Fixes: runtime error: left shift of negative value -967831544
Fixes: 2815/clusterfuzz-testcase-minimized-6062914471460864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: runtime error: signed integer overflow: 26215360 + 2121330944 cannot be represented in type 'int'
Fixes: 2809/clusterfuzz-testcase-minimized-4785181833560064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

This commit switches off forced correct nesting of tags and only keeps
it for font tags. See long explanations in the code for the rationale.

This results in various FATE changes which I'll explain here:

- various swapping in font attributes, this is mostly noise due to the
  old reverse stack way of printing them. The new one is more correct as
  the last attribute takes over the previous ones.

- unrecognized tags disappears

- invalid tags that were previously displayed aren't anymore (instead,
  we have a warning). This is better for the end user

The main benefit of this commit is to be more tolerant to error, leading
to a better handling of badly nested tags or random wrong formatting for
the end user.

Fixes: runtime error: signed integer overflow: 11 * 225726413 cannot be represented in type 'int'
Fixes: 2764/clusterfuzz-testcase-minimized-5382561922547712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: runtime error: shift exponent -1 is negative
Fixes: 2742/clusterfuzz-testcase-minimized-5724322402402304
Fixes: 2744/clusterfuzz-testcase-minimized-4672435653705728
Fixes: 2749/clusterfuzz-testcase-minimized-5298741273690112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: runtime error: shift exponent 65 is too large for 64-bit type 'residual' (aka 'unsigned long')
Fixes: 2737/clusterfuzz-testcase-minimized-4968639147016192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Signed-off-by: NJames Almer <jamrial@gmail.com>

2.5ms frames:
Before   (c):  2638 decicycles in postrotate, 2097040 runs,    112 skips
After (sse3):  1467 decicycles in postrotate, 2097083 runs,     69 skips
After (avx2):  1244 decicycles in postrotate, 2097085 runs,     67 skips

5ms frames:
Before   (c):  4987 decicycles in postrotate, 1048371 runs,    205 skips
After (sse3):  2644 decicycles in postrotate, 1048509 runs,     67 skips
After (avx2):  2031 decicycles in postrotate, 1048523 runs,     53 skips

10ms frames:
Before   (c):  9153 decicycles in postrotate,  523575 runs,    713 skips
After (sse3):  5110 decicycles in postrotate,  523726 runs,    562 skips
After (avx2):  3738 decicycles in postrotate,  524223 runs,     65 skips

20ms frames:
Before   (c): 17857 decicycles in postrotate,  261866 runs,    278 skips
After (sse3): 10041 decicycles in postrotate,  261746 runs,    398 skips
After (avx2):  7050 decicycles in postrotate,  262116 runs,     28 skips

Improves total decoding performance for real world content by 9% with avx2.
Signed-off-by: NRostislav Pehlivanov <atomnuker@gmail.com>

ac3dsp.c uses tables from ac3.c
ac3.c uses tables from ac3tab.c
hevc_ps uses tables from hevc_data.c
intrax8.c uses tables from msmpeg4data.c
Signed-off-by: NMatt Oliver <protogonoi@gmail.com>

Fixes: runtime error: signed integer overflow: 9 * 335544320 cannot be represented in type 'int'
Fixes: 2739/clusterfuzz-testcase-minimized-6737297955356672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: runtime error: signed integer overflow: -1073746548 * 21845 cannot be represented in type 'int'
Fixes: 2729/clusterfuzz-testcase-minimized-5902915464069120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: runtime error: signed integer overflow: -536870912 - 1972191120 cannot be represented in type 'int'
Fixes: 2711/clusterfuzz-testcase-minimized-4975142398590976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Signed-off-by: NKaustubh Raste <kaustubh.raste@imgtec.com>
Reviewed-by: NManojkumar Bhosale <Manojkumar.Bhosale@imgtec.com>
Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: runtime error: signed integer overflow: 1073741823 * 4 cannot be represented in type 'int'
Fixes: 2729/clusterfuzz-testcase-minimized-5902915464069120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes multiple integer overflows
Fixes: runtime error: signed integer overflow: 1 + 2147483647 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: NPaul B Mahol <onemda@gmail.com>
Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>

The patch does not fix the tsan warning it was intended to fix.
Reverting the patch moves the av_log() back to the outside of the lock.
Signed-off-by: NWan-Teh Chang <wtc@google.com>
Signed-off-by: NRonald S. Bultje <rsbultje@gmail.com>

default_ref[] is unconditionally initialized in h264_initialise_ref_list()
(called from ff_h264_build_ref_list(), called from h264_slice_init()).

This fixes the following tsan warning when running fate-h264:

WARNING: ThreadSanitizer: data race (pid=31070)
  Write of size 8 at 0x7bbc000082a8 by thread T1 (mutexes: write M1628):
    #0 memcpy /work/release-test/final/llvm.src/projects/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:655:5
(ffmpeg+0x10de9d)
    #1 h264_initialise_ref_list ffmpeg/libavcodec/h264_refs.c:214:29 (ffmpeg+0x1186b3f)
    #2 ff_h264_build_ref_list ffmpeg/libavcodec/h264_refs.c:306 (ffmpeg+0x1186b3f)
    #3 h264_slice_init ffmpeg/libavcodec/h264_slice.c:1900:11 (ffmpeg+0x1191149)
[..]
  Previous read of size 8 at 0x7bbc000082a8 by main thread (mutexes:
write M1630):
    #0 memcpy /work/release-test/final/llvm.src/projects/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:655:5
(ffmpeg+0x10de9d)
    #1 ff_h264_update_thread_context ffmpeg/libavcodec/h264_slice.c:411:5 (ffmpeg+0x118b7dc)
Signed-off-by: NWan-Teh Chang <wtc@google.com>
Signed-off-by: NRonald S. Bultje <rsbultje@gmail.com>

Signed-off-by: NPaul B Mahol <onemda@gmail.com>

Fixes: out of array access
Fixes: poc.dnxhd

Found-by: Bingchang, Liu@VARAS of IIE
Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes CID1412026.
Signed-off-by: NRostislav Pehlivanov <atomnuker@gmail.com>

Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Avoid undefined behavior in skip_input() by checking that enough data is
available before incrementing input pointer.

Check return values of parse_key() and skip_input() and exit early with
error if there is not enough data.

Fixes: 2707/clusterfuzz-testcase-minimized-5179636394754048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: runtime error: signed integer overflow: -2147483647 - 2 cannot be represented in type 'int'
Fixes: 2702/clusterfuzz-testcase-minimized-4511932591636480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Export the raw data as ICC Profile frame side data.
Reviwed-by: NRostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: NJames Almer <jamrial@gmail.com>

old:
 165188 decicycles in  rdft,   65536 runs,      0 skips
 165865 decicycles in irdft,   65536 runs,      0 skips
new:
 142487 decicycles in  rdft,   65536 runs,      0 skips
 141498 decicycles in irdft,   65536 runs,      0 skips
Signed-off-by: NMuhammad Faiz <mfcc64@gmail.com>

Removed memset call and improved performance.
Signed-off-by: NKaustubh Raste <kaustubh.raste@imgtec.com>
Reviewed-by: NManojkumar Bhosale <Manojkumar.Bhosale@imgtec.com>
Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Equivalent.
Signed-off-by: NRostislav Pehlivanov <atomnuker@gmail.com>

Signed-off-by: NRostislav Pehlivanov <atomnuker@gmail.com>

Fixes: runtime error: shift exponent 32 is too large for 32-bit type 'unsigned int'
Fixes: 2698/clusterfuzz-testcase-minimized-4713541443518464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: avcodec/aacps.c:511:40: runtime error: signed integer overflow: 1509077651 + 758068176 cannot be represented in type 'int'
Fixes: 2678/clusterfuzz-testcase-minimized-4702787684270080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>