[FFmpeg-devel] [PATCH] avutil/hwcontext_dxva2: return an error when buffer allocation fails
This also prevents the use of an uninitialized variable.
Signed-off-by: James Almer
---
libavutil/hwcontext_dxva2.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavutil/hwcontext_dxva2.c b/libavutil/hwcontext_dxva2.c
index 6c41788e2e..2ddd4be7b1 100644
--- a/libavutil/hwcontext_dxva2.c
+++ b/libavutil/hwcontext_dxva2.c
@@ -307,8 +307,10 @@ static int dxva2_map_frame(AVHWFramesContext *ctx, AVFrame
*dst, const AVFrame *
}
map = av_mallocz(sizeof(*map));
-if (!map)
+if (!map) {
+err = AVERROR(ENOMEM);
goto fail;
+}
err = ff_hwframe_map_create(src->hw_frames_ctx, dst, src,
dxva2_unmap_frame, map);
--
2.14.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH 1/2] avcodec/wmv2dec: Check end of bitstream in parse_mb_skip() and ff_wmv2_decode_mb()
Fixes: Timeout
Fixes: 3200/clusterfuzz-testcase-5750022136135680
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
---
libavcodec/wmv2dec.c | 20 ++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/libavcodec/wmv2dec.c b/libavcodec/wmv2dec.c
index 20dbee5703..62291d4163 100644
--- a/libavcodec/wmv2dec.c
+++ b/libavcodec/wmv2dec.c
@@ -30,7 +30,7 @@
#include "wmv2.h"
-static void parse_mb_skip(Wmv2Context *w)
+static int parse_mb_skip(Wmv2Context *w)
{
int mb_x, mb_y;
MpegEncContext *const s = &w->s;
@@ -45,6 +45,8 @@ static void parse_mb_skip(Wmv2Context *w)
MB_TYPE_16x16 | MB_TYPE_L0;
break;
case SKIP_TYPE_MPEG:
+if (get_bits_left(&s->gb) < s->mb_height * s->mb_width)
+return AVERROR_INVALIDDATA;
for (mb_y = 0; mb_y < s->mb_height; mb_y++)
for (mb_x = 0; mb_x < s->mb_width; mb_x++)
mb_type[mb_y * s->mb_stride + mb_x] =
@@ -52,6 +54,8 @@ static void parse_mb_skip(Wmv2Context *w)
break;
case SKIP_TYPE_ROW:
for (mb_y = 0; mb_y < s->mb_height; mb_y++) {
+if (get_bits_left(&s->gb) < 1)
+return AVERROR_INVALIDDATA;
if (get_bits1(&s->gb)) {
for (mb_x = 0; mb_x < s->mb_width; mb_x++)
mb_type[mb_y * s->mb_stride + mb_x] =
@@ -65,6 +69,8 @@ static void parse_mb_skip(Wmv2Context *w)
break;
case SKIP_TYPE_COL:
for (mb_x = 0; mb_x < s->mb_width; mb_x++) {
+if (get_bits_left(&s->gb) < 1)
+return AVERROR_INVALIDDATA;
if (get_bits1(&s->gb)) {
for (mb_y = 0; mb_y < s->mb_height; mb_y++)
mb_type[mb_y * s->mb_stride + mb_x] =
@@ -77,6 +83,7 @@ static void parse_mb_skip(Wmv2Context *w)
}
break;
}
+return 0;
}
static int decode_ext_header(Wmv2Context *w)
@@ -170,9 +177,12 @@ int ff_wmv2_decode_secondary_picture_header(MpegEncContext
*s)
}
} else {
int cbp_index;
+int ret;
w->j_type = 0;
-parse_mb_skip(w);
+ret = parse_mb_skip(w);
+if (ret < 0)
+return ret;
cbp_index = decode012(&s->gb);
w->cbp_table_index = wmv2_get_cbp_table_index(s, cbp_index);
@@ -345,6 +355,12 @@ int ff_wmv2_decode_mb(MpegEncContext *s, int16_t
block[6][64])
if (w->j_type)
return 0;
+if (get_bits_left(&s->gb) < 0) {
+av_log(s->avctx, AV_LOG_ERROR,
+"Insufficient bits left at %d %d\n", s->mb_x, s->mb_y);
+return AVERROR_INVALIDDATA;
+}
+
if (s->pict_type == AV_PICTURE_TYPE_P) {
if (IS_SKIP(s->current_picture.mb_type[s->mb_y * s->mb_stride +
s->mb_x])) {
/* skip mb */
--
2.14.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH 2/2] avcodec/pngdec: Clean up on av_frame_ref() failure
Fixes: memleak Fixes: 3203/clusterfuzz-testcase-minimized-4514553595428864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/pngdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index dce8faf168..0d6612ccca 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -1414,7 +1414,7 @@ static int decode_frame_png(AVCodecContext *avctx, } if ((ret = av_frame_ref(data, s->picture.f)) < 0) -return ret; +goto the_end; *got_frame = 1; -- 2.14.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] avfilter/lut: simplify endianness specific code
---
libavfilter/vf_lut.c | 21 +
1 file changed, 5 insertions(+), 16 deletions(-)
diff --git a/libavfilter/vf_lut.c b/libavfilter/vf_lut.c
index 11c039ead7..2e0dedb730 100644
--- a/libavfilter/vf_lut.c
+++ b/libavfilter/vf_lut.c
@@ -372,17 +372,10 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
for (j = 0; j < w; j++) {
switch (step) {
-#if HAVE_BIGENDIAN
-case 4: outrow[3] = av_bswap16(tab[3][av_bswap16(inrow[3])]);
// Fall-through
-case 3: outrow[2] = av_bswap16(tab[2][av_bswap16(inrow[2])]);
// Fall-through
-case 2: outrow[1] = av_bswap16(tab[1][av_bswap16(inrow[1])]);
// Fall-through
-default: outrow[0] = av_bswap16(tab[0][av_bswap16(inrow[0])]);
-#else
-case 4: outrow[3] = tab[3][inrow[3]]; // Fall-through
-case 3: outrow[2] = tab[2][inrow[2]]; // Fall-through
-case 2: outrow[1] = tab[1][inrow[1]]; // Fall-through
-default: outrow[0] = tab[0][inrow[0]];
-#endif
+case 4: outrow[3] = av_le2ne16(tab[3][av_le2ne16(inrow[3])]);
// Fall-through
+case 3: outrow[2] = av_le2ne16(tab[2][av_le2ne16(inrow[2])]);
// Fall-through
+case 2: outrow[1] = av_le2ne16(tab[1][av_le2ne16(inrow[1])]);
// Fall-through
+default: outrow[0] = av_le2ne16(tab[0][av_le2ne16(inrow[0])]);
}
outrow += step;
inrow += step;
@@ -437,11 +430,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
for (i = 0; i < h; i++) {
for (j = 0; j < w; j++) {
-#if HAVE_BIGENDIAN
-outrow[j] = av_bswap16(tab[av_bswap16(inrow[j])]);
-#else
-outrow[j] = tab[inrow[j]];
-#endif
+outrow[j] = av_le2ne16(tab[av_le2ne16(inrow[j])]);
}
inrow += in_linesize;
outrow += out_linesize;
--
2.13.3
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 3/3] avfilter/interlace: add support for 10 and 12 bit
On Sat, Sep 16, 2017 at 01:47:22AM +0200, Thomas Mundt wrote: > 2017-09-15 22:15 GMT+02:00 Michael Niedermayer : > > > On Thu, Sep 14, 2017 at 10:58:01PM +0200, Thomas Mundt wrote: > > > > > Patch attached > > > > > > > > > libavfilter/interlace.h|4 - > > > > > libavfilter/tinterlace.h |4 - > > > > > libavfilter/vf_interlace.c | 89 > > + > > > > > libavfilter/vf_tinterlace.c| 70 > > ++- > > > > > libavfilter/x86/vf_interlace.asm | 80 > > -- > > > > > libavfilter/x86/vf_interlace_init.c| 51 ++ > > > > > libavfilter/x86/vf_tinterlace_init.c | 51 ++ > > > > > tests/fate/filter-video.mak|6 + > > > > > tests/ref/fate/filter-pixfmts-tinterlace_cvlpf | 25 +++ > > > > > tests/ref/fate/filter-pixfmts-tinterlace_merge | 11 +++ > > > > > tests/ref/fate/filter-pixfmts-tinterlace_pad | 11 +++ > > > > > tests/ref/fate/filter-pixfmts-tinterlace_vlpf | 25 +++ > > > > > 12 files changed, 371 insertions(+), 56 deletions(-) > > > > > a31ca544a0bcbcc2e1bb5252dff236e778f134c1 0003-avfilter-interlace-add- > > support-for-10-and-12-bit.patch > > > > > From b3af963fda7b78d91cbf5b3aea2ad595666f5c4c Mon Sep 17 00:00:00 2001 > > > > > From: Thomas Mundt > > > > > Date: Thu, 14 Sep 2017 21:25:27 +0200 > > > > > Subject: [PATCH 3/3] avfilter/interlace: add support for 10 and 12 bit > > > > > > > > > > Signed-off-by: Thomas Mundt > > > > > --- > > > > > libavfilter/interlace.h| 4 +- > > > > > libavfilter/tinterlace.h | 4 +- > > > > > libavfilter/vf_interlace.c | 89 > > ++ > > > > > libavfilter/vf_tinterlace.c| 70 ++-- > > > > > libavfilter/x86/vf_interlace.asm | 80 > > +-- > > > > > libavfilter/x86/vf_interlace_init.c| 51 +++ > > > > > libavfilter/x86/vf_tinterlace_init.c | 51 +++ > > > > > tests/fate/filter-video.mak| 6 ++ > > > > > tests/ref/fate/filter-pixfmts-tinterlace_cvlpf | 25 > > > > > tests/ref/fate/filter-pixfmts-tinterlace_merge | 11 > > > > > tests/ref/fate/filter-pixfmts-tinterlace_pad | 11 > > > > > tests/ref/fate/filter-pixfmts-tinterlace_vlpf | 25 > > > > > 12 files changed, 371 insertions(+), 56 deletions(-) > > > > > create mode 100644 tests/ref/fate/filter-pixfmts-tinterlace_cvlpf > > > > > create mode 100644 tests/ref/fate/filter-pixfmts-tinterlace_vlpf > > > > > > > > fails on mips-qemu > > > > I don´t have any possibility for testing big endian. > So I limit this patch to LE. still fails on mips qemu, also iam testing this on linux x86-64 cross compiling and running it under the qemu emulator so, while its not exactly trivial to setup, "everyone" can test this and this patch still fails sadly: make -j12 fate-filter-pixfmts-tinterlace_vlpf fate-filter-pixfmts-tinterlace_pad fate-filter-pixfmts-tinterlace_merge fate-filter-pixfmts-tinterlace_cvlpf -k TESTfilter-pixfmts-tinterlace_vlpf TESTfilter-pixfmts-tinterlace_pad TESTfilter-pixfmts-tinterlace_merge TESTfilter-pixfmts-tinterlace_cvlpf --- /home/michael/ffmpeg-git/ffmpeg/tests/ref/fate/filter-pixfmts-tinterlace_vlpf 2017-09-16 17:33:15.392273012 +0200 +++ tests/data/fate/filter-pixfmts-tinterlace_vlpf 2017-09-16 17:45:30.848288506 +0200 @@ -2,23 +2,23 @@ yuv410p 5bc03f4cf6b441b421f0fdaeeff1e9ed yuv411p 19046df1876c46ed1ef0458680270bd3 yuv420p 69c743b84996be9430b051a55cfbcb29 -yuv420p10le 85948ad609abded6b50882d459f5a2f8 -yuv420p12le 7cebe45f51bdadc766f66c68db8d347d +yuv420p10le 02b6357b3d2f70ee3fe9501b1dcceb65 +yuv420p12le 87c206b0a7713ab6ea21b05892947966 yuv422p d710ccd1941f6f389c97a09bc977e709 -yuv422p10le c54873f77dac1d710fb2aa1b0ce2669c -yuv422p12le 94a527bb787b9d121ffbbcb3a6c545d8 +yuv422p10le 0069a2d1235bacc8ee31be3f4c0b53db +yuv422p12le 9dc4a344cf27a7375a36488e1218a949 yuv440p 1a482a23fe5a9b7d02388c299fd0a423 -yuv440p10le 506efa287ecce9c951da2039fa1de2ae -yuv440p12le 631bcf190f409ccbc5c27b9f0f6ba5e2 +yuv440p10le 5b18948641f7943ee1b4f3881ad5edff +yuv440p12le d0ed0679f8ac555eaaa152a1aa878ed9 yuv444p c968a92f4b7ab6706ee9b425eb5345b5 -yuv444p10le 0af437e635d49feccf7dfae201e6dfc5 -yuv444p12le 2e9e9f7caae1fae3b026810246fc6ac1 +yuv444p10le f27d209ab2ea9c2c83f88698e2f249ce +yuv444p12le b7f39010c0a8dc2981124a7c0bec3411 yuva420p3f89a166f309c0cda8b91a9e8a0ce937 -yuva420p10le79de1cc549c03d4893cf6f1aca86e057 +yuva420p10le07ce3e2fd6b191a639b1d281a4d88b59
Re: [FFmpeg-devel] [PATCH] avcodec/frame_thread_encoder: Fix AV_OPT_TYPE_STRING handling in avctx
On Sat, Sep 16, 2017 at 04:41:00PM +0200, Reimar Döffinger wrote: > On Fri, Sep 15, 2017 at 02:16:58AM +0200, Michael Niedermayer wrote: > > On Wed, Sep 13, 2017 at 08:11:38PM +0200, Reimar Döffinger wrote: > > > On Wed, Sep 13, 2017 at 07:12:48PM +0200, Reimar Döffinger wrote: > > > > This is the equivalent to what 7d317d4706b49d572a1eb5269438753be18362c7 > > > > did for the codec-specific options. > > > > av_opt_copy has specific handling so it's fine that we already copied > > > > the whole context before. > > > > the change looks reasonable > > Thanks! > > > > Btw, if someone can make time for reviewing it that would likely > > > be time well spent. > > > > you mean reviewing the whole frame_thread_encoder code searching > > for issues unrelated to tickets or patches ? > > ATM i think i have too much i should have done "yesterday" to add that > > Sure, I understand. Though just some comments around the thinking or > such (e.g. if it's intentional or just outdated API that it is not using > av_packet_alloc, or what exactly is the av_dup_packet there for). IIRC av_dup_packet() is there so cases of packets that have their memory reused in the next call work. av_dup_packet() properly allocates a packet or if its already properly allocated it does nothing its possibly av_dup_packet() is not needed anymore thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB There will always be a question for which you do not know the correct answer. signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] avcodec/frame_thread_encoder: Fix AV_OPT_TYPE_STRING handling in avctx
On Fri, Sep 15, 2017 at 02:16:58AM +0200, Michael Niedermayer wrote: > On Wed, Sep 13, 2017 at 08:11:38PM +0200, Reimar Döffinger wrote: > > On Wed, Sep 13, 2017 at 07:12:48PM +0200, Reimar Döffinger wrote: > > > This is the equivalent to what 7d317d4706b49d572a1eb5269438753be18362c7 > > > did for the codec-specific options. > > > av_opt_copy has specific handling so it's fine that we already copied > > > the whole context before. > > the change looks reasonable Thanks! > > Btw, if someone can make time for reviewing it that would likely > > be time well spent. > > you mean reviewing the whole frame_thread_encoder code searching > for issues unrelated to tickets or patches ? > ATM i think i have too much i should have done "yesterday" to add that Sure, I understand. Though just some comments around the thinking or such (e.g. if it's intentional or just outdated API that it is not using av_packet_alloc, or what exactly is the av_dup_packet there for). > > For example it seems the code also leaks the memory for the AVPacket > > it mallocs sometimes. > > is there some way by which this can be reproduced or is it completely > random ? It's not random, but so far the test-case is only mencoder, so I can't guarantee the issue is in that code. The only reason I believe that is because I only see a AVPacket leak when threads are enabled, but there are other leaks that need fixing in mencoder... But otherwise, just valgrind --leak-check=full --show-leak-kinds=all ./mencoder ~/Downloads/small_test2.dv -o test.avi -ovc lavc -nosound -lavcopts vcodec=dvvideo:threads=10 -frames 2 works, giving: ==3992== 144,032 bytes in 1 blocks are indirectly lost in loss record 58 of 59 ==3992==at 0x4C2DA5F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3992==by 0x4C2FDDF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3992==by 0xB57636: av_buffer_realloc (buffer.c:177) ==3992==by 0x477DFE: copy_packet_data (avpacket.c:210) ==3992==by 0x477F3D: av_dup_packet (avpacket.c:259) ==3992==by 0x4D1822: avcodec_encode_video2 (encode.c:322) ==3992==by 0x4FDA17: worker (frame_thread_encoder.c:89) ==3992==by 0x50496D9: start_thread (pthread_create.c:456) ==3992== ==3992== 144,184 (88 direct, 144,096 indirect) bytes in 1 blocks are definitely lost in loss record 59 of 59 ==3992==at 0x4C2FE96: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3992==by 0x4C2FFA1: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3992==by 0xB64243: av_malloc (mem.c:87) ==3992==by 0xB6444D: av_mallocz (mem.c:224) ==3992==by 0x4FD93A: worker (frame_thread_encoder.c:73) ==3992==by 0x50496D9: start_thread (pthread_create.c:456) ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
