1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00
Commit Graph

127 Commits

Author SHA1 Message Date
Michael Niedermayer
d2faf163bb
avformat/cafdec: Check that data chunk end fits within 64bit
Fixes: signed integer overflow: 64 + 9223372036854775803 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b792e4d4c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-04-03 02:06:03 +02:00
Michael Niedermayer
625ca605f5
avformat/cafdec: dont seek beyond 64bit
Fixes: signed integer overflow: 64 + 9223372036854775807 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d973fcbcc2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-04-03 02:06:02 +02:00
Michael Niedermayer
e7d1caf41f
avformat/cafdec: Check that nb_frasmes fits within 64bit
Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d4bb4e3759)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-25 13:52:00 +02:00
Michael Niedermayer
fde82db169 avformat/cafdec: Do not store empty keys in read_info_chunk()
Fixes: Timeout
Fixes: 45543/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5684953164152832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ec28e1d4c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-06 20:27:35 +02:00
Michael Niedermayer
3d2af8afef avformat/cafdec: Check channels
Fixes: signed integer overflow: -1184429040541376544 * 32 cannot be represented in type 'long'
Fixes: 31788/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6236746338664448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 641c1db22b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
ee059d8ef8 avformat/cafdec: Do not build an index if all packets are the same
Fixes: Timeout
Fixes: 28214/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6495999421579264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea12590c8e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
James Almer
0be265e9a1 Revert "lavf: move AVStream.*index_entries* to AVStreamInternal"
This reverts commit cea7c19cda.

Until an API is added to make index_entries public in a proper way, keeping
this here is harmless.
2021-03-23 14:09:27 -03:00
Andreas Rheinhardt
ef3224c911 avformat/caf: Deduplicate codec tags list
Also saves a relocation.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-02-23 10:14:26 +01:00
Michael Niedermayer
684aec6a68 avformat/cafdec: clip sample rate
Fixes: 1.21126e+111 is outside the range of representable values of type 'int'
Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5412960339755008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-24 15:25:00 +01:00
Michael Niedermayer
9dc3301745 avformat/cafdec: Check the return code from av_add_index_entry()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-29 16:10:56 +01:00
Michael Niedermayer
eb46939e3a avformat/cafdec: Check for EOF in index read loop
Fixes: OOM
Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-541296033975500

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-29 16:10:55 +01:00
Michael Niedermayer
5eed718087 avformat/cafdec: Check that bytes_per_packet and frames_per_packet are non negative
These fields are not signed in the spec (1.0) so they cannot be negative
Changing bytes_per_packet to unsigned would not solve this as it is exported
as block_align which is signed

Fixes: Infinite loop
Fixes: 26492/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5632087614554112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-29 16:10:55 +01:00
Anton Khirnov
cea7c19cda lavf: move AVStream.*index_entries* to AVStreamInternal
Those are private fields, no reason to have them exposed in a public
header. Since there are some (semi-)public fields located after these,
even though this section is supposed to be private, keep some dummy
padding there until the next major bump to preserve ABI compatibility.
2020-10-28 14:59:28 +01:00
Andreas Rheinhardt
82d61a9ce3 avformat: Don't free old extradata before ff_alloc/get_extradata
These functions already free it themselves before they allocate the new
extradata.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-12 19:25:33 +01:00
Andreas Rheinhardt
c1e439d7e9 avformat: Forward errors where possible
It is not uncommon to find code where the caller thinks to know better
what the return value should be than the callee. E.g. something like
"if (av_new_packet(pkt, size) < 0) return AVERROR(ENOMEM);". This commit
changes several instances of this to instead forward the actual error.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-12 19:25:33 +01:00
Carl Eugen Hoyos
4d8875ec23 lavf: Constify the probe function argument.
Reviewed-by: Lauri Kasanen
Reviewed-by: Tomas Härdin
2019-03-21 11:42:17 +01:00
Carl Eugen Hoyos
8a788ff5d6 lavf/cafdec: Do not fail for unknown atoms with negative size.
The specification requires the demuxer to only read the data
atom up to its given size, this is necessary as atoms are
allowed at the end of the file.
This patch duplicates the behaviour of the QuickTime player.
2019-01-27 14:14:59 +01:00
Anton Khirnov
5a3b602acd avformat/cafdec: reject multichannel Opus streams
Multichannel Opus streams require channel mapping information in extradata.

Signed-off-by: James Almer <jamrial@gmail.com>
2017-09-19 23:06:42 -03:00
Carl Eugen Hoyos
b4093e60c5 lavf/caf: Support demuxing Opus.
Introduced in macOS High Sierra and iOS 11.
2017-09-20 03:31:48 +02:00
Clément Bœsch
bec96a7286 lavf: use av_fourcc2str() where appropriate 2017-03-29 14:49:29 +02:00
James Almer
4de591e6fb Merge commit '83548fe894cdb455cc127f754d09905b6d23c173'
* commit '83548fe894cdb455cc127f754d09905b6d23c173':
  lavf: fix usage of AVIOContext.seekable

Merged-by: James Almer <jamrial@gmail.com>
2017-03-21 17:02:30 -03:00
Andreas Cadhalpun
baba9c6aef cafdec: prevent overflow during bit rate calculation
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-12-15 01:25:43 +01:00
Anton Khirnov
83548fe894 lavf: fix usage of AVIOContext.seekable
It is supposed to be a flag. The only currently defined value is
AVIO_SEEKABLE_NORMAL, but other ones may be added in the future.
However all the current lavf code treats this field as a bool (mainly
for historical reasons).
Change all those cases to properly check for AVIO_SEEKABLE_NORMAL.
2016-09-30 16:54:33 +02:00
Paul B Mahol
323b8c95e4 avformat: add AVFormatContext to ff_get_extradata()
Needed for av_log() inside that function.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-14 18:21:08 +02:00
Derek Buitenhuis
6f69f7a8bf Merge commit '9200514ad8717c63f82101dc394f4378854325bf'
* commit '9200514ad8717c63f82101dc394f4378854325bf':
  lavf: replace AVStream.codec with AVStream.codecpar

This has been a HUGE effort from:
    - Derek Buitenhuis <derek.buitenhuis@gmail.com>
    - Hendrik Leppkes <h.leppkes@gmail.com>
    - wm4 <nfxjfg@googlemail.com>
    - Clément Bœsch <clement@stupeflix.com>
    - James Almer <jamrial@gmail.com>
    - Michael Niedermayer <michael@niedermayer.cc>
    - Rostislav Pehlivanov <atomnuker@gmail.com>

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-10 20:59:55 +01:00
Anton Khirnov
9200514ad8 lavf: replace AVStream.codec with AVStream.codecpar
Currently, AVStream contains an embedded AVCodecContext instance, which
is used by demuxers to export stream parameters to the caller and by
muxers to receive stream parameters from the caller. It is also used
internally as the codec context that is passed to parsers.

In addition, it is also widely used by the callers as the decoding (when
demuxer) or encoding (when muxing) context, though this has been
officially discouraged since Libav 11.

There are multiple important problems with this approach:
    - the fields in AVCodecContext are in general one of
        * stream parameters
        * codec options
        * codec state
      However, it's not clear which ones are which. It is consequently
      unclear which fields are a demuxer allowed to set or a muxer allowed to
      read. This leads to erratic behaviour depending on whether decoding or
      encoding is being performed or not (and whether it uses the AVStream
      embedded codec context).
    - various synchronization issues arising from the fact that the same
      context is used by several different APIs (muxers/demuxers,
      parsers, bitstream filters and encoders/decoders) simultaneously, with
      there being no clear rules for who can modify what and the different
      processes being typically delayed with respect to each other.
    - avformat_find_stream_info() making it necessary to support opening
      and closing a single codec context multiple times, thus
      complicating the semantics of freeing various allocated objects in the
      codec context.

Those problems are resolved by replacing the AVStream embedded codec
context with a newly added AVCodecParameters instance, which stores only
the stream parameters exported by the demuxers or read by the muxers.
2016-02-23 17:01:58 +01:00
Michael Niedermayer
29d147c94d Merge commit '059a934806d61f7af9ab3fd9f74994b838ea5eba'
* commit '059a934806d61f7af9ab3fd9f74994b838ea5eba':
  lavc: Consistently prefix input buffer defines

Conflicts:
	doc/examples/decoding_encoding.c
	libavcodec/4xm.c
	libavcodec/aac_adtstoasc_bsf.c
	libavcodec/aacdec.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.h
	libavcodec/asvenc.c
	libavcodec/avcodec.h
	libavcodec/avpacket.c
	libavcodec/dvdec.c
	libavcodec/ffv1enc.c
	libavcodec/g2meet.c
	libavcodec/gif.c
	libavcodec/h264.c
	libavcodec/h264_mp4toannexb_bsf.c
	libavcodec/huffyuvdec.c
	libavcodec/huffyuvenc.c
	libavcodec/jpeglsenc.c
	libavcodec/libxvid.c
	libavcodec/mdec.c
	libavcodec/motionpixels.c
	libavcodec/mpeg4videodec.c
	libavcodec/mpegvideo.c
	libavcodec/noise_bsf.c
	libavcodec/nuv.c
	libavcodec/nvenc.c
	libavcodec/options.c
	libavcodec/parser.c
	libavcodec/pngenc.c
	libavcodec/proresenc_kostya.c
	libavcodec/qsvdec.c
	libavcodec/svq1enc.c
	libavcodec/tiffenc.c
	libavcodec/truemotion2.c
	libavcodec/utils.c
	libavcodec/utvideoenc.c
	libavcodec/vc1dec.c
	libavcodec/wmalosslessdec.c
	libavformat/adxdec.c
	libavformat/aiffdec.c
	libavformat/apc.c
	libavformat/apetag.c
	libavformat/avidec.c
	libavformat/bink.c
	libavformat/cafdec.c
	libavformat/flvdec.c
	libavformat/id3v2.c
	libavformat/isom.c
	libavformat/matroskadec.c
	libavformat/mov.c
	libavformat/mpc.c
	libavformat/mpc8.c
	libavformat/mpegts.c
	libavformat/mvi.c
	libavformat/mxfdec.c
	libavformat/mxg.c
	libavformat/nutdec.c
	libavformat/oggdec.c
	libavformat/oggparsecelt.c
	libavformat/oggparseflac.c
	libavformat/oggparseopus.c
	libavformat/oggparsespeex.c
	libavformat/omadec.c
	libavformat/rawdec.c
	libavformat/riffdec.c
	libavformat/rl2.c
	libavformat/rmdec.c
	libavformat/rtpdec_latm.c
	libavformat/rtpdec_mpeg4.c
	libavformat/rtpdec_qdm2.c
	libavformat/rtpdec_svq3.c
	libavformat/sierravmd.c
	libavformat/smacker.c
	libavformat/smush.c
	libavformat/spdifenc.c
	libavformat/takdec.c
	libavformat/tta.c
	libavformat/utils.c
	libavformat/vqf.c
	libavformat/westwood_vqa.c
	libavformat/xmv.c
	libavformat/xwma.c
	libavformat/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 23:15:19 +02:00
Vittorio Giovara
059a934806 lavc: Consistently prefix input buffer defines
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:59 +01:00
Andreas Cadhalpun
cb7c4f73e5 cafdec: free extradata before allocating it
This fixes a memleak if read_kuki_chunk is executed more than once.

Reviewed-by: Carl Eugen Hoyos <cehoyos@ag.or.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-05-13 20:11:37 +02:00
Andreas Cadhalpun
a3ede6b742 cafdec: check avio_read return value
If avio_read fails, the buffer can contain uninitialized values.

Reviewed-by: Carl Eugen Hoyos <cehoyos@ag.or.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-05-13 20:09:25 +02:00
Michael Niedermayer
a0fe1a25fa Merge commit 'daf8cf358a098a903d59adb6c0d0cc3262a8c93e'
* commit 'daf8cf358a098a903d59adb6c0d0cc3262a8c93e':
  avformat: Don't anonymously typedef structs

Conflicts:
	libavformat/adtsenc.c
	libavformat/aiffenc.c
	libavformat/avidec.c
	libavformat/gif.c
	libavformat/iff.c
	libavformat/img2dec.c
	libavformat/jvdec.c
	libavformat/matroskadec.c
	libavformat/udp.c
	libavformat/wtvdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-14 21:07:40 +01:00
Diego Biurrun
daf8cf358a avformat: Don't anonymously typedef structs 2015-02-14 10:13:47 -08:00
Michael Niedermayer
b0458e62c8 Merge commit '4d5b99dacdbb56373e5abe2ad35fc87b5c0c5bd2'
* commit '4d5b99dacdbb56373e5abe2ad35fc87b5c0c5bd2':
  caf: Give context structure a consistent name

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-09-26 12:24:00 +02:00
Diego Biurrun
4d5b99dacd caf: Give context structure a consistent name 2014-09-26 00:44:41 -07:00
Michael Niedermayer
b07dc81a9e Merge commit '86dfcfd0e30d6645eea2c63c1c60a0550e7c97ea'
* commit '86dfcfd0e30d6645eea2c63c1c60a0550e7c97ea':
  mov: Drop unused parameter from ff_mov_read_esds()

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-19 18:27:51 +02:00
Diego Biurrun
86dfcfd0e3 mov: Drop unused parameter from ff_mov_read_esds()
This is cleaner and avoids an uninitialized variable warning with MSVC.
2014-08-19 06:22:07 -07:00
Paul B Mahol
90b2f31367 cafdec: check for eof in read_info_chunk()
Fixes Ticket #3864
Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2014-08-18 10:32:57 +00:00
James Almer
d34ec64a22 replace calls to url_feof() with avio_feof()
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-08 00:48:38 +02:00
Diego Biurrun
942269fd00 caf: Use correct printf conversion specifiers for POSIX int types 2014-07-28 13:19:05 -07:00
Michael Niedermayer
1f36ebf63a avformat: revert %c changes from d92024f18f
Found-by: ubitux
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-12 05:09:28 +01:00
Michael Niedermayer
28ee7757f5 Merge commit 'd92024f18fa3d69937cb2575f3a8bf973df02430'
* commit 'd92024f18fa3d69937cb2575f3a8bf973df02430':
  lavf: more correct printf format specifiers

Conflicts:
	libavformat/asfdec.c
	libavformat/cafdec.c
	libavformat/dxa.c
	libavformat/framecrcenc.c
	libavformat/hnm.c
	libavformat/iff.c
	libavformat/mov.c
	libavformat/mxfdec.c
	libavformat/rmdec.c
	libavformat/rpl.c
	libavformat/smacker.c
	libavformat/xmv.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-11 21:05:34 +01:00
Diego Biurrun
d92024f18f lavf: more correct printf format specifiers 2014-03-11 13:13:41 +01:00
Michael Niedermayer
773f2a563f avformat/cafdec: use ff_get_extradata()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-12-25 17:23:39 +01:00
Paul B Mahol
a807c68253 avformat: use ff_alloc_extradata()
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2013-10-13 20:13:38 +00:00
Xi Wang
64b7e7dcaf cafdec: fix overflow checking in read_header()
Several compilers such as clang/icc/pathscale will optimize the check
pos + size < pos (assuming size > 0) into false, since signed integer
overflow is undefined behavior in C.  This breaks overflow checking.
Use a safe precondition check instead.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-01-20 21:30:34 +01:00
Michael Niedermayer
a202541f9b cafdec: Check duration before use.
Fix division by 0

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-12-12 01:22:09 +01:00
Michael Niedermayer
076300bf8b Merge commit 'bfe5454cd238b16e7977085f880205229103eccb'
* commit 'bfe5454cd238b16e7977085f880205229103eccb':
  lavf: move ff_codec_get_tag() and ff_codec_get_id() definitions to internal.h
  lavf: move "MP3 " fourcc from riff to nut
  fate: vpx: Add dependencies
  fate: Fix wavpack-matroskamode test dependencies
  x86: dsputilenc: port to cpuflags

Conflicts:
	libavformat/internal.h
	libavformat/nut.c
	tests/fate/vpx.mak

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-11-29 13:45:57 +01:00
Justin Ruggles
bfe5454cd2 lavf: move ff_codec_get_tag() and ff_codec_get_id() definitions to internal.h 2012-11-28 11:18:49 -05:00
Michael Niedermayer
8aa6d899c0 cafdec: fix seeking with adpcm
Fixes Ticket1906

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-11-27 05:03:24 +01:00
Paul B Mahol
e94f429474 cafdec: return right code if EOF is reached
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2012-11-21 10:34:38 +00:00