1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00

1612 Commits

Author SHA1 Message Date
Michael Niedermayer
2b20d0a55f
avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()
Fixes: signed integer overflow: 256 * 668003712 cannot be represented in type 'int'
Fixes: 59819/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4674636538052608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a4bf559683a999c8faa408fdd8f29bd28a6a47ea)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-12-21 22:43:45 +01:00
Michael Niedermayer
8b43d791be
avcodec/utils: the IFF_ILBM implementation assumes that there are a multiple of 16 allocated
Fixes: out of array access
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5124452659888128
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6362836707442688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 34056a94eab5f8fbc7e0b8510f7c9851931f23b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-12-21 22:43:41 +01:00
Michael Niedermayer
bc9e149c2a
avcodec/utils: Ensure linesize for SVQ3
Fixes: Assertion block_w * sizeof(uint8_t) <= ((buf_linesize) >= 0 ? (buf_linesize) : (-(buf_linesize))
Fixes: 54861/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5352418248622080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4eef658ca59d3d6ba46ab52a36d7faf5fe820874)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-04-07 23:40:44 +02:00
Michael Niedermayer
0c5f3c230a
avcodec/utils: allocate a line more for VC1 and WMV3
Fixes: out of array read on 32bit
Fixes: 54857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5840588224462848

The chroma MC code reads over the currently allocated frame.
Alternative fixes would be allocating a few bytes more at the end instead of a whole
line extra or to adjust the threshold where the edge emu code is activated

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01636a63d452c592ece35af6f72bb7affcad58f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-04-07 23:40:44 +02:00
Michael Niedermayer
8478879af6
avcodec/utils: use 32pixel alignment for bink
bink supports 16x16 blocks in chroma planes thus we need to allocate enough.
Fixes: out of array access
Fixes: 55026/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6013915371012096
Reviewed-by: Peter Ross <pross@xvid.org>

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b95b2c8492fc1b52afd8fbe67b3be3cd518485d6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-04-07 23:40:41 +02:00
Michael Niedermayer
32b68a6232 avcodec/utils: Ensure 8x8 alignment for ARGO in avcodec_align_dimensions2()
Fixes: out of array access
Fixes: 39736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-4820016722214912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 17e36fac0b5432f67e25adca7186c57f2dbe1c71)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-21 19:21:14 +02:00
Michael Niedermayer
7d313a14a1 avcodec/utils: ARGO writes 4x4 blocks without regard to the image dimensions
Fixes: out of array access
Fixes: 37197/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5877046382297088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 018b611b4ba74a5cecfb8a75a637b49840e7c320)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-05 23:19:39 +02:00
James Almer
07dec5b0c3 avcodec/utils: don't return negative values in av_get_audio_frame_duration()
In some extrme cases, like with adpcm_ms samples with an extremely high channel
count, get_audio_frame_duration() may return a negative frame duration value.
Don't propagate it, and instead return 0, signaling that a duration could not
be determined.

Fixes ticket #9312

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e01d306c647b5827102260b885faa223b646d2d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-09-08 23:12:50 +02:00
Michael Niedermayer
417bc2a5b0 avcodec/utils: Use 64bit for intermediate in AV_CODEC_ID_ADPCM_THP* duration calculation
Fixes: signed integer overflow: 486539264 * 14 cannot be represented in type 'int'
Fixes: 35281/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6068262742917120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 00ae9b77ef757f82660b4b3d2f490374a4f209fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-09-08 21:31:50 +02:00
Michael Niedermayer
a21c64199c avcodec/utils: do "calc from frame_bytes, channels, and block_align" in 64bit
Fixes: signed integer overflow: 104962766 * 32 cannot be represented in type 'int'
Fixes: 33614/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6252129036664832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3447979d08d701581a65f7275425cb1a59302319)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
82de510a59 avcodec/utils: treat PAL8 for jpegs similar to other colorspaces
Fixes: out of array access
Fixes: 33713/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5778775641030656
Fixes: 33717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4960397238075392
Fixes: 33718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-5314270096130048.fuzz
Fixes: 33719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5352721864589312
Fixes: 33721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5938892055379968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f0ce023ddb8863d16ab650fcc0731851a55db084)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
246b3d58a9 avcodec/utils: Check ima wav duration for overflow
Fixes: signed integer overflow: 44331634 * 65 cannot be represented in type 'int'
Fixes: 32120/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-5760221223583744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f40e9b13554d88cbdd6cd2b4a3da2cbea9590f5d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
James Almer
f47d7a3b42 avcodec: move core AVCodecContext functions from util.c to a new file
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-19 15:35:35 -03:00
James Almer
4057a060f6 avcodec: move AVCodecParameters related functions from util.c to a new file
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-19 15:33:54 -03:00
Anton Khirnov
30a69b1625 lavc: drop unused argument from lock_avcodec() 2021-03-16 11:09:58 +01:00
Anton Khirnov
55c083f08a lavc: drop ff_ prefix from ff_(un)lock_avcodec
It is unnecessary and misleading, as those are static functions.
2021-03-16 11:09:48 +01:00
Anton Khirnov
b006a84a97 lavc: move decoder bsf init into decoder-specific code 2021-03-16 11:09:44 +01:00
Anton Khirnov
20aec597d0 lavc: factor decoder validation/setup from avcodec_open2() 2021-03-16 11:09:36 +01:00
Anton Khirnov
3f53c84847 lavc: factor out encoder init/validation from avcodec_open2()
avcodec_open2() is massive, splitting it makes it more readable.

Also, add a missing error code to ticks_per_frame sanity check.
2021-03-16 10:52:27 +01:00
Anton Khirnov
8a129077cc lavc: replace internal use of AV_CODEC_CAP_AUTO_THREADS with an internal cap
AV_CODEC_CAP_AUTO_THREADS was originally added in b4d44a45f9a to mark
codecs that spawn threads internally and are able to select an optimal
threads count by themselves (all such codecs are wrappers around
external libraries). It is used by lavc generic code to check whether it
should handle thread_count=0 itself or pass the zero directly to the
codec implementation. Within this meaning, it is clearly supposed to be
an internal cap rather than a public one, since from the viewpoint of a
libavcodec user, lavc ALWAYS handles thread_count=0. Whether it happens
in the generic code or within the codec internals is not a meaningful
difference for the caller.

External aspects of this flag will be dealt with in the following
commit.
2021-03-16 10:34:29 +01:00
Michael Niedermayer
0f441b9063 avcodec/utils: Use more bits for intermediate for AV_CODEC_ID_ADPCM_MS
Fixes: signed integer overflow: 1172577312 * 2 cannot be represented in type 'int'
Fixes: 29924/clusterfuzz-testcase-minimized-ffmpeg_dem_BOA_fuzzer-4882912874594304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-15 22:24:31 +01:00
James Almer
77ce903f7a avcodec/utils: free last_pkt_props on avcodec_open2() failure
Regression since b34d1de8dc

Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-03 18:05:15 -03:00
James Almer
b34d1de8dc avcodec/decode: port last_pkt_props to AVFifoBuffer
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-03 13:10:27 -03:00
Paul B Mahol
5111707df6 avcodec: add SGA PCM decoder 2021-03-01 17:36:16 +01:00
Paul B Mahol
89e2fbceee avcodec/utils: unbreak BINKAUDIO_DCT duration calculation 2021-02-04 17:54:13 +01:00
Anton Khirnov
9e30859cb6 lavc: shedule old encoding/decoding API for removal
It has been deprecated for 4 years and certain new codecs do not work
with it.

Also include AVCodecContext.refcounted_frames, as it has no effect with
the new API.
2021-01-26 17:05:58 +01:00
Michael Niedermayer
2488ba85a0 avcodec/utils: Check for integer overflow in get_audio_frame_duration() for ADPCM_DTK
Fixes: signed integer overflow: 131203586 * 28 cannot be represented in type 'int'
Fixes: 26817/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6296902548848640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-23 01:05:25 +01:00
Michael Niedermayer
8aadae670f avcodec/utils: Check bitrate for overflow in get_bit_rate()
Fixes: signed integer overflow: 617890810133996544 * 16 cannot be represented in type 'long'
Fixes: 26565/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5092054700654592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-19 20:07:56 +01:00
Andreas Rheinhardt
5766c8e968 avcodec/utils: Remove ff_codec_open2_recursive()
This function existed to enable codecs with non-threadsafe init functions
to initialize other codecs despite the fact that normally no two codecs
with non-threadsafe init functions can be initialized at the same time
(there is a mutex guarding this). Yet there are no users of this
function any more as all users have been made thread-safe (switching
away from ff_codec_open2_recursive() was required for this as said
function requires the caller to hold the lock to the mutex guarding the
initializations and this is only true for codecs with the
FF_CODEC_CAP_INIT_THREADSAFE flag unset); so remove it.

Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-12-04 15:46:46 +01:00
Michael Niedermayer
81503ac58a avcodec/utils: Require a non zero channels unless AV_CODEC_CAP_CHANNEL_CONF is set
This avoids per codec checks for channels not being 0

Fixes: division by 0
Fixes: 25419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FASTAUDIO_fuzzer-5632544761184256
Fixes: 25433/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FASTAUDIO_fuzzer-6215671900536832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: Paul B Mahol <onemda@gmail.com>
See: [FFmpeg-devel] [PATCH 1/3] avcodec/fastaudio: Check channel
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-28 00:41:51 +01:00
Anton Khirnov
a83098ab03 avcodec: deprecate thread_safe_callbacks
They add considerable complexity to frame-threading implementation,
which includes an unavoidably leaking error path, while the advantages
of this option to the users are highly dubious.

It should be always possible and desirable for the callers to make their
get_buffer2() implementation thread-safe, so deprecate this option.
2020-11-27 15:46:50 +01:00
James Almer
d2dcb113f8 avcodec/utils: clear the packet props queue on flushing
This ensures no queued timestamps or side data are kept and used after
seeking, preventing potential desyncs.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-11-09 15:57:56 -03:00
Zane van Iperen
555f5c1fc5
avcodec: add adpcm_ima_amv encoder
Fixes ticket #747.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-11-09 14:58:38 +10:00
Zane van Iperen
d6912294d3
avcodec/adpcm_ima_amv: restrict to 1 channel
The format doesn't allow for anything else.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-11-09 14:58:30 +10:00
Zane van Iperen
2433b62f79
avcodec/utils: add adpcm_ima_alp to av_get_exact_bits_per_sample()
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-11-03 12:25:01 +10:00
Michael Niedermayer
ec7e0d4288 avcodec/utils: Check sample rate before use for AV_CODEC_ID_BINKAUDIO_DCT in get_audio_frame_duration()
Fixes: shift exponent 95 is too large for 32-bit type 'int'
Fixes: 26590/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-5120609937522688

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-29 20:42:48 +01:00
Anton Khirnov
0438521888 lavc: un-avpriv avpriv_bprint_to_extradata()
It has not been used outside of lavc since 6f69f7a8bf6.

Also, move it to the only place where it is used.
2020-10-28 13:53:23 +01:00
Michael Niedermayer
01bb12f883 avcodec/utils: Check for overflow with ATRAC* in get_audio_frame_duration()
Fixes: signed integer overflow: 1024 * 13129048 cannot be represented in type 'int'
Fixes: 26378/clusterfuzz-testcase-minimized-ffmpeg_dem_CODEC2RAW_fuzzer-5634018353348608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-17 14:36:11 +02:00
James Almer
137a36bdfc avcodec/utils: add missing FF_API_TAG_STRING check
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-01 22:43:28 -03:00
Andreas Rheinhardt
66eadb3926 avcodec/utils: Reindentation
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 13:35:28 +02:00
Andreas Rheinhardt
b8e0ceda11 avcodec/utils: Also free encoder extradata on avcodec_open2() error
It is owned by libavcodec for encoders.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 13:34:57 +02:00
Andreas Rheinhardt
d1dcc20126 avcodec/utils: Don't forget cleaning up when allocating priv_data fails
Allocating an AVCodecContext's priv_data used to be the first object
allocated in avcodec_open2(), so it was unnecessary to goto free_and_end
(which does the cleanup) upon error here. But this is no longer so since
f3a29b750a5979ae6847879fba758faf1fae88d0.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 13:19:42 +02:00
Andreas Rheinhardt
c6e54d14c5 avcodec/utils: Improve check for freeing codec private options
Don't check for AVCodec.priv_data_size (which is always true if
AVCodec.priv_class is set). Instead check for AVCodecContext.priv_data
to actually exist.

(Note: av_opt_free(NULL) is a no-op.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 13:18:18 +02:00
Andreas Rheinhardt
502c5fe101 avcodec/utils: Remove always-true check
The first thing avcodec_open2() allocates is the AVCodecInternal. If
allocating it fails, a jump to end occurs; but if an error happens after
its allocation, a jump to free_and_end happens which frees all
allocations performed so far and then jumps to end. Yet free_and_end
contained a check for AVCodecInternal (after having already dereferenced
it to check whether ff_thread_free() needs to be called) which is of
course always true. So remove it.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 12:50:57 +02:00
Andreas Rheinhardt
5bc74d06da avcodec/utils: Only call codec->close if init has been called
avcodec_open2() also called the AVCodec's close function if an error
happened before init had ever been called if the AVCodec has the
FF_CODEC_CAP_INIT_CLEANUP flag set. This is against the documentation of
said flag: "The codec allows calling the close function for deallocation
even if the init function returned a failure."

E.g. the SVQ3 decoder is not ready to be closed if init has never been
called.

Fixes: NULL dereference
Fixes: 25762/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5716279070294016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-29 21:18:19 +02:00
James Almer
022a12b306 avcodec/decode: use a packet list to store packet properties
Keeping only the latest packet fed to the decoder works only for decoders that
return a frame immediately after every consumed packet. Decoders that consume
several packets before they return a frame will fill said frame with properties
taken from the last consumed packet instead of the earliest.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-15 09:53:39 -03:00
James Almer
6a5b38ef44 avcodec/utils: make the src paramater for ff_thread_ref_frame const
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-11 10:36:57 -03:00
Andreas Rheinhardt
0086432fc7 fftools, libavcodec, libavfilter: Add const to some AVCodec *
The user has no business modifying the underlying AVCodec.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-11 14:42:36 +02:00
Paul B Mahol
1304078d3c avcodec: add FastAudio decoder 2020-09-03 18:07:58 +02:00
Paul B Mahol
a1caa16d45 avcodec: add ADPCM IMA MOFLEX decoder 2020-09-03 18:06:50 +02:00