The issue is that a race condition exists between threads locking
frames, which results in cyclic loops and deadlocks.
Compute-based implementations are not affected.
Fixes#20169
The original cleanup of frame_id_alloc_mask was done in free_frame_priv
which may be called after the start_frame for the next few frames,
causing the frame_id slots to be exhausted. Instead, decide the in-use
frame_id slots by checking the frame_id present in the DPB as we need it.
We always use two slots, even when only one L0 reference is supported
by the driver. However we still need to set the correct value for the
ref_order_hint of the second slot.
Fixes regression from bf9f921ef7 ("avcodec/hw_base_encode: restrict size of next_prev")
Fixes: index 50 out of bounds for type 'INTFLOAT [40][2]'
Fixes: 401661737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-4866055713652736
Someone knowing AAC well should review this, there is likely a nicer fix
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This creates a new codec id for mxf vbi_vanc_smpte_436M streams.
This makes it easier to use from other [de]muxers and bitstream filters.
It's just the data in Table 7 (starts on page 13) of:
https://pub.smpte.org/latest/st436/s436m-2006.pdf
Signed-off-by: Jacob Lifshay <programmerjake@gmail.com>
This commit adds a ProRes RAW hardware implementation written in Vulkan.
Both version 0 and version 1 streams are supported.
The implementation is highly parallelized, with 512 invocations dispatched
per every tile, with generally 4k tiles on a 5.8k stream.
Thanks to unlord for the 8-point iDCT.
Benchmark for a generic 5.8k RAW HQ file:
6900XT: 63fps
7900XTX: 84fps
6000 Ada: 120fps
Intel: 9fps
Simple parser that only parses frame information.
This helps avoid requiring the software decoder on init to decode a
single frame, since the decoder can be quite slow.
Fixes: out of array access
Fixes: BIGSLEEP-436510316/dwa_uncompress_write.exr
Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: BIGSLEEP-436510153/dwa_uncompress_read.exr
Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add av_free() to free s.temp_dwt_buffer and s.temp_idwt_buffer at the end of the function to avoid memory leak.
Fixes: 5d48e4eafa ("Merge commit 'a6a750c7ef240b72ce01e9653343a0ddf247d196'")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Move av_malloc() after the check for subsampling to avoid memory leak if subsampling < 0 and av_malloc() succeeds.
Fixes: a41a2efc85 ("lavc/videotoolbox: add VP9 hardware acceleration")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
In general, a provider code corresponds to a company/organization, and
the name should be that of the company, not of a given feature.
The feature is signalled in the "provider oriented code".
The exception is HDR Vivid, where the code 0x0004 indicates the HDR Vivid
feature itself rather than CUVA (China UHD Video Industry Alliance),
according to the UHD World Associations 'HDR Video Technology Part 2-1
Application Guide to System Integration' document.
ITU_T_T35_PROVIDER_CODE_CUVA -> ITU_T_T35_PROVIDER_CODE_HDR_VIVID
ITU_T_T35_PROVIDER_CODE_LCEVC-> ITU_T_T35_PROVIDER_CODE_VNOVA
ITU_T_T35_PROVIDER_CODE_SMTPE -> ITU_T_T35_PROVIDER_CODE_SAMSUNG
Signed-off-by: Maryla Ustarroz-Calonge <maryla@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
ITU-T T.35 provider codes are attributed by national bodies and it's
possible to have collisions across countries. This is why the country code
must always be checked as well.
Use if statements rather than nested switches which would be unreadable.
Signed-off-by: Maryla Ustarroz-Calonge <maryla@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is in preparation to change the switch statement to if/else.
Signed-off-by: Maryla Ustarroz-Calonge <maryla@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
current->num_tile_columns is not updated in the loop, so the existing
check was not working. Check current index instead and break. This also
simplifies duplicated log.
Fixes: 435225531/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-6639684232216576
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
ff_vvc_palette_escape_val() can return AVERROR in which case the
coeff*scale will overflow.
Fixes: runtime error: signed integer overflow: -1094995529 * 6528 cannot
be represented in type 'int'
Fixes: 435225406/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-5118570024730624
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Commit f566032bfd added frame validation.
Since then this decoder has been failing validation of sample rate
value.
Found by OSS-Fuzz.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
