1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Commit Graph

101640 Commits

Author SHA1 Message Date
Michael Niedermayer
712d3ac539 avformat/ipmovie: Free packets allocated in header reading
Fixes: memleaks
Fixes: 29905/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5679700745781248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-15 22:24:31 +01:00
Ed Martin
63344337f9 libavformat/hls: Reset options after open_url_keepalive() fails
open_url_keepalive() unsets the options when it uses them, this
includes the offsets for the Range: header. When using the HLS
tag #EXT-X-BYTERANGE along with multiple files, the range options
must be preserved after open_url_keepalive() returns EOF so that
the new file can be opened. Failure to do this results in ignoring
the #EXT-X-BYTERANGE tag and reading the wrong bytes of the file.

To fix it, reset the options before calling io_open() following
open_url_keepalive() reaching EOF

Reviewed-by: Steven Liu <liuqi05@kuaishou.com>
2021-03-15 15:16:20 +08:00
Andreas Rheinhardt
8e77624e84 avcodec/decode: Remove outdated comment
Removing it was forgotten in 417d473bde.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-15 07:03:39 +01:00
Andreas Rheinhardt
520754476d avutil/avstring: Check for memory allocation error in av_escape
av_bprint_finalize() can still fail even when it has been checked that
the AVBPrint is currently complete: Namely if the string was so short
that it fit into the AVBPrint's internal buffer.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-15 06:45:07 +01:00
Andreas Rheinhardt
c2649d5196 avutil/avstring: Limit string length in av_escape to range of int
Otherwise the caller can't distinguish the return value from an error.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-15 06:44:03 +01:00
Andreas Rheinhardt
a581370f54 avcodec/h264_cavlc: Reindent after the previous commit
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-15 06:42:29 +01:00
Andreas Rheinhardt
b41e4f6187 avcodec/h264_cavlc: Remove redundant check
The only caller to ff_h264_decode_init_vlc() already uses
ff_thread_once() for the call; ergo the check via a simple int with
static storage duration in ff_h264_decode_init_vlc() is redundant.
And if it were not redundant, it would be a potential for data races.
So remove it.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-15 06:29:42 +01:00
Michael Niedermayer
cc15bb0bbf doc/APIchanges: Fill in some missing information
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-14 23:42:47 +01:00
Michael Niedermayer
8a3fea802a avcodec/jpegls: Check A[Q] for overflow in ff_jpegls_update_state_regular()
Fixes: Timeout
Fixes: 30912/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5556235476795392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-14 23:29:51 +01:00
Michael Niedermayer
337984c133 avformat/voc_packet: prevent remaining size from becoming negative in ff_voc_get_packet()
Fixes: memleak
Fixes: 30909/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4886284057313280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-14 23:29:51 +01:00
Michael Niedermayer
c94875471e avutil/timecode: Avoid fps overflow
Fixes: Integer overflow and division by 0
Fixes: poc-202102-div.mov

Found-by: 1vanChen of NSFOCUS Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-14 23:29:51 +01:00
Michael Niedermayer
403b35e16e avformat/mvi: Check audio size for more overflows
Fixes: left shift of negative value -352256000
Fixes: 30837/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5755626262888448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-14 23:29:51 +01:00
Michael Niedermayer
1c88098651 avformat/samidec: Deallocate hdr_buf
Fixes: memleak
Fixes: 30841/clusterfuzz-testcase-minimized-ffmpeg_dem_SAMI_fuzzer-4521799196999680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-14 23:29:51 +01:00
Michael Niedermayer
cd3ab3a09b avcodec/cfhd: Fix negative shift in cfhd_decode()
Fixes: left shift of negative value -1
Fixes: 30714/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4867823371419648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-14 23:29:51 +01:00
sgerwk
07de796b5d avdevice/xcbgrab: Add option for grabbing a window
The option allows to select a specific window instead of the whole
screen.

Reviewed-by: Andriy Gelman <andriy.gelman@gmail.com>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2021-03-14 18:16:18 -04:00
James Almer
1af4885014 avcodec: add a mention about get_encode_buffer in the old encode API doxy
Direct users to the callback that should be used to keep supporting user
provided buffers with the new encode API.

Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-14 13:37:01 -03:00
Paul B Mahol
2aece147d5 avfilter/vf_xfade: drop unused frames from inactive inputs 2021-03-14 13:15:21 +01:00
Gyan Doshi
1d61a31497 doc/filters: note default for zoompan's duration 2021-03-14 14:07:24 +05:30
Michael Niedermayer
bd525e2876 avcodec/flacdec: Avoid undefined shift in error case
Fixes: flac_1040988

Reported-by: Thomas Guilbert <tguilbert@google.com>
Reviewed-by: Thomas Guilbert <tguilbert@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-13 21:02:31 +01:00
Michael Niedermayer
09b3040354 avformat/cinedec: Fix index_entries size check
Fixes: out of array access
Fixes: 29868/clusterfuzz-testcase-minimized-ffmpeg_dem_CINE_fuzzer-5692001957445632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-13 21:02:31 +01:00
Michael Niedermayer
0c48c332ee avcodec/h264_metadata_bsf: Check nb_units before accessing the first in h264_metadata_update_fragment()
Fixes: null pointer dereference
Fixes: 29835/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-4712125383704576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-13 21:02:31 +01:00
Michael Niedermayer
4e7dbca74c avformat/aaxdec: Check that segments table has been initialized
Fixes: Timeout
Fixes: 29766/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5635887566290944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-13 21:02:31 +01:00
Michael Niedermayer
36ad2f41e3 avcodec/ffv1dec: Check if trailer is available
Fixes: out of array read
Fixes: 29750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-4808377272238080.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-13 21:02:31 +01:00
Michael Niedermayer
312bcdbfc1 avcodec/exr: Check col/line for integer overflow
Fixes: signed integer overflow: -2272 + -2147483360 cannot be represented in type 'int'
Fixes: 30009/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5005660322398208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-13 21:02:31 +01:00
Marton Balint
c281d84b20 avformat: add Changelog entry for librist and bump minor
Signed-off-by: Marton Balint <cus@passwd.hu>
2021-03-13 17:36:48 +01:00
Marton Balint
5bd1d0f4e7 avformat/librist: clarify and limit buffer_size
As suggested by librist developers.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-03-13 17:36:48 +01:00
Marton Balint
4217e091fe avformat/librist: increase default loglevel
Also remove AV_LOG_SIMULATE from the list as it is not used directly, and do
not use panic level on unknown loglevel, but make them warn. Also fix mapping of
NOTICE/INFO/VERBOSE and add documentation about when the option should actually
be used.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-03-13 17:36:48 +01:00
Marton Balint
7b0832dea8 avformat/librist: simplify secret strlcpy
Signed-off-by: Marton Balint <cus@passwd.hu>
2021-03-13 17:36:48 +01:00
Marton Balint
deffb5ddce avformat/librist: make packet size adjustable for writing, fix it for reading
Maximum packet size is 10000 (RIST_MAX_PACKET_SIZE, which is unfortunately
private) minus the RIST protocol overhead which is 28 bytes for the unencrypted
case, 36 for the encrypted case.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-03-13 17:36:48 +01:00
Marton Balint
4b1e387e25 avformat/librist: rework librist_read
Queue tracking makes no difference so remove it, return EAGAIN of no data is
available and rist data block needs to be freed even for zero sized packets.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-03-13 17:36:48 +01:00
Paul B Mahol
4098f809d6 libavformat: add librist protocol
This work is sponsored by Open Broadcast Systems.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2021-03-13 17:36:48 +01:00
Christopher Degawa
e93403b75f libavutil/timer: Fix clang reserved-user-defined-literal
clang errors when compiling with C++11 about needing spaces between
literal and identifier

Signed-off-by: Christopher Degawa <ccom@randomderp.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-13 11:47:43 -03:00
Marton Balint
b2d0826513 avdevice/pulse_audio_dec: do not read undersized frames
Keep on reading fragments until we got fragment_size amount of data, otherwise
we might get frames with 1-2 samples only if pa_stream_peek is called slightly
less frequently than sample rate.

Note that fragments might contain a lot less data than fragment_size, so
reading multiple fragments to get fragment_size amount of data is intentional.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-03-12 23:55:30 +01:00
Marton Balint
7f059a250b avdevice/pulse_audio_dec: only set adjust latency flag if fragment_size is not set
Otherwise fragment_size is ignored.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-03-12 23:55:30 +01:00
Marton Balint
104aa921c9 avdevice/pulse_audio_dec: query actual fragment size
Signed-off-by: Marton Balint <cus@passwd.hu>
2021-03-12 23:55:30 +01:00
Marton Balint
1a90cf4410 avdevice/alsa_dec: make sure we have enough data in non-blocking mode
Otherwise we might return 1-2 samples per packet if av_read_frame() call rate is
only sligthly less than the stream sample rate.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-03-12 23:55:30 +01:00
James Almer
6e7e3a3820 avcodec: add a get_encode_buffer() callback to AVCodecContext
This callback is functionally the same as get_buffer2() is for decoders, and
implements for the new encode API the functionality of the old encode API had
where the user could provide their own buffers.

Reviewed-by: Lynne <dev@lynne.ee>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-12 19:49:08 -03:00
Mark Thompson
2c96e6cb95 cbs_sei: Detect payload overflows when reading SEI messages
The top-level GetBitContext is sized for the whole NAL unit, so it fails
to detect overflows where a payload continues into the following message.
To fix that, we make a new context on the stack for reading each payload.

Fixes: 29892/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_REDUNDANT_PPS_fuzzer-6310830956216320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Tested-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-12 22:45:33 +00:00
Mark Thompson
b128b0ce22 cbs_h265: Detect more reference combinations which would overflow the DPB
In total, the number of short term references (from the selected short
term ref pic set), the number of long term references (combining both the
used candidates from the SPS and those defined in the slice header) and
the number of instances of the current picture (usually one, but can be
two if current picture reference is enabled) must never exceed the size
of the DPB.  This is a generalisation of the condition associated with
num_long_term_pics in 7.4.7.1.

We use this to apply tighter bounds to the number of long term pictures
referred to in the slice header, and also to detect the invalid case where
the second reference to the current picture would not fit in the DPB (this
case can't be detected earlier because an STRPS with 15 pictures can still
be valid in the same stream when used with a different PPS which does not
require two DPB slots for the current picture).

Fixes: 24913/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-6261760693370880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Tested-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-12 22:45:33 +00:00
Andreas Rheinhardt
ec54c32d4a avcodec/cbs_h26[45]: Remove redundant enum constants
Unused since 8843607f49.

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-12 23:25:23 +01:00
Andreas Rheinhardt
70d226575a avcodec/cbs_sei: Fix leak of AVBufferRef on error
An AVBufferRef (and the corresponding AVBuffer and the underlying actual
buffer) would leak in ff_cbs_sei_add_message() on error in case an error
happened after its creation and before it has been attached to more
permanent storage. Fix this by only creating the AVBufferRef immediately
before attaching it to its intended target position.

(Given that no SEI message currently created is refcounted, the above
can't happen at the moment. But Coverity already nevertheless noticed:
This commit fixes Coverity issue #1473521.)

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-12 23:24:31 +01:00
Andreas Rheinhardt
12a9f3fc09 avcodec/cbs_sei: Don't use -1th element of array
(This affected only suffix SEI messages; yet no such SEI messages are
currently inserted.)

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-12 23:23:26 +01:00
Andreas Rheinhardt
85685297c2 avcodec/cbs: Remove redundant checks for CodedBitstreamContext.codec
Setting this field happens immediately after the allocation in
ff_cbs_init(), so the whole CBS code may presume that any
CodedBitstreamContext has this set. Lots of code already presumed this,
yet ff_cbs_close() did it inconsistently: It checked before checking
whether the CodedBitstreamType has a close function; yet it simply
unconditionally read ctx->codec->priv_class. Coverity complained about
this in issue #1473564, which this commit fixes.

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-12 23:21:35 +01:00
Martin Storsjö
30cd7feb2d avcodec/nvenc: base timestamps on frameIntervalP
If b-frames were enabled implicitly (if max_b_frames wasn't set by
the caller at all, since a0949d0bcb),
we wouldn't offset dts at all, producing invalid pts/dts combinations
(causing loud warnings by ffmpeg, or muxer errors if passed without
an extra cleanup pass).

Instead use frameIntervalP for offsetting, which should always be
accurate.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2021-03-12 22:11:39 +01:00
Andreas Rheinhardt
6e2db67801 avfilter/vf_uspp: Fix leak of packet side data
The uspp filter uses a special option ("no_bitstream") of
the Snow encoder to suppress it from generating output.
The filter therefore did not unref the packet after usage,
believing it to be blank. But this is wrong, as the Snow encoder
attaches quality stats side data to the packet.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-12 19:05:37 +01:00
Andreas Rheinhardt
0858853241 avfilter/vf_uspp: Fix leak of qp-table on error
Fixes Coverity issue #1473500.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-12 19:05:11 +01:00
Andreas Rheinhardt
0364188fb9 avcodec/decode: Reindentation
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-12 18:29:03 +01:00
Andreas Rheinhardt
cc448f8d39 avcodec/decode: Remove always-true check
Forgotten in 1fd7627770.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-12 18:28:20 +01:00
Andreas Rheinhardt
d025a5bcc2 avformat/adp, svs: Remove redundant av_shrink_packet()
av_get_packet() already makes sure that the packet size is accurate
and that the packet data is zero-padded even when one could not read as
much as desired.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-12 17:13:10 +01:00
parazyd
51367267c8 avformat/gopher: Add support for Gopher over TLS
This commit adds a "gophers" handler to the gopher protocol. gophers
is a community-adopted protocol that acts the same way like normal
gopher with the added TLS encapsulation.

The gophers protocol is supported by gopher servers like geomydae(8),
and clients like curl(1), clic(1), and hurl(1).

This commit also adds compilation guards to both gopher and gophers,
since now there are two protocols in the file it makes sense to
have this addition.

Signed-off-by: parazyd <parazyd@dyne.org>
Signed-off-by: Marton Balint <cus@passwd.hu>
2021-03-11 23:47:19 +01:00