In put_main_header(), av_mallocz() allocates memory to local variable
buffer, buffer leaks if av_mallocz() to *out failed. Add av_free(buffer)
before return error code.
Signed-off-by: Lidong Yan <502024330056@smail.nju.edu.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The ret value is checked later on again, so this check
is redundant and would cause the frame to not be unrefd on
failure as well.
So remove this check and add one before av_frame_remove_side_data
to ensure it is not called with an invalid frame.
Fix CID 1648350
Reviewed-by: Frank Plowman <post@frankplowman.com>
Add handling here for
sps_scaling_matrix_for_alternative_colour_space_disabled_flag.
Also add parentheses to make behaviour a little more explicit,
where &&'s precedence over || was relied on previously.
Reported-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Frank Plowman <post@frankplowman.com>
It is unnecessary for decoders (they just set
AVCodecContext.sample_fmt). This also fixes a warning
with Clang (because sample_fmts is set directly,
not via CODEC_SAMPLEFMTS).
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This returns to code closer to prior 56c334d732
The prior fixes should limit the sum and avoid the need for double argument log2()
Fixes: Assertion n>=0 && n<=32 failed at libavcodec/get_bits.h:406
Fixes: 410109093/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6550900028276736
No testcases except fuzzers
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 410109093/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6550900028276736
Note, none of the available osq files uses update_stats(), this change may fix or break
files using coding_mode == 2. The code prior looks wrong though
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Need to skip 2 more bytes because comp sections are 12 bytes long.
Fixes decryption since ciph_type is now being set.
Signed-off-by: Pavel Roslyy <roslypav@gmail.com>
acelp_kelvin, g729, qcelp, sipr and wmavoice decoders all depend upon
mips/{acelp_filters_mips,celp_filters_mips,acelp_vectors_mips}.o when
arch is mips.
g723_1 depends on mips/{celp_filters_mips,acelp_vectors_mips}.o.
comfortnoise, evrc, ra144 and ra288 depend on mips/celp_filters_mips.o.
The check for whether we can use the fast path to process
AC coefficients used the qscale value belonging to a different
slice; this worked in practice, because the predicted AC values
are zero in this case, so it does not matter whether we use
the fast or the slow path.
Fix this by checking for first_slice_line instead. This fixes all
the races in the encoding part of the vsynth*-mpeg4-thread tests
(and fixes them if no frame threading is in use for the decoding part).
(The left prediction check may use data from a different slice, too,
but said slice is always processed by the same thread, so that no race
can happen. Given that out-of-slice AC values are zero, it does not
matter whether we use the fast path or the slow path either.)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Only used by the decoder now that the encoder solves
out-of-slice predictions by setting the out-of-slice
values appropriately.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Now that every slice (and therefore every thread) uses its own
DC array, one can simply set the out-of-slice DC values to its
expected values (this is not possible for the decoders due
to error resilience).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This fixes data races (which are UB) in the MPEG-4 and H.263+
encoder when predicting DC values; these encoders unconditionally
read values from the line above the current line and only check
lateron (via first_slice_line) whether said prediction can be used
at all. It will also allow to remove said checks (by setting the
entries to 1024 upon opening a new slice).
The vsynth{1,2,3,_lena}-mpeg4-thread FATE tests were affected by this:
https://fate.ffmpeg.org/report.cgi?slot=x86_64-archlinux-gcc-tsan-slices&time=20250613002615
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The chroma dc_val pointers are mostly unused (accesses use
dc_val[0] and block_index), so remove them.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Up until now, they are marked as dirty (filled with 1), meaning that
the entries are in need of a reset via ff_clean_intra_table_entries();
but actually, the entries are initialized to the state that
ff_clean_intra_table_entries() produces, so they can be marked
as non-dirty (i.e. filled with 0).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
They are currently allocated separately per slice; allocating them
jointly allows to avoid saving them in ff_update_duplicate_context().
The way it is done also avoids allocating ac_val for encoders that
don't need it (e.g. H.263 or H.263+ with AIC).
This entailed moving setting nb_slices to ff_mpv_init_context_frame()
which is called from ff_mpv_common_frame_size_change(). The resultant
nb_slices will always be one when called from a decoder using
ff_mpv_common_frame_size_change().
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This is in preparation for removing removing ac_val[1]
and ac_val[2]. ff_mpeg4_clean_buffers() was the last user of them.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Said block will only be referenced by blocks from the same macroblock,
which will read the new AC values instead of the reset values
from this function.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The underlying element type has always a size of 32B,
so that the pointer is always at least 16B aligned.
Clang uses this to upgrade the (inlined) memset to
aligned stores. GCC doesn't (it does it only when
the alignment hint is provided via __builtin_assume_aligned).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
These are already mostly unused; not using them here is in
preparation for removing them altogether. Use block_index[4..5]
instead for addressing.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
All callers check the corresponding entry of MpegEncContext.mbintra_table
and if set (indicating that the intra tables might have been written to
when decodeing a intra MB, so that they are "dirty"), call
ff_clean_intra_table_entries(), which resets them to default values
and resets the mbintra_table entry. Move resetting to the callers
(via an inline function that also performs the checks). This currently
has the advantage that the additional load of the mbintra_table ptr
can be avoided. It will also allow to simplify
ff_clean_intra_table_entries() (by using block_index[4] and [5]).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Allocate them before the slice contexts, so that they are automatically
copied to the slice contexts. This avoids having to set them in a loop.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This will allow to perform initializations between ff_mpv_common_init()
and ff_mpv_init_duplicate_contexts() that will be automatically
copied to the slice contexts.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The motion estimation code only uses block_index[0..3],
so only initialize that (just like estimate_motion_thread()
in mpegvideo_enc.c).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
