1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Commit Graph

330 Commits

Author SHA1 Message Date
Paul B Mahol
4a5ee8c399 avcodec/tiff: do not abort on zero denominator
Fixes decoding valid DNG file.
2022-03-03 21:22:48 +01:00
Andreas Rheinhardt
02220b88fc avcodec/thread: Don't use ThreadFrame when unnecessary
The majority of frame-threaded decoders (mainly the intra-only)
need exactly one part of ThreadFrame: The AVFrame. They don't
need the owners nor the progress, yet they had to use it because
ff_thread_(get|release)_buffer() requires it.

This commit changes this and makes these functions work with ordinary
AVFrames; the decoders that need the extra fields for progress
use ff_thread_(get|release)_ext_buffer() which work exactly
as ff_thread_(get|release)_buffer() used to do.

This also avoids some unnecessary allocations of progress AVBuffers,
namely for H.264 and HEVC film grain frames: These frames are not
used for synchronization and therefore don't need a ThreadFrame.

Also move the ThreadFrame structure as well as ff_thread_ref_frame()
to threadframe.h, the header for frame-threaded decoders with
inter-frame dependencies.

Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-02-09 17:22:35 +01:00
Michael Niedermayer
afdbc940c6 avcodec/tiff: Remove messing with jpeg context
The whole concept is just not correct, also as it seems not to be needed
at all, all dng files i have decode without this.

Fixes: various crashes
Fixes: 42937/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4625073334517760
Fixes: 42938/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4643368217477120
Fixes: 42939/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4925325908246528
Fixes: 42940/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4925378806808576
Fixes: 42941/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6202009265504256
Fixes: 42944/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6076860998483968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-12-30 22:20:14 +01:00
Michael Niedermayer
cfa1f0e214 avcodec/tiff: Use ff_set_dimensions() for setting up mjpeg context dimensions
sets coded_width / coded_height too to keep them consistent with
width / height

Fixes: OOM
Fixes: 42263/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5653333619113984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-12-23 15:22:06 +01:00
Michael Niedermayer
d6c16f42cc avcodec/tiff: Pass max_pixels to mjpeg context
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-12-23 15:22:06 +01:00
Andreas Rheinhardt
1ea3650823 Replace all occurences of av_mallocz_array() by av_calloc()
They do the same.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-09-20 01:03:52 +02:00
Andreas Rheinhardt
a247ac640d avcodec: Constify AVCodecs
Given that the AVCodec.next pointer has now been removed, most of the
AVCodecs are not modified at all any more and can therefore be made
const (as this patch does); the only exceptions are the very few codecs
for external libraries that have a init_static_data callback.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2021-04-27 10:43:15 -03:00
Andreas Rheinhardt
b0cd60bd97 avcodec/tiff: Don't use separate temporary buffer for fax
Also don't unnecessarily copy the input data around if it needn't be
reversed; and remove a redundant memset -- av_fast_padded_malloc()
already does this for us.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-02 17:40:54 +02:00
Andreas Rheinhardt
e5d6af7b35 avcodec/tiff: Avoid forward declarations
In this case it also fixes a potential for compilation failures:
Not all compilers can handle the case in which a function with
a forward declaration declared with an attribute to always inline it
is called before the function body appears. E.g. GCC 4.2.1 on OS X 10.6
doesn't like it.

Reviewed-by: Pavel Koshevoy <pkoshevoy@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-03-31 14:08:38 +02:00
James Almer
fc2e022a14 avcodec/tiff: use av_packet_alloc() to allocate AVPackets
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 15:06:47 -03:00
Andreas Rheinhardt
74bffc00c5 avcodec: Constify some AVPackets
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-09 13:41:22 +01:00
Andreas Rheinhardt
ad58113afe avcodec/tiff_data: Move data to its only user
tiff.c is the only user of the data from tiff_data.c (the dependency of
the tiff encoder of it is spurious). Therefore this commit moves all the
data from tiff_data.c to tiff_data.h (which is only included by tiff.c)
and makes the objects declared therein static.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-02-23 11:30:57 +01:00
Michael Niedermayer
292e41ce65 avcodec/tiff: Disallow striped and tiled tiffs except for DNG
strips + tiles is not allowed in TIFF
DNG uses a separate codepath

Regression since da5b3d0028.

Fixes: NULL pointer dereference
Fixes: poc1
Fixes: Ticket8960

Found-by: 1vanChen of NSFOCUS Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-28 19:36:57 +01:00
Andreas Rheinhardt
1d2d91d1cf avcodec/tiff: Make decoder init-threadsafe
The only thing that stands in the way of adding the
FF_CODEC_CAP_INIT_THREADSAFE flag to the TIFF decoder is its usage
of ff_codec_open2_recursive(): This function requires its caller to hold
the lock for the mutex that guards initialization of AVCodecContexts
whose codecs have a non-threadsafe init function and only callers whose
codec does not have the FF_CODEC_CAP_INIT_THREADSAFE flag set hold said
lock (the others don't need to care about said lock). But one can set
the flag if one switches to avcodec_open2() at the same time.

Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-12-04 15:46:46 +01:00
Carl Eugen Hoyos
86f0bba776 lavc, lavf: Remove newlines from calls to avpriv_request_sample(). 2020-10-11 19:59:24 +02:00
Paul B Mahol
da5b3d0028 avcodec/tiff: do not abort decoding if strips are available
Even if such files are invalid, they can be decoded just fine.
Also stored tiles may have bigger dimensions than displayed ones,
so do not abort decoding in such cases.
2020-10-07 22:16:35 +02:00
Michael Niedermayer
d54c24acde avcodec/tiff: Fix default white level
According to the spec bits per sample should be used

Fix invalid shift with bpp=32
Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int'
Fixes: 23507/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4815432665268224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-19 00:40:56 +02:00
Lynne
7ad085b2c4
tiff: remove tiff type check for ICC profiles
Although the ICC specifications say to check for this, libtiff doesn't
and neither does any other TIFF implementation, and the TIFF specs
say that Photoshop has a different way to encapsulate ICC profiles,
and are asking for advice on how to deal with it.

So basically, photoshop puts a different type than what's specified,
no other implementation checks for this, we do because we tried to
follow the specs although its harmless to not, and ran into this bug
because we didn't know about it.
2020-09-06 20:10:01 +01:00
Michael Niedermayer
b9ea493afe avcodec/tiff: Check jpeg context against jpeg frame parameters
Fixes: out of array access
Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-26 20:31:09 +02:00
Michael Niedermayer
ad29f9e47c avcodec/tiff: Restrict tag order based on specification
"The entries in an IFD must be sorted in ascending order by Tag. Note that this is
 not the order in which the fields are described in this document."

This way various dimensions, sample and bit sizes cannot be changed at
arbitrary times which reduces the potential for bugs.
The tag reading code also on various places assumes that numerically previous
tags have already been parsed, so this needs to be enforced one way or another.

If this commit causes problems with real world files which are not easy to fix
then some other form of checks are needed to ensure the various dependencies
in the tag reading are not violated.

Fixes: out of array access
Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-26 20:31:09 +02:00
Michael Niedermayer
ca47402a06 avcodec/tiff: Avoid abort with DNG RAW TIFF with YA8
Fixes: Assertion failure
Fixes: 24707/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5179910197608448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-26 20:31:09 +02:00
Michael Niedermayer
7577f8332a avcodec/tiff: Check the linearization table size
Fixes: out of array access
Fixes: 24604/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4843529818603520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-26 20:31:09 +02:00
Michael Niedermayer
be090da25f avcodec/tiff: Check bpp/bppcount for 0
Fixes: division by zero
Fixes: 24253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6250318007107584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-07 14:01:00 +02:00
Michael Niedermayer
79e8d17024 avcodec/tiff: Check input space in dng_decode_jpeg()
Fixes: out of array read
Fixes: 24034/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5111884337119232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-07-10 20:27:07 +02:00
Michael Niedermayer
4091f4f780 avcodec/tiff: Check frame parameters before blit for DNG
Fixes: out of array access
Fixes: 23888/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6021365974171648.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-07-05 19:59:49 +02:00
Michael Niedermayer
f35caea77f avcodec/tiff: Do not overrun the array ends in dng_blit()
Fixes: out of array access
Fixes: 23589/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5110559589793792.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-07-02 17:14:31 +02:00
Michael Niedermayer
276dfa9d91 avcodec/tiff: Check stride for dng
Fixes: assertion failure
Fixes: 23422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5746026064642048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-15 19:44:23 +02:00
Michael Niedermayer
70faa9f618 avcodec/tiff: Check for Tiled and Stripped TIFFs
TIFF 6 spec: "Do not use both strip-oriented and tile-oriented fields in the same TIFF file."

Fixes: null pointer use, crash
Fixes: crash-762680f9d1b27f9b9085e12887ad44893fb2b020

Found-by: Shiziru <lunasl@protonmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-21 13:08:23 +02:00
Limin Wang
1b3d5090c5 avcodec/tiff: remove the unnecessary type conversion
Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-08 09:11:56 +08:00
Michael Niedermayer
e444e5bb1a avcodec/tiff: assert that raw tiff dng blit does not write over the end of a line
Found-by: 黄宁 <tsukimurarin@163.com>
Reviewed-by: Nick Renieris <velocityra@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-04-29 23:42:37 +02:00
Michael Niedermayer
61e6eddc57 avcodec/tiff: Check for planar DNG images
The DNG code hardcodes plane 0 at some places, so its better to disallow cases
that have more planes.

Fixes: eg_crash
Found-by: 黄宁 <tsukimurarin@163.com>
Reviewed-by: Nick Renieris <velocityra@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-04-29 23:42:37 +02:00
Michael Niedermayer
f1ab6962ca avcodec/tiff: Replace width overriding for bayer by assert
This is less confusing

Reviewed-by: Nick Renieris <velocityra@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-04-29 23:42:36 +02:00
Michael Niedermayer
071e223129 avcodec/tiff: Some checks on bpp for DNG
dng spec 1.5.0.0
"BitsPerSample
Supported values are from 8 to 32 bits/sample. The depth must be the same for each sample if
SamplesPerPixel is not equal to 1."

Fixes: eg_crash
Found-by: 黄宁 <tsukimurarin@163.com>
Reviewed-by: Nick Renieris <velocityra@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-04-29 23:42:35 +02:00
Anton Khirnov
1f4cf92cfb pthread_frame: merge the functionality for normal decoder init and init_thread_copy
The current design, where
- proper init is called for the first per-thread context
- first thread's private data is copied into private data for all the
  other threads
- a "fixup" function is called for all the other threads to e.g.
  allocate dynamically allocated data
is very fragile and hard to follow, so it is abandoned. Instead, the
same init function is used to init each per-thread context. Where
necessary, AVCodecInternal.is_copy can be used to differentiate between
the first thread and the other ones (e.g. for decoding the extradata
just once).
2020-04-10 15:24:54 +02:00
Lynne
9e01f171f3
tiffdec: support embedded ICC profiles 2020-01-13 23:26:25 +00:00
James Almer
dad7592429 avcodec/tiff: check the black level denominator
Fixes ticket #8327.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-10-29 10:23:39 -03:00
Michael Niedermayer
379e5d29d5 avcodec/tiff: Set FF_CODEC_CAP_INIT_CLEANUP
Fixes: memleaks
Fixes: 17813/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5145600206569472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-10-03 19:37:35 +02:00
Carl Eugen Hoyos
dbd3dbb476 Revert "lavc/tiff: correct the default value of YCbCrSubsampling to 2x2"
This reverts commit eb5d0f18ff.

Together with 89f464e9, it breaks decoding of tiff files like fate-suite/exif/image_small.tiff
2019-09-26 00:34:44 +02:00
Pavel Skakov
eb5d0f18ff lavc/tiff: correct the default value of YCbCrSubsampling to 2x2 2019-09-25 10:47:46 +02:00
Paul B Mahol
cae2982077 avcodec/tiff: rewrite lut handling
Remove endianess hack.
2019-09-02 09:26:53 +02:00
Paul B Mahol
d7529b03ba avcodec/tiff: set color_trc, remove sRGB conversion 2019-09-02 09:26:53 +02:00
Nick Renieris
63689b16ad lavc/tiff: Enable decoding of LinearRaw images
"LinearRaw" is a value that the PhotometricInterpretation tag can be set
to on DNG images that contain color information for all channels instead
of being bayer-encoded ("CFA" value).

The DNG decoder is complete enough that we can enable this now.

Sample:
- http://www.rawsamples.ch/raws/nikon/SCANNER_NIKON_LS5000.DNG

Signed-off-by: Nick Renieris <velocityra@gmail.com>
2019-09-02 09:26:52 +02:00
Nick Renieris
15776ca182 lavc/tiff: Default-initialize WhiteLevel DNG tag value
Initialized to `(2 ^ BitsPerSample) - 1` as per the DNG Specification.

Also make sure that `BlackLevel < WhiteLevel`.

This fixes decoding for "X7 CinemaDNG" samples here:
- https://www.dji.com/gr/zenmuse-x7/info#downloads

Signed-off-by: Nick Renieris <velocityra@gmail.com>
2019-09-02 09:26:52 +02:00
Nick Renieris
9280e4b291 lavc/tiff: Support DNGs with striped (non-tiled) JPEGs images
DNG samples here can now be decoded:
- https://www.photographyblog.com/previews/pentax_k1_photos

Signed-off-by: Nick Renieris <velocityra@gmail.com>
2019-09-02 09:26:52 +02:00
Nick Renieris
c44aa7f176 lavc/tiff: Decode 10-bit and 14-bit DNG images
10-bit sample: http://www.rawsamples.ch/raws/phones/RAW_ONEPLUS_ONE-A0001.DNG
14-bit sample: https://drive.google.com/open?id=0B4JyRT3Lth5HVndyOTVOdWktM3J4TFEydTk1MnY3RWlpSzVB

Signed-off-by: Nick Renieris <velocityra@gmail.com>
2019-09-02 09:26:52 +02:00
Nick Renieris
31acdf4351 lavc/tiff: Support decoding of DNGs with single-component JPEGs
This enables decoding of DNG images generated by the 'DJI Zenmuse X7'
digital camera
Samples: https://www.dji.com/gr/zenmuse-x7/info#downloads

Signed-off-by: Nick Renieris <velocityra@gmail.com>
2019-09-02 09:26:52 +02:00
Nick Renieris
a75a9e8f64 lavc/mjpegdec: Enable decoding of single-component bayer images
Also, ensure no false positives when determining DNG bayer images, by
setting them in tiff.c instead of relying on a heuristic.  There's no
way to determine this just from the JPEG data, so we have to pass this
information from outside the MJPEG decoder.

Signed-off-by: Nick Renieris <velocityra@gmail.com>
2019-09-02 09:26:52 +02:00
Nick Renieris
c510ed2ee8 lavc/tiff: Force DNG pixel data endianness on an edge case
This fixes "X7 RAW" and "X7 CinemaDNG" samples here:
- https://www.dji.com/gr/zenmuse-x7/info#downloads

Signed-off-by: Nick Renieris <velocityra@gmail.com>
2019-09-02 09:26:52 +02:00
Nick Renieris
33b6752a70 lavc/tiff: Don't apply strips-related logic to tiled images
Signed-off-by: Nick Renieris <velocityra@gmail.com>
2019-09-02 09:26:52 +02:00
Nick Renieris
f98a8666de lavc/tiff: Fix edge case with full-length/width tiles
When the height is equal to the tile length (full-height tile)
after `height % tile_length` is applied with the current code,
it results in the operating tile_length to be 0.  This commit
makes this leftover logic only applies if it's necessary.

Signed-off-by: Nick Renieris <velocityra@gmail.com>
2019-09-02 09:26:52 +02:00