1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-19 05:49:09 +02:00

98243 Commits

Author SHA1 Message Date
Paul B Mahol
5422a4a7c5 avformat/sccdec: simplify demuxer a little 2020-06-17 00:38:08 +02:00
Paul B Mahol
9887bcc6c6 avcodec/ccaption_dec: remove usage of extra buffer 2020-06-16 17:11:38 +02:00
Paul B Mahol
d5b1760665 avcodec/ccaption_dec: fix some small style issues 2020-06-16 17:11:38 +02:00
Paul B Mahol
3615b58693 avcodec/ccaption_dec: remove pts parameter from handle_char() 2020-06-16 17:11:38 +02:00
Michael Niedermayer
276dfa9d91 avcodec/tiff: Check stride for dng
Fixes: assertion failure
Fixes: 23422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5746026064642048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-15 19:44:23 +02:00
Paul B Mahol
6c84f8afae avformat/sccdec: unbreak previous commits to this file 2020-06-15 19:27:20 +02:00
Paul B Mahol
76ad8a568f avformat/movenc: fix remuxing eia-608 into mov from other containers 2020-06-15 19:27:20 +02:00
Paul B Mahol
f91906973c avformat/mov: fix demuxing of eia-608
Fixes #4616.
2020-06-15 19:27:20 +02:00
Paul B Mahol
cb98483ea0 avcodec/ccaption_dec: add support for colors 2020-06-15 19:27:20 +02:00
Andreas Rheinhardt
ff3fad6b0e avformat/mov: Fix reel_name size check
Only read str_size bytes from offset 30 of extradata if the extradata is
indeed at least 30 + str_size bytes long.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 17:11:41 +02:00
Andreas Rheinhardt
dfef1d5e3c avformat/mov: Fix memleak upon encountering repeating tags
mov_read_custom tries to read three strings belonging to three different
tags. When an already encountered tag is encountered again, a new buffer
for the string to be read is allocated and stored in the pointer
destined for this particular tag. But in this scenario, said pointer
already holds the address of the string read earlier, leading to a leak.

This commit therefore aborts the reading process upon encountering
an already encountered tag.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 17:11:09 +02:00
Andreas Rheinhardt
6de6ce7bc8 avformat/matroskaenc: Don't use NULL for %s format string
The argument pertaining to a printf %s conversion specifier must not
be NULL, even if the precision (i.e. the number of characters to write)
is zero. If it is NULL, it is undefined behaviour.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:06 +02:00
Andreas Rheinhardt
c784fe8b86 avformat/webvttdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:06 +02:00
Andreas Rheinhardt
67434afa7f avformat/vplayerdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:06 +02:00
Andreas Rheinhardt
337783b118 avformat/tedcaptionsdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if allocating the AVStream for the subtitles fails.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:06 +02:00
Andreas Rheinhardt
a708f65273 avformat/subviewerdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:06 +02:00
Andreas Rheinhardt
9751d75152 avformat/subviewer1dec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:06 +02:00
Andreas Rheinhardt
e13874b9ea avformat/stldec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:06 +02:00
Andreas Rheinhardt
c70409957c avformat/srtdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:06 +02:00
Andreas Rheinhardt
f3c63e67bb avformat/sccdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:06 +02:00
Andreas Rheinhardt
f161f8e4ad avformat/samidec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle
or when creating extradata.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
9df560e898 avformat/pjsdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
a5ed8aeea4 avformat/mpsubdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon creating an AVStream.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
331799747e avformat/mpl2dec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
b12014a5b8 avformat/microdvddec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle
or when allocating extradata.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
d38694cea9 avformat/lrcdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
c13a752733 avformat/jacosubdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
5ab39c2d8c avformat/assdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle
or if creating the extradata failed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
a86a5d06d8 avformat/aqtitledec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
ac378c535b avformat/mov: Fix memleaks upon read_header failure
By default, a demuxer's read_close function is not called automatically
if an error happens when reading the header; instead it is up to the
demuxer to clean up after itself in this case. The mov demuxer did this
by calling its read_close function when it encountered some errors when
reading the header. Yet for other errors (mostly adding side-data to
streams) this has been forgotten, so that all the internal structures
of the demuxer leak.

This commit fixes this by making sure mov_read_close is called when
necessary.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:46:15 +02:00
Andreas Rheinhardt
3d3ba43bc6 avformat/omadec: Fix memleaks upon read_header failure
Fixes possible leaks of id3v2 metadata as well as an AVDES struct in
case the content is encrypted and an error happens lateron.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:35:29 +02:00
Andreas Rheinhardt
0841063ce6 avformat/matroskadec: Fix memleaks in WebM DASH manifest demuxer
In certain error scenarios, the underlying Matroska demuxer was not
properly closed, causing leaks.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:35:28 +02:00
Andreas Rheinhardt
1ef30571a0 avformat/matroskadec: Use right number of tracks
When demuxing a Matroska/WebM file, streams are added for tracks and for
attachments, so that the array containing the former can be NULL even
when the corresponding AVFormatContext has streams. So check for there
to be tracks in the MatroskaDemuxContext instead of just streams in the
AVFormatContext before dereferencing the pointer to the tracks.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:15:47 +02:00
Andreas Rheinhardt
3714d452b8 avformat/matroskadec: Fix handling gigantic durations
matroska_parse_block currently asserts that the duration is not equal to
AV_NOPTS_VALUE, but there is nothing that actually guarantees this. It
is easy to create (spec-compliant) files which run into this assert;
so replace it and instead cap the duration to INT64_MAX, as the duration
field of an AVPacket is an int64_t.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 15:44:27 +02:00
Andreas Rheinhardt
cbe336c9e8 avformat/matroskadec: Move AVBufferRef instead of copying, fix memleak
EBML binary elements are already made reference-counted when read;
so when populating the AVStream.attached_pic, one does not need to
allocate a new buffer for the data; instead the current code just
creates a new reference to the underlying AVBuffer. But this can be
improved even further: Just move the already existing reference.

This also fixes a memleak that happens upon error because
matroska_read_close has not been called in this scenario.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 15:44:27 +02:00
Thilo Borgmann
b737575c76 lavdevice: Add AudioToolbox output device. 2020-06-15 15:09:33 +02:00
Przemysław Sobala
9d80f3ec4b avformat/dashenc: Add hls_master_name option 2020-06-15 12:31:57 +05:30
Andreas Rheinhardt
19a876fd69 avformat/hlsenc: Always treat numbers as decimal
c801ab43c36e8c4f88121aa09af26c77bcbd671b caused a regression: The stream
number is now parsed with strtoll without a fixed basis; as a
consequence, the "010" in a variant stream mapping like "a:010" is now
treated as an octal number (i.e. as eight, not ten). This was not
intended and may break some scripts, so this commit restores the old
behaviour.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 05:09:07 +02:00
Andreas Rheinhardt
3aa0be003e avcodec/iirfilter: Fix memleak
Commit 17e88bf0df21906633a7d36d9f2aeeeb5b6d3267 created a memleak by
removing a call to ff_iir_filter_free_coeffsp on error; this has been
found by Coverity (ID 1464159). This commit fixes the memleak by
readding the call to ff_iir_filter_free_coeffsp.

Notice that this is not a simple revert, because several macros that
were used before 17e88bf0df21906633a7d36d9f2aeeeb5b6d3267 were replaced
in commit 44863b2c2d5a31d82aafa71cdbd180d6bfbed5b4 and completely removed
in 2658680df4fc606522e5f65899afb9a98b47d287.

Reviewed-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 04:22:28 +02:00
Andreas Rheinhardt
ea1b71e82f avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input
The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit
is so big that it extends beyond the end of the input packet; it does so
only implicitly by using the checked version of the bytestream2 API.
But this has downsides compared to real checks: It can lead to huge
allocations (up to 2GiB) even when the input packet is just a few bytes.
And furthermore it leads to uninitialized data being output.
So add a check to error out early if it happens.

Also check directly whether there is enough data for the length field.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 03:18:11 +02:00
Limin Wang
4b3b217e30 avcodec/h264: create user data unregistered SEI side data for H.264
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-15 07:19:55 +08:00
Limin Wang
567d571b20 avfilter/vf_showinfo: display H.26[45] user data unregistered sei message
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-15 07:19:55 +08:00
Limin Wang
ed6dbbfc16 avcodec/hevc_sei: add support for user data unregistered SEI message
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-15 07:19:55 +08:00
James Almer
318a1a383d avcodec/cbs_av1: abort when written inferred values don't match
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.

Prevents writing invalid bitstreams.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-14 16:42:40 -03:00
James Almer
ef13fafe22 avcodec/cbs_h2645: abort when written inferred values don't match
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.

Prevents writing invalid bitstreams.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-14 16:42:04 -03:00
Michael Niedermayer
0aa2768cb2 avformat/mxfdec: free duplicated utf16 strings
Fixes: memleak
Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744

Suggested-by: Marton Balint <cus@passwd.hu>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 21:22:47 +02:00
Michael Niedermayer
c517c3f474 avformat/4xm: Check that a video stream was created before returning packets for it
Fixes: assertion failure
Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 21:22:47 +02:00
Marton Balint
16d29c1be8 avcodec/libzvbi-teletextdec: fix txt_default_region limits
Max region ID is 87. Also the region affects not only the G0 charset but G2 and
the national subset as well.

Signed-off-by: Marton Balint <cus@passwd.hu>
2020-06-14 20:00:02 +02:00
Michael Niedermayer
584d334afd avcodec/ffwavesynth: Avoid undefined operation on ts overflow
Alternatively these conditions could be treated as errors
Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long')

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
75e2ac4f07 avcodec/mv30: check mode_size vs. input space
Fixes: Timeout (longer than my patience vs 1sec)
Fixes: 22984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5630021988515840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00