If another peer is sending unicast packets to the same port that
we are listening on, those packets can end up being received despite
using source specific multicast. For those cases, manually check the
source address of received packets against the intended source address.
This only handles the case when the source list is one single IP
address for now, which probably is the most common case.
Based on a patch by Ed Torbett.
Signed-off-by: Martin Storsjö <martin@martin.st>
Blocking/exclusion is not supported yet.
The rtp protocol parameter takes the same form as the existing
sources parameter for the udp protocol.
Signed-off-by: Martin Storsjö <martin@martin.st>
If either of the deltas is too large for the multiplications to
succeed, don't use this for setting the avg frame rate.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
The time scale is set in mdhd, and later validated in the
enclosing trak atom once all of its children have been parsed.
A loose mdhd atom outside of a trak atom could update the time
scale of the last stream without any validation.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
The RTP timestamps can be decreasing for codecs with B-frames. For
these cases, make sure the timestamps in the MP4 file track itself
are nondecreasing, and add an offset to the RTP packet hint instead
to produce the intended RTP timestamp.
Signed-off-by: Martin Storsjö <martin@martin.st>
This fixes crashes when playing back certain RealRTSP streams.
When invoked from the RTP depacketizer, the full realmedia
demuxer isn't invoked, but only certain functions from it, where
a separate AVIOContext is passed in as parameter (for the buffer
containing the data to parse). The functions called from within
those entry points should only be using that parameter, not
s->pb. In the depacketizer case, s is the RTSP context, where ->pb
is null.
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
This makes sure the ffurl_read_complete function actually
returns the number of bytes read, as the documentation of the
function says, even if the underlying protocol uses AVERROR_EOF
instead of 0.
Signed-off-by: Martin Storsjö <martin@martin.st>
A sid 0 would be mismatched to the attachment.
Prevent NULL pointer dereference.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This allows handling matroska files with errors.
Fixes test4.mkv and test7.mkv from the official Matroska test suite,
and by extension Bugzilla #62.
Based on a patch by Reimar Doffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The previous allocation increment of 16384 meant that the cluster
array was allocated for 0.6 MB initially, which is a bit excessive
for cases with fragmentation where only a fraction of that ever
actually is used.
Therefore, start off at a much smaller value, and increase by
doubling (to avoid reallocating too often when writing long
non-fragmented mp4 files).
Bug-Id: 525
Signed-off-by: Martin Storsjö <martin@martin.st>
When writing fragmented mp4, the cluster array is reset when a
fragment is written. Instead of starting off reallocating the
array only based on the number of current elements in it, keep
track of how many elements there were allocated earlier.
This avoids reallocating this array needlessly when writing
fragmented mp4 files.
Bug-Id: 525
Signed-off-by: Martin Storsjö <martin@martin.st>
This makes the struct name (which isn't used anywhere) match the
name of the typedef, as for all the other structs declared in this
header.
Signed-off-by: Martin Storsjö <martin@martin.st>
Currently the demuxer shaves the blocks and exports only the
information that is useful to the decoder.
Exporting the blocks just as they are stored is simpler to understand
and will make remuxing wavpack easier.
Some fixes provided by Paul B Mahol <onemda@gmail.com>
and Michael Niedermayer <michaelni@gmx.at> and me.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
According to the PIFF specification[1] the base_data_offset field MUST be
omitteed. See section 5.2.17. Since the ISMV files created by libavformat
state that they are 'piff' compatible via 'ftyp' box, this needs to be
corrected.
[1] http://www.iis.net/learn/media/smooth-streaming/protected-interoperable-file-format
Signed-off-by: Martin Storsjö <martin@martin.st>
output-example links against swscale, which depends on avutil. In standard
configurations, by pure good luck, the libs before swscale pull in all of
swscale's dependencies and linking succeeds. However, in some configurations
like --disable-asm this is not the case and linking fails.
Hardcode the dependency to avoid a more general Makefile refactoring.
Most formats do not support negative timestamps, shift them to avoid
unexpected behaviour and a number of bad crashes.
CC:libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Each lace must be independent according to the specification.
Fix heap-buffer-overflow in matroska_parse_block for
corrupted real media in mkv files.
Stricter check than fc43c19a56
CC: libav-stable@libav.org
Fix heap-buffer-overflow in matroska_parse_block for
corrupted real media in mkv files.
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
The sample rate index is 3 bits even if currently index 5, 6 and 7 are
not supported.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
- Make MultiByteToWideChar fail when it encounters invalid encoding.
Without this, invalid characters might just be skipped
- When MultiByteToWideChar fails, assume the file name is in CP_ACP
and open it via normal open function, even when the file will be
written
- When malloc fails return error instead of crashing
Signed-off-by: Martin Storsjö <martin@martin.st>
In order to match Linux behaviour better our Windows-specific
open() replacement should disable Windows default file locking.
Signed-off-by: Martin Storsjö <martin@martin.st>
Also move the declaration to internal.h, and add restrict qualifiers
to the declaration (as in the implementation).
Signed-off-by: Martin Storsjö <martin@martin.st>
do_adobe_auth takes the parameters in the order "opaque, challenge".
Due to the way they are treated, this didn't matter in the tested
setups though - if both are set, we only use one. In the tested
setups (Wowza and Akamai) either one of them were null or they
were both set to the same value, which is why this worked before.
Signed-off-by: Martin Storsjö <martin@martin.st>
To avoid allocating ridiculous amounts of memory for corrupted files,
read the input in chunks limited to filesize or an arbitrary large
amount when that is not known (chosen to be 50M).
Simplify `p->buf > p->buf + p->buf_size - 4' as `p->buf_size < 4'.
Avoid a possible out-of-bounds pointer, which is undefined behavior
in C.
CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
When parsing the Xing/Info tag, don't set the bit rate if it's an Info tag.
When parsing the stream, don't override the bit rate if it's already set,
otherwise calculate the mean bit rate from parsed frames. This way, the bit
rate will be set correctly both for CBR and VBR streams.
CC:libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The warnings are false positives, older gcc versions (such as 4.5)
think the variables can be used uninitialized while they in
practice can't, while newer (4.6) gets it right.
Signed-off-by: Martin Storsjö <martin@martin.st>
The callers of this function can't report errors sanely. If this
one malloc fails, don't write the extradata byte, make sure we
try to malloc it the next time we're called instead, and make sure
we still consume the input data byte.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
This header byte is only present when actually reading a VP6 frame,
not when reading the codec type field in the metadata. This
potential bug has been present since 5b54a90c.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
The handling of the environment variable no_proxy, present since
one of the initial commits (de6d9b6404), is inconsistent with
how many other applications and libraries interpret this
variable. Its bare presence does not indicate that the use of
proxies should be skipped, but it is some sort of pattern for
hosts that does not need using a proxy (e.g. for a local network).
As investigated by Rudolf Polzer, different libraries handle this
in different ways, some supporting IP address masks, some supporting
arbitrary globbing using *, some just checking that the pattern matches
the end of the hostname without regard for whether it actually is
the right domain or a domain that ends in the same string.
This simple logic should be pretty similar to the logic used by
lynx and curl.
Signed-off-by: Martin Storsjö <martin@martin.st>
In some ASF files this objects holds cover art and other tags. Compared to
Metadata Object it can also hold GUIDs, but we ignore these for now.
Signed-off-by: Vladimir Pantelic <vladoman@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Use the same get_tag()/get_value() as for the Extended Content Description
but handle the 16 bit vs 32 bit difference for type 2 (BOOL)
Signed-off-by: Vladimir Pantelic <vladoman@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
In ff_rtp_get_payload_type, the AVFormatContext is used for checking
whether the payload_type or rtpflags options are set. In rtpenc_chain,
the rtpctx struct is a newly initialized struct where no options have
been set yet, so no options can be fetched from there.
All muxers that internally chain rtp muxers have the "rtpflags" field
that allows passing such options on (which is how this worked before
8034130e06), so this works just as intended.
This makes it possible to produce H263 in RFC2190 format with chained
RTP muxers.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
Not sure if this actually happens, but we do the same check when
checking payload_type further above in the function, so it might
be needed.
Signed-off-by: Martin Storsjö <martin@martin.st>
The check `start + res < start' is broken since pointer overflow is
undefined behavior in C. Many compilers such as gcc/clang optimize
away this check.
Use `res > end - start' instead. Also change `res' to unsigned int
to avoid signed left-shift overflow.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly. Also change a literal buffer
size to use sizeof, and limit the amount of data copied in another
memcpy call as well.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C. Many compilers such as gcc/clang optimize such
checks away.
Use `size < 0 || size >= data_end - data' instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
Expose the current sequence number via an AVOption - this can
be used both for setting the initial sequence number, or for
querying the current number.
Signed-off-by: Martin Storsjö <martin@martin.st>
Use AVERROR_INVALIDDATA on invalid inputs, and AVERROR_EOF when no more
frames are available in an interleaved AVI.
Signed-off-by: Jindrich Makovicka <makovick@gmail.com>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
The theoretical minimum for a (not totally well formed) RTCP packet
is 8 bytes, so we shouldn't require 12 bytes as minimum input.
Also return AVERROR_INVALIDDATA instead of 0 if something that is
not a proper packet is given.
Signed-off-by: Martin Storsjö <martin@martin.st>
This clarifies where the limit number comes from, and only
requires exactly as much padding space as will be needed.
Signed-off-by: Martin Storsjö <martin@martin.st>
The main difference to the existing suites from RFC 4568 is
that the version with a 32 bit HMAC still uses 80 bit HMAC
for RTCP packets.
Signed-off-by: Martin Storsjö <martin@martin.st>
The lavf-internal parser functions are used when receiving
mpegts over RTP. This fixes memory leaks in this setup.
The normal mpegts demuxer close function was updated in ec7d0d2e in
2004 to fix leaks, but the parsing function used for RTP wasn't
updated and has been leaking ever since.
Signed-off-by: Martin Storsjö <martin@martin.st>
This makes the returned data valid to stream copy into other
containers as well, not only for decoding straight away.
Signed-off-by: Martin Storsjö <martin@martin.st>
This is mostly useful for encryption together with the RTP muxer,
but could also be set up as IO towards the peer with the SDP
demuxer with custom IO.
Signed-off-by: Martin Storsjö <martin@martin.st>
This only takes care of decrypting incoming packets; the outgoing
RTCP packets are not encrypted. This is enough for some use cases,
and signalling crypto keys for use with outgoing RTCP packets
doesn't fit as simply into the API. If the SDP demuxer is hooked
up with custom IO, the return packets can be encrypted e.g. via the
SRTP protocol.
If the SRTP keys aren't available within the SDP, the decryption
can be handled externally as well (when using custom IO).
Signed-off-by: Martin Storsjö <martin@martin.st>
This supports the AES_CM_128_HMAC_SHA1_80 and
AES_CM_128_HMAC_SHA1_32 cipher suites (from RFC 4568) at the
moment. The main missing features are replay protection (which can be
added later without changing the internal API), and the F8 and null
ciphers.
Signed-off-by: Martin Storsjö <martin@martin.st>
The function is a callback that is called by ff_gen_search with
a constant stream index.
Avoid a false positive on older gcc version.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This makes the behaviour defined when they wrap around. The value
assigned to expected_prior was a uint32_t already.
Signed-off-by: Martin Storsjö <martin@martin.st>
Without this, we'd signal a huge loss rate (due to unsigned
wraparound) if we had received one packet more than expected (that
is, one seq number sent twice). The code has a check for lost_interval
<= 0, but that doesn't do what was intended as long as the variable is
unsigned.
Signed-off-by: Martin Storsjö <martin@martin.st>
