1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-19 05:49:09 +02:00

139 Commits

Author SHA1 Message Date
Michael Niedermayer
bcb4690304
libavformat/iff: Check for overflow in body_end calculation
Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 cannot be represented in type 'long'
Fixes: 50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-08-28 22:06:44 +02:00
Michael Niedermayer
0740641e93 avformat/iff: simplify duration calculation
Fixes: signed integer overflow: 315680096256 * 134215943 cannot be represented in type 'long long'
Fixes: 48713/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5886272312311808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-12 21:55:22 +02:00
Vittorio Giovara
40b7a57e42 iff: convert to new channel layout API
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: James Almer <jamrial@gmail.com>
2022-03-15 09:42:33 -03:00
Michael Niedermayer
93d964689c avformat/iff: Use 64bit in duration computation
Fixes: signed integer overflow: 588 * 16719904 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6748331936186368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 18:58:25 +02:00
Andreas Rheinhardt
bc70684e74 avformat: Constify all muxer/demuxers
This is possible now that the next-API is gone.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2021-04-27 11:48:06 -03:00
Andreas Rheinhardt
8068f2fcf3 avformat/id3v2: Don't reverse the order of id3v2 APICs
When parsing ID3v2 tags, special (non-text) metadata is not applied
directly and unconditionally; instead it is stored in a linked list
in which elements are prepended. When traversing the list to add APICs
(or private tags) at the end, the order is reversed. The same also
happens for chapters and therefore the chapter parsing code already
reverses the chapters.

This commit changes this: By keeping pointers to both head and tail
of the linked list one can preserve the order of the entries and
remove the reordering code for chapters. Only the pointer to head
will be exported: No current caller uses a nonempty list, so exporting
both head and tail is unnecessary. This removes the functionality
to combine the lists of special metadata read from different ID3v2 tags,
but that doesn't make really much sense anyway (and would be trivial
to implement if desired) and allows to remove the now unnecessary
initializations performed by the callers.

The FATE-reference for the id3v2-priv test had to be updated
because the order of the tags read into the dict is reversed;
for id3v2-priv-remux only the md5 and not the ffprobe output
of the remuxed file changes because the order of the private tags
has up until now been reversed twice.

The references for the aiff/mp3 cover-art tests needed to be updated,
because the order of the attached pics is reversed upon reading.
It is still not correct, because the muxers write the pics in the order
in which they arrive at the muxer instead of the order given by
pkt->stream_index.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-18 02:24:44 +02:00
Michael Niedermayer
b17ffe8f8f avformat/iff: Check block align also for ID_MAUD
Fixes: Timeout & OOM
Fixes: 28701/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5185094964871168
Fixes: 29116/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4874284795297792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-23 14:32:54 +01:00
Michael Niedermayer
001bc594d8 avformat/iff: Check data_size
Fixes: infinite loop
Fixes: 27834/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5694930919620608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-12 00:13:58 +01:00
Michael Niedermayer
8b50e8bc29 avformat/iff: Check size before skip
Fixes: Infinite loop
Fixes: 27292/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5731168991051776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-21 22:09:51 +01:00
Michael Niedermayer
f291cd681b avformat/iff: check size against INT64_MAX
Bigger sizes are misinterpreted as negative numbers by the API
Fixes: infinite loop
Fixes: 26611/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4890614975692800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-04 23:38:36 +01:00
Michael Niedermayer
3588e2e6b0 avformat/iff: More completely check body_size
Fixes: infinite loop
Fixes: 26485/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5126561373880320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-30 17:49:51 +01:00
Michael Niedermayer
24352ca792 avformat/iff: Check data_size not overflowing int64
Fixes: Infinite loop
Fixes: 25844/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5660803318153216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-28 20:22:30 +02:00
Andreas Rheinhardt
37140ebd87 avformat/id3v2: Remove unnecessary indirection
ff_id3v2_parse_apic/chapters/priv/priv_dict all had a parameter
extra_meta of type ID3v2ExtraMeta ** as if the functions wanted to make
*extra_meta point to something else. But they don't, so just use an
ID3v2ExtraMeta *.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-25 07:06:44 +02:00
Andreas Rheinhardt
86e9747c63 avformat/iff: Use ff_alloc_extradata
Besides improved readability it also zeroes the padding which has been
forgotten here.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-11 16:24:16 +01:00
Steven Liu
9f0b9ae8bd avformat/iff: fix memleak when get st->codecpar->extradata failed in iff_read_header
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2019-10-10 09:54:48 +08:00
Carl Eugen Hoyos
4d8875ec23 lavf: Constify the probe function argument.
Reviewed-by: Lauri Kasanen
Reviewed-by: Tomas Härdin
2019-03-21 11:42:17 +01:00
Lukas Stabe
1fd80106be avformat: fix id3 chapters
These changes store id3 chapter data in ID3v2ExtraMeta and introduce
ff_id3v2_parse_chapters to parse them into the format context if needed.

Encoders using ff_id3v2_read, which previously parsed chapters into the
format context automatically, were adjusted to call
ff_id3v2_parse_chapters.

Signed-off-by: wm4 <nfxjfg@googlemail.com>
2017-10-05 17:10:23 +02:00
Clément Bœsch
bec96a7286 lavf: use av_fourcc2str() where appropriate 2017-03-29 14:49:29 +02:00
Andreas Cadhalpun
ad5807f8aa avformat: fix overflows during bit rate calculation
The bit_rate field has type int64_t since commit
7404f3bdb90e6a5dcb59bc0a091e2c5c038e557d.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-12-14 01:06:55 +01:00
Paul B Mahol
7494b49780 avformat/iff: parse DPAN chunk
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-19 17:02:06 +02:00
Paul B Mahol
72e33eec3a avcodec/iff: add support for ANIMs with keyframes and concatenated ANIMs
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-16 22:39:03 +02:00
Peter Ross
86e493a6ff avcodec: add Direct Stream Transfer (DST) decoder
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-15 01:01:45 +02:00
Paul B Mahol
cb928fc448 lavc: add IFF ANIM decoder
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-13 00:24:48 +02:00
Paul B Mahol
675cfb2f86 avformat/iff: fix deadlock in parsing dsd chunks
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-30 18:06:53 +02:00
Derek Buitenhuis
6f69f7a8bf Merge commit '9200514ad8717c63f82101dc394f4378854325bf'
* commit '9200514ad8717c63f82101dc394f4378854325bf':
  lavf: replace AVStream.codec with AVStream.codecpar

This has been a HUGE effort from:
    - Derek Buitenhuis <derek.buitenhuis@gmail.com>
    - Hendrik Leppkes <h.leppkes@gmail.com>
    - wm4 <nfxjfg@googlemail.com>
    - Clément Bœsch <clement@stupeflix.com>
    - James Almer <jamrial@gmail.com>
    - Michael Niedermayer <michael@niedermayer.cc>
    - Rostislav Pehlivanov <atomnuker@gmail.com>

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-10 20:59:55 +01:00
Anton Khirnov
9200514ad8 lavf: replace AVStream.codec with AVStream.codecpar
Currently, AVStream contains an embedded AVCodecContext instance, which
is used by demuxers to export stream parameters to the caller and by
muxers to receive stream parameters from the caller. It is also used
internally as the codec context that is passed to parsers.

In addition, it is also widely used by the callers as the decoding (when
demuxer) or encoding (when muxing) context, though this has been
officially discouraged since Libav 11.

There are multiple important problems with this approach:
    - the fields in AVCodecContext are in general one of
        * stream parameters
        * codec options
        * codec state
      However, it's not clear which ones are which. It is consequently
      unclear which fields are a demuxer allowed to set or a muxer allowed to
      read. This leads to erratic behaviour depending on whether decoding or
      encoding is being performed or not (and whether it uses the AVStream
      embedded codec context).
    - various synchronization issues arising from the fact that the same
      context is used by several different APIs (muxers/demuxers,
      parsers, bitstream filters and encoders/decoders) simultaneously, with
      there being no clear rules for who can modify what and the different
      processes being typically delayed with respect to each other.
    - avformat_find_stream_info() making it necessary to support opening
      and closing a single codec context multiple times, thus
      complicating the semantics of freeing various allocated objects in the
      codec context.

Those problems are resolved by replacing the AVStream embedded codec
context with a newly added AVCodecParameters instance, which stores only
the stream parameters exported by the demuxers or read by the muxers.
2016-02-23 17:01:58 +01:00
Hendrik Leppkes
c2f861ca42 Replace remaining occurances of av_free_packet with av_packet_unref 2015-10-27 14:35:30 +01:00
Paul B Mahol
aff3acc54c avformat/iff: check for possible overflow in 2nd argument of av_new_packet
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2015-09-25 21:25:08 +02:00
Michael Niedermayer
29d147c94d Merge commit '059a934806d61f7af9ab3fd9f74994b838ea5eba'
* commit '059a934806d61f7af9ab3fd9f74994b838ea5eba':
  lavc: Consistently prefix input buffer defines

Conflicts:
	doc/examples/decoding_encoding.c
	libavcodec/4xm.c
	libavcodec/aac_adtstoasc_bsf.c
	libavcodec/aacdec.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.h
	libavcodec/asvenc.c
	libavcodec/avcodec.h
	libavcodec/avpacket.c
	libavcodec/dvdec.c
	libavcodec/ffv1enc.c
	libavcodec/g2meet.c
	libavcodec/gif.c
	libavcodec/h264.c
	libavcodec/h264_mp4toannexb_bsf.c
	libavcodec/huffyuvdec.c
	libavcodec/huffyuvenc.c
	libavcodec/jpeglsenc.c
	libavcodec/libxvid.c
	libavcodec/mdec.c
	libavcodec/motionpixels.c
	libavcodec/mpeg4videodec.c
	libavcodec/mpegvideo.c
	libavcodec/noise_bsf.c
	libavcodec/nuv.c
	libavcodec/nvenc.c
	libavcodec/options.c
	libavcodec/parser.c
	libavcodec/pngenc.c
	libavcodec/proresenc_kostya.c
	libavcodec/qsvdec.c
	libavcodec/svq1enc.c
	libavcodec/tiffenc.c
	libavcodec/truemotion2.c
	libavcodec/utils.c
	libavcodec/utvideoenc.c
	libavcodec/vc1dec.c
	libavcodec/wmalosslessdec.c
	libavformat/adxdec.c
	libavformat/aiffdec.c
	libavformat/apc.c
	libavformat/apetag.c
	libavformat/avidec.c
	libavformat/bink.c
	libavformat/cafdec.c
	libavformat/flvdec.c
	libavformat/id3v2.c
	libavformat/isom.c
	libavformat/matroskadec.c
	libavformat/mov.c
	libavformat/mpc.c
	libavformat/mpc8.c
	libavformat/mpegts.c
	libavformat/mvi.c
	libavformat/mxfdec.c
	libavformat/mxg.c
	libavformat/nutdec.c
	libavformat/oggdec.c
	libavformat/oggparsecelt.c
	libavformat/oggparseflac.c
	libavformat/oggparseopus.c
	libavformat/oggparsespeex.c
	libavformat/omadec.c
	libavformat/rawdec.c
	libavformat/riffdec.c
	libavformat/rl2.c
	libavformat/rmdec.c
	libavformat/rtpdec_latm.c
	libavformat/rtpdec_mpeg4.c
	libavformat/rtpdec_qdm2.c
	libavformat/rtpdec_svq3.c
	libavformat/sierravmd.c
	libavformat/smacker.c
	libavformat/smush.c
	libavformat/spdifenc.c
	libavformat/takdec.c
	libavformat/tta.c
	libavformat/utils.c
	libavformat/vqf.c
	libavformat/westwood_vqa.c
	libavformat/xmv.c
	libavformat/xwma.c
	libavformat/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 23:15:19 +02:00
Michael Niedermayer
a0fe1a25fa Merge commit 'daf8cf358a098a903d59adb6c0d0cc3262a8c93e'
* commit 'daf8cf358a098a903d59adb6c0d0cc3262a8c93e':
  avformat: Don't anonymously typedef structs

Conflicts:
	libavformat/adtsenc.c
	libavformat/aiffenc.c
	libavformat/avidec.c
	libavformat/gif.c
	libavformat/iff.c
	libavformat/img2dec.c
	libavformat/jvdec.c
	libavformat/matroskadec.c
	libavformat/udp.c
	libavformat/wtvdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-14 21:07:40 +01:00
Diego Biurrun
daf8cf358a avformat: Don't anonymously typedef structs 2015-02-14 10:13:47 -08:00
Peter Ross
1964251be7 libavformat/iff: print error message when DSDIFF compression type is not supported
Signed-off-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-09-26 12:51:40 +02:00
Paul B Mahol
b6543421f5 avformat/iff: rudimentary support for animations
For now only first frame is decoded.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2014-08-18 13:51:52 +00:00
James Almer
d34ec64a22 replace calls to url_feof() with avio_feof()
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-08 00:48:38 +02:00
Michael Niedermayer
592a854f8c avformat/iff: Fix "source comment"
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-05 18:16:46 +02:00
Peter Ross
f57ac37228 avformat/iff: extend IFF demuxer to decode DSDIFF 64-bit chunks
Signed-off-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-04-20 00:22:20 +02:00
Peter Ross
e311b7446a avformat/iff: indent
Signed-off-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-04-13 14:48:36 +02:00
Peter Ross
d95c9679f7 avformat/iff: remove unused code
bits_per_coded_sample and block_align are calculated again at end of if() block

Signed-off-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-04-13 14:48:29 +02:00
Michael Niedermayer
28ee7757f5 Merge commit 'd92024f18fa3d69937cb2575f3a8bf973df02430'
* commit 'd92024f18fa3d69937cb2575f3a8bf973df02430':
  lavf: more correct printf format specifiers

Conflicts:
	libavformat/asfdec.c
	libavformat/cafdec.c
	libavformat/dxa.c
	libavformat/framecrcenc.c
	libavformat/hnm.c
	libavformat/iff.c
	libavformat/mov.c
	libavformat/mxfdec.c
	libavformat/rmdec.c
	libavformat/rpl.c
	libavformat/smacker.c
	libavformat/xmv.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-11 21:05:34 +01:00
Diego Biurrun
d92024f18f lavf: more correct printf format specifiers 2014-03-11 13:13:41 +01:00
Michael Niedermayer
8e90c7285d avformat/iff: check avio_read() return in get_metadata()
Fixes: msan_uninit-mem_7f9539ba8461_4760_dasboot_in_compressed
Fixes use of uninitialized memory
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-12-29 00:58:13 +01:00
Michael Niedermayer
6f9be91063 avformat/iff: fix memleak of packet
Fixes: msan_uninit-mem_7f65b9788da6_388_24.iff
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-12-15 01:44:04 +01:00
Michael Niedermayer
2b31a9c613 avformat/iff: shrink packets to the initialized data
Fixes use of uninitialized data
Fixes: msan_uninit-mem_7f65b9788da6_388_24.iff
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-12-15 01:34:14 +01:00
Michael Niedermayer
03cd3bec6e avformat/iff: Byte seek is unsupported
Fixes Ticket2194

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-20 21:49:02 +02:00
Michael Niedermayer
523c8e0503 Merge commit '50c449ac24fbb4c03c15d2e2026cef2204b80385'
* commit '50c449ac24fbb4c03c15d2e2026cef2204b80385':
  iff: validate CMAP palette size
  asfenc: return error on negative timestamp

Conflicts:
	libavformat/iff.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-03-18 17:30:53 +01:00
Kostya Shishkov
50c449ac24 iff: validate CMAP palette size
Fixes CVE-2013-2495

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

CC: libav-stable@libav.org
2013-03-18 10:48:29 +01:00
Paul B Mahol
a9b424879f lavc & lavf: replace deprecated av_log* functions
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2013-03-15 18:10:28 +00:00
Michael Niedermayer
3dbc0ff9c3 iff: fix integer overflow
Fixes out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-03-05 01:39:50 +01:00
Paul B Mahol
7f7f31bfcb iff: support seeking with maud
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2013-01-07 10:19:49 +00:00
Peter Ross
53ae32d331 iff demuxer: support RGB8 and RGBN 2012-12-11 20:17:30 +11:00