FFmpeg Deep Audit: Comprehensive Fixes and Enhancements

[alokemajumder]

Summary

Comprehensive deep audit of FFmpeg API integration addressing security, bugs, gaps, and production-readiness issues.

Security Fixes

• Aligned codec whitelists between validators.py and FFmpegCommandBuilder to prevent bypass
• Added professional codecs: prores, prores_ks, dnxhd, dnxhr, libsvtav1
• Added audio codecs: eac3, flac, pcm_s16le/s24le/s32le/f32le, libopus, libvorbis, libmp3lame
• Enhanced watermark handling with position presets and secure path validation

Bug Fixes

• atempo filter: Now chains filters for speeds outside 0.5-2.0 range (FFmpeg limitation workaround)
• faststart flag: Only applied to MP4/MOV containers (was causing issues with WebM/MKV)
• subtitle handler: Gracefully handles empty paths
• CRF validation: Allows lossless encoding (CRF 0-4) with warning instead of rejection

New Capabilities

• Two-pass encoding: New execute_two_pass() method for optimal bitrate distribution
• Thumbnail extraction: Single frame, multiple frames, best frame selection, sprite/contact sheets
• Concat operation: Both demuxer mode (fast, same codec) and filter mode (flexible, re-encodes)
• Tune parameter: film, animation, grain, stillimage, fastdecode, zerolatency
• Level parameter: Full H.264/H.265 level support (1.0 through 6.2)
• Advanced encoding: Reference frames, lookahead, scene change threshold
• SVT-AV1 encoder: Via encoder: "svt" parameter
• 10-bit formats: yuv420p10le, yuv422p10le, yuv444p10le, p010le, nv12

Production Improvements

• Comprehensive parameter validation with helpful error messages
• Resource management warnings for high-quality settings
• Enhanced logging for debugging

Test Plan

• Verify transcode with new codec options (prores, dnxhd, SVT-AV1)
• Test two-pass encoding workflow
• Test thumbnail extraction modes
• Test concat with both demuxer and filter modes
• Verify atempo chaining for 4x speed
• Test lossless encoding with CRF 0
• Verify faststart not applied to WebM/MKV outputs