1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-02 03:06:28 +02:00
Commit Graph

86411 Commits

Author SHA1 Message Date
Michael Niedermayer
4bcde26172 avcodec/dvbsubdec: Use av_image_check_size2()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-10 00:48:07 +02:00
Sasi Inguva
93db5e3fc4 lavf/mov.c: offset index timestamps by the minimum pts to make first pts zero
If the videos starts with B frame, then the minimum composition time
as computed by stts + ctts will be non-zero. Hence we need to shift
the DTS, so that the first pts is zero. This was the intention of that
code-block. However it was subtracting by the wrong amount.

For example, for one of the videos in the bug nonFormatted.mp4 we have

stts:
sample_count  duration
960           1001

ctts:
sample_count  duration
1             3003
2             0
1             3003
....

The resulting composition times are :  3003, 1001, 2002, 6006, ...

The minimum composition time or PTS is 1001, which should be used to
offset DTS. However the code block was wrongly using ctts[0] which is
3003. Hence the PTS was negative. This change computes the minimum pts
encountered while fixing the index, and then subtracts it from all the
timestamps after the edit list fixes are applied.

Samples files available from:

https://bugs.chromium.org/p/chromium/issues/detail?id=721451
https://bugs.chromium.org/p/chromium/issues/detail?id=723537

fate-suite/h264/twofields_packet.mp4 is a similar file starting with 2
B frames. Before this change the PTS of first two B-frames was -6006
and -3003, and I am guessing one of them got dropped when being decoded
and remuxed  to the framecrc before, and now it is not being dropped.

Signed-off-by: Sasi Inguva <isasi@google.com>
2017-06-09 18:13:33 +02:00
Vittorio Giovara
c12e8f5f0b vf_colorspace: Add a pixdesc API alias name for bt2020nc color space 2017-06-09 10:44:11 -04:00
Anton Mitrofanov
d991b3e8a8 x86inc: Remove argument from WIN64_RESTORE_XMM
The use of rsp was pretty much hardcoded there and probably didn't work
otherwise with stack_size > 0.
2017-06-09 13:43:01 +02:00
Henrik Gramner
cd4ca82459 x86inc: Prefer r14/r15 over r12/r13 on x86-64
Due to a peculiarity in the ModR/M addressing encoding, the r12 and r13
registers sometimes requires an additional byte when used as a base register.

r14 and r15 doesn't have that issue, so prefer using them.
2017-06-09 13:43:00 +02:00
Henrik Gramner
88dcdfad09 x86inc: Make REP_RET identical to RET in SSSE3+ functions
There's no point in emitting a rep prefix before ret on modern CPUs.
2017-06-09 13:43:00 +02:00
Henrik Gramner
406e0ddc0b x86inc: Fix call with memory operands
We overload the `call` instruction with a macro, but it would misbehave when
the macro argument wasn't a valid identifier. Fix it by explicitly checking
if the argument is an identifier.
2017-06-09 13:43:00 +02:00
raymondzheng
9f20cc5c84 libavformat/http: return EIO when ffurl_read return 0, but s->off < target_end
Approved-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-09 13:27:44 +02:00
Paul B Mahol
2336c76b22 avfilter/af_sofalizer: switch to libmysofa
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-06-08 22:02:26 +02:00
Aman Gupta
a32a6b4201 lavc: add mpeg2 mediacodec decoder
Android TV and FireOS hardware supports mpeg2 hardware decoding via
MediaCodec.

Signed-off-by: Matthieu Bouron <matthieu.bouron@gmail.com>
2017-06-08 19:16:09 +02:00
Michael Niedermayer
a3b5b60bdf avcodec/indeo4: Check remaining data in Pic hdr extension parsing code
Fixes: Timeout
Fixes: 2115/clusterfuzz-testcase-minimized-6594111748440064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-08 17:37:16 +02:00
Michael Niedermayer
4e3ab1a5c1 avcodec/ac3dec_fixed: Fix multiple runtime error: signed integer overflow: -39271008 * 59 cannot be represented in type 'int'
Fixes: 2113/clusterfuzz-testcase-minimized-6510704959946752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-08 17:37:16 +02:00
Vittorio Giovara
f7f60749e0 vf_colorspace: Add support for jedec p22 primaries
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-06-07 23:39:31 -04:00
Vittorio Giovara
35c76f2e13 vf_colorspace: Add support for smpte248 color primaries 2017-06-07 22:56:11 -04:00
Nedeljko Babic
c8e7fc8d9a MAINTAINERS: Add Manojkumar Bhosale for MIPS, remove myself.
Manojkumar is taking over MIPS maintenance.

Signed-off-by: Nedeljko Babic <nedeljko.babic@imgtec.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-08 01:25:15 +02:00
James Almer
497a4b554c x86/aacpsdsp: fix output of ff_ps_stereo_interpolate_ipdopd_sse3
The fate-aac-al_sbr_ps_04_ur test did not detect this mistake.
2017-06-07 13:53:51 -03:00
wm4
66cf78e932 lavf: consider codec framerate for framerate detection
Fixes detection of some TV sample as 24.5 FPS. With the patch applied,
it's detected as 25 FPS.

This is enabled for mpegts only.
2017-06-07 11:08:06 +02:00
Tyler Jones
34c5200560 vorbisenc: Fix memory leak on errors
Switches temporary samples for processing to be stored in the encoder's
context, avoids memory leaks if any errors occur while encoding a frame.

Fixes CID1412026

Signed-off-by: Tyler Jones <tdjones879@gmail.com>
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2017-06-06 17:57:49 +01:00
Kevin Mark
482566ccc3 libavutil/eval: Add round function to expression parser
We have floor, ceil, and trunc. Let's add round.

Signed-off-by: Kevin Mark <kmark937@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-06 18:31:47 +02:00
Michael Niedermayer
850cbd496f avformat/utils: Slightly un-clutter code in determinable_frame_size() by using a switch
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-06 18:31:47 +02:00
Vittorio Giovara
d9909b11d9 vf_colorspace: Add support for gbr color space
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-06-06 11:22:52 -04:00
Michael Niedermayer
18bca25adb avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 53098 * 40448 cannot be represented in type 'int'
Fixes: 2106/clusterfuzz-testcase-minimized-6136503639998464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-06 16:54:50 +02:00
Michael Niedermayer
c4360559ee avcodec/pafvideo: Fix assertion failure
Fixes: 2100/clusterfuzz-testcase-minimized-4522961547558912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-06 16:54:50 +02:00
Michael Niedermayer
e4efd41b83 avcodec/takdec: Fix multiple runtime error: signed integer overflow: 637072 * 4096 cannot be represented in type 'int'
Fixes: 2079/clusterfuzz-testcase-minimized-5345861779324928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-06 16:54:50 +02:00
Ilia Valiakhmetov
73d9a9a6af libavcodec/vp9: ipred_dl_32x32_16 avx2 implementation
vp9_diag_downleft_32x32_8bpp_c: 580.2
vp9_diag_downleft_32x32_8bpp_sse2: 75.6
vp9_diag_downleft_32x32_8bpp_ssse3: 73.7
vp9_diag_downleft_32x32_8bpp_avx: 72.7
vp9_diag_downleft_32x32_10bpp_c: 1101.2
vp9_diag_downleft_32x32_10bpp_sse2: 145.4
vp9_diag_downleft_32x32_10bpp_ssse3: 137.5
vp9_diag_downleft_32x32_10bpp_avx: 134.8
vp9_diag_downleft_32x32_10bpp_avx2: 94.0
vp9_diag_downleft_32x32_12bpp_c: 1108.5
vp9_diag_downleft_32x32_12bpp_sse2: 145.5
vp9_diag_downleft_32x32_12bpp_ssse3: 137.3
vp9_diag_downleft_32x32_12bpp_avx: 135.2
vp9_diag_downleft_32x32_12bpp_avx2: 94.0

~30% faster than avx implementation

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2017-06-06 08:05:03 -04:00
Stefano Sabatini
dc70ea8c19 lavc/mpegvideo_enc: allow low_delay for non MPEG2 codecs depending on strict_std_compliance
Forcing low_delay can be useful, even if not officially supported.
2017-06-06 09:56:49 +02:00
James Almer
c1503cd95e fate: add fate-adts-id3v1-demux
This test the demuxer discarding non ADTS frames at the beginning and
end of the input.

As a side effect, this commit also enables fate-adts-demux, which was
accidentally disabled in 324f0fbff1.

Tested-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-06-05 20:22:29 -03:00
Michael Niedermayer
4705edbbb9 avcodec/mjpegdec: Check that reference frame matches the current frame
Fixes: out of array read
Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-05 22:43:23 +02:00
Michael Niedermayer
d7cbeab4c1 avcodec/tiff: Avoid loosing allocated geotag values
Fixes memleak
Fixes: 2076/clusterfuzz-testcase-minimized-6542640243802112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-05 22:43:23 +02:00
Michael Niedermayer
1e6ee86d92 avcodec/cavs: Fix runtime error: signed integer overflow: -12648062 * 256 cannot be represented in type 'int'
Fixes: 2067/clusterfuzz-testcase-minimized-5578430902960128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-05 22:43:23 +02:00
Vittorio Giovara
2ef9fc997d ffprobe: Use pixdesc API to provide color space names
This API is more up-to-date, provides names compatible with filters
and external encoders, and is consistent with the other color
property variables.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-06-05 12:18:27 -04:00
Rostislav Pehlivanov
7fc1be9a01 vorbisenc: signal samples to skip
The encoder never actually signalled how many samples to skip.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2017-06-05 16:51:08 +01:00
Tyler Jones
29c13fed68 avcodec/vorbisenc: Use a bufqueue in encoding with smaller lengths
Switching the vorbis encoder to use a buffer queue for input frames allows
saving lookahead samples more easily and safely for psychoacoustic systems,
requiring less pointer arithmetic in the case of transient windows.
2017-06-05 16:35:07 +01:00
Tyler Jones
25260b5161 avcodec/vorbisenc: Include bufqueue and afqueue 2017-06-05 16:35:05 +01:00
Tyler Jones
79941602a3 avcodec/vorbisenc: Use fdsp for applying windows
Using fdsp improves readability and allows using architecture-specific
optimizations.

Signed-off-by: Tyler Jones <tdjones879@gmail.com>
2017-06-05 16:35:03 +01:00
Tyler Jones
610864dc36 avcodec/vorbisenc: Include fdsp
Signed-off-by: Tyler Jones <tdjones879@gmail.com>
2017-06-05 16:35:01 +01:00
Michael Niedermayer
189ff42196 avformat/hls: Check local file extensions
This reduces the attack surface of local file-system
information leaking.

It prevents the existing exploit leading to an information leak. As
well as similar hypothetical attacks.

Leaks of information from files and symlinks ending in common multimedia extensions
are still possible. But files with sensitive information like private keys and passwords
generally do not use common multimedia filename extensions.
It does not stop leaks via remote addresses in the LAN.

The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder becomes sensitive as well.
The only obvious solution is to prevent access to sensitive information. Or to
disable hls or possibly some of its feature. More complex solutions like
checking the path to limit access to only subdirectories of the hls path may
work as an alternative. But such solutions are fragile and tricky to implement
portably and would not stop every possible attack nor would they work with all
valid hls files.

Developers have expressed their dislike / objected to disabling hls by default as well
as disabling hls with local files. There also where objections against restricting
remote url file extensions. This here is a less robust but also lower
inconvenience solution.
It can be applied stand alone or together with other solutions.
limiting the check to local files was suggested by nevcairiel

This recommits the security fix without the author name joke which was
originally requested by Nicolas.

Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-05 13:55:01 +02:00
Michael Niedermayer
c0702ab830 Revert "avformat/hls: Check local file extensions"
Requested-by: Paul B Mahol <onemda@gmail.com>
This reverts commit caf7d6178a.
2017-06-05 13:55:01 +02:00
Rostislav Pehlivanov
10b7adf79d fate: add test for the Dirac low delay profile
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2017-06-05 06:10:40 +01:00
James Almer
933dd62288 x86/aacpsdsp: optimize ff_ps_mul_pair_single_sse
~2% faster.
2017-06-04 23:29:56 -03:00
Sysiphus
caf7d6178a avformat/hls: Check local file extensions
This reduces the attack surface of local file-system
information leaking.

It prevents the existing exploit leading to an information leak. As
well as similar hypothetical attacks.

Leaks of information from files and symlinks ending in common multimedia extensions
are still possible. But files with sensitive information like private keys and passwords
generally do not use common multimedia filename extensions.
It does not stop leaks via remote addresses in the LAN.

The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder becomes sensitive as well.
The only obvious solution is to prevent access to sensitive information. Or to
disable hls or possibly some of its feature. More complex solutions like
checking the path to limit access to only subdirectories of the hls path may
work as an alternative. But such solutions are fragile and tricky to implement
portably and would not stop every possible attack nor would they work with all
valid hls files.

Developers have expressed their dislike / objected to disabling hls by default as well
as disabling hls with local files. There also where objections against restricting
remote url file extensions. This here is a less robust but also lower
inconvenience solution.
It can be applied stand alone or together with other solutions.
limiting the check to local files was suggested by nevcairiel

Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-05 03:03:11 +02:00
Kevin Mark
4af496473a FATE: Add test for libavfilter/scale2ref
This new FATE test for the scale2ref filter makes use of the recently
added scale2ref-specific variables to maintain the aspect ratio of a
test input.

Filtergraph explanation:
[main] has an AR of 4:3. [ref] has an AR of 16:9.
640 / 4 = 160. So the new width for [main] is 160.
160 / ((320 / 240) * (1 / 1)) = 160 / (4 / 3) = 120. So the new
height for [main] is 120.
160 / 120 = 4 / 3 so [main]'s aspect ratio has been maintained while
using [ref]'s width as a reference point.

[ref] is nullsink'd since it is left unchanged by scale2ref (and so
shouldn't need to be tested).

If we were to use "iw/4:-1" in place of "iw/4:ow/mdar":
640 / 4 = 160. So the new width for [main] would be 160.
360 / 4 = 90. So the new height for [main] would be 90.
160 / 90 = 16 / 9 so [main] now has the same aspect ratio as [ref]
which is probably what you do not want.

This is currently the only test for scale2ref.

Signed-off-by: Kevin Mark <kmark937@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-05 01:50:25 +02:00
Michael Niedermayer
46b865ea9f avcodec/qdrw: Fix null pointer dereference
The RGB555 PACKBITSRGN case tries to read a palette, if such
palette is actually stored then it accesses a null pointer.
All 16bit samples i could find use DIRECTBITSRGN.

Fixes: 2065/clusterfuzz-testcase-minimized-6298930457346048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-04 23:41:35 +02:00
Michael Niedermayer
b315a3cf42 avcodec/sbrdsp_fixed: Fix assertion failure in sbr_sum_square_c()
This also increases the range of input values supported as well as
decreasing the operation dependencies in the main loop, improving
speed on modern CPUs.

Fixes part of: 2045/clusterfuzz-testcase-minimized-6751255865065472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-04 23:41:35 +02:00
Michael Niedermayer
6019d721d4 avutil/softfloat: Fix sign error in and improve documentation of av_int2sf()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-04 23:41:08 +02:00
Paul B Mahol
67162554d4 avfilter/af_afftfilt: fix memory leaks
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-06-04 22:51:57 +02:00
Michael Niedermayer
e2bbb95d58 avcodec/wavpack: Fix runtime error: signed integer overflow: 2081021665 - -130689706 cannot be represented in type 'int'
Fixes: 2038/clusterfuzz-testcase-minimized-4521466148159488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-04 17:51:02 +02:00
Michael Niedermayer
29808fff33 avcodec/hevc_ps: Fix runtime error: index 32 out of bounds for type 'uint8_t [32]'
Fixes: 2010/clusterfuzz-testcase-minimized-6209288450080768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-04 17:51:02 +02:00
Michael Niedermayer
eb50492270 avcodec/dxv: Check remaining bytes in dxv_decompress_raw()
Fixes: Timeout
Fixes: 2006/clusterfuzz-testcase-minimized-5766515037044736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-04 17:51:02 +02:00
James Almer
3d40263253 avformat/aacdec: add a custom read_packet function
Atempt to read and propagate only full ADTS frames and not other data,
like id3v1 or APETags at the end of the file.

Fixes ticket #6437.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-06-04 11:52:02 -03:00