1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-12 19:18:44 +02:00
Commit Graph

1584 Commits

Author SHA1 Message Date
Michael Niedermayer
4de4bc06fd avformat/mov: Check dts for overflow in mov_read_trun()
Fixes: signed integer overflow: 9223372034248226491 + 3275247799 cannot be represented in type 'long'
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-4538729166077952

Reported-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-08-29 21:34:38 +02:00
Andreas Rheinhardt
45bfe8b838 avformat/avio: Move internal AVIOContext fields to avio_internal.h
Currently AVIOContext's private fields are all over AVIOContext.
This commit moves them into a new structure in avio_internal.h instead.
Said structure contains the public AVIOContext as its first element
in order to avoid having to allocate a separate AVIOContextInternal
which is costly for those use cases where one just wants to access
an already existing buffer via the AVIOContext-API.
For these cases ffio_init_context() can't fail and always returned zero,
which was typically not checked. Therefore it has been made to not
return anything.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-08-25 23:01:54 +02:00
Gyan Doshi
d905af0c24 avformat/mov: add AVFMT_SHOW_IDS flag
The MOV muxer can store streamids as track ids but they aren't
visible when probing the result via lavf/dump or ffprobe due to
lack of this flag in the demuxer.
2021-08-22 17:55:31 +05:30
Soft Works
6a4f851df7 libavformat/mov: Change log line from debug to trace
It's creating too much noise, even for debug

Signed-off-by: softworkz <softworkz@hotmail.com>
2021-08-07 11:24:59 -03:00
Andreas Rheinhardt
65f9a8e4b8 avformat/mov: Remove pointless EOF checks
9888ffb1ce added checks for EOF
in loops in the mov demuxer as a precaution against timeouts;
yet there is no I/O in the loop when parsing the STSZ atom
as the values are read from an already read buffer. So remove said
checks.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-07-28 22:26:54 +02:00
Andreas Rheinhardt
c2d853c1aa avformat/mov: Fix crash with too big STSZ atoms
mov_read_stsz() did not ensure that every bit of a buffer is addressable
by an int as is required by the get_bits API, leading to a crash in
ticket #9344. Fix this by restricting the size more thoroughly.

The file from said ticket will then be considered invalid; in the
future, we might read and process the data in chunks to actually support
such files.

Fixes ticket #9344.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-07-28 22:26:54 +02:00
Michael Niedermayer
200406d930 avformat/mov: Fix incorrect overflow detection in mov_read_sidx()
Fixes: signed integer overflow: 9223372036854775807 + 1442840321 cannot be represented in type 'long'
Fixes: 33670/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644379491106816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-07-28 19:15:26 +02:00
Michael Niedermayer
7666d588ba avformat/mov: Avoid undefined overflow in time_offset calculation
Fixes: signed integer overflow: 8511838621821575200 - -3954125146725285889 cannot be represented in type 'long'
Fixes: 33414/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6610119325515776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-07-22 23:33:26 +02:00
Michael Niedermayer
c52c99a18f avformat/mov: do not ignore errors in mov_metadata_hmmt()
Fixes: Timeout
Fixes: 35637/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6311060272447488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-07-17 10:48:27 +02:00
Martin Storsjö
13ec6624b3 mov: Don't export unknown/unhandled metadata types as if they were UTF8
They can be other incompatible text encodings (such as UTF-16),
or even binary data.

Signed-off-by: Martin Storsjö <martin@martin.st>
2021-07-15 10:25:39 +03:00
Martin Storsjö
a99dd5f6a4 mov: Pick up "com.apple.quicktime.artwork" as cover art
Signed-off-by: Martin Storsjö <martin@martin.st>
2021-07-15 10:25:35 +03:00
Andreas Rheinhardt
c6e9672b50 avformat/mov: Simplify cleanup after read_header failure
By default, a demuxer's read_close function is not called automatically
if an error happens when reading the header; instead it is up to the
demuxer to clean up after itself in this case. The mov demuxer did this
by calling its read_close function when it encountered some errors when
reading the header.

This commit changes this by setting the FF_FMT_INIT_CLEANUP flag so that
mov_read_close() is automatically called when an error happens when
reading the header.

(Btw: mov_read_close() is not idempotent: Calling it twice is
dangerouos, because MOVContext.frag_index.item will be av_freep'ed,
yet MOVContext.frag_index.nb_items won't be reset. So the calls to
mov_read_close() have to be removed before the switch to freeing
generically.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-07-07 23:50:02 +02:00
Michael Niedermayer
f54d85cee6 avformat/mov: Check for duplicate mdcv
Fixes: memleak
Fixes: 34932/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5456227658235904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-12 14:22:42 +02:00
Gyan Doshi
071930de72 avformat/mov: add option to use tfdt for fragment timestamps. 2021-06-02 10:46:04 +05:30
Michael Niedermayer
9548dc74d8 avformat/mov: Ignore duplicate CoLL
Fixes: memleak
Fixes: 32146/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5377612845285376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-05-12 23:00:07 +02:00
Michael Niedermayer
299a56c900 avformat/mov: Limit nb_chapter_tracks to input size
Fixes: Timeout (15k loop iterations instead of 400m)
Fixes: 31368/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6601583174483968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-05-12 23:00:07 +02:00
Jan Ekström
45e3b6a68b avformat/mov: remove special handling of av1c extradata
Libavcodec can now handle the AV1CodecConfigurationRecord structure
as-is when passed as extradata, so the standard behavior of
read-box-into-extradata should suffice, just like with AVC and HEVC.
2021-05-08 15:27:00 +03:00
James Almer
b9c5fdf602 avformat: move AVStream.{parser,need_parsing} to AVStreamInternal
Those are private fields, no reason to have them exposed in a public
header.

Signed-off-by: James Almer <jamrial@gmail.com>
2021-05-07 09:27:21 -03:00
James Almer
55475b3289 avformat/mov: don't save a copy of the packet's AVBufferRef on DV streams
It's no longer needed.

Signed-off-by: James Almer <jamrial@gmail.com>
2021-05-06 09:44:42 -03:00
Andreas Rheinhardt
bc70684e74 avformat: Constify all muxer/demuxers
This is possible now that the next-API is gone.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2021-04-27 11:48:06 -03:00
James Almer
3749eede66 avformat: remove deprecated AVStream.codec
Signed-off-by: James Almer <jamrial@gmail.com>
2021-04-27 11:47:24 -03:00
Andreas Rheinhardt
ef6a9e5e31 avutil/buffer: Switch AVBuffer API to size_t
Announced in 14040a1d91.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2021-04-27 10:43:13 -03:00
Andreas Rheinhardt
7b6012efaa avformat/mov, movenc: Stop exporting rotation via metadata
Deprecated in ddef3d902f.

(The reference file of the mov-zombie test needed to be updated, because
a rotate metadata tag is no longer exported; the side-data is of course
still present.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2021-04-27 10:43:09 -03:00
Michael Niedermayer
ee53bb2399 avformat/mov: check for pts overflow in mov_read_sidx()
Fixes: signed integer overflow: 9223372036846336888 + 4278255871 cannot be represented in type 'long'
Fixes: 32782/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6059216516284416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-22 15:06:55 +02:00
Vittorio Giovara
918273aa3e mov: Prioritize aspect ratio values found in pasp atom
From the ISO/IEC specification for MP4:
  The pixel aspect ratio and clean aperture of the video may be specified
  using the ‘pasp’ and ‘clap’ sample entry boxes, respectively. These are
  both optional; if present, they over-ride the declarations (if any) in
  structures specific to the video codec, which structures should be
  examined if these boxes are absent. For maximum compatibility, these
  boxes should follow, not precede, any boxes defined in or required by
  derived specifications.

Fixes trac/#7277.
2021-04-15 16:21:58 +02:00
Vittorio Giovara
9afde28093 mov: Skip computing SAR from invalid display matrix elements 2021-04-06 16:52:07 +02:00
Michael Niedermayer
0f6a3405e8 avformat/mov: check offset for overflow in mov_probe()
Fixes: Invalid read of size 4
Fixes: ASAN_Deadlysignal.zip

Found-by: Hardik Shah <hardik05@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-05 18:41:59 +02:00
Andreas Rheinhardt
39ecb63d0f avformat: Add and use helper function to add attachment streams
All instances of adding attached pictures to a stream or adding
a stream and an attached packet to said stream have several things
in common like setting the index and flags of the packet, setting
the stream disposition etc. This commit therefore factors this out.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-01 18:23:13 +02:00
Michael Niedermayer
c1fe1114bc avformat/mov: Do not zero memory that is written too or unused
Fixes: OOM
Fixes: 31220/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6033383962574848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-31 23:09:35 +02:00
Michael Niedermayer
2611d20d35 avformat/mov: Ignore multiple STSC / STCO
Fixes: STSC / STCO inconsistency and assertion failure
Fixes: crbug1184666.mp4

Found-by: Chromium ASAN fuzzer
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-31 23:09:35 +02:00
Derek Buitenhuis
f404a2716a avformat/mov: Properly forward error codes from av_seek
This is important, for example, for connection timed out events,
when used over a network, returning AVERROR(ETIMEDOUT).

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2021-03-26 20:04:12 +00:00
Michael Niedermayer
d35677736a avformat/mov: Check sample size for overflow in mov_parse_stsd_audio()
Fixes: signed integer overflow: 2 * 1914708000 cannot be represented in type 'int'
Fixes: 31639/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6303428239294464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Derek Buitenhuis
85f397c828 avformat/mov: Fix extended atom size buffer length check
When extended atom size support was added to probing in
fec4a2d232, the buffer
size check was backwards, but probing continued to work
because there was no minimum size check yet, so despite
size being 1 on these atoms, and failing to read the 64-bit
size, the tag was still correctly read.

When 0b78016b2d introduced a
minimum size check, this exposed the bug, and broke probing
any files with extended atom sizes, such as entirely valid
large files that start whith mdat atoms.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2021-03-21 14:14:36 +00:00
Michael Niedermayer
92fde2585e avformat/mov: Check offset addition for overflow
Fixes: signed integer overflow: 9223372036854775807 + 536870912 cannot be represented in type 'long'
Fixes: 31678/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5614204619980800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-19 23:59:45 +01:00
Derek Buitenhuis
8f1580c31a avformat/mov: Handle when we have an mfra box but have not read the full sidx for a fragment
Use the tfra timestamp if it is available and sidx timestamp is not.

Fixes reading the entire file after seeking in a live-style DASH FMP4
with an MFRA.

This specifically fixes when use_mfra_for is set.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2021-03-17 14:46:48 +00:00
James Almer
e07126f54a avformat: use the buffer_size_t typedef where required
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-10 20:26:36 -03:00
Michael Niedermayer
74c4c53953 avformat/mov: Extend data_size check in mov_read_udta_string()
Fixes: signed integer overflow: -2147483634 - 16 cannot be represented in type 'int'
Fixes: 28322/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5711888402612224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-01 20:19:15 +01:00
Mark Reid
a82a052769 avformat/mov: fix timecode with counter mode flag set
The current behaviour ends up squaring the avg_frame_rate if the conter mode flag is set.
This messes up the timecode calculation, and looks to me as a regression that
seems to have been introduced 428b4aac.

Upon further testing is seems that no special case is need for having the counter flag set.
av_timecode_init appears to handles the timecode correctly, at least in the sample files
I have.

Here is a sample mov file with the counter flag set
https://www.dropbox.com/s/5l4fucb9lhq523s/timecode_counter_mode.mov

before the patch ffmpeg will report the timecode as:
00:37:11:97 and warns that the timecode framerate is 576000000/1002001

after patch:
14:50:55:02

Signed-off-by: Anton Khirnov <anton@khirnov.net>
2021-02-22 11:12:10 +01:00
Michael Niedermayer
1d277b92fa avformat/mov: Check element count in mov_metadata_hmmt()
Fixes: Timeout
Fixes: 30325/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6048395703746560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-16 19:02:24 +01:00
Michael Niedermayer
cb90e1c4d0 avformat/mov: sanity check STSD entries
The choosen value is arbitrary. I am not sure if this is a good idea
but i dont immedeately see an alternative better way, it seems either
an arbitrary limit or OOM

Fixes: OOM
Fixes: 27492/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6194970578649088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-14 19:55:02 +01:00
Michael Niedermayer
0b78016b2d avformat/mov: Ignore tags with invalid size during probing
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 21:14:47 +01:00
Michael Niedermayer
1ad6801a61 avformat/mov: Factor offset advancement out in probing
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 21:14:47 +01:00
Michael Niedermayer
941e747d66 avformat/mov: simplify size code in probing a bit
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 21:14:47 +01:00
Michael Niedermayer
fec4a2d232 avformat/mov: Support size = 1 and size = 0 special cases in probing
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 21:14:47 +01:00
Michael Niedermayer
658f0606cb avformat/mov: Check for duplicate st3d
Fixes: memleak
Fixes: 29585/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6594188688490496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 12:28:30 +01:00
Michael Niedermayer
2c60eb6c5a avformat/mov: factor size out of probe code
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-09 19:37:27 +01:00
Michael Niedermayer
4f70e1ec0c avformat/mov: Use av_mul_q() to avoid integer overflows
Fixes: signed integer overflow: 538976288 * 538976288 cannot be represented in type 'int'
Fixes: 27473/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5758978289827840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-04 23:34:29 +01:00
Michael Niedermayer
8c9a5a0fe9 avformat/mov: Check a.size before computing next_root_atom
Fixes: signed integer overflow: 64 + 9223372036854775799 cannot be represented in type 'long'
Fixes: 27563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6244650163372032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-19 00:05:50 +01:00
Matthieu Bouron
2e17435480 avformat/mov: adjust skip_samples according to seek timestamp
Currently skip_samples is set to start_pad if sample_time is lesser or
equal to 0. This can cause issues if the stream starts with packets that
have negative pts. Calling avformat_seek_file() with ts set to 0 on such
streams makes the mov demuxer return the right corresponding packets
(near the 0 timestamp) but set skip_samples to start_pad which is
incorrect as the audio decoder will discard the returned samples
according to skip_samples from the first packet it receives (which has
its timestamp near 0).

For example, considering the following audio stream with start_pad=1344:

 [PKT pts=-1344] [PKT pts=-320] [PKT pts=704] [PKT pts=1728] [...]

Calling avformat_seek_file() with ts=0 makes the next call to
av_read_frame() return the packet with pts=-320 and a skip samples
side data set to 1344 (start_pad). This makes the audio decoder
incorrectly discard (1344 - 320) samples.

This commit makes the move demuxer adjust skip_samples according to the
stream start_pad, seek timestamp and first sample timestamp.

The above example will now result in av_read_frame() still returning the
packet with pts=-320 but with a skip samples side data set to 320
(src_pad - (seek_timestamp - first_timestamp)). This makes the audio
decoder only discard 320 samples (from pts=-320 to pts=0).

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-09 17:08:27 +01:00
Michael Niedermayer
0afbaabdca avformat/mov: Check if hoov is at the end
Fixes: Timeout, probably infinite loop
Fixes: 26559/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5391165484171264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-19 20:07:56 +01:00