1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-18 03:19:31 +02:00
Commit Graph

1358 Commits

Author SHA1 Message Date
James Almer
b35f6d3aa3 Merge commit '53ea595eec984e3109310e8bb7ff4b5786d91057'
* commit '53ea595eec984e3109310e8bb7ff4b5786d91057':
  mov: Rework stsc index validation

See e26e6240b6.

Merged-by: James Almer <jamrial@gmail.com>
2017-09-27 20:43:17 -03:00
James Almer
a6596831a0 Merge commit '708e84cda1bdbffb92847f3d6ccf6fbeb26d9948'
* commit '708e84cda1bdbffb92847f3d6ccf6fbeb26d9948':
  mov: Avoid memcmp of uninitialised data

Merged-by: James Almer <jamrial@gmail.com>
2017-09-26 14:48:22 -03:00
Michael Niedermayer
9cb4eb7728 avformat/mov: Fix DoS in read_tfra()
Fixes: Missing EOF check in loop
No testcase

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-09-07 15:19:22 +02:00
Daniel Glöckner
feb1dbc7bd avformat/mov: prevent duplication of first fragment's ctts_data
MP4 files with fragments might have the first moof box that is mentioned
in a fragment index before the first mdat box. Since it is then already
parsed by mov_read_header, we have to make sure that mov_switch_root
will not parse it again when seeking by setting the headers_read flag in
the index. Parsing it a second time would cause the ctts_data array to
receive a second copy of the information from the trun box, leading to
wrong PTS values for the second and following fragments in presence of
B-frames.

Fixes ticket 6560.

Signed-off-by: Daniel Glöckner <daniel-gl@gmx.net>
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-09-01 00:56:32 +02:00
Dale Curtis
f1e47f8713 avformat/mov: Bail when invalid sample data is present.
ctts data in ffmpeg relies on the index entries array to be 1:1
with samples... yet sc->sample_count can be read directly from
the 'stsz' box and index entries are only generated if a chunk
count has been read from 'stco' box.

Ensure that if sc->sample_count > 0, sc->chunk_count is too as
a basic sanity check. Additionally we need to check that after
the index is built we have the right number of entries, so we
also check in mov_read_trun() that sc->sample_count ==
st->nb_index_entries.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-09-01 00:56:32 +02:00
Dale Curtis
37e8edc9f5 avformat/mov: Fix trampling of ctts during seeks when sidx support is enabled.
When sidx box support is enabled, the code will skip reading all
trun boxes (each containing ctts entries for samples inthat box).

If seeks are attempted before all ctts values are known, the old
code would dump ctts entries into the wrong location. These are
then used to compute pts values which leads to out of order and
incorrectly timestamped packets.

This patch fixes ctts processing by always using the index returned
by av_add_index_entry() as the ctts_data index. When the index gains
new entries old values are reshuffled as appropriate.

This approach makes sense since the mov demuxer is already relying
on the mapping of AVIndex entries to samples for correct demuxing.

As a result of this all ctts entries are now 1-count. A followup
change will be submitted to remove support for > 1 count entries
which will simplify seeking.

Notes for future improvement:
Probably there are other boxes (stts, stsc, etc) that are impacted
by this issue... this patch only attempts to fix ctts since it
completely breaks packet timestamping.

This patch continues using an array for the ctts data, which is not
the most ideal given the rearrangement that needs to happen (via
memmove as new entries are read in). Ideally AVIndex and the ctts
data would be set-type structures so addition is always worst case
O(lg(n)) instead of the O(n^2) that exists now; this slowdown is
noticeable during seeks.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-24 11:02:22 +02:00
Vitaly Buka
4a404cb5b9 avformat/mov: Fix signed integer overflows with total_size
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow

Signed-off-by: Vitaly Buka <vitalybuka@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-23 03:17:11 +02:00
Jacob Trimble
f4544163b2 libavformat/mov: Fix inserting frames before current_frame.
When using streaming input, it may be possible to see frames that appear
before the current_frame.  When these frames are inserted into the
index, the current_frame needs to be updated so it is still pointing
at the same frame.

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-18 03:02:11 +02:00
Nikolas Bowe
4b54d5a721 avformat/mov: Fix memory leak when reading DDTS box.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-16 03:35:13 +02:00
James Almer
e3887c0a2c avformat/mov: add support for reading VP Codec Configuration Box
As defined in "VP Codec ISO Media File Format Binding v1.0"
https://github.com/webmproject/vp9-dash/blob/master/VPCodecISOMediaFileFormatBinding.md

Signed-off-by: James Almer <jamrial@gmail.com>
2017-06-11 15:28:34 -03:00
Sasi Inguva
93db5e3fc4 lavf/mov.c: offset index timestamps by the minimum pts to make first pts zero
If the videos starts with B frame, then the minimum composition time
as computed by stts + ctts will be non-zero. Hence we need to shift
the DTS, so that the first pts is zero. This was the intention of that
code-block. However it was subtracting by the wrong amount.

For example, for one of the videos in the bug nonFormatted.mp4 we have

stts:
sample_count  duration
960           1001

ctts:
sample_count  duration
1             3003
2             0
1             3003
....

The resulting composition times are :  3003, 1001, 2002, 6006, ...

The minimum composition time or PTS is 1001, which should be used to
offset DTS. However the code block was wrongly using ctts[0] which is
3003. Hence the PTS was negative. This change computes the minimum pts
encountered while fixing the index, and then subtracts it from all the
timestamps after the edit list fixes are applied.

Samples files available from:

https://bugs.chromium.org/p/chromium/issues/detail?id=721451
https://bugs.chromium.org/p/chromium/issues/detail?id=723537

fate-suite/h264/twofields_packet.mp4 is a similar file starting with 2
B frames. Before this change the PTS of first two B-frames was -6006
and -3003, and I am guessing one of them got dropped when being decoded
and remuxed  to the framecrc before, and now it is not being dropped.

Signed-off-by: Sasi Inguva <isasi@google.com>
2017-06-09 18:13:33 +02:00
James Almer
24133973fc avformat/mov: add support for reading Content Light Level Box
As defined in "VP Codec ISO Media File Format Binding v1.0"
https://github.com/webmproject/vp9-dash/blob/master/VPCodecISOMediaFileFormatBinding.md

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-05-27 16:14:24 -03:00
James Almer
ab05bd6e6c avformat/mov: add support for reading Mastering Display Metadata Box
As defined in "VP Codec ISO Media File Format Binding v1.0"
https://github.com/webmproject/vp9-dash/blob/master/VPCodecISOMediaFileFormatBinding.md

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-05-27 16:09:55 -03:00
Matthieu Bouron
ab61b79b1c lavf/mov: make invalid m{d,v}hd time_scale default to 1 instead of erroring out
Some samples have their metadata track time_scale incorrectly set to 0
and the check introduced by a398f054fd
prevents playback of those samples. Setting the time_scale to 1 fixes
playback.
2017-05-20 12:56:35 +02:00
Clément Bœsch
e166fe2e1f Merge commit '46191a2da16f751e53d93646ae1388d421d12bee'
* commit '46191a2da16f751e53d93646ae1388d421d12bee':
  mov: fix a possible invalid read in mov_read_mac_string()

Merged-by: Clément Bœsch <u@pkh.me>
2017-04-29 12:46:48 +02:00
Carl Eugen Hoyos
c6aaf0840c lavf/mov: Only copy extradata if it exists.
Avoids undefined call of memcpy(ptr, NULL, 0);
2017-04-19 23:33:47 +02:00
Matthew Gregan
3041b5d03b avformat/mo: Add experimental demuxing support for Opus in ISO BMFF (MP4).
Based on the draft spec at http://vfrmaniac.fushizen.eu/contents/opus_in_isobmff.html

Signed-off-by: Matthew Gregan <kinetik@flim.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-04-11 21:28:52 +02:00
Thierry Foucu
ac24a8202a libavformat/mov: Fix memory leak, need to free the chapter tracks array
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-04-06 04:05:04 +02:00
Michael Niedermayer
39ee3ddff8 avformat/mov: Check creation_time for overflow
Fixes integer overflow
Fixes: 701640

Found-by: Found-by: Thomas Guilbert <tguilbert@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-04-04 00:56:21 +02:00
Sasi Inguva
ef71dc7948 lavf/mov.c: Add -advanced_editlist option for mov format.
Adding an MOV format option to turn on/off the editlist supporting code, introduced in ca6cae73db

Signed-off-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-31 13:59:21 +02:00
Michael Niedermayer
77a3c288bd avformat/mov: Init ref_sc / ref_st to NULL
This is more robust in case some change or corner case causes them to be
dereferenced before being set

Fixes CID1396274, CID1396275

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-30 23:35:18 +02:00
Clément Bœsch
549045254c Fix all -Wformat warnings raised by DJGPP 2017-03-29 14:49:29 +02:00
Clément Bœsch
bec96a7286 lavf: use av_fourcc2str() where appropriate 2017-03-29 14:49:29 +02:00
wm4
ddef3d902f avformat, ffmpeg: deprecate old rotation API
The old "API" that signaled rotation as a metadata value has been
replaced by DISPLAYMATRIX side data quite a while ago.

There is no reason to make muxers/demuxers/API users support both. In
addition, the metadata API is dangerous, as user tags could "leak" into
it, creating unintended features or bugs.

ffmpeg CLI has to be updated to use the new API. In particular, we must
not allow to leak the "rotate" tag into the muxer. Some muxers will
catch this properly (like mov), but others (like mkv) can add it as
generic tag. Note applications, which use libavformat and assume the
old rotate API, will interpret such "rotate" user tags as rotate
metadata (which it is not), and incorrectly rotate the video.

The ffmpeg/ffplay tools drop the use of the old API for muxing and
demuxing, as all muxers/demuxers support the new API. This will mean
that the tools will not mistakenly interpret per-track "rotate" user
tags as rotate metadata. It will _not_ be treated as regression.

Unfortunately, hacks have been added, that allow the user to override
rotation by setting metadata explicitly, e.g. via

  -metadata:s:v:0 rotate=0

See references to trac #4560. fate-filter-meta-4560-rotate0 tests this.
It's easier to adjust the hack for supporting it than arguing for its
removal, so ffmpeg CLI now explicitly catches this case, and essentially
replaces the "rotate" value with a display matrix side data. (It would
be easier for both user and implementation to create an explicit option
for rotation.)

When the code under FF_API_OLD_ROTATE_API is disabled, one FATE
reference file has to be updated (because "rotate" is not exported
anymore).

Tested-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-27 13:20:27 +02:00
James Almer
d054069c15 avformat/mov: stop using deprecated codec flags
Signed-off-by: James Almer <jamrial@gmail.com>
2017-03-25 21:37:40 -03:00
Clément Bœsch
46f4f8ad86 Merge commit '1263b2039eb5aaf1522e9de9f07c787ab30a5f50'
* commit '1263b2039eb5aaf1522e9de9f07c787ab30a5f50':
  Adjust printf conversion specifiers to match variable signedness

Merged-by: Clément Bœsch <u@pkh.me>
2017-03-24 13:34:39 +01:00
Clément Bœsch
1436769c57 Merge commit 'ca1e5eea0c7b72a6e30aa6488cfeced3a4853521'
* commit 'ca1e5eea0c7b72a6e30aa6488cfeced3a4853521':
  Remove some pointless TRACE level debug code

Merged-by: Clément Bœsch <u@pkh.me>
2017-03-24 13:23:52 +01:00
Clément Bœsch
30ac66abf0 Merge commit '4b07ebf1eb13561492f7e3c30a67f34415016b3e'
* commit '4b07ebf1eb13561492f7e3c30a67f34415016b3e':
  mov: Update colr values

Mostly noop, see a3cab3d433

Only the use of av_color_{primaries,transfer,space}_name() is merged.

Merged-by: Clément Bœsch <u@pkh.me>
2017-03-24 11:33:47 +01:00
James Almer
4de591e6fb Merge commit '83548fe894cdb455cc127f754d09905b6d23c173'
* commit '83548fe894cdb455cc127f754d09905b6d23c173':
  lavf: fix usage of AVIOContext.seekable

Merged-by: James Almer <jamrial@gmail.com>
2017-03-21 17:02:30 -03:00
Vittorio Giovara
95a72aed76 mov: Drop extra format specifier in error message 2017-03-17 15:30:11 -04:00
Vittorio Giovara
f20bcec4c2 spherical: Change types of bounding and pad to uint32_t
These values are defined to be 32bit in the specification,
so it makes more sense to store them as fixed width.

Based on a patch by Micahel Niedermayer <michael@niedermayer.cc>.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-03-17 13:12:25 -04:00
Vittorio Giovara
ac8c72f8f1 mov: Fix checking layout and loading padding for cubemaps 2017-03-07 17:29:52 -05:00
Vittorio Giovara
022b4ea583 mov: Export bounds and padding from spherical metadata
Update the fate test as needed.
2017-03-07 11:25:37 -05:00
Sasi Inguva
7e538c9475 lavf/mov.c: Correct keyframe search in edit list to return the very first keyframe/frame with matching timestamp. Fixes ticket#5904
Signed-off-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-20 17:15:36 +01:00
Vittorio Giovara
53ea595eec mov: Rework stsc index validation
In order to avoid potential integer overflow change the comparison
and make sure to use the same unsigned type for both elements.
2017-02-10 16:26:16 -05:00
Matt Wolenetz
36aba43bd5 lavf/mov.c: Avoid heap allocation wraps in mov_read_{senc,saiz}()
Core of patch is from paul@paulmehta.com
Reference https://crbug.com/643952 (senc,saiz portions)

Signed-off-by: Matt Wolenetz <wolenetz@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-10 12:04:41 +01:00
Matt Wolenetz
9bbdf5d921 lavf/mov.c: Avoid OOB in mov_read_udta_string()
Core of patch is from paul@paulmehta.com
Reference https://crbug.com/643952 (udta_string portion)

Signed-off-by: Matt Wolenetz <wolenetz@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-10 12:04:41 +01:00
Matt Wolenetz
2d453188c2 lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid
Core of patch is from paul@paulmehta.com
Reference https://crbug.com/643951

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Check value reduced as the code does not support values beyond INT_MAX
Also the check is moved to a more common place and before integer truncation
2017-02-08 03:57:10 +01:00
Matt Wolenetz
fd30e4d57f lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr
Core of patch is from paul@paulmehta.com
Reference https://crbug.com/643950

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Check value reduced as the code does not support larger lengths
2017-02-08 03:31:01 +01:00
Diego Biurrun
a25dac976a Use bitstream_init8() where appropriate 2017-02-07 18:27:21 +01:00
Clément Bœsch
e26e6240b6 Merge commit '90bc423212396e96a02edc1118982ab7f7766a63'
* commit '90bc423212396e96a02edc1118982ab7f7766a63':
  mov: Wrap stsc index and count compare in a separate function

The mov_stsc_index_valid() function is replaced with a macro to prevent
signdness issues (index is not always signed, and count is always
unsigned currently).

The comparison is also adjusted to reduce the risk of overflows.

Merged-by: Clément Bœsch <u@pkh.me>
2017-02-01 15:50:02 +01:00
erankor
0101d29095 mov: fix decryption with edit list
Retain the ranges of frame indexes when applying edit list in
mov_fix_index. The index ranges are then used to keep track of the frame
index of the current sample. In case of a discontinuity in frame indexes
due to edit, update the auxiliary info position accordingly.

Reviewed-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-01 15:09:38 +01:00
Mark Thompson
708e84cda1 mov: Avoid memcmp of uninitialised data
The string codec name need not be as long as the value we are
comparing it to, so memcmp may make decisions derived from
uninitialised data that valgrind then complains about (though the
overall result of the function will always be the same).  Use
strncmp instead, which will stop at the first zero byte and
therefore not encounter this issue.
2017-01-30 23:03:52 +00:00
Michael Niedermayer
06c143e505 avformat/mov: Fix integer truncation in mov_read_uuid()
Fixes Ticket6102

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-01-30 23:19:01 +01:00
Aaron Colwell
b9f2f93261 mov: Fix spherical metadata_source parsing
Signed-off-by: James Almer <jamrial@gmail.com>
2017-01-27 22:52:33 -03:00
Carl Eugen Hoyos
a135b017de lavf/mov: Unscramble dref debug output. 2017-01-25 11:49:04 +01:00
Alexandra Hájková
a895292f27 mov: Convert to the new bitstream reader 2017-01-13 10:27:03 +01:00
Diego Biurrun
0b77a59336 Use correct printf conversion specifiers for POSIX integer types 2016-12-23 19:30:00 +01:00
Chen Meng
25e35b3436 avformat/mov.: Make the process of uuid-xmp atom faster.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-19 23:10:34 +01:00
Anton Khirnov
46191a2da1 mov: fix a possible invalid read in mov_read_mac_string()
When the input string is too large, so the second condition in if ()
fails, the code will erroneously execute the else branch, indexing the
mac_to_unicode table with a negative index.

CC: libav-stable@libav.org
Bug-Id: 1000
Found-By: Kamil Frankowicz
2016-12-19 08:14:59 +01:00