Integer overflow in the Q16 framerate calculation was sending
invalid values to the OMX encoder.
On the RPI4, this manifested as bitrate controls being ignored
on video streams with 60000/1001 framerates. Video streams with
30000/1001 framerates were not affected.
Signed-off-by: Aman Gupta <aman@tmm1.net>
Fixes: left shift of negative value -3
Fixes: 16147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5658392722407424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -2
Fixes: 16145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5146671058518016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
add inner loop specialisations for 2 bpp and 4 bpp
These are all cases for which i found testsamples.
30M cycles -> 5M cycles
Testcase: fate-rgbapng-4816
Testcase: 16097/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5664690889293824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2021654528 + 2032575680 cannot be represented in type 'int'
Fixes: 16270/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5732438816325632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -1094994793 * 2 cannot be represented in type 'int'
Fixes: 16139/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5663911036059648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
ff_v4l2_m2m_create_context initialized V4L2m2mContext.fd to 0
which is a valid file descriptor value. Next ff_v4l2_m2m_codec_init
failed and v4l2_m2m_destroy_context closed file descriptor 0 even
though it didn't belong to V4L2m2mContext.
Signed-off-by: Pavel Koshevoy <pkoshevoy@gmail.com>
Fixes: Timeout (82sec -> 1sec)
Fixes: 16411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP3_fuzzer-5166958151991296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
"LinearRaw" is a value that the PhotometricInterpretation tag can be set
to on DNG images that contain color information for all channels instead
of being bayer-encoded ("CFA" value).
The DNG decoder is complete enough that we can enable this now.
Sample:
- http://www.rawsamples.ch/raws/nikon/SCANNER_NIKON_LS5000.DNG
Signed-off-by: Nick Renieris <velocityra@gmail.com>
Initialized to `(2 ^ BitsPerSample) - 1` as per the DNG Specification.
Also make sure that `BlackLevel < WhiteLevel`.
This fixes decoding for "X7 CinemaDNG" samples here:
- https://www.dji.com/gr/zenmuse-x7/info#downloads
Signed-off-by: Nick Renieris <velocityra@gmail.com>
This enables decoding of DNG images generated by the 'DJI Zenmuse X7'
digital camera
Samples: https://www.dji.com/gr/zenmuse-x7/info#downloads
Signed-off-by: Nick Renieris <velocityra@gmail.com>
Also, ensure no false positives when determining DNG bayer images, by
setting them in tiff.c instead of relying on a heuristic. There's no
way to determine this just from the JPEG data, so we have to pass this
information from outside the MJPEG decoder.
Signed-off-by: Nick Renieris <velocityra@gmail.com>
When the height is equal to the tile length (full-height tile)
after `height % tile_length` is applied with the current code,
it results in the operating tile_length to be 0. This commit
makes this leftover logic only applies if it's necessary.
Signed-off-by: Nick Renieris <velocityra@gmail.com>
Some JPEGs [1] have incorrect DHT entries that map 2 codes to
the same value.
The second (last) mapping does not ever actually appear in the
code stream, therefore ignoring any mappings after the first one
fixes this.
Without this, an "mjpeg_decode_dc: bad vlc: 0:0" error is thrown.
In all known files, the 2 codes are mapped to symbol 0 so only
that case is checked.
[1]: Embedded JPEGs in "X7 RAW" and "X7 CinemaDNG" samples here:
https://www.dji.com/gr/zenmuse-x7/info#downloads
Signed-off-by: Nick Renieris <velocityra@gmail.com>
Used a technique similar to lavc/tdsc.c for invoking the MJPEG decoder.
This commit adds support for:
- DNG tiles
- DNG tile huffman lossless JPEG decoding
- DNG 8-bpp ("packed" as dcraw calls it) decoding
- DNG color scaling [1]
- LinearizationTable tag
- BlackLevel tag
[1]: As specified in the DNG Specification - Chapter 5
Signed-off-by: Nick Renieris <velocityra@gmail.com>
Main image data in DNGs is usually comprised of tiles, each of which is a Huffman-encoded lossless JPEG.
Tested for ljpeg regressions with:
`ffmpeg -f lavfi -i testsrc=d=1 -vcodec ljpeg test.avi`
`ffmpeg test.avi out.avi`
The modified code in ljpeg_decode_rgb_scan runs without issues.
Signed-off-by: Nick Renieris <velocityra@gmail.com>
Fixes: signed integer overflow: 1795032576 + 598344192 cannot be represented in type 'int'
Fixes: 16196/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5636723419119616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -1
Fixes: 16424/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5656579055026176
Fixes: 16358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5714436358144000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
non res_sprite leads to decoder delay which leads to assertion failure
Fixes: Assertion failure
Fixes: 16402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5704510034411520
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: 16425/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5692858838810624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: 16331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5672735195267072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: 16510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5754510382727168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -395281576 + -1827578048 cannot be represented in type 'int'
Fixes: 16038/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5646109705240576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Added linux support for amf encoder through vulkan.
To use h.264(AMD VCE) encoder on linux amdgru-pro version 19.20+ and
amf-amdgpu-pro package(amdgru-pro contains, but does not install
automatically) are required.
This driver can be installed using amdgpu-pro-install script in
official amd driver archive.
Initialization of amf encoder occurs in this order:
1) trying to initialize through dx11(only windows)
2) trying to initialize through dx9(only windows)
3) trying to initialize through vulkan
Only Vulkan initialization available on linux.
ff_reget_buffer() will attempt to create a writable copy of the frame,
which is not needed when the decoder intends to return a reference to
the same buffer as the previous frame.
Should reduce data copy, hopefully achieving a similar speed up as
a9dacdeea6 without dropping frames.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
This reverts commit a9dacdeea6.
This patch effectively made the decoder output vfr content out of samples
where cfr is expected.
Addresses ticket #7880.
Signed-off-by: James Almer <jamrial@gmail.com>
