packet is still in the first edit unit > > according to EUBC, and extends to next one. > > Ah, that makes it a lot clearer :) > > > that's what the patch is about: try to increment edit unit before > > rejecting the packet. > > > > in 'MXF_DVCAM_not_demuxable.mxf', those smaller video packets seem to > > correspond to a black frame inserted between two scenes. > > > > I've tried hard to get something better, but nothing seemed to work > > properly; best other option I had was to increment edit unit when > > seeing a system item, which worked but broke tests and in which I'm not > > so confident it won't break with other broken files... > > Yeah, breaking existing tests is obviously not OK. But increasing > current_edit_unit like that seems a bit too suspect. > > What your patch seems to end up doing with that > max_set_current_edit_unit() call is call mxf_edit_unit_absolute_offset() > like: > > mxf_edit_unit_absolute_offset(mxf, t, mxf->current_edit_unit + 1, NULL, > _ofs, 0) > > Maybe you could make use of just that function call (with > mxf->current_edit_unit + *2*), instead of potentially messing > current_edit_unit up for some corner cases.. Any progress on this? More information needed perhaps? /Tomas signature.asc Description: This is a digitally signed message part ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org
Re: [FFmpeg-devel] [PATCH 1/2] mmaldec: add vc1 decoding support
On 11/6/2015 12:15 PM, wm4 wrote: > --- > configure | 3 +++ > libavcodec/Makefile| 1 + > libavcodec/allcodecs.c | 2 ++ > libavcodec/mmaldec.c | 12 > 4 files changed, 18 insertions(+) > > diff --git a/configure b/configure > index f770534..8c940a7 100755 > --- a/configure > +++ b/configure > @@ -2516,6 +2516,9 @@ vc1_vdpau_decoder_deps="vdpau" > vc1_vdpau_decoder_select="vc1_decoder" > vc1_vdpau_hwaccel_deps="vdpau" > vc1_vdpau_hwaccel_select="vc1_decoder" > +vc1_mmal_decoder_deps="mmal" > +vc1_mmal_hwaccel_deps="mmal" > +vc1_mmal_decoder_select="vc1video_decoder" vc1_mmal_decoder_select="vc1_decoder" Also, judging by every other hwaccel, shouldn't you also add a vc1_mmal_hwaccel_select="vc1_decoder" line? ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] web/download: point to the official Debian/Ubuntu packages
On Fri, Nov 06, 2015 at 08:18:39PM +0100, Andreas Cadhalpun wrote: [...] > diff --git a/src/download b/src/download > index 5691fbd..6d3517e 100644 > --- a/src/download > +++ b/src/download > @@ -53,13 +53,22 @@ > > Linux Packages > > + href="https://tracker.debian.org/pkg/ffmpeg;> > +Debian ??? Official packages for > Stable-Backports, Testing, Unstable > +(amd64, arm64, armel, armhf, i386, kfreebsd-amd64, > kfreebsd-i386, mips, mipsel, powerpc, ppc64el, s390x) What do you think of removing the architecture list? It's not very helpful for most people reading this page, and feels out-of-place. [...] Timothy ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/2] pixblockdsp: x86: Condense diff_pixels_* to a shared macro
On Sun, Nov 1, 2015 at 8:59 AM Timothy Guwrote: > --- > libavcodec/x86/pixblockdsp.asm | 66 > -- > 1 file changed, 31 insertions(+), 35 deletions(-) > Ping set. Timothy ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] apng: use correct size for output buffer
On Fri, 6 Nov 2015 23:56:52 +0100 Andreas Cadhalpunwrote: > On 06.11.2015 22:29, wm4 wrote: > > On Fri, 6 Nov 2015 22:18:04 +0100 > > Andreas Cadhalpun wrote: > > > >> This fixes a stack buffer overflow. > >> > >> Signed-off-by: Andreas Cadhalpun > >> --- > >> libavcodec/pngdec.c | 3 ++- > >> 1 file changed, 2 insertions(+), 1 deletion(-) > >> > >> diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c > >> index 689aa2b..c974654 100644 > >> --- a/libavcodec/pngdec.c > >> +++ b/libavcodec/pngdec.c > >> @@ -1010,13 +1010,13 @@ static int handle_p_frame_apng(AVCodecContext > >> *avctx, PNGDecContext *s, > >> memcpy(buffer + row_start, p->data[0] + row_start, s->bpp * > >> s->cur_w); > >> } > >> } else { // APNG_BLEND_OP_OVER > >> +uint8_t *output = av_malloc(s->bpp); > >> for (y = s->y_offset; y < s->y_offset + s->cur_h; ++y) { > >> uint8_t *foreground = p->data[0] + s->image_linesize * y + > >> s->bpp * s->x_offset; > >> uint8_t *background = buffer + s->image_linesize * y + s->bpp > >> * s->x_offset; > >> for (x = s->x_offset; x < s->x_offset + s->cur_w; ++x, > >> foreground += s->bpp, background += s->bpp) { > >> size_t b; > >> uint8_t foreground_alpha, background_alpha, output_alpha; > >> -uint8_t output[4]; > >> > >> // Since we might be blending alpha onto alpha, we use > >> the following equations: > >> // output_alpha = foreground_alpha + (1 - > >> foreground_alpha) * background_alpha > >> @@ -1069,6 +1069,7 @@ static int handle_p_frame_apng(AVCodecContext > >> *avctx, PNGDecContext *s, > >> memcpy(background, output, s->bpp); > >> } > >> } > >> +av_freep(); > >> } > >> > >> // Copy blended buffer into the frame and free > > > > This seems wasteful, can't it just be output[8]? > > I think s->bpp can be up to 10: > size_t byte_depth = s->bit_depth > 8 ? 2 : 1; // maximal > 2 > ... > s->channels = ff_png_get_nb_channels(s->color_type); // maximal > 4 > s->bits_per_pixel = s->bit_depth * s->channels;// > bit_depth is maximal 16 > s->bpp= (s->bits_per_pixel + 7) >> 3; // maximal > 8 > ... > if (s->has_trns && s->color_type != PNG_COLOR_TYPE_PALETTE) { > ... > s->bpp += byte_depth; // maximal > 10 > > > It also adds a bug (unchecked malloc). > > Right, sorry for that. > Attached is a patch increasing the buffer size to 10 and > adding an assert that s->bpp is not larger. I'm find with this, though I'm not (A)PNG maintainer. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] ffserver: fix incorrect strlcpy usage
On Fri, Nov 6, 2015 at 10:42 PM, Mark Harris wrote: > On Fri, Nov 6, 2015 at 12:49 PM, Ganesh Ajjanagadde >wrote: >> Somewhat ironic that this "safe" interface is actually being used >> unsafely here. This fixes the usage preventing potential null pointer >> dereference, where the old code was doubly broken: ctime can return >> NULL, and ctime can return an arbitrarily long buffer. >> >> Signed-off-by: Ganesh Ajjanagadde >> --- >> ffserver.c | 9 ++--- >> 1 file changed, 6 insertions(+), 3 deletions(-) >> >> diff --git a/ffserver.c b/ffserver.c >> index 526cbfc..108523e 100644 >> --- a/ffserver.c >> +++ b/ffserver.c >> @@ -305,15 +305,18 @@ static void ffm_set_write_index(AVFormatContext *s, >> int64_t pos, >> ffm->file_size = file_size; >> } >> >> -static char *ctime1(char *buf2, int buf_size) >> +static char *ctime1(char *buf2, size_t buf_size) >> { >> time_t ti; >> char *p; >> >> ti = time(NULL); >> p = ctime(); >> -av_strlcpy(buf2, p, buf_size); >> -p = buf2 + strlen(p) - 1; >> +if (!p) { >> +*buf2 = '\0'; >> +return buf2; >> +} >> +p = buf2 + av_strlcpy(buf2, p, buf_size) - 1; >> if (*p == '\n') >> *p = '\0'; >> return buf2; > > Ironically, this still doesn't handle a string that is too long for > the buffer. "safe" indeed! strlcpy (and av_strlcpy) returns the > length of the source, not the destination, so this will still access > and possibly write to memory beyond the end of buf2 when the string is > truncated. Just looked, yes, this interface is nasty. But then again all string copying stuff is rather horrible. > > It will also still access and possibly write to one byte before the > beginning of the buffer if the string is an empty string, although > that "should not happen". True, but while fixing things, they should be fixed correctly. Will try again, thanks. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/2] pixblockdsp: x86: Condense diff_pixels_* to a shared macro
On 11/1/2015 1:59 PM, Timothy Gu wrote: > --- > libavcodec/x86/pixblockdsp.asm | 66 > -- > 1 file changed, 31 insertions(+), 35 deletions(-) > LGTM ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/2] pixblockdsp: x86: Condense diff_pixels_* to a shared macro
Hi, On Sun, Nov 1, 2015 at 11:59 AM, Timothy Guwrote: > --- > libavcodec/x86/pixblockdsp.asm | 66 > -- > 1 file changed, 31 insertions(+), 35 deletions(-) > > diff --git a/libavcodec/x86/pixblockdsp.asm > b/libavcodec/x86/pixblockdsp.asm > index 7c5377b..a7d9816 100644 > --- a/libavcodec/x86/pixblockdsp.asm > +++ b/libavcodec/x86/pixblockdsp.asm > @@ -80,54 +80,50 @@ cglobal get_pixels, 3, 4, 5 > mova [r0+0x70], m3 > RET > > -INIT_MMX mmx > ; void ff_diff_pixels_mmx(int16_t *block, const uint8_t *s1, const > uint8_t *s2, > ; int stride); > -cglobal diff_pixels, 4,5 > -movsxdifnidn r3, r3d > -pxor m7, m7 > -add r0, 128 > -mov r4, -128 > -.loop: > -mova m0, [r1] > -mova m2, [r2] > -mova m1, m0 > -mova m3, m2 > -punpcklbwm0, m7 > -punpckhbwm1, m7 > -punpcklbwm2, m7 > -punpckhbwm3, m7 > -psubwm0, m2 > -psubwm1, m3 > -mova [r0+r4+0], m0 > -mova [r0+r4+8], m1 > -add r1, r3 > -add r2, r3 > -add r4, 16 > -jne .loop > -REP_RET > - > -INIT_XMM sse2 > -cglobal diff_pixels, 4, 5, 5 > +%macro DIFF_PIXELS 0 > +cglobal diff_pixels, 4,5,5 > movsxdifnidn r3, r3d > pxor m4, m4 > add r0, 128 > mov r4, -128 > .loop: > -movh m0, [r1] > -movh m2, [r2] > -movh m1, [r1+r3] > -movh m3, [r2+r3] > +movq m0, [r1] > +movq m2, [r2] > +%if mmsize == 8 > +movq m1, m0 > +movq m3, m2 > +punpcklbwm0, m4 > +punpckhbwm1, m4 > +punpcklbwm2, m4 > +punpckhbwm3, m4 > +%else > +movq m1, [r1+r3] > +movq m3, [r2+r3] > punpcklbwm0, m4 > punpcklbwm1, m4 > punpcklbwm2, m4 > punpcklbwm3, m4 +%endif > psubwm0, m2 > psubwm1, m3 > -mova [r0+r4+0 ], m0 > -mova [r0+r4+16], m1 > +mova [r0+r4+0], m0 > +mova [r0+r4+mmsize], m1 > +%if mmsize == 8 > +add r1, r3 > +add r2, r3 > +%else > lea r1, [r1+r3*2] > lea r2, [r2+r3*2] > -add r4, 32 > +%endif > +add r4, 2 * mmsize > jne .loop > -RET > +REP_RET > RET. We don't use REP_RET anymore. Rest is fine. Ronald ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] apng: use correct size for output buffer
On 11/6/15, Andreas Cadhalpunwrote: > On 06.11.2015 22:29, wm4 wrote: >> On Fri, 6 Nov 2015 22:18:04 +0100 >> Andreas Cadhalpun wrote: >> >>> This fixes a stack buffer overflow. >>> >>> Signed-off-by: Andreas Cadhalpun >>> --- >>> libavcodec/pngdec.c | 3 ++- >>> 1 file changed, 2 insertions(+), 1 deletion(-) >>> >>> diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c >>> index 689aa2b..c974654 100644 >>> --- a/libavcodec/pngdec.c >>> +++ b/libavcodec/pngdec.c >>> @@ -1010,13 +1010,13 @@ static int handle_p_frame_apng(AVCodecContext >>> *avctx, PNGDecContext *s, >>> memcpy(buffer + row_start, p->data[0] + row_start, s->bpp * >>> s->cur_w); >>> } >>> } else { // APNG_BLEND_OP_OVER >>> +uint8_t *output = av_malloc(s->bpp); >>> for (y = s->y_offset; y < s->y_offset + s->cur_h; ++y) { >>> uint8_t *foreground = p->data[0] + s->image_linesize * y + >>> s->bpp * s->x_offset; >>> uint8_t *background = buffer + s->image_linesize * y + >>> s->bpp * s->x_offset; >>> for (x = s->x_offset; x < s->x_offset + s->cur_w; ++x, >>> foreground += s->bpp, background += s->bpp) { >>> size_t b; >>> uint8_t foreground_alpha, background_alpha, >>> output_alpha; >>> -uint8_t output[4]; >>> >>> // Since we might be blending alpha onto alpha, we use >>> the following equations: >>> // output_alpha = foreground_alpha + (1 - >>> foreground_alpha) * background_alpha >>> @@ -1069,6 +1069,7 @@ static int handle_p_frame_apng(AVCodecContext >>> *avctx, PNGDecContext *s, >>> memcpy(background, output, s->bpp); >>> } >>> } >>> +av_freep(); >>> } >>> >>> // Copy blended buffer into the frame and free >> >> This seems wasteful, can't it just be output[8]? > > I think s->bpp can be up to 10: > size_t byte_depth = s->bit_depth > 8 ? 2 : 1; // > maximal 2 > ... > s->channels = ff_png_get_nb_channels(s->color_type); // > maximal 4 > s->bits_per_pixel = s->bit_depth * s->channels;// > bit_depth is maximal 16 > s->bpp= (s->bits_per_pixel + 7) >> 3; // > maximal 8 > ... > if (s->has_trns && s->color_type != PNG_COLOR_TYPE_PALETTE) { > ... > s->bpp += byte_depth; // > maximal 10 > >> It also adds a bug (unchecked malloc). > > Right, sorry for that. > Attached is a patch increasing the buffer size to 10 and > adding an assert that s->bpp is not larger. Should be fine. > > Best regards, > Andreas > > ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] ffserver: fix incorrect strlcpy usage
On Fri, Nov 6, 2015 at 12:49 PM, Ganesh Ajjanagaddewrote: > Somewhat ironic that this "safe" interface is actually being used > unsafely here. This fixes the usage preventing potential null pointer > dereference, where the old code was doubly broken: ctime can return > NULL, and ctime can return an arbitrarily long buffer. > > Signed-off-by: Ganesh Ajjanagadde > --- > ffserver.c | 9 ++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/ffserver.c b/ffserver.c > index 526cbfc..108523e 100644 > --- a/ffserver.c > +++ b/ffserver.c > @@ -305,15 +305,18 @@ static void ffm_set_write_index(AVFormatContext *s, > int64_t pos, > ffm->file_size = file_size; > } > > -static char *ctime1(char *buf2, int buf_size) > +static char *ctime1(char *buf2, size_t buf_size) > { > time_t ti; > char *p; > > ti = time(NULL); > p = ctime(); > -av_strlcpy(buf2, p, buf_size); > -p = buf2 + strlen(p) - 1; > +if (!p) { > +*buf2 = '\0'; > +return buf2; > +} > +p = buf2 + av_strlcpy(buf2, p, buf_size) - 1; > if (*p == '\n') > *p = '\0'; > return buf2; Ironically, this still doesn't handle a string that is too long for the buffer. "safe" indeed! strlcpy (and av_strlcpy) returns the length of the source, not the destination, so this will still access and possibly write to memory beyond the end of buf2 when the string is truncated. It will also still access and possibly write to one byte before the beginning of the buffer if the string is an empty string, although that "should not happen". ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] jvdec: avoid unsized overflow in comparison
On 11/6/15, Andreas Cadhalpunwrote: > The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size > is 3, the right side overflows leading to a wrong result of the > comparison and subsequently a heap buffer overflow. > > Signed-off-by: Andreas Cadhalpun > --- > libavformat/jvdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/jvdec.c b/libavformat/jvdec.c > index 4d4f0c7..a31c723 100644 > --- a/libavformat/jvdec.c > +++ b/libavformat/jvdec.c > @@ -54,7 +54,7 @@ typedef struct JVDemuxContext { > > static int read_probe(AVProbeData *pd) > { > -if (pd->buf[0] == 'J' && pd->buf[1] == 'V' && strlen(MAGIC) <= > pd->buf_size - 4 && > +if (pd->buf[0] == 'J' && pd->buf[1] == 'V' && strlen(MAGIC) + 4 <= > pd->buf_size && > !memcmp(pd->buf + 4, MAGIC, strlen(MAGIC))) > return AVPROBE_SCORE_MAX; > return 0; > -- > 2.6.1 > ___ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > lgtm ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] jvdec: avoid unsized overflow in comparison
On Fri, Nov 06, 2015 at 09:11:40PM +0100, Andreas Cadhalpun wrote: > Subject: [FFmpeg-devel] [PATCH] jvdec: avoid unsized overflow in comparison *unsigned [...] Timothy ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] swresample/options: change rematrix_maxval default to 1.0
On Fri, Nov 06, 2015 at 08:52:32AM +0100, Nicolas George wrote: > Le sextidi 16 brumaire, an CCXXIV, Michael Niedermayer a écrit : > > iam with whatever default people prefer > > IIRC, the current default yields different results when rematrixing from > float to float and then converting from float to int than when doing both in > a single step. yes, OTOH float -> float rematrix + "inverse" float->float should be closer to the original than with the changed default The difference between the defaults is in volume of the output > I beliee this is not good. no its not good, though the alternative isnt really good either. All choices have some kind of disadvantage. There also would be the possibility of implementing 2 pass mode to maintain the volume as much as possible without cliping (but that could not easily be default) For the default, the question is what people prefer ... [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The bravest are surely those who have the clearest vision of what is before them, glory and danger alike, and yet notwithstanding go out to meet it. -- Thucydides signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] swresample/options: change rematrix_maxval default to 1.0
On Fri, 6 Nov 2015 10:54:28 +0100 Michael Niedermayerwrote: > On Fri, Nov 06, 2015 at 08:52:32AM +0100, Nicolas George wrote: > > Le sextidi 16 brumaire, an CCXXIV, Michael Niedermayer a écrit : > > > iam with whatever default people prefer > > > > IIRC, the current default yields different results when rematrixing from > > float to float and then converting from float to int than when doing both in > > a single step. > > yes, OTOH float -> float rematrix + "inverse" float->float should be > closer to the original than with the changed default > The difference between the defaults is in volume of the output > > > > I beliee this is not good. > > no its not good, though the alternative isnt really good either. > All choices have some kind of disadvantage. There also would be the > possibility of implementing 2 pass mode to maintain the volume as much > as possible without cliping (but that could not easily be default) > For the default, the question is what people prefer ... Do you mean some kind of DRC? ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] libavformat/hls.c: if avio_open2 failed, retry it several times.
From 6705d9c9e4ded00075b4d8b23cb05ea2c65146ee Mon Sep 17 00:00:00 2001 From: liuyuxinDate: Fri, 6 Nov 2015 16:17:40 +0800 Subject: [PATCH] Network environment or video websites maybe lead to avio_open2 failed, but if we try avio_open2 several times, it will return success. --- libavformat/hls.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index ccae270..5d55197 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -41,6 +41,7 @@ #define INITIAL_BUFFER_SIZE 32768 +#define MAX_RETRY_COUNT 5 #define MAX_FIELD_LEN 64 #define MAX_CHARACTERISTICS_LEN 512 @@ -655,8 +656,17 @@ static int parse_playlist(HLSContext *c, const char *url, av_dict_set(, "cookies", c->cookies, 0); av_dict_set(, "headers", c->headers, 0); -ret = avio_open2(, url, AVIO_FLAG_READ, - c->interrupt_callback, ); +int try_count = MAX_RETRY_COUNT; + +ret = AVERROR_EXIT; +while (try_count-- && !ff_check_interrupt(c->interrupt_callback)) { +if ((ret = avio_open2(, url, AVIO_FLAG_READ, +c->interrupt_callback, )) >= 0) { +break; +} +av_usleep(100*1000); +} + av_dict_free(); if (ret < 0) return ret; 0001-Network-environment-or-video-websites-maybe-lead-to-.patch Description: Binary data ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] Return 0 in case of fail...
there's this snippet in ffserver.c : len = c->buffer_end - c->buffer_ptr; if (len < 4) { /* fail safe - should never happen */ fail1: //I am talking about this label fail1 c->buffer_ptr = c->buffer_end; return 0; } len = (c->buffer_ptr[0] << 24) | (c->buffer_ptr[1] << 16) | (c->buffer_ptr[2] << 8) | (c->buffer_ptr[3]); if (len > (c->buffer_end - c->buffer_ptr)) goto fail1; 1) Why does it return 0 in the case of a fail? It should return -1, right? 2) Unable to understand what the c->buffer contains. Regards, canaar ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] swresample/options: change rematrix_maxval default to 1.0
On Fri, 6 Nov 2015 12:58:23 +0100 Michael Niedermayerwrote: > On Fri, Nov 06, 2015 at 11:16:49AM +0100, wm4 wrote: > > On Fri, 6 Nov 2015 10:54:28 +0100 > > Michael Niedermayer wrote: > > > > > On Fri, Nov 06, 2015 at 08:52:32AM +0100, Nicolas George wrote: > > > > Le sextidi 16 brumaire, an CCXXIV, Michael Niedermayer a écrit : > > > > > iam with whatever default people prefer > > > > > > > > IIRC, the current default yields different results when rematrixing from > > > > float to float and then converting from float to int than when doing > > > > both in > > > > a single step. > > > > > > yes, OTOH float -> float rematrix + "inverse" float->float should be > > > closer to the original than with the changed default > > > The difference between the defaults is in volume of the output > > > > > > > > > > I beliee this is not good. > > > > > > no its not good, though the alternative isnt really good either. > > > All choices have some kind of disadvantage. There also would be the > > > possibility of implementing 2 pass mode to maintain the volume as much > > > as possible without cliping (but that could not easily be default) > > > For the default, the question is what people prefer ... > > > > Do you mean some kind of DRC? > > no but that would be another possibility as well Then I don't know what you meant by this 2 pass mode. Can you explain? I'm interested in obtaining better downmix. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] swresample/options: change rematrix_maxval default to 1.0
On Fri, Nov 06, 2015 at 11:16:49AM +0100, wm4 wrote: > On Fri, 6 Nov 2015 10:54:28 +0100 > Michael Niedermayerwrote: > > > On Fri, Nov 06, 2015 at 08:52:32AM +0100, Nicolas George wrote: > > > Le sextidi 16 brumaire, an CCXXIV, Michael Niedermayer a écrit : > > > > iam with whatever default people prefer > > > > > > IIRC, the current default yields different results when rematrixing from > > > float to float and then converting from float to int than when doing both > > > in > > > a single step. > > > > yes, OTOH float -> float rematrix + "inverse" float->float should be > > closer to the original than with the changed default > > The difference between the defaults is in volume of the output > > > > > > > I beliee this is not good. > > > > no its not good, though the alternative isnt really good either. > > All choices have some kind of disadvantage. There also would be the > > possibility of implementing 2 pass mode to maintain the volume as much > > as possible without cliping (but that could not easily be default) > > For the default, the question is what people prefer ... > > Do you mean some kind of DRC? no but that would be another possibility as well [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Avoid a single point of failure, be that a person or equipment. signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] web/download: point to the official Debian/Ubuntu packages
On Fri, Nov 06, 2015 at 05:18:23PM +0100, Andreas Cadhalpun wrote: > Signed-off-by: Andreas Cadhalpun> --- > > Should we also keep the previous links somewhere? yes, please [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB In a rich man's house there is no place to spit but his face. -- Diogenes of Sinope signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] web/download: point to the official Debian/Ubuntu packages
On 06.11.2015 20:04, Michael Niedermayer wrote: > On Fri, Nov 06, 2015 at 05:18:23PM +0100, Andreas Cadhalpun wrote: >> Signed-off-by: Andreas Cadhalpun>> --- >> > >> Should we also keep the previous links somewhere? > > yes, please OK, attached is a variant, that simply adds new sections. It might be a bit confusing to have two sections for Debian/Ubuntu, though. Best regards, Andreas >From 8b3c774fcce80fd0b5a457122aba79685fded71b Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Fri, 6 Nov 2015 20:15:09 +0100 Subject: [PATCH] web/download: point to the official Debian/Ubuntu packages Signed-off-by: Andreas Cadhalpun --- src/download | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/download b/src/download index 5691fbd..6d3517e 100644 --- a/src/download +++ b/src/download @@ -53,13 +53,22 @@ Linux Packages + https://tracker.debian.org/pkg/ffmpeg;> +Debian â Official packages for Stable-Backports, Testing, Unstable +(amd64, arm64, armel, armhf, i386, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, ppc64el, s390x) + http://www.deb-multimedia.org/;> -Debian packages for Oldstable, Stable, Testing, Unstable +Debian â deb-multimedia packages for Oldstable, Stable, Testing, Unstable (amd64, armel, armhf, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, sparc) + https://launchpad.net/ubuntu/+source/ffmpeg; class="list-group-item"> +Ubuntu â Official packages for Vivid, Wily, Xenial +(amd64, arm64, armhf, i386, powerpc, ppc64el) + https://launchpad.net/~mc3man/+archive/ubuntu/trusty-media; class="list-group-item"> Ubuntu â Ubuntu Multimedia for Trusty PPA. Provides static binaries from most recent release branch. +(amd64, i386) http://rpmfusion.org/;> Fedora and Red Hat Enterprise Linux packages (i386, x86_64) -- 2.6.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] Intel QuickSync Video
@Will Kelleher CPU: http://ark.intel.com/products/75122/Intel-Core-i7-4770-Processor-8M-Cache-up-to-3_90-GHz MediaSDK: Intel-linux-media-ocl_generic_16.4.2.1-39163_64bit.tar.gz (inside package of mediaserverstudioessentials2015r6.tar.gz) Ubuntu 14.04.3 LTS, Codename: trusty @Sven Dueking file to file also not working, I made a debug log Splitting the commandline. Reading option '-y' ... matched as option 'y' (overwrite output files) with argument '1'. Reading option '-fflags' ... matched as AVOption 'fflags' with argument '+genpts'. Reading option '-loglevel' ... matched as option 'loglevel' (set logging level) with argument 'debug'. Reading option '-probesize' ... matched as AVOption 'probesize' with argument '1000'. Reading option '-analyzeduration' ... matched as AVOption 'analyzeduration' with argument '1500'. Reading option '-i' ... matched as input file with argument 'm84_2.mpg'. Reading option '-strict' ...Routing option strict to both codec and muxer layer matched as AVOption 'strict' with argument '-2'. Reading option '-dn' ... matched as option 'dn' (disable data) with argument '1'. Reading option '-vcodec' ... matched as option 'vcodec' (force video codec ('copy' to copy stream)) with argument 'h264_qsv'. Reading option '-preset' ... matched as AVOption 'preset' with argument 'veryfast'. Reading option '-profile:v' ... matched as option 'profile' (set profile) with argument 'baseline'. Reading option '-level' ... matched as AVOption 'level' with argument '3.0'. Reading option '-acodec' ... matched as option 'acodec' (force audio codec ('copy' to copy stream)) with argument 'aac'. Reading option '-b:v' ... matched as option 'b' (video bitrate (please use -b:v)) with argument '1000k'. Reading option '-r' ... matched as option 'r' (set frame rate (Hz value, fraction or abbreviation)) with argument '25'. Reading option '-b:a' ... matched as option 'b' (video bitrate (please use -b:v)) with argument '128k'. Reading option '-minrate' ... matched as AVOption 'minrate' with argument '200k'. Reading option '-maxrate' ... matched as AVOption 'maxrate' with argument '1200k'. Reading option '-bufsize' ... matched as AVOption 'bufsize' with argument '1200k'. Reading option '-vf' ... matched as option 'vf' (set video filters) with argument 'scale=720:576'. Reading option '-aspect' ... matched as option 'aspect' (set aspect ratio (4:3, 16:9 or 1., 1.)) with argument '16:9'. Reading option '-ar' ... matched as option 'ar' (set audio sampling rate (in Hz)) with argument '48000'. Reading option '-ac' ... matched as option 'ac' (set number of audio channels) with argument '2'. Reading option '-f' ... matched as option 'f' (force format) with argument 'mpegts'. Reading option 'bla.ts' ... matched as output file. Finished splitting the commandline. Parsing a group of options: global . Applying option y (overwrite output files) with argument 1. Applying option loglevel (set logging level) with argument debug. Successfully parsed a group of options. Parsing a group of options: input file m84_2.mpg. Successfully parsed a group of options. Opening an input file: m84_2.mpg. [mpeg @ 0x311aa40] Format mpeg probed with size=2048 and score=26 [mpeg @ 0x311aa40] Before avformat_find_stream_info() pos: 0 bytes read:32768 seeks:0 [mpeg @ 0x311aa40] probing stream 0 pp:2500 [mpeg @ 0x311aa40] Probe with size=2012, packets=1 detected mpegvideo with score=25 [mpeg @ 0x311aa40] probed stream 0 [mpeg @ 0x311aa40] Probe buffer size limit of 1000 bytes reached [mpeg @ 0x311aa40] rfps: 30.00 0.013228 [mpeg @ 0x311aa40] rfps: 29.970030 0.00 Last message repeated 1 times [mpeg @ 0x311aa40] rfps: 59.940060 0.00 Last message repeated 1 times [mpeg @ 0x311aa40] After avformat_find_stream_info() pos: 0 bytes read:10473616 seeks:2 frames:399 Input #0, mpeg, from 'm84_2.mpg': Duration: 00:00:21.99, start: 0.387500, bitrate: 6108 kb/s Stream #0:0[0x1e0], 399, 1/9: Video: mpeg2video (Main), 1 reference frame, yuv420p(tv, bt470bg, left), 720x480 [SAR 8:9 DAR 4:3], 1001/6, 6000 kb/s, 29.97 fps, 29.97 tbr, 90k tbn, 59.94 tbc Successfully opened the file. Parsing a group of options: output file bla.ts. Applying option dn (disable data) with argument 1. Applying option vcodec (force video codec ('copy' to copy stream)) with argument h264_qsv. Applying option profile:v (set profile) with argument baseline. Applying option acodec (force audio codec ('copy' to copy stream)) with argument aac. Applying option b:v (video bitrate (please use -b:v)) with argument 1000k. Applying option r (set frame rate (Hz value, fraction or abbreviation)) with argument 25. Applying option b:a (video bitrate (please use -b:v)) with argument 128k. Applying option vf (set video filters) with argument scale=720:576. Applying option aspect (set aspect ratio (4:3, 16:9 or 1., 1.)) with argument 16:9. Applying option ar (set audio sampling rate (in Hz)) with argument 48000. Applying option ac (set number
Re: [FFmpeg-devel] [PATCH] hevc: extract SEI caption data
On Thu, Nov 05, 2015 at 08:15:33AM -0600, Will Kelleher wrote: > Signed-off-by: Will Kelleher> --- > libavcodec/hevc.c | 10 +++ > libavcodec/hevc.h | 4 +++ > libavcodec/hevc_sei.c | 79 > +++ > 3 files changed, 93 insertions(+) > > diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c > index 4b3f199..1fa5283 100644 > --- a/libavcodec/hevc.c > +++ b/libavcodec/hevc.c > @@ -2566,6 +2566,16 @@ static int set_side_data(HEVCContext *s) > s->sei_hflip, s->sei_vflip); > } > > +if (s->a53_caption) { > +AVFrameSideData* sd = av_frame_new_side_data(out, > + AV_FRAME_DATA_A53_CC, > + s->a53_caption_size); > +if (sd) > +memcpy(sd->data, s->a53_caption, s->a53_caption_size); > +av_freep(>a53_caption); > +s->avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS; > +} > + > return 0; > } > > diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h > index 66b9a2f..6d8f703 100644 > --- a/libavcodec/hevc.h > +++ b/libavcodec/hevc.h > @@ -937,6 +937,10 @@ typedef struct HEVCContext { > int sei_hflip, sei_vflip; > > int picture_struct; > + > +uint8_t* a53_caption; > +int a53_caption_size; > + > } HEVCContext; > > int ff_hevc_decode_short_term_rps(GetBitContext *gb, AVCodecContext *avctx, > diff --git a/libavcodec/hevc_sei.c b/libavcodec/hevc_sei.c > index 179b045..0e56859 100644 > --- a/libavcodec/hevc_sei.c > +++ b/libavcodec/hevc_sei.c > @@ -146,6 +146,83 @@ static int decode_pic_timing(HEVCContext *s) > return 1; > } > > +static int decode_registered_user_data_closed_caption(HEVCContext *s, int > size) > +{ > + int flag; > + int user_data_type_code; > + int cc_count; > + > + GetBitContext *gb = >HEVClc->gb; > + > + if (size < 3) > + return AVERROR(EINVAL); > + > + user_data_type_code = get_bits(gb, 8); > + if (user_data_type_code == 0x3) { > + skip_bits(gb, 1); // reserved > + > + flag = get_bits(gb, 1); // process_cc_data_flag > + if (flag) { > + skip_bits(gb, 1); > + cc_count = get_bits(gb, 5); > + skip_bits(gb, 8); // reserved > + size -= 2; > + > + if (cc_count && size >= cc_count * 3) { > + if (s->a53_caption) > + av_freep(>a53_caption); unneeded null pointer check > + s->a53_caption_size = cc_count * 3; > + > + s->a53_caption = av_malloc(s->a53_caption_size); > + > + int i; > + for (i = 0; i < s->a53_caption_size; i++) { > + s->a53_caption[i++] = get_bits(gb, 8); missing malloc failure check > + } > + skip_bits(gb, 8); // marker_bits > + } > + } > + } else { > + int i; > + for (i = 0; i < size - 1; i++) > + skip_bits(gb, 8); skip_bits_long() [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Avoid a single point of failure, be that a person or equipment. signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] avdevice/dshow_enummediatypes: check return of av_malloc
On Fri, Nov 6, 2015 at 7:25 AM, Michael Niedermayerwrote: > On Sat, Oct 31, 2015 at 10:46:09AM -0400, Ganesh Ajjanagadde wrote: >> On Wed, Oct 28, 2015 at 10:05 PM, Ganesh Ajjanagadde >> wrote: >> > On Wed, Oct 28, 2015 at 10:00 PM, Michael Niedermayer >> > wrote: >> >> On Tue, Oct 27, 2015 at 08:09:03PM -0400, Ganesh Ajjanagadde wrote: >> >>> Untested. >> >>> >> >>> Signed-off-by: Ganesh Ajjanagadde >> >>> --- >> >>> libavdevice/dshow_enummediatypes.c | 2 ++ >> >>> 1 file changed, 2 insertions(+) >> >>> >> >>> diff --git a/libavdevice/dshow_enummediatypes.c >> >>> b/libavdevice/dshow_enummediatypes.c >> >>> index 5b69a5b..5a24870 100644 >> >>> --- a/libavdevice/dshow_enummediatypes.c >> >>> +++ b/libavdevice/dshow_enummediatypes.c >> >>> @@ -37,6 +37,8 @@ libAVEnumMediaTypes_Next(libAVEnumMediaTypes *this, >> >>> unsigned long n, >> >>> if (!this->pos && n == 1) { >> >>> if (!IsEqualGUID(>type.majortype, _NULL)) { >> >>> AM_MEDIA_TYPE *type = av_malloc(sizeof(AM_MEDIA_TYPE)); >> >>> +if (!type) >> >>> +return AVERROR(ENOMEM); >> >> >> >> I cannot test this either but the surrounding code returns >> >> E_POINTER, E_OUTOFMEMORY, ... >> >> not AVERROR* >> >> so this does not look correct, or at least inconsistent >> > >> > Looks like some Windows thing, I guess E_OUTOFMEMORY is the best >> > choice. This needs to wait for a review from a Windows using dev IMO. >> >> Assuming the change from AVERROR(ENOMEM) to E_OUTOFMEMORY, is this >> patch ok? Worst case, build should be guaranteed. > > should be ok pushed, thanks > > [...] > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > Complexity theory is the science of finding the exact solution to an > approximation. Benchmarking OTOH is finding an approximation of the exact > > ___ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] Intel QuickSync Video
> Hello, > > I try to transcode with quick sync, but it doesn't work. > I did follow: https://ffmpeg.org/general.html#Intel-QuickSync-Video > > > I get this error > [h264_qsv @ 0x3017580] Error initializing an internal MFX session > Error while opening encoder for output stream #0:0 - maybe incorrect > parameters such as bit_rate, rate, width or height > > How can I solve this please? Unfortunately this error can be caused by a variety of things. To start, can you share your exact CPU model and the Media SDK version that you're using? Also, what platform are you on? ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCHv3] avfilter: add anoisesrc
On 11/6/15, Kyle Swansonwrote: > Here's v3. Uses AV_OPT_TYPE_CONST now. Just sent this with the wrong subject > line, here it is again. (sorry!) > > Signed-off-by: Kyle Swanson > --- > Changelog| 1 + > doc/filters.texi | 36 > libavfilter/Makefile | 1 + > libavfilter/allfilters.c | 1 + > libavfilter/asrc_anoisesrc.c | 208 > +++ > libavfilter/version.h| 4 +- > 6 files changed, 249 insertions(+), 2 deletions(-) > create mode 100644 libavfilter/asrc_anoisesrc.c > > diff --git a/Changelog b/Changelog > index 91955da..ca477de 100644 > --- a/Changelog > +++ b/Changelog > @@ -30,6 +30,7 @@ version : > - innoHeim/Rsupport Screen Capture Codec decoder > - ADPCM AICA decoder > - Interplay ACM demuxer and audio decoder > +- anoisesrc audio source > > > version 2.8: > diff --git a/doc/filters.texi b/doc/filters.texi > index 15ea77a..8287b5e 100644 > --- a/doc/filters.texi > +++ b/doc/filters.texi > @@ -3193,6 +3193,42 @@ ffplay -f lavfi flite=text='No more be grieved for > which that thou hast done.' > For more information about libflite, check: > @url{http://www.speech.cs.cmu.edu/flite/} > > +@section anoisesrc > + > +Generate a noise audio signal. > + > +The filter accepts the following options: > + > +@table @option > + > +@item color, colour, c > +Specify the color of noise. Available noise colors are white, pink, and > brown. Default color is white. > + > +@item sample_rate, r > +Specify the sample rate. Default value is 48000 Hz. > + > +@item duration, d > +Specify the duration of the generated audio stream. Not specifying this > option results in noise with an infinite length. > + > +@item amplitude, a > +Specify the amplitude (0.0 - 1.0) of the generated audio stream. Default > value is 1.0. > + > +@item seed, s > +Specify a value used to seed the PRNG. > + > +@end table > + > +@subsection Examples > + > +@itemize > + > +@item > +Generate 60 seconds of pink noise, with a 44.1 kHz sampling rate and an > amplitude of 0.5: > +@example > +anoisesrc=d=60:c=pink:r=44100:a=0.5 > +@end example > +@end itemize > + > @section sine > > Generate an audio signal made of a sine wave with amplitude 1/8. > diff --git a/libavfilter/Makefile b/libavfilter/Makefile > index 1b23085..560118c 100644 > --- a/libavfilter/Makefile > +++ b/libavfilter/Makefile > @@ -91,6 +91,7 @@ OBJS-$(CONFIG_VOLUME_FILTER) += > af_volume.o > OBJS-$(CONFIG_VOLUMEDETECT_FILTER) += af_volumedetect.o > > OBJS-$(CONFIG_AEVALSRC_FILTER) += aeval.o > +OBJS-$(CONFIG_ANOISESRC_FILTER) += asrc_anoisesrc.o > OBJS-$(CONFIG_ANULLSRC_FILTER) += asrc_anullsrc.o > OBJS-$(CONFIG_FLITE_FILTER) += asrc_flite.o > OBJS-$(CONFIG_SINE_FILTER) += asrc_sine.o > diff --git a/libavfilter/allfilters.c b/libavfilter/allfilters.c > index a538b81..c80ea4c 100644 > --- a/libavfilter/allfilters.c > +++ b/libavfilter/allfilters.c > @@ -113,6 +113,7 @@ void avfilter_register_all(void) > REGISTER_FILTER(VOLUMEDETECT, volumedetect, af); > > REGISTER_FILTER(AEVALSRC, aevalsrc, asrc); > +REGISTER_FILTER(ANOISESRC, anoisesrc, asrc); > REGISTER_FILTER(ANULLSRC, anullsrc, asrc); > REGISTER_FILTER(FLITE, flite, asrc); > REGISTER_FILTER(SINE, sine, asrc); > diff --git a/libavfilter/asrc_anoisesrc.c b/libavfilter/asrc_anoisesrc.c > new file mode 100644 > index 000..9e1ead0 > --- /dev/null > +++ b/libavfilter/asrc_anoisesrc.c > @@ -0,0 +1,208 @@ > +/* > + * Copyright (c) 2015 Kyle Swanson . > + * > + * This file is part of FFmpeg. > + * > + * FFmpeg is free software; you can redistribute it and/or > + * modify it under the terms of the GNU Lesser General Public License > + * as published by the Free Software Foundation; either > + * version 2.1 of the License, or (at your option) any later version. > + * > + * FFmpeg is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with FFmpeg; if not, write to the Free Software Foundation, Inc., > + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA > + */ > + > +#include > + > +#include "libavutil/opt.h" > +#include "audio.h" > +#include "avfilter.h" > +#include "internal.h" > +#include "libavutil/lfg.h" > +#include "libavutil/random_seed.h" > + > +typedef struct { > +const AVClass *class; > +int sample_rate; > +double amplitude; > +int64_t dur; > +int64_t color; > +int64_t seed; > + > +int infinite; > +double (*filter)(double white, double *buf); > +
[FFmpeg-devel] [PATCH 1/2] mmaldec: add vc1 decoding support
--- configure | 3 +++ libavcodec/Makefile| 1 + libavcodec/allcodecs.c | 2 ++ libavcodec/mmaldec.c | 12 4 files changed, 18 insertions(+) diff --git a/configure b/configure index f770534..8c940a7 100755 --- a/configure +++ b/configure @@ -2516,6 +2516,9 @@ vc1_vdpau_decoder_deps="vdpau" vc1_vdpau_decoder_select="vc1_decoder" vc1_vdpau_hwaccel_deps="vdpau" vc1_vdpau_hwaccel_select="vc1_decoder" +vc1_mmal_decoder_deps="mmal" +vc1_mmal_hwaccel_deps="mmal" +vc1_mmal_decoder_select="vc1video_decoder" vc1_qsv_hwaccel_deps="libmfx" vc1_qsv_hwaccel_select="qsvdec_vc1" wmv3_crystalhd_decoder_select="crystalhd" diff --git a/libavcodec/Makefile b/libavcodec/Makefile index 67fb72a..c011fd7 100644 --- a/libavcodec/Makefile +++ b/libavcodec/Makefile @@ -534,6 +534,7 @@ OBJS-$(CONFIG_VC1_DECODER) += vc1dec.o vc1_block.o vc1_loopfilter.o vc1dsp.o \ msmpeg4dec.o msmpeg4.o msmpeg4data.o \ wmv2dsp.o +OBJS-$(CONFIG_VC1_MMAL_DECODER)+= mmaldec.o OBJS-$(CONFIG_VC1_QSV_DECODER) += qsvdec_vc1.o OBJS-$(CONFIG_VCR1_DECODER)+= vcr1.o OBJS-$(CONFIG_VMDAUDIO_DECODER)+= vmdaudio.o diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c index 095f812..efc73d7 100644 --- a/libavcodec/allcodecs.c +++ b/libavcodec/allcodecs.c @@ -108,6 +108,7 @@ void avcodec_register_all(void) REGISTER_HWACCEL(VC1_DXVA2, vc1_dxva2); REGISTER_HWACCEL(VC1_VAAPI, vc1_vaapi); REGISTER_HWACCEL(VC1_VDPAU, vc1_vdpau); +REGISTER_HWACCEL(VC1_MMAL, vc1_mmal); REGISTER_HWACCEL(VC1_QSV, vc1_qsv); REGISTER_HWACCEL(WMV3_D3D11VA, wmv3_d3d11va); REGISTER_HWACCEL(WMV3_DXVA2,wmv3_dxva2); @@ -326,6 +327,7 @@ void avcodec_register_all(void) REGISTER_DECODER(VC1_VDPAU, vc1_vdpau); #endif REGISTER_DECODER(VC1IMAGE, vc1image); +REGISTER_DECODER(VC1_MMAL, vc1_mmal); REGISTER_DECODER(VC1_QSV, vc1_qsv); REGISTER_DECODER(VCR1, vcr1); REGISTER_DECODER(VMDVIDEO, vmdvideo); diff --git a/libavcodec/mmaldec.c b/libavcodec/mmaldec.c index 91fb084..8d74b3f 100644 --- a/libavcodec/mmaldec.c +++ b/libavcodec/mmaldec.c @@ -355,6 +355,10 @@ static av_cold int ffmmal_init_decoder(AVCodecContext *avctx) format_in->encoding = MMAL_ENCODING_MP2V; av_log(avctx, AV_LOG_DEBUG, "Use MMAL MP2V encoding\n"); break; +case AV_CODEC_ID_VC1: +format_in->encoding = MMAL_ENCODING_WVC1; +av_log(avctx, AV_LOG_DEBUG, "Use MMAL WVC1 encoding\n"); +break; case AV_CODEC_ID_H264: default: format_in->encoding = MMAL_ENCODING_H264; @@ -783,6 +787,13 @@ AVHWAccel ff_mpeg2_mmal_hwaccel = { .pix_fmt= AV_PIX_FMT_MMAL, }; +AVHWAccel ff_vc1_mmal_hwaccel = { +.name = "vc1_mmal", +.type = AVMEDIA_TYPE_VIDEO, +.id = AV_CODEC_ID_VC1, +.pix_fmt= AV_PIX_FMT_MMAL, +}; + static const AVOption options[]={ {"extra_buffers", "extra buffers", offsetof(MMALDecodeContext, extra_buffers), AV_OPT_TYPE_INT, {.i64 = 10}, 0, 256, 0}, {NULL} @@ -817,3 +828,4 @@ static const AVOption options[]={ FFMMAL_DEC(h264, AV_CODEC_ID_H264) FFMMAL_DEC(mpeg2, AV_CODEC_ID_MPEG2VIDEO) +FFMMAL_DEC(vc1, AV_CODEC_ID_VC1) -- 2.6.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH 2/2] mmaldec: correct package buffering accounting
The assert in ffmmal_stop_decoder() could trigger sometimes. The packets_buffered counter was indeed not correctly maintained, and packets were not subtracted from it if they were still in the waiting queue. --- libavcodec/mmaldec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/mmaldec.c b/libavcodec/mmaldec.c index 8d74b3f..d419096 100644 --- a/libavcodec/mmaldec.c +++ b/libavcodec/mmaldec.c @@ -160,6 +160,9 @@ static void ffmmal_stop_decoder(AVCodecContext *avctx) ctx->waiting_buffers = buffer->next; +if (buffer->flags & MMAL_BUFFER_HEADER_FLAG_FRAME_END) +avpriv_atomic_int_add_and_fetch(>packets_buffered, -1); + av_buffer_unref(>ref); av_free(buffer); } -- 2.6.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] Fix: VP9 superframe parsing when the superframe contains only one frame
Hi, The attached patch fixes an issue with the superframe index parsing. Please find attached a VP9 IVF stream showing the issue (if you try to remux it to webm). The gist of the problem is that the vp9 superframe parser seems to expect at least two frames inside the superframe. Cheers, Sebastien Alaiwan superframe.vp9 Description: Binary data From 2b9dccf27821f6de1e792bba3f340d2ba9a2753f Mon Sep 17 00:00:00 2001 From: Sebastien AlaiwanDate: Fri, 6 Nov 2015 14:29:12 +0100 Subject: [PATCH] Fix VP9 superframe parsing when there's only one nested frame in the superframe Signed-off-by: Sebastien Alaiwan --- libavcodec/vp9_parser.c | 92 ++--- 1 file changed, 41 insertions(+), 51 deletions(-) diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c index 6713850..07c80da 100644 --- a/libavcodec/vp9_parser.c +++ b/libavcodec/vp9_parser.c @@ -88,65 +88,55 @@ static int parse(AVCodecParserContext *ctx, return 0; } -if (s->n_frames > 0) { -*out_data = data; -*out_size = s->size[--s->n_frames]; -parse_frame(ctx, *out_data, *out_size); +if (s->n_frames <= 0) { -return s->n_frames > 0 ? *out_size : size /* i.e. include idx tail */; -} +// by default: exactly one nested frame, no index +s->n_frames = 1; +s->size[0] = full_size; + +// try to read many nested frames +marker = data[size - 1]; +if ((marker & 0xe0) == 0xc0) { +int nbytes = 1 + ((marker >> 3) & 0x3); +int n_frames = 1 + (marker & 0x7); +int idx_sz = 2 + n_frames * nbytes; + +if (size >= idx_sz && data[size - idx_sz] == marker) { +const uint8_t *idx = data + size + 1 - idx_sz; + +s->n_frames = n_frames; -marker = data[size - 1]; -if ((marker & 0xe0) == 0xc0) { -int nbytes = 1 + ((marker >> 3) & 0x3); -int n_frames = 1 + (marker & 0x7), idx_sz = 2 + n_frames * nbytes; - -if (size >= idx_sz && data[size - idx_sz] == marker) { -const uint8_t *idx = data + size + 1 - idx_sz; -int first = 1; - -switch (nbytes) { -#define case_n(a, rd) \ -case a: \ -while (n_frames--) { \ -unsigned sz = rd; \ -idx += a; \ -if (sz == 0 || sz > size) { \ -s->n_frames = 0; \ -*out_size = size; \ -*out_data = data; \ -av_log(avctx, AV_LOG_ERROR, \ - "Invalid superframe packet size: %u frame size: %d\n", \ - sz, size); \ -return full_size; \ -} \ -if (first) { \ -first = 0; \ -*out_data = data; \ -*out_size = sz; \ -s->n_frames = n_frames; \ -} else { \ -s->size[n_frames] = sz; \ -} \ -data += sz; \ -size -= sz; \ -} \ -parse_frame(ctx, *out_data, *out_size); \ -return *out_size - -case_n(1, *idx); -case_n(2, AV_RL16(idx)); -case_n(3, AV_RL24(idx)); -case_n(4, AV_RL32(idx)); +for(int k=0; k < n_frames; ++k) { +unsigned sz = 0; + +for(int i=0; i < nbytes;++i) +sz += idx[i] << (8*i); + +idx += nbytes; + +if (sz > size) { +s->n_frames = 0; +*out_size = size; +*out_data = data; +av_log(avctx, AV_LOG_ERROR, +"Superframe packet size too big: %u > %d\n", +sz, size); +return full_size; +} + +s->size[n_frames-1-k] = sz; +} } } } +assert(s->n_frames > 0); + *out_data = data; -*out_size = size; -parse_frame(ctx, data, size); +*out_size = s->size[--s->n_frames]; +parse_frame(ctx, *out_data, *out_size); -return size; +return s->n_frames > 0 ? *out_size : size /* i.e. include idx tail */; } AVCodecParser ff_vp9_parser = { -- 2.6.2 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCHv4] avfilter: add anoisesrc
Signed-off-by: Kyle Swanson--- Changelog| 1 + doc/filters.texi | 36 libavfilter/Makefile | 1 + libavfilter/allfilters.c | 1 + libavfilter/asrc_anoisesrc.c | 207 +++ libavfilter/version.h| 4 +- 6 files changed, 248 insertions(+), 2 deletions(-) create mode 100644 libavfilter/asrc_anoisesrc.c diff --git a/Changelog b/Changelog index 04f094b..f9dbd52 100644 --- a/Changelog +++ b/Changelog @@ -31,6 +31,7 @@ version : - ADPCM AICA decoder - Interplay ACM demuxer and audio decoder - XMA1 & XMA2 decoder +- anoisesrc audio source version 2.8: diff --git a/doc/filters.texi b/doc/filters.texi index 15ea77a..8287b5e 100644 --- a/doc/filters.texi +++ b/doc/filters.texi @@ -3193,6 +3193,42 @@ ffplay -f lavfi flite=text='No more be grieved for which that thou hast done.' For more information about libflite, check: @url{http://www.speech.cs.cmu.edu/flite/} +@section anoisesrc + +Generate a noise audio signal. + +The filter accepts the following options: + +@table @option + +@item color, colour, c +Specify the color of noise. Available noise colors are white, pink, and brown. Default color is white. + +@item sample_rate, r +Specify the sample rate. Default value is 48000 Hz. + +@item duration, d +Specify the duration of the generated audio stream. Not specifying this option results in noise with an infinite length. + +@item amplitude, a +Specify the amplitude (0.0 - 1.0) of the generated audio stream. Default value is 1.0. + +@item seed, s +Specify a value used to seed the PRNG. + +@end table + +@subsection Examples + +@itemize + +@item +Generate 60 seconds of pink noise, with a 44.1 kHz sampling rate and an amplitude of 0.5: +@example +anoisesrc=d=60:c=pink:r=44100:a=0.5 +@end example +@end itemize + @section sine Generate an audio signal made of a sine wave with amplitude 1/8. diff --git a/libavfilter/Makefile b/libavfilter/Makefile index 1b23085..560118c 100644 --- a/libavfilter/Makefile +++ b/libavfilter/Makefile @@ -91,6 +91,7 @@ OBJS-$(CONFIG_VOLUME_FILTER) += af_volume.o OBJS-$(CONFIG_VOLUMEDETECT_FILTER) += af_volumedetect.o OBJS-$(CONFIG_AEVALSRC_FILTER) += aeval.o +OBJS-$(CONFIG_ANOISESRC_FILTER) += asrc_anoisesrc.o OBJS-$(CONFIG_ANULLSRC_FILTER) += asrc_anullsrc.o OBJS-$(CONFIG_FLITE_FILTER) += asrc_flite.o OBJS-$(CONFIG_SINE_FILTER) += asrc_sine.o diff --git a/libavfilter/allfilters.c b/libavfilter/allfilters.c index a538b81..c80ea4c 100644 --- a/libavfilter/allfilters.c +++ b/libavfilter/allfilters.c @@ -113,6 +113,7 @@ void avfilter_register_all(void) REGISTER_FILTER(VOLUMEDETECT, volumedetect, af); REGISTER_FILTER(AEVALSRC, aevalsrc, asrc); +REGISTER_FILTER(ANOISESRC, anoisesrc, asrc); REGISTER_FILTER(ANULLSRC, anullsrc, asrc); REGISTER_FILTER(FLITE, flite, asrc); REGISTER_FILTER(SINE, sine, asrc); diff --git a/libavfilter/asrc_anoisesrc.c b/libavfilter/asrc_anoisesrc.c new file mode 100644 index 000..b2c6d1f --- /dev/null +++ b/libavfilter/asrc_anoisesrc.c @@ -0,0 +1,207 @@ +/* + * Copyright (c) 2015 Kyle Swanson . + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with FFmpeg; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "libavutil/opt.h" +#include "audio.h" +#include "avfilter.h" +#include "internal.h" +#include "libavutil/lfg.h" +#include "libavutil/random_seed.h" + +typedef struct { +const AVClass *class; +int sample_rate; +double amplitude; +int64_t dur; +int64_t color; +int64_t seed; + +int infinite; +double (*filter)(double white, double *buf); +double buf[7]; +AVLFG c; +} ANoiseSrcContext; + +#define OFFSET(x) offsetof(ANoiseSrcContext, x) +#define FLAGS AV_OPT_FLAG_AUDIO_PARAM|AV_OPT_FLAG_FILTERING_PARAM + +static const AVOption anoisesrc_options[] = { +{ "sample_rate", "set sample rate", OFFSET(sample_rate), AV_OPT_TYPE_INT, {.i64 = 48000}, 15, INT_MAX,FLAGS }, +{ "r","set sample rate", OFFSET(sample_rate), AV_OPT_TYPE_INT, {.i64 = 48000}, 15, INT_MAX,
Re: [FFmpeg-devel] [PATCH] Fix: VP9 superframe parsing when the superframe contains only one frame
Hi, On Fri, Nov 6, 2015 at 11:10 AM, Sebastien Alaiwan < sebastien.alai...@allegrodvt.com> wrote: > Hi, > > The attached patch fixes an issue with the superframe index parsing. > Please find attached a VP9 IVF stream showing the issue (if you try to > remux it to webm). > The gist of the problem is that the vp9 superframe parser seems to expect > at least two frames inside the superframe. This is not OK, you rewrote the full parser and it looks like you simply copied the libvpx code. Try to _only_ fix the bug without rewriting the entire parser. Ronald ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] Fix: VP9 superframe parsing when the superframe contains only one frame
On 11/06/2015 05:37 PM, Ronald S. Bultje wrote: > Hi, > > On Fri, Nov 6, 2015 at 11:10 AM, Sebastien Alaiwan < > sebastien.alai...@allegrodvt.com> wrote: > >> Hi, >> >> The attached patch fixes an issue with the superframe index parsing. >> Please find attached a VP9 IVF stream showing the issue (if you try to >> remux it to webm). >> The gist of the problem is that the vp9 superframe parser seems to expect >> at least two frames inside the superframe. > > This is not OK, you rewrote the full parser and it looks like you simply > copied the libvpx code. I did not. I simplified the flow of control of the existing code. Would it be a problem anyway? signature.asc Description: OpenPGP digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] vp9_parser: allow superframes with a single frame.
--- libavcodec/vp9_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c index 6713850..2e9235e 100644 --- a/libavcodec/vp9_parser.c +++ b/libavcodec/vp9_parser.c @@ -132,7 +132,7 @@ static int parse(AVCodecParserContext *ctx, size -= sz; \ } \ parse_frame(ctx, *out_data, *out_size); \ -return *out_size +return s->n_frames > 0 ? *out_size : full_size case_n(1, *idx); case_n(2, AV_RL16(idx)); -- 2.1.2 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] Fix: VP9 superframe parsing when the superframe contains only one frame
On Fri, 06 Nov 2015 18:00:35 +0100 Sebastien Alaiwanwrote: > On 11/06/2015 05:37 PM, Ronald S. Bultje wrote: > > Hi, > > > > On Fri, Nov 6, 2015 at 11:10 AM, Sebastien Alaiwan < > > sebastien.alai...@allegrodvt.com> wrote: > > > >> Hi, > >> > >> The attached patch fixes an issue with the superframe index parsing. > >> Please find attached a VP9 IVF stream showing the issue (if you try to > >> remux it to webm). > >> The gist of the problem is that the vp9 superframe parser seems to expect > >> at least two frames inside the superframe. > > > > This is not OK, you rewrote the full parser and it looks like you simply > > copied the libvpx code. > I did not. I simplified the flow of control of the existing code. > Would it be a problem anyway? > > A simple fix and extensive refactoring should at least be in separate patches. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] hevc: extract SEI caption data
Signed-off-by: Will Kelleher--- libavcodec/hevc.c | 10 +++ libavcodec/hevc.h | 4 +++ libavcodec/hevc_sei.c | 79 +++ 3 files changed, 93 insertions(+) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 4b3f199..1fa5283 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2566,6 +2566,16 @@ static int set_side_data(HEVCContext *s) s->sei_hflip, s->sei_vflip); } +if (s->a53_caption) { +AVFrameSideData* sd = av_frame_new_side_data(out, + AV_FRAME_DATA_A53_CC, + s->a53_caption_size); +if (sd) +memcpy(sd->data, s->a53_caption, s->a53_caption_size); +av_freep(>a53_caption); +s->avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS; +} + return 0; } diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h index 66b9a2f..6d8f703 100644 --- a/libavcodec/hevc.h +++ b/libavcodec/hevc.h @@ -937,6 +937,10 @@ typedef struct HEVCContext { int sei_hflip, sei_vflip; int picture_struct; + +uint8_t* a53_caption; +int a53_caption_size; + } HEVCContext; int ff_hevc_decode_short_term_rps(GetBitContext *gb, AVCodecContext *avctx, diff --git a/libavcodec/hevc_sei.c b/libavcodec/hevc_sei.c index 179b045..0e56859 100644 --- a/libavcodec/hevc_sei.c +++ b/libavcodec/hevc_sei.c @@ -146,6 +146,83 @@ static int decode_pic_timing(HEVCContext *s) return 1; } +static int decode_registered_user_data_closed_caption(HEVCContext *s, int size) +{ + int flag; + int user_data_type_code; + int cc_count; + + GetBitContext *gb = >HEVClc->gb; + + if (size < 3) + return AVERROR(EINVAL); + + user_data_type_code = get_bits(gb, 8); + if (user_data_type_code == 0x3) { + skip_bits(gb, 1); // reserved + + flag = get_bits(gb, 1); // process_cc_data_flag + if (flag) { + skip_bits(gb, 1); + cc_count = get_bits(gb, 5); + skip_bits(gb, 8); // reserved + size -= 2; + + if (cc_count && size >= cc_count * 3) { + if (s->a53_caption) + av_freep(>a53_caption); + s->a53_caption_size = cc_count * 3; + + s->a53_caption = av_malloc(s->a53_caption_size); + + int i; + for (i = 0; i < s->a53_caption_size; i++) { + s->a53_caption[i++] = get_bits(gb, 8); + } + skip_bits(gb, 8); // marker_bits + } + } + } else { + int i; + for (i = 0; i < size - 1; i++) + skip_bits(gb, 8); + } + + return 0; +} + +static int decode_nal_sei_user_data_registered_itu_t_t35(HEVCContext *s, int size) +{ +uint32_t country_code; +uint32_t user_identifier; + +GetBitContext *gb = >HEVClc->gb; + +if (size < 7) +return AVERROR(EINVAL); +size -= 7; + +country_code = get_bits(gb, 8); +if (country_code == 0xFF) { +skip_bits(gb, 8); +size--; +} + +skip_bits(gb, 8); +skip_bits(gb, 8); + +user_identifier = get_bits_long(gb, 32); + +switch (user_identifier) { +case MKBETAG('G', 'A', '9', '4'): +return decode_registered_user_data_closed_caption(s, size); +default: +skip_bits(gb, size * 8); +break; +} +return 0; +} + static int active_parameter_sets(HEVCContext *s) { GetBitContext *gb = >HEVClc->gb; @@ -198,6 +275,8 @@ static int decode_nal_sei_prefix(HEVCContext *s, int type, int size) active_parameter_sets(s); av_log(s->avctx, AV_LOG_DEBUG, "Skipped PREFIX SEI %d\n", type); return 0; +case SEI_TYPE_USER_DATA_REGISTERED_ITU_T_T35: +return decode_nal_sei_user_data_registered_itu_t_t35(s, size); default: av_log(s->avctx, AV_LOG_DEBUG, "Skipped PREFIX SEI %d\n", type); skip_bits_long(gb, 8 * size); -- 2.6.2 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] vp9_parser: allow superframes with a single frame.
On 11/6/15, Ronald S. Bultjewrote: > --- > libavcodec/vp9_parser.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c > index 6713850..2e9235e 100644 > --- a/libavcodec/vp9_parser.c > +++ b/libavcodec/vp9_parser.c > @@ -132,7 +132,7 @@ static int parse(AVCodecParserContext *ctx, > size -= sz; \ > } \ > parse_frame(ctx, *out_data, *out_size); \ > -return *out_size > +return s->n_frames > 0 ? *out_size : full_size > > case_n(1, *idx); > case_n(2, AV_RL16(idx)); > -- > 2.1.2 > > ___ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > It should be fine if it works. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] jvdec: avoid unsized overflow in comparison
The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size is 3, the right side overflows leading to a wrong result of the comparison and subsequently a heap buffer overflow. Signed-off-by: Andreas Cadhalpun--- libavformat/jvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/jvdec.c b/libavformat/jvdec.c index 4d4f0c7..a31c723 100644 --- a/libavformat/jvdec.c +++ b/libavformat/jvdec.c @@ -54,7 +54,7 @@ typedef struct JVDemuxContext { static int read_probe(AVProbeData *pd) { -if (pd->buf[0] == 'J' && pd->buf[1] == 'V' && strlen(MAGIC) <= pd->buf_size - 4 && +if (pd->buf[0] == 'J' && pd->buf[1] == 'V' && strlen(MAGIC) + 4 <= pd->buf_size && !memcmp(pd->buf + 4, MAGIC, strlen(MAGIC))) return AVPROBE_SCORE_MAX; return 0; -- 2.6.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] hevc: extract SEI caption data
Signed-off-by: Will Kelleher--- libavcodec/hevc.c | 10 +++ libavcodec/hevc.h | 4 +++ libavcodec/hevc_sei.c | 80 +++ 3 files changed, 94 insertions(+) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 4b3f199..1fa5283 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2566,6 +2566,16 @@ static int set_side_data(HEVCContext *s) s->sei_hflip, s->sei_vflip); } +if (s->a53_caption) { +AVFrameSideData* sd = av_frame_new_side_data(out, + AV_FRAME_DATA_A53_CC, + s->a53_caption_size); +if (sd) +memcpy(sd->data, s->a53_caption, s->a53_caption_size); +av_freep(>a53_caption); +s->avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS; +} + return 0; } diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h index 66b9a2f..6d8f703 100644 --- a/libavcodec/hevc.h +++ b/libavcodec/hevc.h @@ -937,6 +937,10 @@ typedef struct HEVCContext { int sei_hflip, sei_vflip; int picture_struct; + +uint8_t* a53_caption; +int a53_caption_size; + } HEVCContext; int ff_hevc_decode_short_term_rps(GetBitContext *gb, AVCodecContext *avctx, diff --git a/libavcodec/hevc_sei.c b/libavcodec/hevc_sei.c index 179b045..47ba70d 100644 --- a/libavcodec/hevc_sei.c +++ b/libavcodec/hevc_sei.c @@ -146,6 +146,84 @@ static int decode_pic_timing(HEVCContext *s) return 1; } +static int decode_registered_user_data_closed_caption(HEVCContext *s, int size) +{ +int flag; +int user_data_type_code; +int cc_count; + +GetBitContext *gb = >HEVClc->gb; + +if (size < 3) + return AVERROR(EINVAL); + +user_data_type_code = get_bits(gb, 8); +if (user_data_type_code == 0x3) { +skip_bits(gb, 1); // reserved + +flag = get_bits(gb, 1); // process_cc_data_flag +if (flag) { +skip_bits(gb, 1); +cc_count = get_bits(gb, 5); +skip_bits(gb, 8); // reserved +size -= 2; + +if (cc_count && size >= cc_count * 3) { +av_freep(>a53_caption); +s->a53_caption_size = cc_count * 3; + +s->a53_caption = av_malloc(s->a53_caption_size); +if (!s->a53_caption) +return(AVERROR(ENOMEM)); + +int i; +for (i = 0; i < s->a53_caption_size; i++) { +s->a53_caption[i++] = get_bits(gb, 8); +} +skip_bits(gb, 8); // marker_bits +} +} +} else { +int i; +for (i = 0; i < size - 1; i++) +skip_bits(gb, 8); +} + +return 0; +} + +static int decode_nal_sei_user_data_registered_itu_t_t35(HEVCContext *s, int size) +{ +uint32_t country_code; +uint32_t user_identifier; + +GetBitContext *gb = >HEVClc->gb; + +if (size < 7) +return AVERROR(EINVAL); +size -= 7; + +country_code = get_bits(gb, 8); +if (country_code == 0xFF) { +skip_bits(gb, 8); +size--; +} + +skip_bits(gb, 8); +skip_bits(gb, 8); + +user_identifier = get_bits_long(gb, 32); + +switch (user_identifier) { +case MKBETAG('G', 'A', '9', '4'): +return decode_registered_user_data_closed_caption(s, size); +default: +skip_bits_long(gb, size * 8); +break; +} +return 0; +} + static int active_parameter_sets(HEVCContext *s) { GetBitContext *gb = >HEVClc->gb; @@ -198,6 +276,8 @@ static int decode_nal_sei_prefix(HEVCContext *s, int type, int size) active_parameter_sets(s); av_log(s->avctx, AV_LOG_DEBUG, "Skipped PREFIX SEI %d\n", type); return 0; +case SEI_TYPE_USER_DATA_REGISTERED_ITU_T_T35: +return decode_nal_sei_user_data_registered_itu_t_t35(s, size); default: av_log(s->avctx, AV_LOG_DEBUG, "Skipped PREFIX SEI %d\n", type); skip_bits_long(gb, 8 * size); -- 2.6.2 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] AMD VCE encoder
Hello, I was looking into AMD VCE encoder and I did realize that there is only a Windows SDK. Should I try to add a Windows only feature? And it won't be able to compile on Linux. What do you guys think about it? ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] AMD VCE encoder
On 11/6/2015 4:43 PM, Lucas Andrade wrote: > Hello, I was looking into AMD VCE encoder and I did realize that there is > only a Windows SDK. Should I try to add a Windows only feature? And it > won't be able to compile on Linux. What do you guys think about it? There are tons of OS exclusive components already, so i don't see why not. Make sure it doesn't break building ffmpeg on any setup where this is not available and it should be fine. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 2/2] lavfi: add testsrc2 test source.
On 10/25/15, Nicolas Georgewrote: > Similar to testsrc, but using drawutils and therefore > supporting a lot of pixel formats instead of just rgb24. > This allows using it as input for other tests without > requiring a format conversion. > It is also slightly faster than testsrc for some reason. > > Signed-off-by: Nicolas George > --- > libavfilter/Makefile | 1 + > libavfilter/allfilters.c | 1 + > libavfilter/vsrc_testsrc.c | 271 > + > tests/fate/filter-video.mak| 9 ++ > tests/ref/fate/filter-testsrc2-rgb24 | 71 + > tests/ref/fate/filter-testsrc2-yuv420p | 71 + > tests/ref/fate/filter-testsrc2-yuv444p | 71 + > 7 files changed, 495 insertions(+) > create mode 100644 tests/ref/fate/filter-testsrc2-rgb24 > create mode 100644 tests/ref/fate/filter-testsrc2-yuv420p > create mode 100644 tests/ref/fate/filter-testsrc2-yuv444p Should be fine. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] hevc: extract SEI caption data
Signed-off-by: Will Kelleher--- libavcodec/hevc.c | 10 +++ libavcodec/hevc.h | 4 +++ libavcodec/hevc_sei.c | 80 +++ 3 files changed, 94 insertions(+) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 4b3f199..1fa5283 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2566,6 +2566,16 @@ static int set_side_data(HEVCContext *s) s->sei_hflip, s->sei_vflip); } +if (s->a53_caption) { +AVFrameSideData* sd = av_frame_new_side_data(out, + AV_FRAME_DATA_A53_CC, + s->a53_caption_size); +if (sd) +memcpy(sd->data, s->a53_caption, s->a53_caption_size); +av_freep(>a53_caption); +s->avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS; +} + return 0; } diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h index 66b9a2f..6d8f703 100644 --- a/libavcodec/hevc.h +++ b/libavcodec/hevc.h @@ -937,6 +937,10 @@ typedef struct HEVCContext { int sei_hflip, sei_vflip; int picture_struct; + +uint8_t* a53_caption; +int a53_caption_size; + } HEVCContext; int ff_hevc_decode_short_term_rps(GetBitContext *gb, AVCodecContext *avctx, diff --git a/libavcodec/hevc_sei.c b/libavcodec/hevc_sei.c index 179b045..4132634 100644 --- a/libavcodec/hevc_sei.c +++ b/libavcodec/hevc_sei.c @@ -146,6 +146,84 @@ static int decode_pic_timing(HEVCContext *s) return 1; } +static int decode_registered_user_data_closed_caption(HEVCContext *s, int size) +{ +int flag; +int user_data_type_code; +int cc_count; + +GetBitContext *gb = >HEVClc->gb; + +if (size < 3) + return AVERROR(EINVAL); + +user_data_type_code = get_bits(gb, 8); +if (user_data_type_code == 0x3) { +skip_bits(gb, 1); // reserved + +flag = get_bits(gb, 1); // process_cc_data_flag +if (flag) { +skip_bits(gb, 1); +cc_count = get_bits(gb, 5); +skip_bits(gb, 8); // reserved +size -= 2; + +if (cc_count && size >= cc_count * 3) { +av_freep(>a53_caption); +s->a53_caption_size = cc_count * 3; + +s->a53_caption = av_malloc(s->a53_caption_size); +if (!s->a53_caption) +return(AVERROR(ENOMEM)); + +int i; +for (i = 0; i < s->a53_caption_size; i++) { +s->a53_caption[i++] = get_bits(gb, 8); +} +skip_bits(gb, 8); // marker_bits +} +} +} else { +int i; +for (i = 0; i < size - 1; i++) +skip_bits_long(gb, 8); +} + +return 0; +} + +static int decode_nal_sei_user_data_registered_itu_t_t35(HEVCContext *s, int size) +{ +uint32_t country_code; +uint32_t user_identifier; + +GetBitContext *gb = >HEVClc->gb; + +if (size < 7) +return AVERROR(EINVAL); +size -= 7; + +country_code = get_bits(gb, 8); +if (country_code == 0xFF) { +skip_bits(gb, 8); +size--; +} + +skip_bits(gb, 8); +skip_bits(gb, 8); + +user_identifier = get_bits_long(gb, 32); + +switch (user_identifier) { +case MKBETAG('G', 'A', '9', '4'): +return decode_registered_user_data_closed_caption(s, size); +default: +skip_bits(gb, size * 8); +break; +} +return 0; +} + static int active_parameter_sets(HEVCContext *s) { GetBitContext *gb = >HEVClc->gb; @@ -198,6 +276,8 @@ static int decode_nal_sei_prefix(HEVCContext *s, int type, int size) active_parameter_sets(s); av_log(s->avctx, AV_LOG_DEBUG, "Skipped PREFIX SEI %d\n", type); return 0; +case SEI_TYPE_USER_DATA_REGISTERED_ITU_T_T35: +return decode_nal_sei_user_data_registered_itu_t_t35(s, size); default: av_log(s->avctx, AV_LOG_DEBUG, "Skipped PREFIX SEI %d\n", type); skip_bits_long(gb, 8 * size); -- 2.6.2 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] web/download: point to the official Debian/Ubuntu packages
On Fri, Nov 06, 2015 at 08:18:39PM +0100, Andreas Cadhalpun wrote: > On 06.11.2015 20:04, Michael Niedermayer wrote: > > On Fri, Nov 06, 2015 at 05:18:23PM +0100, Andreas Cadhalpun wrote: > >> Signed-off-by: Andreas Cadhalpun> >> --- > >> > > > >> Should we also keep the previous links somewhere? > > > > yes, please > > OK, attached is a variant, that simply adds new sections. > It might be a bit confusing to have two sections for Debian/Ubuntu, > though. > > Best regards, > Andreas > download | 11 ++- > 1 file changed, 10 insertions(+), 1 deletion(-) > ab219d2ff4c6f57ec33c97deb649be0cc1d7b2f3 > 0001-web-download-point-to-the-official-Debian-Ubuntu-pac.patch > From 8b3c774fcce80fd0b5a457122aba79685fded71b Mon Sep 17 00:00:00 2001 > From: Andreas Cadhalpun > Date: Fri, 6 Nov 2015 20:15:09 +0100 > Subject: [PATCH] web/download: point to the official Debian/Ubuntu packages > > Signed-off-by: Andreas Cadhalpun LGTM thanks [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB There will always be a question for which you do not know the correct answer. signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] avdevice/dshow_enummediatypes: check return of av_malloc
On Sat, Oct 31, 2015 at 10:46:09AM -0400, Ganesh Ajjanagadde wrote: > On Wed, Oct 28, 2015 at 10:05 PM, Ganesh Ajjanagaddewrote: > > On Wed, Oct 28, 2015 at 10:00 PM, Michael Niedermayer > > wrote: > >> On Tue, Oct 27, 2015 at 08:09:03PM -0400, Ganesh Ajjanagadde wrote: > >>> Untested. > >>> > >>> Signed-off-by: Ganesh Ajjanagadde > >>> --- > >>> libavdevice/dshow_enummediatypes.c | 2 ++ > >>> 1 file changed, 2 insertions(+) > >>> > >>> diff --git a/libavdevice/dshow_enummediatypes.c > >>> b/libavdevice/dshow_enummediatypes.c > >>> index 5b69a5b..5a24870 100644 > >>> --- a/libavdevice/dshow_enummediatypes.c > >>> +++ b/libavdevice/dshow_enummediatypes.c > >>> @@ -37,6 +37,8 @@ libAVEnumMediaTypes_Next(libAVEnumMediaTypes *this, > >>> unsigned long n, > >>> if (!this->pos && n == 1) { > >>> if (!IsEqualGUID(>type.majortype, _NULL)) { > >>> AM_MEDIA_TYPE *type = av_malloc(sizeof(AM_MEDIA_TYPE)); > >>> +if (!type) > >>> +return AVERROR(ENOMEM); > >> > >> I cannot test this either but the surrounding code returns > >> E_POINTER, E_OUTOFMEMORY, ... > >> not AVERROR* > >> so this does not look correct, or at least inconsistent > > > > Looks like some Windows thing, I guess E_OUTOFMEMORY is the best > > choice. This needs to wait for a review from a Windows using dev IMO. > > Assuming the change from AVERROR(ENOMEM) to E_OUTOFMEMORY, is this > patch ok? Worst case, build should be guaranteed. should be ok [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Complexity theory is the science of finding the exact solution to an approximation. Benchmarking OTOH is finding an approximation of the exact signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] avutil/pixdesc: fix incorrect strlen arithmetic
strlen returns a size_t, which is unsigned. If it is less than 2 for some pixel format. wrap-around will happen and a bad pointer dereference will take place. Yes, this is at the moment theoretical, but nonetheless dangerous in my view and the fix is very simple. --- Inspired by a patch from Andreas Cadhalpun, I am running an audit of the FFmpeg codebase for fishy usage of the string handling functions. Signed-off-by: Ganesh Ajjanagadde--- libavutil/pixdesc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavutil/pixdesc.c b/libavutil/pixdesc.c index 72d0470..4e02c14 100644 --- a/libavutil/pixdesc.c +++ b/libavutil/pixdesc.c @@ -2232,12 +2232,13 @@ enum AVPixelFormat av_pix_fmt_swap_endianness(enum AVPixelFormat pix_fmt) { const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(pix_fmt); char name[16]; -int i; +int i = 0; if (!desc || strlen(desc->name) < 2) return AV_PIX_FMT_NONE; av_strlcpy(name, desc->name, sizeof(name)); -i = strlen(name) - 2; +if (strlen(name) >= 2) +i = strlen(name) - 2; if (strcmp(name + i, "be") && strcmp(name + i, "le")) return AV_PIX_FMT_NONE; -- 2.6.2 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] avutil/pixdesc: fix incorrect strlen arithmetic
On Fri, Nov 6, 2015 at 4:06 PM, Ganesh Ajjanagaddewrote: > strlen returns a size_t, which is unsigned. If it is less than 2 for > some pixel format. wrap-around will happen and a bad pointer dereference > will take place. > > Yes, this is at the moment theoretical, but nonetheless dangerous in my > view and the fix is very simple. > > --- > Inspired by a patch from Andreas Cadhalpun, I am running an audit of the > FFmpeg codebase for fishy usage of the string handling functions. > > Signed-off-by: Ganesh Ajjanagadde > --- > libavutil/pixdesc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/libavutil/pixdesc.c b/libavutil/pixdesc.c > index 72d0470..4e02c14 100644 > --- a/libavutil/pixdesc.c > +++ b/libavutil/pixdesc.c > @@ -2232,12 +2232,13 @@ enum AVPixelFormat av_pix_fmt_swap_endianness(enum > AVPixelFormat pix_fmt) > { > const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(pix_fmt); > char name[16]; > -int i; > +int i = 0; > > if (!desc || strlen(desc->name) < 2) > return AV_PIX_FMT_NONE; > av_strlcpy(name, desc->name, sizeof(name)); > -i = strlen(name) - 2; > +if (strlen(name) >= 2) > +i = strlen(name) - 2; > if (strcmp(name + i, "be") && strcmp(name + i, "le")) > return AV_PIX_FMT_NONE; > > -- > 2.6.2 > Dropped, turns out it is checked earlier. Sorry. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] ffserver: fix incorrect strlcpy usage
Somewhat ironic that this "safe" interface is actually being used unsafely here. This fixes the usage preventing potential null pointer dereference, where the old code was doubly broken: ctime can return NULL, and ctime can return an arbitrarily long buffer. Signed-off-by: Ganesh Ajjanagadde--- ffserver.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ffserver.c b/ffserver.c index 526cbfc..108523e 100644 --- a/ffserver.c +++ b/ffserver.c @@ -305,15 +305,18 @@ static void ffm_set_write_index(AVFormatContext *s, int64_t pos, ffm->file_size = file_size; } -static char *ctime1(char *buf2, int buf_size) +static char *ctime1(char *buf2, size_t buf_size) { time_t ti; char *p; ti = time(NULL); p = ctime(); -av_strlcpy(buf2, p, buf_size); -p = buf2 + strlen(p) - 1; +if (!p) { +*buf2 = '\0'; +return buf2; +} +p = buf2 + av_strlcpy(buf2, p, buf_size) - 1; if (*p == '\n') *p = '\0'; return buf2; -- 2.6.2 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] apng: use correct size for output buffer
This fixes a stack buffer overflow. Signed-off-by: Andreas Cadhalpun--- libavcodec/pngdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 689aa2b..c974654 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -1010,13 +1010,13 @@ static int handle_p_frame_apng(AVCodecContext *avctx, PNGDecContext *s, memcpy(buffer + row_start, p->data[0] + row_start, s->bpp * s->cur_w); } } else { // APNG_BLEND_OP_OVER +uint8_t *output = av_malloc(s->bpp); for (y = s->y_offset; y < s->y_offset + s->cur_h; ++y) { uint8_t *foreground = p->data[0] + s->image_linesize * y + s->bpp * s->x_offset; uint8_t *background = buffer + s->image_linesize * y + s->bpp * s->x_offset; for (x = s->x_offset; x < s->x_offset + s->cur_w; ++x, foreground += s->bpp, background += s->bpp) { size_t b; uint8_t foreground_alpha, background_alpha, output_alpha; -uint8_t output[4]; // Since we might be blending alpha onto alpha, we use the following equations: // output_alpha = foreground_alpha + (1 - foreground_alpha) * background_alpha @@ -1069,6 +1069,7 @@ static int handle_p_frame_apng(AVCodecContext *avctx, PNGDecContext *s, memcpy(background, output, s->bpp); } } +av_freep(); } // Copy blended buffer into the frame and free -- 2.6.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] apng: use correct size for output buffer
On Fri, 6 Nov 2015 22:18:04 +0100 Andreas Cadhalpunwrote: > This fixes a stack buffer overflow. > > Signed-off-by: Andreas Cadhalpun > --- > libavcodec/pngdec.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c > index 689aa2b..c974654 100644 > --- a/libavcodec/pngdec.c > +++ b/libavcodec/pngdec.c > @@ -1010,13 +1010,13 @@ static int handle_p_frame_apng(AVCodecContext *avctx, > PNGDecContext *s, > memcpy(buffer + row_start, p->data[0] + row_start, s->bpp * > s->cur_w); > } > } else { // APNG_BLEND_OP_OVER > +uint8_t *output = av_malloc(s->bpp); > for (y = s->y_offset; y < s->y_offset + s->cur_h; ++y) { > uint8_t *foreground = p->data[0] + s->image_linesize * y + > s->bpp * s->x_offset; > uint8_t *background = buffer + s->image_linesize * y + s->bpp * > s->x_offset; > for (x = s->x_offset; x < s->x_offset + s->cur_w; ++x, > foreground += s->bpp, background += s->bpp) { > size_t b; > uint8_t foreground_alpha, background_alpha, output_alpha; > -uint8_t output[4]; > > // Since we might be blending alpha onto alpha, we use the > following equations: > // output_alpha = foreground_alpha + (1 - foreground_alpha) > * background_alpha > @@ -1069,6 +1069,7 @@ static int handle_p_frame_apng(AVCodecContext *avctx, > PNGDecContext *s, > memcpy(background, output, s->bpp); > } > } > +av_freep(); > } > > // Copy blended buffer into the frame and free This seems wasteful, can't it just be output[8]? It also adds a bug (unchecked malloc). ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] ffmpeg print_report for rtmp streams
Hello, I have no experience with submitting patches to ffmpeg yet and so I am sorry if I am going about this the wrong way but I wanted to discuss a change that I made to print_report which is related to this bug: https://trac.ffmpeg.org/ticket/1446 We are using stdout from ffmpeg to monitor rtmp streams. Currently the FPS and bitrate numbers which print_report outputs are calculated as a running average - the total number of frames divided by the elapsed time and the total size in bits divided by elapsed time. This might make sense for files but for live streams it is not very useful since over time the changes in the streams are reflected less and less. My change is to output the actual frame rate and bit rate each time print_report is called (every half a second or so). Also instead of using the file size to calculate the bit rate, I use the sum of the data sizes written to each stream which is giving me more consistent numbers.. Here is the diff, thank you for your feedback.. diff --git a/ffmpeg.c b/ffmpeg.c index d3b8c4d..0c5afc9 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -1521,13 +1521,18 @@ static void print_report(int is_last_report, int64_t timer_start, int64_t cur_ti char buf[1024]; AVBPrint buf_script; OutputStream *ost; -AVFormatContext *oc; -int64_t total_size; +int64_t total_size = 0; AVCodecContext *enc; int frame_number, vid, i; -double bitrate; +double bitrate = -1; int64_t pts = INT64_MIN + 1; +static int last_frame_number = 0; static int64_t last_time = -1; +static int64_t last_frame_time = -1; +static int64_t last_file_size = 0; +static int64_t last_file_time = -1; +static float last_fps = -1; +static double last_bitrate = -1; static int qp_histogram[52]; int hours, mins, secs, us; @@ -1544,13 +1549,6 @@ static void print_report(int is_last_report, int64_t timer_start, int64_t cur_ti last_time = cur_time; } - -oc = output_files[0]->ctx; - -total_size = avio_size(oc->pb); -if (total_size <= 0) // FIXME improve avio_size() so it works with non seekable output too -total_size = avio_tell(oc->pb); - buf[0] = '\0'; vid = 0; av_bprint_init(_script, 0, 1); @@ -1558,6 +1556,7 @@ static void print_report(int is_last_report, int64_t timer_start, int64_t cur_ti float q = -1; ost = output_streams[i]; enc = ost->enc_ctx; +total_size += ost->data_size; if (!ost->stream_copy) q = ost->quality / (float) FF_QP2LAMBDA; @@ -1567,16 +1566,20 @@ static void print_report(int is_last_report, int64_t timer_start, int64_t cur_ti ost->file_index, ost->index, q); } if (!vid && enc->codec_type == AVMEDIA_TYPE_VIDEO) { -float fps, t = (cur_time-timer_start) / 100.0; - -frame_number = ost->frame_number; -fps = t > 1 ? frame_number / t : 0; +int frame_number = ost->frame_number; +float frame_time_change = last_frame_time > 0 && cur_time > last_frame_time ? (cur_time - last_frame_time) / 100.0 : 0; +float fps = frame_time_change > 0 ? (frame_number - last_frame_number) / frame_time_change : 0; + snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "frame=%5d fps=%3.*f q=%3.1f ", frame_number, fps < 9.95, fps, q); av_bprintf(_script, "frame=%d\n", frame_number); av_bprintf(_script, "fps=%.1f\n", fps); av_bprintf(_script, "stream_%d_%d_q=%.1f\n", ost->file_index, ost->index, q); + +last_frame_number = frame_number; +last_frame_time = cur_time; + if (is_last_report) snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "L"); if (qp_hist) { @@ -1633,8 +1636,11 @@ static void print_report(int is_last_report, int64_t timer_start, int64_t cur_ti secs %= 60; hours = mins / 60; mins %= 60; + +float file_time_change = (last_file_time >= 0 && cur_time > last_file_time) ? (cur_time -last_file_time) / 100.0 : 0; +int64_t file_size_change = total_size > last_file_size ? total_size - last_file_size : 0; -bitrate = pts && total_size >= 0 ? total_size * 8 / (pts / 1000.0) : -1; +bitrate = file_time_change > 0 ? (file_size_change * 8) / (file_time_change * 1000.0) : -1; if (total_size < 0) snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "size=N/A time="); @@ -1690,6 +1696,9 @@ static void print_report(int is_last_report, int64_t timer_start, int64_t cur_ti if (is_last_report) print_final_stats(total_size); + +last_file_time = cur_time; +last_file_size = total_size; } static void flush_encoders(void) ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org