1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-03 05:10:03 +02:00
Commit Graph

99688 Commits

Author SHA1 Message Date
Michael Niedermayer
1868cb7316 avformat/wtvdec: Check dir_length
Fixes: Infinite loop
Fixes: 26445/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5125558331244544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-21 17:21:41 +02:00
Michael Niedermayer
a927128617 avformat/ffmetadec: finalize AVBPrint on errors
Fixes: memleak
Fixes: 26450/clusterfuzz-testcase-minimized-ffmpeg_dem_FFMETADATA_fuzzer-6249850443923456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-21 17:21:41 +02:00
Andreas Rheinhardt
2beb7f43f6 avcodec/on2avc: Remove redundant code for freeing
This decoder has the FF_CODEC_CAP_INIT_CLEANUP set.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 07:51:05 +02:00
Andreas Rheinhardt
bce8e2f374 avcodec/on2avc: Use least max_depth for get_vlc2()
The longest codes of any VLC codebooks are 18 bits long and the VLC
tables itself use 9 bits; therefore it is sufficient to read twice from
the table, yet this has been done thrice.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 07:47:55 +02:00
Andreas Rheinhardt
26cc9db744 avcodec/on2avc: Unify initializing quad and pair VLCs
Up until now, quad VLCs are initialized with codes of type uint32_t,
pair VLCs with codes of type uint16_t. There were two separate loops in
the decoder's init function for each type of VLC. This commit unifies
this: The type of the codes are now passed in as void * and the actual
size of the codes is obtained from a table. This approach also allows to
use the smallest type for each VLC code table: some quad tables actually
fitted in uint16_t. This allows to remove about 7KB from the binary.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 07:47:55 +02:00
Andreas Rheinhardt
fba8890628 avcodec/on2avcdata: Deduplicate symbol tables
Saves about 10KB.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 07:47:55 +02:00
Andreas Rheinhardt
289e964873 avcodec/vp3: Unify initializing and freeing VLC tables
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 06:53:41 +02:00
Andreas Rheinhardt
786b1b0c44 avcodec/vp3: Check allocations of VLCs
It would lead to crashs lateron if they failed.

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 06:16:16 +02:00
Andreas Rheinhardt
a01ca21bbb avcodec/vp3: Fix memleak upon init failure
Up until now, there was no cleanup in case initializing the Theora VLC
tables failed, leading to memleaks. This commit gets rid of them by
setting the FF_CODEC_CAP_INIT_CLEANUP flag for all decoders in vp3.c;
this also allows to remove some (now redundant) cleanup code.

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 05:46:04 +02:00
hwren
682990a849 doc/general_contents.texi: add uavs3d section
Signed-off-by: hwren <hwrenx@126.com>
2020-10-21 09:33:07 +08:00
Zane van Iperen
3106db044e
fate: add test for adpcm_swf in wav
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-21 11:26:39 +10:00
Zane van Iperen
4919b3c1c4
avcodec/adpcm_swf: support custom block size for encoding
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-21 11:26:39 +10:00
Zane van Iperen
0547fa572b
avcodec/adpcm_swf: set block_align when encoding
Allows it to be muxed to WAVs.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-21 11:26:38 +10:00
Zane van Iperen
e9dd73d30d
avcodec/adpcm_swf: support decoding multiple fixed-sized blocks at once
For incoming packets from WAV.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-21 11:23:26 +10:00
Zane van Iperen
53ac499f01
avformat/riff: prevent muxing adpcm_swf with a variable block size
Prefer to error than to create a broken file. Closes ticket #5829.

Effectively disables remuxing adpcm_swf from flv -> wav.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-21 11:23:23 +10:00
Paul B Mahol
637c154a50 avfilter: add audio frequency and phase shift filters 2020-10-20 20:38:30 +02:00
Romane Lafon
d60927b676 avfilter/avf_aphasemeter: add out of phase and mono detection
Extend aphasemeter to detect out of phase or mono sequences in
stereo streams.

Signed-off-by: Romane Lafon <romane@nomalab.com>
2020-10-20 20:30:45 +02:00
Michael Niedermayer
6707152f08 avcodec/notchlc: Revert incorrect compression bound
Revert "avcodec/notchlc: Check uncompressed size against input for LZ4"

Found-by: durandal_1707
This reverts commit 51002362c4.
2020-10-20 17:18:11 +02:00
Michael Niedermayer
939b72b02e avcodec/decode/ff_get_buffer: Check for overflow in FFALIGN()
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 26218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5734075396259840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 15:33:13 +02:00
Michael Niedermayer
bc9686c85b avcodec/cri: Check for end of image in unpack_10bit()
Fixes: out of array write
Fixes: 26242/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5161495882891264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 15:33:13 +02:00
Chris Miceli
be852803eb libavformat/utils: Fix misleading indent
6f69f7a8bf introduced this and it was part
of a very large merging of refactoring. Current behaviour is what is
reflected by this indenting change, however my understanding of timing
is such that this correct behaviour.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 15:33:13 +02:00
Michael Niedermayer
4ebe40ef64 avcodec/adpcm: Check channels before use for ADPCM_PSX
Fixes: division by zero
Fixes: 26293/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_PSX_fuzzer-5176665237618688
Fixes: 26331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_PSX_fuzzer-5632330364092416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 15:33:13 +02:00
Michael Niedermayer
a4895b75a3 avcodec/mobiclip: Avoid signed integer overflows in idct()
Fixes: signed integer overflow: 536870912 + 1610612736 cannot be represented in type 'int'
Fixes: 26288/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6194364759670784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 15:33:13 +02:00
Michael Niedermayer
6910e0f4e5 avcodec/exr: Check limits to avoid overflow in delta computation
Fixes: signed integer overflow: 553590816 - -2145378049 cannot be represented in type 'int'
Fixes: 26315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5938755121446912
Fixes: 26340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5644316208529408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 15:33:13 +02:00
Michael Niedermayer
44ff5a1bff avformat/boadec: Check that channels and block_align are set
Fixes: Infinite loop
Fixes: 26381/clusterfuzz-testcase-minimized-ffmpeg_dem_BOA_fuzzer-5745789089087488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 15:33:13 +02:00
Michael Niedermayer
2be51d14f2 avformat/av1dec: Fix padding in obu_get_packet()
Fixes: stack buffer overflow (read)
Fixes: 26369/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5721057325219840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 15:33:13 +02:00
Michael Niedermayer
51002362c4 avcodec/notchlc: Check uncompressed size against input for LZ4
Fixes: OOM
Fixes: 26168/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-6019839015256064

Equation is based on LZ4_COMPRESSBOUND from lz4.h
Suggested-by: Paul
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 15:33:13 +02:00
Michael Niedermayer
0d088a47ca avformat/asfdec_f: Check name_len for overflow
Fixes: signed integer overflow: -1172299744 * 2 cannot be represented in type 'int'
Fixes: 26258/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5672758488596480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 15:33:13 +02:00
Michael Niedermayer
d198362839 avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
Fixes: signed integer overflow: 241173056 + 1953511200 cannot be represented in type 'int'
Fixes: 26086/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5068366420901888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 15:33:13 +02:00
Paul B Mahol
8750c8f45c avfilter/af_asubboost: use transposed II form 2020-10-20 13:51:45 +02:00
Paul B Mahol
6d59d69bb0 avfilter/af_crossfeed: use transposed II form 2020-10-20 13:51:38 +02:00
Andreas Rheinhardt
fe2be5d9ce avformat/hlsenc: Fix check for SPS
Check all the six bits, not only the two bits that are set for SPS.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-20 13:00:04 +02:00
Andreas Rheinhardt
c4f65611bc avformat/hlsenc: Fix mixed declaration and code
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-20 12:55:22 +02:00
Andreas Rheinhardt
1ba174f461 avformat/hlsenc: Don't use uninitialized buffer in av_stristr()
Introduced in a2b1dd0ce3.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-20 12:52:49 +02:00
Andreas Rheinhardt
96ad55df5b avformat/hlsenc: Fix extradata length check
Commit a2b1dd0ce3 added support for
parsing annex B HEVC extradata to extract profile and level information.
Yet it only checks for there to be enough data left for the startcode
and the first byte of the NAL unit header and not for the full NAL unit
header; it simply presumes the second byte of the NAL unit header to be
present and skips it. Then the remaining size of the extradata is calculated
which ends up negative if the second byte of the NAL unit header is not
present. Yet when calling ff_nal_unit_extract_rbsp() it
will be converted to an uint32_t and end up as UINT32_MAX which
will cause mayhem.

This is solved by making sure that there is always enough remaining
extradata that could (pending 0x03 escapes) contain the data that we
are interested in.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-20 12:43:16 +02:00
Michael Niedermayer
685ed1cbd1 avformat/sbgdec: Check for timestamp overflow in parse_time_sequence()
Fixes: signed integer overflow: 3458015007900000256 + 6425686373040000000 cannot be represented in type 'long'
Fixes: 26430/clusterfuzz-testcase-minimized-ffmpeg_dem_BRSTM_fuzzer-5761175004119040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 10:27:31 +02:00
Steven Liu
a2b1dd0ce3 avformat/hlsenc: support CODECS Attribute in hevc EXT-X-STREAM-INF
fix ticket: 8904
parse the SPS from extradata and get profile_tier_level
write the profile_tier_level info into CODECS Attribute

HLS CODECS Attribute reference to :https://developer.apple.com/documentation/http_live_streaming/hls_authoring_specification_for_apple_devices/hls_authoring_specification_for_apple_devices_appendixes

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
2020-10-20 11:41:44 +08:00
Steven Liu
b5ca8f2c66 avformat/hlsenc: compute video_keyframe_size after write keyframe
fix ticket: 8636
When write keyframe and the keyframe is the frist packet of the segment,
then compute the size of the keyframe which have been write into segment
first packet. and set the start position of the segment, should not use
avio_tell(vs->out) to get the keyframe position, because it can be set
to 0 if close at above of the workflow, that maybe inaccurate, but the
start_pos can be used here, because start_pos is set after write
the previous packet.

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
2020-10-20 11:41:44 +08:00
Steven Liu
1ee52b2b6c avformat/dashdec: check the root url length
if the length of the root url is 0, unnecessary process the root_url

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
2020-10-20 11:41:44 +08:00
Steven Liu
a424671e4f avformat/hlsenc: process hls_time value too small sence
The target duration will be a negative value when there are
some b frames after prevous frame, the pts after current packet
is large than the pts of current packet, so the target duration
will compute as 0.040000 - 0.080000, then the value of the target
duration will be -0.040000. so hls muxer should check the pts after
current packet minus the pts of current packet, hls muxer can split
the stream as a segment if the target duration is neither negative nor
zero, hls muxer cannot split the stream as a segment if the
target duration is either negative or zero then get the next packet
until the target duration is not negative or zero.

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Suggested-by: Zhili Zhao <quinkblack@foxmail.com>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
2020-10-20 11:41:44 +08:00
Andreas Rheinhardt
2134667227 avcodec/movtextenc: Cleanup generically on init failure
Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-19 21:45:22 +02:00
Andreas Rheinhardt
eab812d6d6 avcodec/movtextenc: Remove redundant function parameters
It makes no sense to call the functions to write styl, hlit or hclr boxes
with a different box name than "styl", "hlit" or "hclr". Therefore this
commit inlines these values in the functions, removes the function
parameter containing the box's name and removes the (non obsolete) box
names from the list of boxes.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-19 21:42:55 +02:00
Andreas Rheinhardt
82c636313d avcodec/movtextenc: Simplify writing to AVBPrint
The mov_text encoder uses an AVBPrint to assemble the subtitles;
yet mov_text subtitles are not pure text; they also have a binary
portion that was mostly handled as follows:

    uint32_t size = /* calculation */;
    size = AV_RB32(&size);
    av_bprint_append_data(bprint, (const char*)&size, 4);

Here AV_RB32() is a no-op on big-endian systems and a LE-BE swap
on little-endian systems, making the output endian-independent.

Yet this is ugly and unclean: On LE systems, the variable size from
the snippet above won't contain the correct value any more. Furthermore,
using this pattern leads to lots of small writes to the AVBPrint.

This commit therefore changes this to using a temporary buffer instead:

    uint8_t buf[4];
    AV_WB32(buf, /* size calculation */);
    av_bprint_append_data(bprint, buf, 4);

This method also allows to use bigger buffers holding more than one
element, saving calls to av_bprint_append_data() and reducing codesize.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-19 21:41:46 +02:00
Andreas Rheinhardt
2f9fc35028 avcodec/movtextenc: Fix undefined left shifts outside the range of int
Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-19 21:40:28 +02:00
Andreas Rheinhardt
9a731e9fec avcodec/movtextenc: Fix memleak on (re)allocation error
Up until now, the mov_text encoder used the dynamic array API for its
list of style attributes; it used the (horrible) av_dynarray_add() which
works with an array of pointers; on error it frees its array but not
the buffers referenced by the pointers said array contains. It also
returns no error code, encouraging not to check for errors.

These properties imply that this function may only be used if the buffers
referenced by the list either need not be freed at all or if they are
freed by other means (i.e. if the list contains non-ownership pointers).

In this case, the style attributes are owned by the pointers of the
dynamic list. Ergo the old style attributes leak on a subsequent
reallocation failure. But given that the (re)allocation isn't checked
for success, the style attribute intended to be added to the list also
leaks because the only pointer to it gets overwritten in the belief that
it is now owned by the list.

This commit fixes this by switching to av_fast_realloc() and an array
containing the styles directly instead of pointers to individually
allocated style attributes. The current style attributes are now no longer
individually allocated, instead they are part of the context.

Furthermore, av_fast_realloc() allows to easily distinguish between
valid and allocated elements, thereby allowing to reuse the array
(which up until now has always been freed after processing an
AVSubtitleRect).

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-19 21:37:42 +02:00
Andreas Rheinhardt
0dd7b8232d avcodec/movtextenc: Don't presume every style to have a font
Fixes segfaults in the absence of fonts; this can happen because the
file didn't contain any or because the allocation of the font-string
failed.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-19 21:37:15 +02:00
Andreas Rheinhardt
8d4431955c avcodec/movtextenc: Reset array counter after freeing array
Otherwise the mov_text encoder can segfault when given subtitles with more
than one AVSubtitleRect if one of the first nb_rects - 1 rects contained
a style attribute.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-19 21:36:57 +02:00
Andreas Rheinhardt
56b3726ed2 avcodec/movtextenc: Fix potential use of uninitialized value
Background colour was never initialized if no style was available.
Use a sane default of zero (i.e. completely transparent).

Fixes Coverity issue #1461471.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-19 21:36:17 +02:00
Paul B Mahol
5da94413d1 avfilter/af_aiir: remove unused argument 2020-10-19 18:42:42 +02:00
Paul B Mahol
f7379eafd2 avfilter/af_aiir: fix sp2zp mapping 2020-10-19 18:42:42 +02:00