1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00
Commit Graph

111 Commits

Author SHA1 Message Date
Michael Niedermayer
1957095e80 avformat/swfdec: Check outlen before allocation
Fixes: Timeout (too long -> 241ms)
Fixes: 29083/clusterfuzz-testcase-minimized-ffmpeg_dem_SWF_fuzzer-6273684478230528

The source of the magic number is
A very quick simulation of the best case compression for "compress"
below is not nice written code as i did not expect I or anyone else
would ever see it again

I would have preferred some nicer expression or course, but thats
what it seems to be asymptotically. For smaller amounts of data a
tighter bound is possible but i saw no nice way to consider that
and it seems also overkill to try to do it more fine grained for
just this

main(){
    int64_t bits = 0;
    int bank = 256;
    int bitbank = 8;
    for(unsigned i = 0; i<1024*1024*1024*4U-100000;) {
        int word_size = bank-255;
        i += word_size;
        bits += bitbank;

        if (!(bank & (bank-1)))
            bitbank ++;
        bank++;
        if (bitbank > 16) {
            printf("BEST %f \n", 8.0 * i / bits );
            bank = 256;
            bitbank = 8;
        }
    }
}

above assumes i remembered correctly how the algorithm works but the
value was close to what actual compession of zeros gave

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-08 22:08:49 +01:00
Marton Balint
daac7f4d9c avformat/swf: add support for reading and writing VP6A and Flash Screen Video codecs
Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-23 20:10:05 +01:00
Michael Niedermayer
aea8d4061d avformat/swfdec: Allocate output buffer after reading input
Fixes: Timeout (>10sec -> 0.26sec)
Fixes: 27419/clusterfuzz-testcase-minimized-ffmpeg_dem_SWF_fuzzer-5678307361947648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-24 15:25:00 +01:00
Anton Khirnov
456b170bd7 lavf: move AVStream.{*skip_samples.*_discard_sample} to AVStreamInternal
Those are private fields, no reason to have them exposed in a public
header.
2020-10-28 14:56:20 +01:00
Andreas Rheinhardt
3f04c30372 avformat/swfdec: Reorder allocations/initializations
The earlier code would first attempt to allocate two buffers, then
attempt to allocate an AVIOContext, using one of the new buffers I/O
buffer, then check the allocations. On success, a z_stream that is used
in the AVIOContext's read_packet callback is initialized afterwards.

There are two problems with this: In case the allocation of the I/O
buffer fails avio_alloc_context() will be given a NULL read buffer
with a size > 0. This works right now, but it is fragile. The second
problem is that the z_stream used in the read_packet callback is not
functional when avio_alloc_context() is allocated (it might be that
avio_alloc_context() might already fill the buffer in the future). This
commit fixes both of these problems by reordering the operations.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-23 17:09:01 +02:00
Andreas Rheinhardt
28dc0c20cc avformat/swfdec: Fix memleaks on error
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-23 17:09:01 +02:00
Andreas Rheinhardt
913aa4204a avformat/swf: Separate mux and demux contexts
There was almost no overlap between them: The only field used by both
was an int named samples_per_frame. Therefore this commit separates
them.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-20 18:34:48 +02:00
Andreas Rheinhardt
ef29e5bf42 avformat/swfdec: Avoid unnecessary skip
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-20 11:14:26 +02:00
Andreas Rheinhardt
6a67d518d6 avformat: Remove unnecessary av_packet_unref()
Since bae8844e the packet will always be unreferenced when a demuxer
returns an error, so that a lot of calls to av_packet_unref() in lots of
demuxers are now redundant and can be removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
2020-02-10 22:41:38 +01:00
Steven Liu
70c6e84069 avformat/swfdec: fix memleak when inflateInit failed
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2019-10-28 14:26:20 +08:00
Carl Eugen Hoyos
4d8875ec23 lavf: Constify the probe function argument.
Reviewed-by: Lauri Kasanen
Reviewed-by: Tomas Härdin
2019-03-21 11:42:17 +01:00
Carl Eugen Hoyos
7652af9df0 lavf/swfdec: Reduce score when auto-detecting swf files.
Not more than 32bit are tested.
2018-01-20 15:41:40 +01:00
Anton Khirnov
78a7af823b Use the new AVIOContext destructor.
(cherry picked from commit 6f554521af)
Signed-off-by: James Almer <jamrial@gmail.com>
2017-09-01 02:16:33 -03:00
Moritz Barsnick
468c596a31 lavf: fix typos
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-10-09 20:09:00 +02:00
Michael Niedermayer
d7633ed7a5 avformat/swfdec: Fix memleak on error
Fixes: 9eb9cf5b8c26dd0fa7107ed0348dcc1f/signal_sigabrt_7ffff6ae7c37_8925_1f676b5229d009f2b56dfd9e149fa6ba.swf

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-08-22 01:29:51 +02:00
Michael Niedermayer
a453bbb68f avformat/swfdec: Fix inflate() error code check
Fixes infinite loop
Fixes endless.poc

Found-by: 连一汉 <lianyihan@360.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-08-19 11:00:02 +02:00
Michael Niedermayer
2a3720bc22 avformat/swfdec: Move packet size check before side data allocation
Fixes memleak
Fixes: 9eb9cf5b8c26dd0fa7107ed0348dcc1f/signal_sigabrt_7ffff6ae7c37_8927_f14c2a6ae1ad0bbde2c94f1da50e7074.swf

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-08-19 03:05:52 +02:00
Derek Buitenhuis
6f69f7a8bf Merge commit '9200514ad8717c63f82101dc394f4378854325bf'
* commit '9200514ad8717c63f82101dc394f4378854325bf':
  lavf: replace AVStream.codec with AVStream.codecpar

This has been a HUGE effort from:
    - Derek Buitenhuis <derek.buitenhuis@gmail.com>
    - Hendrik Leppkes <h.leppkes@gmail.com>
    - wm4 <nfxjfg@googlemail.com>
    - Clément Bœsch <clement@stupeflix.com>
    - James Almer <jamrial@gmail.com>
    - Michael Niedermayer <michael@niedermayer.cc>
    - Rostislav Pehlivanov <atomnuker@gmail.com>

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-10 20:59:55 +01:00
Anton Khirnov
9200514ad8 lavf: replace AVStream.codec with AVStream.codecpar
Currently, AVStream contains an embedded AVCodecContext instance, which
is used by demuxers to export stream parameters to the caller and by
muxers to receive stream parameters from the caller. It is also used
internally as the codec context that is passed to parsers.

In addition, it is also widely used by the callers as the decoding (when
demuxer) or encoding (when muxing) context, though this has been
officially discouraged since Libav 11.

There are multiple important problems with this approach:
    - the fields in AVCodecContext are in general one of
        * stream parameters
        * codec options
        * codec state
      However, it's not clear which ones are which. It is consequently
      unclear which fields are a demuxer allowed to set or a muxer allowed to
      read. This leads to erratic behaviour depending on whether decoding or
      encoding is being performed or not (and whether it uses the AVStream
      embedded codec context).
    - various synchronization issues arising from the fact that the same
      context is used by several different APIs (muxers/demuxers,
      parsers, bitstream filters and encoders/decoders) simultaneously, with
      there being no clear rules for who can modify what and the different
      processes being typically delayed with respect to each other.
    - avformat_find_stream_info() making it necessary to support opening
      and closing a single codec context multiple times, thus
      complicating the semantics of freeing various allocated objects in the
      codec context.

Those problems are resolved by replacing the AVStream embedded codec
context with a newly added AVCodecParameters instance, which stores only
the stream parameters exported by the demuxers or read by the muxers.
2016-02-23 17:01:58 +01:00
Hendrik Leppkes
e816fe7401 Merge commit '7570c9e04f010c9b3bfdeb4338d330f2cdd25278'
* commit '7570c9e04f010c9b3bfdeb4338d330f2cdd25278':
  swfdec: support compressed swf

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
2016-01-19 08:58:55 +01:00
Clément Bœsch
7570c9e04f swfdec: support compressed swf
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2016-01-11 15:32:56 -05:00
Hendrik Leppkes
c2f861ca42 Replace remaining occurances of av_free_packet with av_packet_unref 2015-10-27 14:35:30 +01:00
Michael Niedermayer
bd70303ead avformat/swfdec: Check return value of init_get_bits8()
Fixes: CID1322320

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-09-03 10:20:29 +02:00
Ronald S. Bultje
229843aa35 Replace av_dlog with ff_dlog.
ff_dlog checks compilability, and is non-public. av_dlog is deprecated
and no longer exists if FF_API_DLOG=0.
2015-08-18 10:24:01 -04:00
Carl Eugen Hoyos
128e722bc1 lavf/swf: Fix auto-detection of compressed files.
Fixes auto-detection of compressed swf files as in
http://samples.ffmpeg.org/SWF/compressed-swf/
Reported by forum user Zard1096.
2015-08-04 21:34:00 +02:00
Michael Niedermayer
656e9a68c4 avformat/swfdec: Fix "}else" style
Found-by: durandal_170
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-07-08 12:06:17 +02:00
Michael Niedermayer
6a1204a1a4 avformat/swfdec: Do not error out on pixel format changes
Instead print an error and continue

Fixes Ticket4702

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-07-08 02:43:02 +02:00
Michael Niedermayer
b7e506b3b9 avformat/swfdec: Check frame size rectangle in probe()
fixes probetest failure

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-21 21:10:20 +01:00
Michael Niedermayer
c2430304df avformat/swfdec: Do not change the pixel format
This is currently not supported
Fixes part of Ticket 3539

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-09-07 00:39:52 +02:00
Michael Niedermayer
1c55d0ff32 avformat/swfdec: Use side data to communicate w/h changes to the decoder
Fixes reading from freed data
Fixes part of Ticket3539

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-09-02 13:37:07 +02:00
James Almer
d34ec64a22 replace calls to url_feof() with avio_feof()
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-08 00:48:38 +02:00
Michael Niedermayer
f5d039840a avformat/swfdec: clear 4 bytes at the end of a packet if they are not initialized
Fixes use of uninitialized memory
Fixes part of msan_uninit-mem_7f055dd0ab1b_9558_videopop_guitar_300k.swf
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-12-19 05:07:22 +01:00
Michael Niedermayer
e72f5abbc6 avformat/swfdec: check avio_read() return code
Fixes use of uninitialized memory
Fixes part of msan_uninit-mem_7f055dd0ab1b_9558_videopop_guitar_300k.swf
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-12-19 05:07:13 +01:00
Michael Niedermayer
fde74d1b9d avformat/swfdec: check avio_read() return code
Fixes use of uninitialized memory
Fixes msan_uninit-mem_7f90d9cce964_9558_videopop_guitar_300k.swf
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-12-19 01:49:07 +01:00
Michael Niedermayer
9225ebd50d avformat/swfdec: return AVPROBE_SCORE_MAX / 4 for unexpected versions
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-11-10 13:25:35 +01:00
Michael Niedermayer
ff1d81b08c avformat/swfdec: check version and size during probing
Fixes probetest failure

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-11-06 12:44:02 +01:00
Clément Bœsch
580e228557 lavf/swfdec: remove 8-bit audio FIXME.
Implemented since 624fb5f9.
2013-02-21 00:59:31 +01:00
Clément Bœsch
624fb5f965 lavf/swfdec: support 8-bits PCM audio. 2013-02-20 21:49:23 +01:00
Clément Bœsch
9a0076f50c lavf/swfdec: factorize the creation of a new stream.
This also makes the changes of a3949fe11 applicable in both cases.
2013-02-20 21:49:23 +01:00
Michael Niedermayer
8dbc384f15 Merge commit 'd04c17c91363a6b15d1ac2d79c817f3d5e2998b3'
* commit 'd04c17c91363a6b15d1ac2d79c817f3d5e2998b3':
  swfdec: cosmetics: fix indentation

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-12-12 10:16:23 +01:00
Michael Niedermayer
d276f28b7d swfdec: print warning when len is cliped
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-12-12 10:14:06 +01:00
Michael Niedermayer
be5389d585 Merge commit 'e70c5b034c4787377e82cab2d5565486baec0c2a'
* commit 'e70c5b034c4787377e82cab2d5565486baec0c2a':
  swfdec: do better validation of tag length
  Make LOCAL_ALIGNED syntactically similar on all systems

Conflicts:
	libavformat/swfdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-12-12 09:55:56 +01:00
Justin Ruggles
d04c17c913 swfdec: cosmetics: fix indentation 2012-12-11 09:37:17 -05:00
Justin Ruggles
e70c5b034c swfdec: do better validation of tag length
Avoids trying to read a packet with 0 or negative size.
Avoids a potential infinite loop due to seeking backwards.

Partially based on a patch by Michael Niedermayer.
2012-12-11 09:36:26 -05:00
Michael Niedermayer
c73685398d swfdec: check lens validity
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-12-10 17:25:44 +01:00
Carl Eugen Hoyos
0877f64fea Add debug output when skipping unknown swf tags.
Reviewed-by: Clément Bœsch
2012-12-04 15:52:37 +01:00
Michael Niedermayer
799d749c77 Merge remote-tracking branch 'qatar/master'
* qatar/master: (24 commits)
  yop: set channel layout
  wtv: set channel layout for mpeg audio
  westwood_aud: set channel layout
  wc3movie: set channel layout
  tmv: set channel layout
  tiertexseq: set channel layout
  swfdec: set channel layout
  sol: set channel layout
  smacker: set channel layout
  siff: set channel layout
  sierravmd: set channel layout
  rtpdec_amr: set channel layout
  rsodec: set channel layout
  rmdec: set channel layout for RA version 3
  qcp: set channel layout
  psxstr: set channel layout
  omadec: set channel layout
  oggparsespeex: validate channel count and set channel layout
  nuv: set channel layout
  mxg: set channel layout
  ...

Conflicts:
	libavformat/swfdec.c
	libavformat/wtv.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-11-13 11:09:38 +01:00
Michael Niedermayer
abe68364a3 swfdec: check space before copy
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-11-12 19:29:27 +01:00
Justin Ruggles
a3949fe11f swfdec: set channel layout 2012-11-12 10:33:22 -05:00
Clément Bœsch
711ffb84df lavf/swfdec: support DefineBitsLossless{,2} tag. 2012-10-17 07:49:17 +02:00