1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-19 05:49:09 +02:00

24 Commits

Author SHA1 Message Date
Michael Niedermayer
b33233bd53 avformat/icodec: Check for zero streams and stream creation failure
Fixes: NULL pointer dereference
Fixes: 26814/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5758487797432320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-13 17:46:47 +01:00
Michael Niedermayer
27ee67c00f avformat/icodec: Factor failure code out in read_header()
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-13 17:46:47 +01:00
Michael Niedermayer
3300f5c133 avformat/icodec: Change order of operations to avoid NULL dereference
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-17 14:36:11 +02:00
Andreas Rheinhardt
6a67d518d6 avformat: Remove unnecessary av_packet_unref()
Since bae8844e the packet will always be unreferenced when a demuxer
returns an error, so that a lot of calls to av_packet_unref() in lots of
demuxers are now redundant and can be removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
2020-02-10 22:41:38 +01:00
Michael Niedermayer
54918b5116 avformat/icodec: Free ico->images on error paths
Fixes: 15116/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5715173567889408
Fixes: memleak

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-06-21 18:28:00 +02:00
Carl Eugen Hoyos
4d8875ec23 lavf: Constify the probe function argument.
Reviewed-by: Lauri Kasanen
Reviewed-by: Tomas Härdin
2019-03-21 11:42:17 +01:00
Andreas Cadhalpun
89eb398c7f icodec: correctly check avio_read return value
It can read less than the requested amount, in which case buf contains
uninitialized data, causing problems like segmentation faults later on.

Also make sure that image->size is positive, so that it can't match a
negative error code.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-10 22:02:49 +01:00
Andreas Cadhalpun
d54c95a143 icodec: add ico_read_close to fix leaking ico->images
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-09 21:10:41 +01:00
Andreas Cadhalpun
467eece1be icodec: fix leaking pkt on error
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-09 21:10:35 +01:00
Derek Buitenhuis
6f69f7a8bf Merge commit '9200514ad8717c63f82101dc394f4378854325bf'
* commit '9200514ad8717c63f82101dc394f4378854325bf':
  lavf: replace AVStream.codec with AVStream.codecpar

This has been a HUGE effort from:
    - Derek Buitenhuis <derek.buitenhuis@gmail.com>
    - Hendrik Leppkes <h.leppkes@gmail.com>
    - wm4 <nfxjfg@googlemail.com>
    - Clément Bœsch <clement@stupeflix.com>
    - James Almer <jamrial@gmail.com>
    - Michael Niedermayer <michael@niedermayer.cc>
    - Rostislav Pehlivanov <atomnuker@gmail.com>

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-10 20:59:55 +01:00
Mark Harris
56e2cd9c04 avformat/icodec: Fix crash probing fuzzed file
Avoid invalid memory read/crash when frame offset >= 0xfffffff8.
Base64-encoded example: AAABADAwMDAwMAAAMAAwMDAw/P///w==
(The previous commit verifies that p->buf_size >= 22.)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-02-20 02:56:25 +01:00
Mark Harris
1b4fbf8080 avformat/icodec: ico probe with unknown data
Fix cases where unknown data (data beyond p->buf_size) could produce a
higher ico probe score than if the unknown data was known and valid.
For example:
    Header:  OK, 2 frames
    Frame 0: Unknown (offset points beyond end of probe buffer)
    Frame 1: Invalid
Previously this example had a score of 25, even though the score would
be 1 if the unknown frame was known to be valid or 0 if it was known
to be invalid.  For this example the score is now 1.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-02-20 02:56:25 +01:00
Carl Eugen Hoyos
9bc281beae lavf/icodec: Improve autodetection.
Avoids misdetection of MPEG (B-)frames.

Reviewed-by: Michael Bradshaw
2016-01-18 00:36:44 +01:00
Michael Bradshaw
244184217c Return EOF for ICO when the end is reached 2015-09-24 23:35:10 +02:00
Michael Niedermayer
dd77f6469a avformat/ico: use avmalloc(z)_array()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-04-16 19:41:41 +02:00
Michael Niedermayer
4f0e85517f avformat/icodec: reduce score returned on probing
The ico probe function is pretty weak just checking a few bytes for being 0, 1 or not 0

Fixes probetest failure

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-11-08 20:10:33 +01:00
Paul B Mahol
a9b424879f lavc & lavf: replace deprecated av_log* functions
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2013-03-15 18:10:28 +00:00
Michael Niedermayer
7a72695c05 Merge commit '36ef5369ee9b336febc2c270f8718cec4476cb85'
* commit '36ef5369ee9b336febc2c270f8718cec4476cb85':
  Replace all CODEC_ID_* with AV_CODEC_ID_*
  lavc: add AV prefix to codec ids.

Conflicts:
	doc/APIchanges
	doc/examples/decoding_encoding.c
	doc/examples/muxing.c
	ffmpeg.c
	ffprobe.c
	ffserver.c
	libavcodec/8svx.c
	libavcodec/avcodec.h
	libavcodec/dnxhd_parser.c
	libavcodec/dvdsubdec.c
	libavcodec/error_resilience.c
	libavcodec/h263dec.c
	libavcodec/libvorbisenc.c
	libavcodec/mjpeg_parser.c
	libavcodec/mjpegenc.c
	libavcodec/mpeg12.c
	libavcodec/mpeg4videodec.c
	libavcodec/mpegvideo.c
	libavcodec/mpegvideo_enc.c
	libavcodec/pcm.c
	libavcodec/r210dec.c
	libavcodec/utils.c
	libavcodec/v210dec.c
	libavcodec/version.h
	libavdevice/alsa-audio-dec.c
	libavdevice/bktr.c
	libavdevice/v4l2.c
	libavformat/asfdec.c
	libavformat/asfenc.c
	libavformat/avformat.h
	libavformat/avidec.c
	libavformat/caf.c
	libavformat/electronicarts.c
	libavformat/flacdec.c
	libavformat/flvdec.c
	libavformat/flvenc.c
	libavformat/framecrcenc.c
	libavformat/img2.c
	libavformat/img2dec.c
	libavformat/img2enc.c
	libavformat/ipmovie.c
	libavformat/isom.c
	libavformat/matroska.c
	libavformat/matroskadec.c
	libavformat/matroskaenc.c
	libavformat/mov.c
	libavformat/movenc.c
	libavformat/mp3dec.c
	libavformat/mpeg.c
	libavformat/mpegts.c
	libavformat/mxf.c
	libavformat/mxfdec.c
	libavformat/mxfenc.c
	libavformat/nsvdec.c
	libavformat/nut.c
	libavformat/oggenc.c
	libavformat/pmpdec.c
	libavformat/rawdec.c
	libavformat/rawenc.c
	libavformat/riff.c
	libavformat/sdp.c
	libavformat/utils.c
	libavformat/vocenc.c
	libavformat/wtv.c
	libavformat/xmv.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-08-07 22:45:46 +02:00
Michael Niedermayer
e37f161e66 Merge remote-tracking branch 'qatar/master'
* qatar/master: (71 commits)
  movenc: Allow writing to a non-seekable output if using empty moov
  movenc: Support adding isml (smooth streaming live) metadata
  libavcodec: Don't crash in avcodec_encode_audio if time_base isn't set
  sunrast: Document the different Sun Raster file format types.
  sunrast: Add a check for experimental type.
  libspeexenc: use AVSampleFormat instead of deprecated/removed SampleFormat
  lavf: remove disabled FF_API_SET_PTS_INFO cruft
  lavf: remove disabled FF_API_OLD_INTERRUPT_CB cruft
  lavf: remove disabled FF_API_REORDER_PRIVATE cruft
  lavf: remove disabled FF_API_SEEK_PUBLIC cruft
  lavf: remove disabled FF_API_STREAM_COPY cruft
  lavf: remove disabled FF_API_PRELOAD cruft
  lavf: remove disabled FF_API_NEW_STREAM cruft
  lavf: remove disabled FF_API_RTSP_URL_OPTIONS cruft
  lavf: remove disabled FF_API_MUXRATE cruft
  lavf: remove disabled FF_API_FILESIZE cruft
  lavf: remove disabled FF_API_TIMESTAMP cruft
  lavf: remove disabled FF_API_LOOP_OUTPUT cruft
  lavf: remove disabled FF_API_LOOP_INPUT cruft
  lavf: remove disabled FF_API_AVSTREAM_QUALITY cruft
  ...

Conflicts:
	doc/APIchanges
	libavcodec/8bps.c
	libavcodec/avcodec.h
	libavcodec/libx264.c
	libavcodec/mjpegbdec.c
	libavcodec/options.c
	libavcodec/sunrast.c
	libavcodec/utils.c
	libavcodec/version.h
	libavcodec/x86/h264_deblock.asm
	libavdevice/libdc1394.c
	libavdevice/v4l2.c
	libavformat/avformat.h
	libavformat/avio.c
	libavformat/avio.h
	libavformat/aviobuf.c
	libavformat/dv.c
	libavformat/mov.c
	libavformat/utils.c
	libavformat/version.h
	libavformat/wtv.c
	libavutil/Makefile
	libavutil/file.c
	libswscale/x86/input.asm
	libswscale/x86/swscale_mmx.c
	libswscale/x86/swscale_template.c
	tests/ref/lavf/ffm

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-28 07:53:34 +01:00
Peter Ross
3a1df393b8 ico: favour BITMAPHEADER dimensions over IconEntry dimensions
Fixes ticket 759.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-13 15:57:34 +01:00
Peter Ross
051257495a ico: reject icon entries that are smaller than sizeof(BITMAPHEADER)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-12 16:32:55 +01:00
Peter Ross
90dbd08127 ico: ignore IconEntry.bpp value, and favour BITMAPHEADER.NumColors value over that in IconEntry
Fixes ticket 905.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-12 16:32:55 +01:00
Peter Ross
bd3a12d68d ico: consider IconEntry.NumColors of 255 to be ambiguous
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-12 16:32:55 +01:00
Peter Ross
ba8410cb44 Microsoft Windows ICO demuxer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2011-12-04 16:44:20 +01:00