Fixes: infinite loop
Fixes: 27834/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5694930919620608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Up until now, the SpeedHQ encoder called a wrong function for init:
void ff_init_uni_ac_vlc(const uint8_t huff_size_ac[256],
                        uint8_t *uni_ac_vlc_len);
Yet the first argument actually used is of type RLTable; the size of
said struct is less than 256 if the size of a pointer is four, leading
to an access beyond the end of the RLTable.

This commit fixes this by calling the actually intended function:
init_uni_ac_vlc() from mpeg12enc.c. It was intended to use this
function [1], yet doing so was forgotten when the patch was actually
applied.

[1]: https://ffmpeg.org/pipermail/ffmpeg-devel/2020-July/266187.htmlReviewed-by: NPaul B Mahol <onemda@gmail.com>
Signed-off-by: NAndreas Rheinhardt <andreas.rheinhardt@gmail.com>

The earlier code would not complain if the remaining size was one byte
short of the desired size; and the way it performed the check could run
into signed integer overflow.

Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
Fixes: Timeout
Fixes: 26434/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5752845451919360
Fixes: 26444/clusterfuzz-testcase-minimized-ffmpeg_dem_BINK_fuzzer-4697773380993024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: NMichael Niedermayer <michael@niedermayer.cc>
Signed-off-by: NAndreas Rheinhardt <andreas.rheinhardt@gmail.com>

Fixes ticket #9026.

Makes output exact with smaller number of samples per frame than taps.

Reviewed-by: NPaul B Mahol <onemda@gmail.com>
Signed-off-by: NAndreas Rheinhardt <andreas.rheinhardt@gmail.com>

The decoders in this set either have a fixed channel count, or read it
from the bitstream, and thus do not require the channel count as
external information.

Fixes various regressions since
81503ac5, which requires a valid channel
count for decoders which do not set this capability.
Signed-off-by: NHendrik Leppkes <h.leppkes@gmail.com>

Reviewed-by: NAnton Khirnov <anton@khirnov.net>
Signed-off-by: NJun Zhao <barryjzhao@tencent.com>

SMVJPEG stores frames as slices of a big JPEG image. The decoder is
implemented as a wrapper that instantiates a full internal MJPEG
decoder, then forwards the decoded frames with offset data pointers.
This is unnecessarily complex and fragile, not supporting useful decoder
capabilities like direct rendering.

Re-implement the decoder inside the MJPEG decoder, which is accomplished
by returning each decoded frame multiple times, setting cropping
information appropriately on each instance.

One peculiar aspect of the previous design is that since
- the smvjpeg decoder returns one frame per input packet
- there are multiple frames in each packets (the aformentioned slices)
the demuxer needs to return each packet multiple times.
This is now also eliminated - the demuxer now returns each packet
exactly once, with the duration set to the number of frames it decodes
to.

This also removes one of the last remaining internal uses of the old
video decoding API.

This will be useful in the following commit.

It depends on the muxer generating the timestamps, which is deprecated
and scheduled for removal on next bump.

A bunch of tests change timestamps, because of ffmpeg.c is not
generating them correctly. This should be fixed later.

Factor out the code into a separate muxing-specific function.
Stop accessing the deprecated AVStream-embedded codec context, use the
average framerate (if specified) instead.

It fundamentally depends on deprecated lavf internals.

Use the stream timebase instead.

Same flags as MJPEG, as it's essentially the same codec.

following comandline will crash the ffmpeg
ffmpeg -threads 17 -thread_type slice -i WPP_A_ericsson_MAIN_2.bit out.yuv -y

the HEVCContext->sList size is MAX_NB_THREADS(16), any > 16 thread number will crash the application
Signed-off-by: NAnton Khirnov <anton@khirnov.net>

ff_snow_common_init() currently initializes static data every time it is
invoked; given that both the Snow encoder and decoder have the
FF_CODEC_CAP_INIT_THREADSAFE flag set, this can lead to data races (and
therefore undefined behaviour) even though all threads write the same
values. This commit fixes this by using ff_thread_once() for the
initializations.
Reviewed-by: NMichael Niedermayer <michael@niedermayer.cc>
Signed-off-by: NAndreas Rheinhardt <andreas.rheinhardt@gmail.com>

Reviewed-by: NTomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: NAndreas Rheinhardt <andreas.rheinhardt@gmail.com>

Reviewed-by: NTomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: NAndreas Rheinhardt <andreas.rheinhardt@gmail.com>

Reviewed-by: NTomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: NAndreas Rheinhardt <andreas.rheinhardt@gmail.com>

Fixes: memleak
Fixes: 27766/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5198300814508032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: out of memory access
Fixes: 27787/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4743666463408128.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: NPaul B Mahol <onemda@gmail.com>
Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: Assertion c > 0 failed at libavutil/mathematics.c
Fixes: 27001/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5726041328582656
Fixes: 27453/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5716060384526336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: out of array access
Fixes: 27424/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5682070692823040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Signed-off-by: NJames Almer <jamrial@gmail.com>

Handles NaNs more like the official implementation handles them, preserving
the original bits.

The cropdetect filter, at present, skips the first two frames. This
behaviour is hardcoded.

New option 'skip' allows users to change this. Convenient for when
input is a single image or a trimmed video stream.

Default is kept at 2 to preserve current behaviour.

Avoids build failure when mpegvideo_enc is built but SpeedHQ encoder
isn't.

Monochrome encoding with libaom was buggy for a long time, but this was
finally sorted out in libaom 2.0.1 (2.0.0 is almost there but was still
buggy in realtime mode).

We'll keep support for libaom 1.x around until the LTS distros that
include it are EOL (which is still a long time from now).

Fixes: https://trac.ffmpeg.org/ticket/7599

Do this by converting big-endian side data to little endian for
checksumming.
Reviewed-by: NAndriy Gelman <andriy.gelman@gmail.com>
Reviewed-by: NMichael Niedermayer <michael@niedermayer.cc>
Signed-off-by: NAndreas Rheinhardt <andreas.rheinhardt@gmail.com>

Nothing guarantees that the size of side data containing a palette
is actually divisible by four (although it should be); but for
big-endian systems, an algorithm is used that presupposed this.
So switch to an algorithm that does not overread: It processes
four bytes at a time, but only if all of them are contained in
the side data.
Signed-off-by: NAndreas Rheinhardt <andreas.rheinhardt@gmail.com>

Signed-off-by: NAndreas Rheinhardt <andreas.rheinhardt@gmail.com>