When parsing MXF encountering some tags leads to allocations. And when
these tags were encountered repeatedly, this could lead to memleaks,
because the pointer to the old data got simply overwritten with a
pointer to the new data (or to NULL on allocation failure). This has
been fixed.
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 28ce651c6d53866c1b8c3b49b8b66a2e967aa273)
The MXF demuxer uses an array of pointers to different structures of
metadata (all containing a common initial sequence containing a type
field to distinguish them) and some of these structures contain pointers
to separately allocated subelements. If an error happens while reading
and creating the tags, the semi-finished new tag is freed using the
function to free these tags. But this function doesn't free the already
allocated subelements, because the type has not been set yet. This commit
changes this.
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 78f21cab188a094d42520bcad9686c3b5afa844b)
Said array contains pointers to other structs and both the designated
new element as well as other stuff contained in it (e.g. strings) leak
if the new element can't be added to the array.
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 49e78548c35be84200ea9f617c4b5b2f58c7e6f6)
Fixes: signed integer overflow: 9223372036854775723 + 8192 cannot be represented in type 'long'
Fixes: 29072/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4812604904177664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d3d9b1fc8e2dfc8b4d66c9916ab7221062ff4660)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Don't use typedef struct MXFTrack {...} MXFTimecodeComponent, in
particular given the fact that MXFTrack is a type of its own.
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
KLV length is BER encoded (variable size), but the code assumed the encoding to
always use 4 bytes.
Fixes parsing Random Index Pack in samples/MXF/issue2160/PW0805A0V01.4C5B5636.EFA330.mxf.
Signed-off-by: Marton Balint <cus@passwd.hu>
This affects the following samples:
samples/ffmpeg-bugs/roundup/issue1775/av_seek_frame_failure.mxf
samples/ffmpeg-bugs/trac/ticket1957/16ch.mxf
samples/ffmpeg-bugs/trac/ticket5016/r0.mxf
samples/ffmpeg-bugs/trac/ticket5016/r1.mxf
samples/ffmpeg-bugs/trac/ticket5316/hq.MXF
samples/ffmpeg-bugs/trac/ticket5316/hqx.MXF
Some AVPacket->pos values are changed because for frame wrapped tracks we point
to the KLV offset and not the data.
Signed-off-by: Marton Balint <cus@passwd.hu>
This causes windows to fail as the timestamp is outside its supported range
Fixes regression & fate
Reviewed-by: Marton Balint <cus@passwd.hu>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It refers to the uncompressed quantization, therefore is not correct for AAC.
Also change mxf_set_pts to work based on current edit unit if
bits_per_coded_sample is not available.
Fixes error messages in the sample of ticket #7366.
Signed-off-by: Marton Balint <cus@passwd.hu>
This way if an index table segment is present multiple times, we can always use
the proper one instead of the invalid one.
Fixes seeking in the sample of ticket #5671.
Signed-off-by: Marton Balint <cus@passwd.hu>
Without this check some crafted files might crash because a packet might be
demuxed which have no corresponding mxf track.
Signed-off-by: Marton Balint <cus@passwd.hu>
Fixes: out of array access
Fixes: mxf-crash-1c2e59bf07a34675bfb3ada5e1ec22fa9f38f923
Found-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
For clip wrapped essences this should work. Also, since index_edit_rate can now
be different from track edit rate, remove overriding track edit rate.
Signed-off-by: Marton Balint <cus@passwd.hu>
Also make sure we set a valid track index sid and a valid track edit rate in
order for the index to be useful.
Signed-off-by: Marton Balint <cus@passwd.hu>