1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-02 03:06:28 +02:00
Commit Graph

99725 Commits

Author SHA1 Message Date
Michael Niedermayer
80bc2ac3c0 avformat/lrcdec: Clip timestamps
Fixes: signed integer overflow: 7111111111111531010 - -7335632962598013506 cannot be represented in type 'long'
Fixes: 26463/clusterfuzz-testcase-minimized-ffmpeg_dem_LRC_fuzzer-6015558333759488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-25 09:49:26 +01:00
Michael Niedermayer
ac8cebd48e avutil/mathematics: Use av_sat_add64() for the last addition in av_add_stable()
Fixes: signed integer overflow: 9223372036854770375 + 5450 cannot be represented in type 'long'
Fixes: 26471/clusterfuzz-testcase-minimized-ffmpeg_dem_MXG_fuzzer-6229617557635072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-25 09:49:21 +01:00
Michael Niedermayer
6939174bfc tests/fate/hevc: Add test for 3fbf873792
Tested-on: x86-32/64/ARM/MIPS Linux, Mingw/WINE 32/64
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-25 09:48:29 +01:00
Michael Niedermayer
389b9e9b4f avcodec/pgxdec: Check depth more completely
Fixes: shift exponent -1 is negative
Fixes: 26107/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGX_fuzzer-5378790047612928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-25 09:47:37 +01:00
Michael Niedermayer
857aba7c45 avformat/electronicarts: Check for EOF in each iteration of the loop in ea_read_packet()
Fixes: timeout(>20sec -> 1ms)
Fixes: 26526/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-5672328069120000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-25 09:05:01 +01:00
Michael Niedermayer
6e64d89410 tools/target_dem_fuzzer: Limit max blocks
With a IO block size of 1 byte potentially megabytes are quite slow to read, thus
limit the number

Fixes: 26511/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-5679249073373184
Fixes: 26517/clusterfuzz-testcase-minimized-ffmpeg_dem_XMV_fuzzer-6316634501021696
Fixes: 26518/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-485568285324083
Fixes: 26525/clusterfuzz-testcase-minimized-ffmpeg_dem_MSNWC_TCP_fuzzer-5121987011411968
Fixes: 26538/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-5441800598454272
Fixes: OOM
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-24 22:38:55 +02:00
Michael Niedermayer
b990148d1e avformat/ifv: Check that total frames do not overflow
Fixes: Infinite loop
Fixes: 26392/clusterfuzz-testcase-minimized-ffmpeg_dem_GIF_fuzzer-5713658237419520
Fixes: 26435/clusterfuzz-testcase-minimized-ffmpeg_dem_SUBVIEWER_fuzzer-6548251853193216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-24 19:11:12 +02:00
Michael Niedermayer
4e9514e99b avutil/common: Implement av_sat_add64_c() with fewer branches
No benchmark because this is not used in any speed relevant pathes nor is it
used where __builtin_add_overflow is available.
So I do not know how to realistically benchmark it.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-24 19:11:12 +02:00
Michael Niedermayer
bca0735be5 avcodec/vp9dsp_template: Fix some overflows in iadst8_1d()
Fixes: signed integer overflow: 190587 * 11585 cannot be represented in type 'int'
Fixes: 26407/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5086348408782848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-24 19:11:12 +02:00
Michael Niedermayer
c2ccd76fd0 avcodec/fits: Check bscale
Fixes: division by 0
Fixes: 26208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-6270472117026816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-24 19:11:12 +02:00
Michael Niedermayer
7c144b363e avformat/nistspheredec: Check bps
Fixes: left shift of 1111111190 by 3 places cannot be represented in type 'int'
Fixes: 26437/clusterfuzz-testcase-minimized-ffmpeg_dem_NISTSPHERE_fuzzer-4886896091856896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-24 19:11:12 +02:00
Michael Niedermayer
715ff75e5d avformat/jacosubdec: Use 64bit inside get_shift()
Fixes: signed integer overflow: 111111111 * 30 cannot be represented in type 'int'
Fixes: 26448/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5638440374501376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-24 19:11:12 +02:00
Michael Niedermayer
37396e9ba8 avformat/genh: Check block_align
Fixes: infinite loop
Fixes: 26440/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5632134020333568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-24 19:11:12 +02:00
Michael Niedermayer
a413ed9863 avformat/mvi: Check count for overflow
Fixes: left shift of 21378748 by 10 places cannot be represented in type 'int'
Fixes: 26449/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5680463374712832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-24 19:11:12 +02:00
Andreas Rheinhardt
6965ade54c avcodec/mpeg4videodec: Use smallest max_depth in get_vlc2()
The longest code here is 12 bits long and can be read in two attempts.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-24 16:50:59 +02:00
Andreas Rheinhardt
51eda4c394 avcodec/imc: Inline constants
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-24 16:50:29 +02:00
Michael Niedermayer
0dc42147b6 avcodec/magicyuv: Check slice size before reading flags and pred
Fixes: heap-buffer-overflow
Fixes: 26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-24 14:39:49 +02:00
Andreas Rheinhardt
2b702015d8 avcodec/wmadec: Don't check for errors for complete VLC tables
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-23 10:37:04 +02:00
Andreas Rheinhardt
f1c022abf0 avcodec/wma: Remove unused array
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-23 10:37:04 +02:00
Michael Niedermayer
209b9ff5c3 avformat/asfdec_f: Check for negative ext_len
Fixes: Infinite loop
Fixes: 26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016
Fixes: 26377/clusterfuzz-testcase-minimized-ffmpeg_dem_TY_fuzzer-4838195726123008
Fixes: 26384/clusterfuzz-testcase-minimized-ffmpeg_dem_G729_fuzzer-5173450337157120
Fixes: 26396/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_S24BE_fuzzer-5071092206796800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-23 10:07:57 +02:00
Michael Niedermayer
50b29f081e avformat/bethsoftvid: Check image dimensions before use
Fixes: signed integer overflow: 55255 * 53207 cannot be represented in type 'int'
Fixes: 26387/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS2_fuzzer-5684222226071552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-23 10:07:57 +02:00
Michael Niedermayer
c95b47e18f avformat/genh: Check block_align for how it will be used in SDX2_DPCM
Fixes: signed integer overflow: 19922944 * 1024 cannot be represented in type 'int'
Fixes: 26402/clusterfuzz-testcase-minimized-ffmpeg_dem_VMD_fuzzer-5745470053548032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-23 10:07:57 +02:00
Michael Niedermayer
e680d50eb4 avformat/au: Check for EOF in au_read_annotation()
Fixes: Timeout (too looong -> 1 ms)
Fixes: 26366/clusterfuzz-testcase-minimized-ffmpeg_dem_SDX_fuzzer-5655584843759616
Fixes: 26391/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-5484026133217280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-23 10:07:57 +02:00
Michael Niedermayer
c5b8f2321c tools/target_dec_fuzzer: Adjust threshold for opus
Fixes: Timeout (12sec -> 3sec)
Fixes: 24549/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBOPUS_fuzzer-6211170349088768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-23 10:07:57 +02:00
Michael Niedermayer
c7a5face77 avformat/vividas: Check for zero v_size
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26482/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-4905102324006912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-23 09:47:12 +02:00
Michael Niedermayer
d34e4904cd avformat/segafilm: Do not assume AV_CODEC_ID_NONE is 0
Suggested-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-22 18:51:27 +02:00
Michael Niedermayer
c0d7fd269b avformat/segafilm: Check that there is a stream
Fixes: assertion failure
Fixes: 26472/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5759751591559168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-22 18:51:27 +02:00
Limin Wang
6fb2bdd1d0 avformat/udp: cosmetics
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-10-22 20:53:57 +08:00
Limin Wang
2676277b6d avformat/udp: clarify option description for timeout unit
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-10-22 20:53:56 +08:00
Limin Wang
784ce1c294 avformat/rtsp: reuse POLLING_TIME and remove POLL_TIMEOUT_MS
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-10-22 20:53:56 +08:00
Limin Wang
92c40ef882 avformat/rtsp: support for listen_timeout option for sdp
Now the listen timeout is hardcoded(10s).
How to test(30s timeout):
./ffprobe  -listen_timeout 30 -protocol_whitelist rtp,udp,file -i test.sdp

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-10-22 20:53:56 +08:00
Limin Wang
2aceae1438 avformat/rtpproto: support for rtp read timeout
then we can set the rtp read timeout instead of infinite timeout.

How to test(5s timeout):
./ffprobe -i rtp://192.168.1.67:1234?timeout=5000000

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-10-22 20:53:56 +08:00
bevis
de59826703 libavformat/hls: use local var url for log to avoid crash
During operation, the user exits and interrupts,
causing pls->segment to be released,
resulting in a null pointer crash

Signed-off-by: bevis <javashu2012@gmail.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2020-10-22 17:13:15 +08:00
Timo Rothenpieler
1bf86ee907 avcodec/nvenc: removed unused and deprecated field 2020-10-21 18:47:30 +02:00
Timo Rothenpieler
e0c8e517b6 avcodec/nvenc: reduce automated use of deprecated modes 2020-10-21 18:45:52 +02:00
Timo Rothenpieler
cde3c08033 avcodec/nvenc: mark newly deprecated rc modes 2020-10-21 18:17:08 +02:00
Timo Rothenpieler
11a8e93681 avcodec/nvenc: use alias to provide deprecated profiles 2020-10-21 18:03:45 +02:00
Michael Niedermayer
1868cb7316 avformat/wtvdec: Check dir_length
Fixes: Infinite loop
Fixes: 26445/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5125558331244544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-21 17:21:41 +02:00
Michael Niedermayer
a927128617 avformat/ffmetadec: finalize AVBPrint on errors
Fixes: memleak
Fixes: 26450/clusterfuzz-testcase-minimized-ffmpeg_dem_FFMETADATA_fuzzer-6249850443923456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-21 17:21:41 +02:00
Andreas Rheinhardt
2beb7f43f6 avcodec/on2avc: Remove redundant code for freeing
This decoder has the FF_CODEC_CAP_INIT_CLEANUP set.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 07:51:05 +02:00
Andreas Rheinhardt
bce8e2f374 avcodec/on2avc: Use least max_depth for get_vlc2()
The longest codes of any VLC codebooks are 18 bits long and the VLC
tables itself use 9 bits; therefore it is sufficient to read twice from
the table, yet this has been done thrice.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 07:47:55 +02:00
Andreas Rheinhardt
26cc9db744 avcodec/on2avc: Unify initializing quad and pair VLCs
Up until now, quad VLCs are initialized with codes of type uint32_t,
pair VLCs with codes of type uint16_t. There were two separate loops in
the decoder's init function for each type of VLC. This commit unifies
this: The type of the codes are now passed in as void * and the actual
size of the codes is obtained from a table. This approach also allows to
use the smallest type for each VLC code table: some quad tables actually
fitted in uint16_t. This allows to remove about 7KB from the binary.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 07:47:55 +02:00
Andreas Rheinhardt
fba8890628 avcodec/on2avcdata: Deduplicate symbol tables
Saves about 10KB.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 07:47:55 +02:00
Andreas Rheinhardt
289e964873 avcodec/vp3: Unify initializing and freeing VLC tables
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 06:53:41 +02:00
Andreas Rheinhardt
786b1b0c44 avcodec/vp3: Check allocations of VLCs
It would lead to crashs lateron if they failed.

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 06:16:16 +02:00
Andreas Rheinhardt
a01ca21bbb avcodec/vp3: Fix memleak upon init failure
Up until now, there was no cleanup in case initializing the Theora VLC
tables failed, leading to memleaks. This commit gets rid of them by
setting the FF_CODEC_CAP_INIT_CLEANUP flag for all decoders in vp3.c;
this also allows to remove some (now redundant) cleanup code.

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-21 05:46:04 +02:00
hwren
682990a849 doc/general_contents.texi: add uavs3d section
Signed-off-by: hwren <hwrenx@126.com>
2020-10-21 09:33:07 +08:00
Zane van Iperen
3106db044e
fate: add test for adpcm_swf in wav
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-21 11:26:39 +10:00
Zane van Iperen
4919b3c1c4
avcodec/adpcm_swf: support custom block size for encoding
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-21 11:26:39 +10:00
Zane van Iperen
0547fa572b
avcodec/adpcm_swf: set block_align when encoding
Allows it to be muxed to WAVs.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-21 11:26:38 +10:00