Currently qsv (m)jpeg encoding is broken.
Regression introducing by the commit(id: c1bcd3): fix async support,
which requires the minimum async_depth to be 1, instead previous zero.
But the default async_depth of qsv (m)jpeg encoding is still initialized
(mostly) as zero.

This patch also abviously improves qsv (m)jpeg encoding performance
due to the default async_depth is changed to 4.

Signed-off-by: Zhong Li <zhong.li@intel.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Fixes: assertion failure
Fixes: 10785/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5672160496975872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Out of array read
Fixes: 10789/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5153255445757952

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Any of these buffers (for both H.264 and H.265) might reasonably be
parsed using the bitstream reader, so include padding on all of them.

It should be the same as the one used for the rest of the pic_timing
structure.

64c50c0e declared support for decomposing
them but omitted to implement it; this adds an implementation.

Also do the same for end-of-stream NAL units, since they are equivalent.

Fixes: Integer overflow
Fixes: 10890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5636062181851136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

ff_sine_window_init() is writing to these tables causing
a crash if compiled with gcc 8 and lto.

Analyzed by Martin Liška in:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85132

Fixes ticket #7491.

Improve encoding speed by 2% (using prores input)

avcodec/proresenc_aw : use AVframe primaries, transfert, colorspace for frame header instead of default (unknown, unknown, Rec601)

avoid color shift, on some decoding software

Doesn't seems to make speed loss

Fixes: 10300/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6292205497483264
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: 10651/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5202341540659200
Fixes: signed integer overflow: -1707705920 - 1703592888 cannot be represented in type 'int'

This tries to follow the webrtc code. For example using cliping and 64 bit as in WebRtcSpl_DotProductWithScale()
and not doing so in other places.
I could not find anything in rfc3951 and the reference code inside which would
explain what to do in these corner cases.

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: 10651/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5202341540659200
Fixes: left shift of negative value -512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

These limits are based on limiting done in WebRtcIlbcfix_CreateAugmentedVec()
Fixes: out of array accesses
Fixes: 10652/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5638941487661056
Fixes: 10655/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5699970020147200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: -2144033225 + -5208934 cannot be represented in type 'int'
Fixes: 10633/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5679133791617024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes ticket #7495.

Fixes crash noticed in the cbs_userdata patchset.

====ERROR: AddressSanitizer: heap-buffer-overflow on address 0x609000026c89 at pc 0x00010725d37b bp 0x7ffeea04e750 sp 0x7ffeea04e748
READ of size 4 at 0x609000026c89 thread T0
    #0 0x10725d37a in ff_cbs_read_unsigned get_bits.h:274
    #1 0x1072d2767 in ff_cbs_read_a53_user_data cbs_misc_syntax_template.c:119
    #2 0x1078251a7 in h264_metadata_filter h264_metadata_bsf.c:595
    #3 0x105c1321d in output_packet ffmpeg.c:853

0x609000026c89 is located 1 bytes to the right of 8-byte region [0x609000026c80,0x609000026c88)
allocated by thread T0 here:
    #0 0x10aef08d7 in wrap_posix_memalign (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x578d7)
    #1 0x10aca95e6 in av_malloc mem.c:87
    #2 0x10ac545fe in av_buffer_allocz buffer.c:72
    #3 0x107263b27 in cbs_h264_read_nal_unit cbs_h264_syntax_template.c:722
    #4 0x10725b688 in cbs_read_fragment_content cbs.c:155

Signed-off-by: Aman Gupta <aman@tmm1.net>

Signed-off-by: Aman Gupta <aman@tmm1.net>

[ffmpeg] AVBSFContext: Decomposition unimplemented for unit 4 (type 10).

Signed-off-by: Aman Gupta <aman@tmm1.net>

Fixes: out of array read
Fixes: SIGSEGV_get_obu_bit_length_av1_parse

Found-by: keval shah <skeval65@gmail.com>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>

Signed-off-by: Aman Gupta <aman@tmm1.net>

The existing av_mediacodec_release_buffer allows the user to render
or discard the Surface-backed frame. This new method allows the user
to control exactly when the frame will be rendered to its SurfaceView.

Available since Android API 21.

Signed-off-by: Aman Gupta <aman@tmm1.net>

Signed-off-by: James Almer <jamrial@gmail.com>

Fixes: Timeout
Fixes: 10385/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5689206987292672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Such streams are invalid according to
4.5.2.1 Top level payloads for the audio object types AAC main, AAC SSR, AAC LC and AAC LTP
4.5.2.1.1 Definitions
...cIn the raw_data_block(), several instances of the
same syntactic element may occur, but must have a different 4 bit
element_instance_tag, except for data_stream_element()'s and
fill_element()'s.

Fixes: Ticket7477

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

If we don't copy this value first, it is seen as 0 by h264_slice_header_init,
due to zero-allocation of the new context, triggering an old hack that
multiplied the denominator by 2 for files produced by old x264 versions, but
only if more than one thread was used.

Fixes #7475 and #7083.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Found-by: kierank
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

It can't be set for 4:2:2 streams.

It's a remnant from libvpx that's not valid for libaom.

Signed-off-by: James Almer <jamrial@gmail.com>