1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-19 05:49:09 +02:00

104514 Commits

Author SHA1 Message Date
Marton Balint
9420f7e095 avformat/mpegts: fix max_packet_size in mpegts payload parsing
The maximum allowed useful PES payload data was set to PES_packet_length, but
it is in fact smaller by the length of the PES header.

This changes how corrupt streams are packetized:
- If PES header length is bigger than PES_packet_length then the PES packet
  payload will be handled as an unbound packet
- PES packets with payload across multiple MPEGTS packets will always be
  splitted if with the next chunk of data the payload should exceed
  PES_packet_length, previously a PES_header_length amount of excess was
  allowed.

Fixes ticket #9355.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-10-10 16:54:15 +02:00
Marton Balint
aeea2ad0e4 avformat/mpegts: rename PES total_size to PES_packet_length
This renames PESContext->total_size to PESContext->PES_packet_length and keeps
it 0 for unbound packets, so its name and semantics will match the standard.

There should be no change in functionality.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-10-10 16:54:15 +02:00
Marton Balint
65cd43cff3 avformat/mpegts: delay allocation of PES buffer
This allows us to allocate the buffer in a single code path.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-10-10 16:54:15 +02:00
Marton Balint
ce8db0c253 avformat/mpegts: use named constants for stream_id types
Signed-off-by: Marton Balint <cus@passwd.hu>
2021-10-10 16:54:15 +02:00
Andreas Rheinhardt
0c0d5faf94 avfilter/asrc_flite: Remove double ';'
(Inside a function a stray ';' is an empty statement; outside of
a function it is actually invalid, but compilers happen to accept
it without complaint (unless e.g. using -pedantic).)

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-10 14:27:36 +02:00
Andreas Rheinhardt
aac8fa2fbf avfilter/asrc_flite: Fix races upon (un)registering voices
The voice registration system in libflite is broken: It is not
thread-safe and also not based on internal counters; instead
any call to unregister a voice frees said voice even if there are still
many other users of said voice who have also registered said voice.
While there is no way to guard against another library unregistering
voices behind our back, we can at least be correct in the absence of
other users of libflite. The current code already tried this by using
a reference count of our own for each voice; but the implementation
of this is not thread-safe at all.

Fix this by using a mutex to guard all of libavfilter's libflite
registration and unregistration calls, thereby being thread-safe
in the absence of other libflite users.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-10 14:27:22 +02:00
Andreas Rheinhardt
18ddb25c7a avfilter/asrc_flite: Fix use-after-frees
When an flite filter instance is uninitialized and the refcount
of the corresponding voice_entry reaches zero, the voice is
unregistered, yet the voice_entry's pointer to the voice is not reset.
(Whereas some other pointers are needlessly reset.)
Because of this a new flite filter instance will believe said voice
to already be registered, leading to use-after-frees.
Fix this by resetting the right pointer instead of the wrong ones.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-10 14:27:13 +02:00
Andreas Rheinhardt
304cc03798 avfilter/asrc_flite: Don't segfault when using list_voices option
Could also happen if initializing flite failed* or if an unknown voice
has been selected or if registering the voice failed.

*: which it currently can't, because it is a no-op.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-10 14:19:57 +02:00
Andreas Rheinhardt
9a1547ba1e avfilter/tests/filtfmts: Check for existence of formats/channel layouts
Fixes segfaults with filters that either return AVERROR(EAGAIN)
(or another error) or that do not set everything and rely on
filter_query_formats() to set the rest.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-10 12:04:30 +02:00
Andreas Rheinhardt
a228baeee1 avfilter/vf_scale: Reindentation
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-10 12:04:30 +02:00
Andreas Rheinhardt
04f8d79c24 avfilter/vf_scale: Remove always-true checks
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-10 12:04:30 +02:00
Andreas Rheinhardt
812a4b86a8 avfilter/vf_transpose: Don't call av_pix_fmt_desc_get() twice
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-10 12:04:30 +02:00
Andreas Rheinhardt
2b72e693c7 avfilter/tests/filtfmts: Replace macro by ordinary function
This is possible now that AVFilterFormatsConfig exists.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-10 12:04:29 +02:00
Limin Wang
b4d665bf69 avformat/libsrt: specify base of maxbw string to 10 instead of auto-detect
Make all options string conversion consistent.

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2021-10-10 11:00:59 +08:00
Limin Wang
1161d8b4b3 avformat/libsrt: use strtoll/strtol for int64_t/int
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2021-10-10 11:00:59 +08:00
Michael Niedermayer
d115eec979 avformat/matroskadec: Reset state also on failure in matroska_reset_status()
The calling code does not handle failures and will fail with assertion failures later.
Seeking can always fail even when the position was previously read.

Fixes: Assertion failure
Fixes: 35253/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4693059982983168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-09 17:01:49 +02:00
Paul B Mahol
57b14879b9 avfilter/vf_v360: fix scaling to give proper results 2021-10-09 16:59:35 +02:00
Paul B Mahol
fd3aba10cc avfilter/vf_v360: do not round second arg for rescale() 2021-10-09 16:59:35 +02:00
Limin Wang
c0d38beac0 avcodec/mpeg12dec: Fix usage of init_get_bits() and use init_get_bits8()
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2021-10-09 21:26:21 +08:00
James Almer
7a1976919c configure: export pkg-config includedir variable
Some packages may not define custom cflags, in which case a simple
"pkg-config --cflags" call will return an empty string.
This change will be useful to get a valid include path that can be
used in library checks.

Reviewed-by: Haihao Xiang <haihao.xiang@intel.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2021-10-09 09:50:12 -03:00
Andreas Rheinhardt
99b4acd3fa avdevice/caca: Don't free AVOpt-enabled string manually
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-09 14:18:12 +02:00
Andreas Rheinhardt
395803c78f avdevice/caca: Make deinit function out of write_trailer
Fixes memleaks in case the trailer is never written.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-09 14:18:12 +02:00
Paul B Mahol
8f26ebde14 avfilter: add audio signal to distortion ratio filter 2021-10-09 14:10:09 +02:00
Paul B Mahol
30d4609484 avfilter/af_axcorrelate: add DBLP sample format support 2021-10-09 14:10:09 +02:00
Paul B Mahol
95cae4922d doc/filters: specify more axcorrelate design
The typical 1D normalized cross-correlation is not same as
1D windowed normalized cross-correlation.
2021-10-09 14:03:39 +02:00
Andreas Rheinhardt
9b17273c77 avdevice/xv: Increase array size
av_image_copy() expects an array of four pointers according to its
declaration; although it currently only touches pointers that
are actually in use (depending upon the pixel format) this might
change at any time (as has already happened for the linesizes
in d7bc52bf456deba0f32d9fe5c288ec441f1ebef5).

This fixes ticket #9264 as well as a warning from GCC 11.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-09 13:24:38 +02:00
Andreas Rheinhardt
8d0082beda avfilter/af_atilt: Constify filter
(It is actually UB if a declaration and its definition differ wrt
their types like they do in this case (the declaration in allfilters
is const).)

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-09 13:21:17 +02:00
Andreas Rheinhardt
5a261cfa32 avformat/allformats: Fix data race when accessing devices lists
Up until now setting the input and output devices lists is guarded
by a mutex. This prevents data races emanating from multiple concurrent
calls to avpriv_register_devices() (triggered by multiple concurrent
calls to avdevice_register_all()). Yet reading the lists pointers was
done without any lock and with nonatomic variables. This means that
there are data races in case of concurrent calls to
av_(de)muxer_iterate() and avdevice_register_all() (but only if the
iteration in av_(de)muxer_iterate exhausts the non-device (de)muxers).

This commit fixes this by putting said pointers into atomic objects.
Due to the unavailability of _Atomic the object is an atomic_uintptr,
leading to ugly casts. Switching to atomics also allowed to remove
the mutex currently used in avpriv_register_devices().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-09 13:20:39 +02:00
Michael Niedermayer
98aec8c1b8 avcodec/h274: Fix signed left shift
Fixes: 39463/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5736517629247488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-09 11:42:16 +02:00
Michael Niedermayer
849138f476 avformat/wavdec: Check smv_block_size
Fixes: Timeout
Fixes: 39554/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-4915221701984256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-09 11:42:16 +02:00
Michael Niedermayer
8fe3566b8f avformat/rmdec: Check for multiple audio_stream_info
Fixes: memleak
Fixes: 39166/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5153276690038784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-09 11:42:16 +02:00
Michael Niedermayer
f054871a65 avcodec/h264_slice: Check idr_pic_id
Fixes: left shift of negative value -1
Fixes: 39223/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5498831521841152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-09 11:42:16 +02:00
Paul B Mahol
d88d0370d5 avfilter/af_axcorrelate: fix integer overflow for huge segments 2021-10-09 01:44:23 +02:00
Paul B Mahol
eb22b8953c avfilter/af_axcorrelate: always process all input samples 2021-10-09 01:44:23 +02:00
Andreas Rheinhardt
21914e7a4e fftools/ffmpeg, ffmpeg_opt: Allocate (In|Out)putStream.pkt early
Avoids checks lateron in the hot path.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-08 16:03:21 +02:00
Andreas Rheinhardt
f1df856fb6 fftools/ffmpeg: Remove unnecessary av_packet_unref()
avcodec_receive_packet() already unreferences the packet on its own.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-08 15:51:17 +02:00
Andreas Rheinhardt
fb215798c7 fftools/ffmpeg: Fix crash when flushing non-fully setup output stream
The output stream's packet may not have been allocated
at that point. This happens when quitting in the following command line:
$ ./ffmpeg -lavfi abuffer=sample_fmt=u8:sample_rate=48000:channel_layout=stereo -f null -

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-08 12:06:00 +02:00
Andreas Rheinhardt
6d72126e9b tests/fate-run: Use DEC_OPTS for additional input, too
Should fix failures in the cover-art-flac-remux test.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-08 12:06:00 +02:00
Andreas Rheinhardt
5e1dac380b avfilter/avfiltergraph: Fix use-after-free when inserting auto-converter
When inserting an auto-resampler, it may be that the configuration
of the filters that the auto-resampler is supposed to connect is
already partially merged, i.e. converter->inputs[0].incfg.foo and
converter->outputs[0].outcfg.foo (where foo is one of formats,
samplerates, channel_layouts) can coincide. Therefore merging
the converter filter's input link might modify the outcfg of the
converter' outlink. Yet the current code in avfiltergraph.c used
pointers from before merging the inlink for merging the outlink,
leading to a use-after-free in command lines like:
$ ffmpeg -f lavfi -i anullsrc=cl=stereo -lavfi channelsplit,axcorrelate -f null -
Fix this by not using outdated values when merging the outlink.

This is a regression since 85a6404d7e6c759ddf71d6374812d7ff719728ec.

Found-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-10-08 12:06:00 +02:00
Peter Ross
4ff8840697 avformat/img2dec: add GEM Raster image demuxer
Signed-off-by: Peter Ross <pross@xvid.org>
2021-10-08 20:37:36 +11:00
Peter Ross
60a9d3778f avcodec: GEM Raster image decoder
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Peter Ross <pross@xvid.org>
2021-10-08 20:37:36 +11:00
Wu Jianhua
314289c219 avfilter/vf_avgblur_vulkan: fix incorrect conditional judgement
Signed-off-by: Wu Jianhua <jianhua.wu@intel.com>
2021-10-08 11:09:30 +02:00
Gyan Doshi
f79be02be0 README: fix typo and description of libavfilter
Thanks to Arif Driessen for bringing notice to the typo.
2021-10-08 09:44:34 +05:30
Limin Wang
254652a34c avfilter/vf_showinfo: minor adjustment for the dump format of ROI
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2021-10-08 10:11:59 +08:00
Limin Wang
00ec682a70 avcodec/hevcdec: set the film grain property if present
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2021-10-08 10:11:59 +08:00
Limin Wang
9997047a18 avutil/detection_bbox: Fix av_detection_bbox_alloc failed if nb_bboxes == 0
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2021-10-08 10:11:59 +08:00
Limin Wang
e724004fd8 avutil/detection_bbox: use offsetof for bboxes_offset
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2021-10-08 10:11:59 +08:00
Michael Niedermayer
f059b56195 avcodec/apedec: Use 64bit to avoid overflow
Fixes: runtime error: signed integer overflow: 727298502 * 3 cannot be represented in type 'int'
Fixes: 39172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-638602483033702

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-07 23:38:57 +02:00
Michael Niedermayer
ad517ee6e4 avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830()
Fixes: signed integer overflow: -2145648640 - 3357696 cannot be represented in type 'int'
Fixes: 38899/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5358815017566208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-07 23:38:57 +02:00
Michael Niedermayer
255a7b423e oavformat/avidec: Check offset in odml
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-07 23:38:57 +02:00