1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00

25039 Commits

Author SHA1 Message Date
Pierre-Anthony Lemieux
0e402ebf48
format/imfdec: improve error handling when selecting tracks for playback
Reviewed-by: Zane van Iperen <zane@zanevaniperen.com>
2022-09-28 11:54:52 +10:00
Andreas Rheinhardt
2b41463b87 avformat/internal: Don't include avcodec.h
The general demuxing API uses parsers and decoders. Therefore
FFStream contains pointers to AVCodecContexts and
AVCodecParserContext and lavf/internal.h includes lavc/avcodec.h.

Yet actually only a few files files really use these; and it is best
when this number stays small. Therefore this commit uses opaque
structs in lavf/internal.h for these contexts and stops including
avcodec.h.
This also avoids including lavc/codec_desc.h implicitly. All other
headers are implicitly included as now (mostly through codec.h).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-26 03:02:50 +02:00
Andreas Rheinhardt
832e6563df avformat/matroska*: Use av_chroma_location_(pos_to_enum|enum_to_pos)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-26 03:02:27 +02:00
Andreas Rheinhardt
843fe314ea avformat/nutdec: Don't shrink packet size manually
It is unnecessary because an av_shrink_packet() a few lines below
will set the size; furthermore, it is actually harmful, because
av_shrink_packet() does nothing in case the size already matches,
so that the packet's padding is not correctly zeroed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-25 14:56:03 +02:00
Michael Niedermayer
aa441ac105
avformat/matroskadec: Error out if a timestamp is beyond duration
Maybe timestamp / duration validity should be checked earlier

Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6586894739177472
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 18:29:43 +02:00
Michael Niedermayer
4075f0cec1
avformat/spdifdec: Use 64bit to compute bit rate
Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 18:29:32 +02:00
Michael Niedermayer
529f64b2eb
avformat/rpl: Use 64bit for duration computation
Fixes: signed integer overflow: 24709512 * 88 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6737973728641024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 18:29:08 +02:00
Michael Niedermayer
2c789f753c
avformat/xwma: Use av_rescale() for duration computation
Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 18:28:57 +02:00
Michael Niedermayer
aa8eb1bed0
avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation
Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 18:28:51 +02:00
Michael Niedermayer
5f529e9147
avformat/sbgdec: Check ts_int in genrate_intervals
There is probably a better place to check for this, but better
here than nowhere

Fixes: signed integer overflow: -9223372036824775808 - 86400000000 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6601162580688896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 18:28:41 +02:00
Michael Niedermayer
981f5e46af
avformat/sbgdec: clamp end_ts
Fixes: signed integer overflow: 9223372036851135042 + 15666854 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6573717339111424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 18:28:29 +02:00
Michael Niedermayer
2cb7ee8a36
avformat/rmdec: check tag_size
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 18:28:19 +02:00
Michael Niedermayer
2c146406ea
avformat/nutdec: Check fields
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 18:28:10 +02:00
Michael Niedermayer
7124f10c1d
avformat/flvdec: Use 64bit for sum_flv_tag_size
Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 18:27:43 +02:00
Michael Niedermayer
b1a68127bb
avformat/jacosubdec: Fix overflow in get_shift()
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-6722544461283328
Fixes: signed integer overflow: 48214448 * 60 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 17:57:37 +02:00
Michael Niedermayer
0345a88545
avformat/genh: Check nb_channels for IMA ADPCM
The check could be made more strict

Fixes: signed integer overflow: 36 * 538976288 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-6539389873815552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 17:57:37 +02:00
Michael Niedermayer
93db0f0740
avformat/dxa: avoid bpc overflows
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 17:57:37 +02:00
Michael Niedermayer
10453f5192
avformat/dhav: Use 64bit seek_back
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-6604736532447232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 17:57:36 +02:00
Michael Niedermayer
d4bb4e3759
avformat/cafdec: Check that nb_frasmes fits within 64bit
Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 17:57:36 +02:00
Michael Niedermayer
736e9e69d5
avformat/asfdec_o: Limit packet offset
avoids overflows with it

Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 17:57:36 +02:00
Michael Niedermayer
5b23cab5c7
avformat/apm: Use 64bit for bit_rate computation
Fixes: signed integer overflow: -1155522528 * 4 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APM_fuzzer-6580670570299392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 17:57:35 +02:00
Michael Niedermayer
d0349c9929
avformat/ape: Check frames size
Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-24 17:57:35 +02:00
James Almer
aa79d13f51 avformat/cafenc: derive Opus frame size from the relevant stream parameters
Use the stream duration as last resort, as an off-by-one result of the
"st->duration / (caf->packets - 1)" calculation can break playback on some
devices.
Also, don't write the sample_rate value propagated by encoders like libopus.
The sample rate of the audio fed to it is irrelevant after being encoded.

Fixes ticket #9930.

Signed-off-by: James Almer <jamrial@gmail.com>
2022-09-24 12:16:15 -03:00
Paul B Mahol
a166b8a19b avcodec: add FTR audio decoder and parser 2022-09-24 14:03:59 +02:00
Paul B Mahol
6c23391064 avformat: add APAC demuxer 2022-09-23 20:27:35 +02:00
Vignesh Venkatasubramanian
a2d95928c3 avformat/movenc: Write auxi box for animated AVIF with alpha
According to the HEIF specification (ISO/IEC 23008-12) Section
7.5.3.1, tracks with handler_type 'auxv' must contain a 'auxi' box
in its SampleEntry to notify the nature of the auxiliary track to the
decoder.

The content is the same as the 'auxC' box. So parameterize and re-use
the existing function.

Signed-off-by: Vignesh Venkatasubramanian <vigneshv@google.com>
Signed-off-by: James Zern <jzern@google.com>
2022-09-22 14:10:22 -07:00
Michael Niedermayer
db73ae0dc1
avformat/icodec: Check nb_pal
Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-22 17:44:05 +02:00
Michael Niedermayer
9303ba272e
avformat/aiffdec: Use 64bit for block_duration use
Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-22 17:44:05 +02:00
Michael Niedermayer
1c2b6265c8
avformat/aiffdec: Check block_duration
Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-22 17:44:04 +02:00
Michael Niedermayer
c5bd689655
avformat/mxfdec: Avoid some redundant writing to tables in mxf_compute_ptses_fake_index()
offsets suggested by Tomas Härdin
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-22 17:44:04 +02:00
Michael Niedermayer
1182bbb2c3
avformat/mxfdec: only probe max run in
Suggested-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-22 17:44:04 +02:00
Michael Niedermayer
7786097825
avformat/mxfdec: Check run_in is within 65536
Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-22 17:44:03 +02:00
Andreas Rheinhardt
8306074dc6 avformat/dashdec: Reindent after the previous commit
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-22 15:34:54 +02:00
Andreas Rheinhardt
14b3830b33 avformat/dashdec: Fix crash on invalid input/ENOMEM, fix leak
In case a SupplementalProperty node exists in an adaptationset,
it is searched for a "schemeIdUri" property via xmlGetProp().
Whatever xmlGetProp() returns is then compared via av_strcasecmp()
to a string literal. xmlGetProp() can return NULL, namely in case
no "schemeIdUri" exists and (given that this string is allocated)
presumably also on allocation failure. No check for NULL is done,
so this may crash.

Furthermore, the string returned by xmlGetProp() needs to be freed
with xmlFree(), but this is not done either.

This commit fixes both of these issues; they existed since this code
has been added in 10d008f0fd9e713e290f626300d66382ad786c49.

This has been found while investigating ticket #9697. The continuous
leaks might very well be the reason behind the observed slowdown.

Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-22 15:34:23 +02:00
Wang Yaqiang
0744782de3 avformat/mov: get the correct fragment stsd_id when decrypting the sample
When determining whether a packet should be decrypted,
should use the stsd_id of the fragment where the current packet is located.

Reviewed-by: Zhao Zhili <zhilizhao@tencent.com>
Signed-off-by: Wang Yaqiang <wangyaqiang03@kuaishou.com>
2022-09-21 13:58:40 +08:00
Will Cassella
e601ec3c19 libavformat/riffec: Zero-initialize channels in ff_get_wav_header
Clang's static analyzer complains that leaving the  variable
uninitialized could lead to a code path where the uninitialized value is
written to  at the end of this function.
This patch simply zero-initializes that variable to avoid that.

Signed-off-by: Will Cassella <cassew@google.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2022-09-20 18:58:23 -03:00
Andreas Rheinhardt
d438540d2b avformat/spdifenc: Reorder struct members to make it smaller
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-20 18:32:28 +02:00
Pierre-Anthony Lemieux
48fa27e77a avformat/mxf: set stream frame rates for ST 422 essence containers
The MXF demuxer does not currently set AVStream::avg_frame_rate and ::r_frame_rate
when J2K essence is wrapped according to SMPTE ST 422.

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-20 11:25:54 +02:00
Andreas Rheinhardt
c8707c105f avformat/aptxdec: Don't set AV_PKT_FLAG_CORRUPT mistakenly
Just because we try to put multiple units of block_align bytes
(the atomic units for APTX and APTX HD) into one packet
does not mean that packets with fewer units than the
one we wanted are corrupt; only those packets that are not
a multiple of block_align are.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-19 17:05:33 +02:00
Andreas Rheinhardt
9d10d3a4ee avformat/aptxdec: Don't set AVCodecParameters.frame_size
This field was misunderstood: It gives the number of samples
in a packet, not the number of bytes. Its usage was wrong for APTX HD.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-19 17:05:33 +02:00
Paul B Mahol
9c05f178a6 avformat/ape: fix overflow in total_blocks 2022-09-16 18:04:20 +02:00
Paul B Mahol
8f11512273 avformat/ape: set packet duration 2022-09-16 18:04:20 +02:00
Andreas Rheinhardt
2c23cd0181 avformat/bonk: Don't set data_offset to what it would be set to anyway
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-16 17:49:40 +02:00
Paul B Mahol
dd2a01ef5c avformat: add LAF demuxer 2022-09-16 10:02:19 +02:00
Paul B Mahol
ea93943bee avcodec: add MI-SC4 audio decoder 2022-09-16 10:02:19 +02:00
Andreas Rheinhardt
62af385b91 avformat/dump: Avoid unnecessary implicit calculation of strlen
av_strlcpy() returns the length of the src string to enable
the caller to check for truncation. It is currently used in
the following way in dump_metadata(): Every metadata value
is searched for \b, \n, \v, \f, \r and then the data up to
the first of these characters found is copied to a small
temporary buffer via av_strlcpy() (but of course not more
than fits into said buffer) and then printed; all characters up
to the character found earlier are then treated as consumed.

But this is bad performance-wise if the while string is big
and contains many of these characters, because av_strlcpy()
will unnecessarily calculate the length of the whole remaining string.
(dump_metadata() actually ignored the return value of av_strlcpy().)

Fix this by not copying the data to a temporary buffer at all.
Instead just use %.*s to bound the number of characters output.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-14 15:03:59 +02:00
Paul B Mahol
3ce6fa6b6d avformat: add bonk demuxer 2022-09-12 11:35:43 +02:00
James Almer
60d8c2019f avformat/riffdec: don't unconditionally overwrite WAVEFORMATEXTENSIBLE layout
Do it only if the value conflicts with the previous channels value.

Fixes ticket #9912

Signed-off-by: James Almer <jamrial@gmail.com>
2022-09-11 09:52:02 -03:00
Michael Niedermayer
d32a9f3137
libavformat/hls: Free keys
Fixes: memleak
Fixes: 50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-10 17:32:47 +02:00
James Almer
836b8001c9 avformat/mov: don't read duration from mvhd atom
This duration is equal to the longest duration in all track's tkhd atoms, which
may be comprised of the sum of all edit lists in each track. Empty edit lists
in tracks represent start_time, and the actual media duration is stored in the
mdhd atom.
This change lets the generic demux code derive the longest track duration taken
from mdhd atoms, so the correct duration and start_time combination will be
reported.

Should fix ticket #9775.

Reviewed-by: zhilizhao(赵志立) <quinkblack@foxmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2022-09-08 20:06:06 -03:00