1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Commit Graph

99904 Commits

Author SHA1 Message Date
Michael Niedermayer
9ef60a66f1 avformat/sbgdec: Check that end is not before start
Fixes: signed integer overflow: -9223372036854775808 + -5279949906739200 cannot be represented in type 'long'
Fixes: 26908/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6329610851319808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-11 17:05:24 +01:00
James Almer
a876bc9c17 avcodec/cbs_av1: add a range check to tg_end
Section 6.10.1 of the AV1 spec states:

It is a requirement of bitstream conformance that the value of tg_start is
equal to the value of TileNum at the point that tile_group_obu is invoked.
It is a requirement of bitstream conformance that the value of tg_end is
greater than or equal to tg_start.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-11-11 10:23:01 -03:00
James Almer
ddb0e4fecd avcodec/cbs_av1: infer ref_order_hint when not coded in the bitstream
Signed-off-by: James Almer <jamrial@gmail.com>
2020-11-11 10:17:24 -03:00
Limin Wang
89429cf2f2 avformat/rtspdec: return proper error code
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-11-11 18:32:56 +08:00
Limin Wang
aa1fab6934 avformat/rtsp: check return value of ffurl_read_complete
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-11-11 18:32:56 +08:00
Limin Wang
001ccbc5cc avformat/rtsp: prefer to use variable instead of type
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-11-11 18:32:56 +08:00
Limin Wang
9e2872bc67 avformat/rtspdec: use SDP_MAX_SIZE for sdp array
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-11-11 18:32:56 +08:00
Limin Wang
33f6bb7828 avformat/rtsp: move SDP_MAX_SIZE macro definition to header file
move comments for the size of SDP_MAX_SIZE here:
Some SDP lines, particularly for Realmedia or ASF RTSP streams,
contain long SDP lines containing complete ASF Headers (several
kB) or arrays of MDPR (RM stream descriptor) headers plus
"rulebooks" describing their properties. Therefore, the SDP line
buffer is large.
The Vorbis FMTP line can be up to 16KB - see xiph_parse_sdp_line
in rtpdec_xiph.c.

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-11-11 18:32:56 +08:00
Limin Wang
5439460016 avformat/rtsp: 16384 -> SDP_MAX_SIZE
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-11-11 18:32:56 +08:00
Michael Niedermayer
b1d99ab14f avformat/lvfdec: Check stream_index before use
Fixes: assertion failure
Fixes: 26905/clusterfuzz-testcase-minimized-ffmpeg_dem_LVF_fuzzer-5724267599364096.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-10 16:37:37 +01:00
Michael Niedermayer
d16974c3dd avformat/au: cleanup on EOF return in au_read_annotation()
Fixes: memleak
Fixes: 26841/clusterfuzz-testcase-minimized-ffmpeg_dem_AU_fuzzer-5174166309044224
Regression since: e680d50eb4
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-10 16:37:37 +01:00
Thierry Foucu
1c57b8ae3b libavformat/avidec: Extract more metadata from the header
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-10 16:37:37 +01:00
Paul B Mahol
ee4a046540 avfilter/af_asoftclip: add oversampling support 2020-11-10 15:25:18 +01:00
Andreas Rheinhardt
7e8306dd2d avcodec/gdv: Remove dead check
At the end of its decode function, the decoder sets *got_frame to 1 and
then checks whether ret is < 0; if so, it is returned, otherwise
avpkt->size is. But it is impossible for ret to be < 0 here and if it
were, it would be nonsense to set *got_frame to 1 before this. Therefore
just return avpkt->size unconditionally.

Fixes Coverity issue #1439730.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-10 02:14:29 +01:00
James Almer
d2dcb113f8 avcodec/utils: clear the packet props queue on flushing
This ensures no queued timestamps or side data are kept and used after
seeking, preventing potential desyncs.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-11-09 15:57:56 -03:00
Zane van Iperen
5c7823ff1c
Changelog: add amv muxer & encoder
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-11-09 15:16:03 +10:00
Zane van Iperen
a2fea0f469
avformat: add amv muxer
AMV is a hard-coded (and broken) subset of AVI. It's not worth sullying
the existing AVI muxer with its filth.

Fixes ticket #747.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-11-09 14:58:38 +10:00
Zane van Iperen
555f5c1fc5
avcodec: add adpcm_ima_amv encoder
Fixes ticket #747.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-11-09 14:58:38 +10:00
Zane van Iperen
8903cb3c15
avcodec/adpcm_ima_amv: document header format
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-11-09 14:58:37 +10:00
Zane van Iperen
50d3a751aa
avcodec/adpcm_ima_amv: use coded sample count
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-11-09 14:58:37 +10:00
Zane van Iperen
d6912294d3
avcodec/adpcm_ima_amv: restrict to 1 channel
The format doesn't allow for anything else.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-11-09 14:58:30 +10:00
OvchinnikovDmitrii
2fb764e1f3 lavc/amfenc: Add hardware config metadata
Without this metadata section the ffmpeg utility thinks that the AMF encoder
does not support input from D3D11 and DXVA2 hardware surfaces, causing
hardware pipelines to fail.

Fixes #8953.
2020-11-08 19:05:17 +00:00
Mark Thompson
cd322794ee lavc: Mark hw_config pointer arrays as const
They are read-only just like the HWConfig structures they point to.
2020-11-08 18:54:42 +00:00
Michael Niedermayer
8fbcc546b8 tools/target_dem_fuzzer: Consider it an EIO when reading position wraps around 64bit
Fixes: signed integer overflow: 9223372036854775807 + 564 cannot be represented in type 'long'
Fixes: 26494/clusterfuzz-testcase-minimized-ffmpeg_dem_VOC_fuzzer-576754158849228
Fixes: 26549/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4844306424397824
FIxes: 26875/clusterfuzz-testcase-minimized-ffmpeg_dem_C93_fuzzer-5996226782429184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-07 20:50:33 +01:00
Michael Niedermayer
79cf7c7191 avformat/mpegts: Limit copied data to space
Fixes: out of array access
Fixes: 26816/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-6282861159907328.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-07 20:10:51 +01:00
Zane van Iperen
406879f49c
avcodec/adpcm_ima_swf: fix frame size to 4096
SWF File Format Specification, Version 19 says this is 1 raw
sample + 4095 nibbles.

https://www.adobe.com/content/dam/acom/en/devnet/pdf/swf-file-format-spec.pdf

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-11-07 23:43:26 +10:00
Zane van Iperen
45d45c8ec5
Revert "avcodec/adpcm_swf: support decoding multiple fixed-sized blocks at once"
Is incorrect behaviour. Was covering for an encoder bug where it produced frames
of the wrong size.

This reverts commit e9dd73d30d.

Fixes: out of array write
Fixes: 26821/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_SWF_fuzzer-5764465137811456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-11-07 23:43:02 +10:00
Omar Emara
04b37b5d7f avdevice/xcbgrab: Add select_region option
This patch adds a select_region option to the xcbgrab input device.
If set to 1, the user will be prompted to select the grabbing area
graphically by clicking and dragging. A rectangle will be drawn to
mark the grabbing area. A single click with no dragging will select
the whole screen. The option overwrites the video_size, grab_x, and
grab_y options if set by the user.

For testing, just set the select_region option as follows:

ffmpeg -f x11grab -select_region 1 -i :0.0 output.mp4

The drawing happens directly on the root window using standard rubber
banding techniques, so it is very efficient and doesn't depend on any
X extensions or compositors.

Reviewed-by: Andriy Gelman <andriy.gelman@gmail.com>
Signed-off-by: Omar Emara <mail@OmarEmara.dev>
2020-11-06 23:25:13 -05:00
Limin Wang
c8101aabee avformat/rtsp: support infinite initial_timeout for rtsp option
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-11-07 10:13:29 +08:00
Limin Wang
06aab9790d fate/filter-video: add 10bit test for unsharp filter
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-11-07 10:09:59 +08:00
Limin Wang
a51767c9b3 avfilter/vf_unsharp: add more pixel format support
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-11-07 10:09:59 +08:00
Limin Wang
ee792ebe08 avfilter/vf_unsharp: add 10bit support
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-11-07 10:09:59 +08:00
Andreas Rheinhardt
0302728c9e avcodec/truemotion2: Allocate buffers together
Reduces the number of allocations and frees.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-06 13:57:49 +01:00
Andreas Rheinhardt
fa1d105a6c avcodec/truemotion2: Cleanup generically on init failure
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-06 13:57:49 +01:00
Andreas Rheinhardt
52cd5508cc avcodec/truemotion2: Remove redundant initializations
The codec's private context has already been zeroed generically.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-06 13:57:49 +01:00
Andreas Rheinhardt
9eb22ca804 avcodec/truemotion2: Replace av_free() by av_freep() in AVCodec.close
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-06 13:57:49 +01:00
Andreas Rheinhardt
992adc8aaf avcodec/sonic: Don't allocate a temporary buffer for every frame
Instead allocate it together with the buffer that it mirrors.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-06 13:57:49 +01:00
Andreas Rheinhardt
4b4c7d6e1a avcodec/mss4: Fix memleaks upon allocation error
During init the mts2 decoder allocates several VLCs and then several
buffers in a loop; if one of the latter allocations fails, only the VLCs
are freed, not any buffers that might already have been successfully
allocated. This commit fixes this by setting the
FF_CODEC_CAP_INIT_CLEANUP flag.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-06 13:57:49 +01:00
Paul B Mahol
a125e08130 avfilter: add adenorm filter 2020-11-05 18:26:27 +01:00
Vesselin Bontchev
03fb314acf Add support for playing Audible AAXC (.aaxc) files [PATCH v4]
The AAXC container format is the same as the (already supported) Audible
AAX format but it uses a different encryption scheme.

Note: audible_key and audible_iv values are variable (per file) and are
externally fed.

It is possible to extend https://github.com/mkb79/Audible to derive the
audible_key and audible_key values.

Relevant code:

def decrypt_voucher(deviceSerialNumber, customerId, deviceType, asin, voucher):
    buf = (deviceType + deviceSerialNumber + customerId + asin).encode("ascii")
    digest = hashlib.sha256(buf).digest()
    key = digest[0:16]
    iv = digest[16:]

    # decrypt "voucher" using AES in CBC mode with no padding
    cipher = AES.new(key, AES.MODE_CBC, iv)
    plaintext = cipher.decrypt(voucher).rstrip(b"\x00")  # improve this!
    return json.loads(plaintext)

The decrypted "voucher" has the required audible_key and audible_iv
values.

Update (Nov-2020): This patch has now been tested by multiple folks -
details at the following URL:

https://github.com/mkb79/Audible/issues/3

Signed-off-by: Vesselin Bontchev <vesselin.bontchev@yandex.com>
2020-11-05 21:40:20 +05:30
Martin Storsjö
70d8077b79 tls: Hook up the url_get_short_seek function in the TLS backends
This makes sure that small seeks forward on https don't end up
doing new requests.

Signed-off-by: Martin Storsjö <martin@martin.st>
2020-11-05 09:22:17 +02:00
Timo Rothenpieler
a1553b0cfb avfilter/scale_cuda: fix pitch calculation for >8 bit formats 2020-11-05 00:47:14 +01:00
Michael Niedermayer
442d53f409 avformat/bintext: Check width in idf_read_header()
Fixes: division by 0
Fixes: 26802/clusterfuzz-testcase-minimized-ffmpeg_dem_IDF_fuzzer-5180591554953216.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-04 23:38:36 +01:00
Michael Niedermayer
f291cd681b avformat/iff: check size against INT64_MAX
Bigger sizes are misinterpreted as negative numbers by the API
Fixes: infinite loop
Fixes: 26611/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4890614975692800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-04 23:38:36 +01:00
Michael Niedermayer
27a99e2c7d avformat/vividas: improve extradata packing checks in track_header()
Fixes: out of array accesses
Fixes: 26622/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6581200338288640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-04 23:30:53 +01:00
Michael Niedermayer
437b7302b0 avformat/paf: Check for EOF in read_table()
Fixes: OOM
Fixes: 26528/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5081929248145408
Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-04 23:30:53 +01:00
Michael Niedermayer
dad9a86ca7 avformat/gxf: Check pkt_len
Fixes: Infinite loop
Fixes: 26576/clusterfuzz-testcase-minimized-ffmpeg_dem_GXF_fuzzer-4823080360476672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-04 23:30:53 +01:00
Michael Niedermayer
0ba71a72d3 avformat/aiffdec: Check packet size
Fixes: Fixes infinite loop
Fixes: 26575/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5727522236661760

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-04 23:30:53 +01:00
Michael Niedermayer
66ca6d0fe8 libavformat/aviobuf: Forward error from avio_read in ffio_read_size()
Suggested-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-04 23:30:53 +01:00
Michael Niedermayer
441fd1bd7d avformat/rmdec: remove unneeded memset() on packet allocation
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-04 23:30:53 +01:00