1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-07 11:13:41 +02:00
Commit Graph

1432 Commits

Author SHA1 Message Date
Michael Niedermayer
8176799f31 avformat/mov: Only set pkt->duration to non negative values
Reviewed-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-14 18:55:45 +02:00
Jacob Trimble
4aba45ca1f avformat/mov: Add check for per-sample IV size.
Found by Chrome's ClusterFuzz: http://crbug.com/849062.

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-13 16:46:40 +02:00
Jacob Trimble
cf81a9c078 avformat/mov: Fix reading saio/saiz for clear content.
This validates that the common encryption saio/saiz atoms only appear
when the data is actually encrypted.  This also ignores those atoms
in clear content.

Found by Chrome's ClusterFuzz: http://crbug.com/850389

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-09 20:44:50 +02:00
Sasi Inguva
fe6c4f0c47 lavf/mov.c: Set st->start_time for video streams explicitly.
If start_time is not set, ffmpeg takes the duration from the global
movie instead of the per stream duration.
Signed-off-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-06 01:53:30 +02:00
Sasi Inguva
318d0fcbfe lavf/mov.c: Fix timestamps to be strictly monotonic for video also.
We already do this for audio, but it should be done for video too.
If we don't, seeking back to the start of the file, for example, can
become quite broken, since the first N packets will have repeating
and nonmonotonic PTS, yet they need to be decoded even if they are
to be discarded.

Signed-off-by: Sasi Inguva <isasi@isasi.mtv.corp.google.com>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2018-06-05 16:00:19 +01:00
Jacob Trimble
9827bb88e7 libavformat/mov: Fix heap buffer overflow.
Found by Chrome's ClusterFuzz: https://crbug.com/847060

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-02 01:55:12 +02:00
Michael Niedermayer
fe84f70819 avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
Fixes: #7165

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-05-22 21:05:45 +02:00
Michael Niedermayer
2c2d689c56 avformat/mov: Only fail for STCO/STSC contradictions if both exist
Fixes regression with playback of GF9720Repeal20the20Eighth20with20Helen20Linehan.m4a
See: crbug 822666

Found-by: "Mattias Wadman <mattias.wadman@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-05-21 01:50:21 +02:00
Michael Niedermayer
56e76bd057 avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
Without this some operations might overflow (undefined behavior)
even though the index adding loop would never execute

No testcase known

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-05-21 01:38:56 +02:00
Derek Buitenhuis
28503c5aea mov: Properly abide by the track's media duration
The track's media duration from the mdhd atom takes precedence
over both the stts and elst atom for calculating and setting
the track's total duraion.

Technically, we shouldn't be using the stts atom at all for
calculating stream durations.

This fixes incorrect stream and final packet durations on files
with edit lists that are longer than the media duration.

The FATE changes are expected, and output is more correct (the
AAC frame is not 1028 samples).

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2018-04-26 14:42:15 +01:00
Jacob Trimble
e5ba5fab49 avformat/mov: Fix parsing of saio/siaz atoms in encrypted content.
This doesn't support saio atoms with more than one offset.

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-21 00:45:31 +02:00
Jacob Trimble
baf9c0bd99 avformat/mov: Remove old encryption info methods.
Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-19 21:49:47 +02:00
Jacob Trimble
606c5c7f3a avformat/mov: Fix memory leak in encryption info.
Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-19 21:49:47 +02:00
Jacob Trimble
f7221d8e67 avformat/mov: Increase support for common encryption.
- Parse schm atom to get different encryption schemes.
- Allow senc atom to appear in track fragments.
- Allow 16-byte IVs.
- Allow constant IVs (specified in tenc).
- Allow only tenc to specify encryption (i.e. no senc/saiz/saio).
- Use sample descriptor to detect clear fragments.

This doesn't support:
- Different sample descriptor holding different encryption info.
  - Only first sample descriptor can be encrypted.
- Encrypted sample groups (i.e. seig).
- Non-'cenc' encryption scheme when using -decryption_key.

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-19 03:15:32 +02:00
Michael Niedermayer
0a8133119c avformat/mov: Fix extradata memleak
Fixes: crbug 822705

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-12 23:52:59 +02:00
Jacob Trimble
b08c132a9c avformat/mov: Fix parsing of tfdt when using sample descriptors.
Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-05 20:10:24 +02:00
Timo Teräs
8c980b1c92 avformat/mov: parse multiple iTunes cover images
Multiple cover images are supported by having multiple data atoms
inside the covr atom. AtomicParsley and mutagen amongst others
support and document this construct.

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-01 02:58:51 +02:00
Michael Niedermayer
eb60b9d3aa avformat/mov: Move +1 in check to avoid hypothetical overflow in add_ctts_entry()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-03-26 02:16:48 +02:00
Michael Niedermayer
9e67447a4f avformat/mov: Check STSC and remove invalid entries
Fixes assertion failure
Fixes: crbug 822547, crbug 822666 and crbug 823009

Affects: aark15sd_9A62E2FA.mp4

Found-by: ClusterFuzz
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-03-20 22:59:40 +01:00
Michael Niedermayer
2f37082827 avformat/mov: Fix integer overflows related to sample_duration
Fixes: runtime error: signed integer overflow: -9166684017437101870 + -2495066639299164439 cannot be represented in type

Fixes: Chromium bug 791349

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-03-12 01:32:42 +01:00
Sasi Inguva
43205df645 lavf/mov.c: Use the correct offset to shift timestamp when seeking.
Fixes seek for files with empty edits and files with negative ctts
(dts_shift > 0). Added fate samples and tests.

Signed-off-by: Sasi Inguva <isasi@isasi.mtv.corp.google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-03-10 17:55:50 +01:00
James Almer
c4cee26129 avformat/mov: print the projection type when reporting it as unsupported
Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2018-03-09 12:17:53 -03:00
Xiaohan Wang
3386be16d5 ffmpeg: Fix stts_data memory allocation
In this loop, |i| is the "index". And the memory allocated should be at
least the current "count", which is |i + 1|.

BUG=801821

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-03-09 02:39:21 +01:00
Michael Niedermayer
367929bed9 avformat/mov: Fix integer overflow in mov_get_stsc_samples()
Fixes: runtime error: signed integer overflow: 5 * -2147483647 cannot be represented in type 'int'
Fixes: Chromium bug 817338
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Reported-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-03-07 20:37:33 +01:00
Matt Wolenetz
133ddd3875 avformat/mov: Initialize a potential gap in ctts_data in mov_build_index
mov_read_ctts ignores ctts entries having count <= 0. Generally, the
aggregate of all ctts entries' count fields resulting from mov_read_ctts
can be less than the corresponding sample_count.

mov_build_index attempts to normalize any existing ctts_data counts to
be 1, to make a 1-1 mapping of a ctts_data entry to a sample.

That 1-1 mapping left a tail of uninitialized ctts_data entries when the
aggregate, normalized ctts_count < sample_count.

Even more generally, later usage of ctts_data may depend on the entire
ctts_allocated_size having been initialized.

This change memsets the entire allocation of the normalized ctts_data in
mov_build_index, to prevent use of uninitialized data later.

BUG=816787

Change-Id: I7fd7db255e3aeed076ee32c90cb2df211741c052
Reviewed-on: https://chromium-review.googlesource.com/947110
Reviewed-by: Xiaohan Wang <xhwang@chromium.org>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-03-05 01:16:34 +01:00
Tianqiang Liu
5df9d75b44 avformat/mov: Add manu/modl to mov_read_udta_string.
Documentation: http://mp4ra.org/atoms.html

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-03-03 23:01:41 +01:00
Xiaohan Wang
f5f2209d68 ffmpeg: Fix memset size on ctts_data in mov_read_trun() (round 2)
The allocated size of sc->ctts_data is
(st->nb_index_entries + entries) * sizeof(*sc->ctts_data).

The size to memset at offset sc->ctts_data + sc->ctts_count should be
(st->nb_index_entries + entries - sc->ctts_count) *
sizeof(*sc->ctts_data))

The current code missed |entries| I believe, which was introduced in
https://patchwork.ffmpeg.org/patch/5541/.

However, after offline discussion, it seems the original code is much
more clear to read (before https://patchwork.ffmpeg.org/patch/5541/).

Hence this CL revert the memset logic to it's previous state by
remembering the |old_ctts_allocated_size|, and only memset the newly
allocated entries.

BUG=812567

Change-Id: Ibe94c7138e5818bfaae76866bfa6619a9b8a2b6b
Reviewed-on: https://chromium-review.googlesource.com/934925
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-03-01 22:54:49 +01:00
Xiaohan Wang
dd5208aaf5 avformat/mov: Fix ctts_index calculation
An index should never be equal to the count. Hence we must make sure
*ctts_index < ctts_count.

Reviewed-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-02-10 03:57:13 +01:00
James Almer
f7aacf4ab7 avformat/mov: add VP8 codec support
Demuxing only. Muxing is disabled as altref frame handling is not
defined in the spec, and there's no way to know the presence of
such frames during stream initialization.

Based on a patch by Steven Liu.

Fixes ticket #7000

Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2018-02-06 23:08:42 -03:00
Marton Balint
18ac642359 avformat: migrate to AVFormatContext->url
Signed-off-by: Marton Balint <cus@passwd.hu>
2018-01-28 23:06:43 +01:00
Carl Eugen Hoyos
1112ba012d lavf/mov: Use av_fast_realloc() in mov_read_stts().
Avoids large allocations for short files with invalid stts entry.
Fixes bugzilla 1102.
2018-01-01 22:27:29 +01:00
James Almer
bc10260f49 avformat/mov: simplify parsing of mdcv atom using av_make_q()
Signed-off-by: James Almer <jamrial@gmail.com>
2017-12-21 01:23:17 -03:00
Sasi Inguva
58a25aeb8e lavf/mov.c: Guess video codec delay based on PTS while parsing MOV header.
Signed-off-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-12-20 22:27:06 +01:00
Michael Niedermayer
74f408cc8e avformat/mov: Fix the the typo
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-12-18 19:57:43 +01:00
tiejun.peng
6bf5d69b2f lavf/mov: modify code indentation
Signed-off-by: tiejun.peng <tiejun.peng@foxmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-12-09 23:12:30 +01:00
tiejun.peng
ab651587a7 lavf/mov: add some useful warning log of eof
Signed-off-by: tiejun.peng <tiejun.peng@foxmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-12-09 23:12:30 +01:00
Carl Eugen Hoyos
894f1c399b lavf/mov: Fix missing newline. 2017-12-04 04:15:49 +01:00
John Stebbins
2d015d3bf9 lavf/mov: fix huge alloc in mov_read_ctts
An invalid file may cause huge alloc.  Delay expansion of ctts entries
until the number of samples is known in mov_build_index.

Fixes: 23

Found-by: zhao dongzhuo, AD-lab of Venustech
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-12-01 00:07:30 +01:00
Pan Bian
f63450c8e4 avformat/mov: return correct value in mov_read_cmov
On some failure paths, the error code is not correctly set.

Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-28 21:42:48 +01:00
Pan Bian
3f81259f33 avformat/mov: set correct error code in mov_read_custom
In function mov_read_custom(), it returns 0 on the path that av_malloc()
returns a NULL pointer. 0 indicates success. An error code should be
assigned to ret.

Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-28 21:42:48 +01:00
Vittorio Giovara
10db42f117 mov: Support mdcv and clli boxes for mastering display an color light level
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-11-28 12:40:40 -05:00
Michael Niedermayer
883de7e8b4 libavformat/mov: Replace duplicate stream_nb check by assert
Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-27 03:31:54 +01:00
John Stebbins
bdddcb7b03 lavf/mov: fix crash in mov_read_sidx
Use correct index into streams

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-25 02:32:33 +01:00
Carl Eugen Hoyos
8b62647a5f lavf/mov: Read aspect ratio from AVID jpeg2000 mov files. 2017-11-23 02:57:24 +01:00
Dale Curtis
6db511a783 avformat/mov: Increment stsd_count while processing stsd data; avoids leaks.
In the event of ff_mov_read_stsd_entries() failure, sc->stsd_count
is not updated, even if the function allocates extradata memory.
Instead update the sc->stsd_count as entries are parsed so that
mov_read_close() can do the right thing.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-22 13:06:50 +01:00
Jacob Trimble
2d9cf3bf16 avformat/mov: Propagate errors in mov_switch_root.
Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-21 03:13:03 +01:00
Carl Eugen Hoyos
0f75d77a16 lavf/mov: Do not mix variable declaration and code.
Fixes a warning:
libavformat/mov.c:1195:5: warning: ISO C90 forbids mixed declarations and code
2017-11-20 13:48:28 +01:00
John Stebbins
20c38f2e70 lavf/mov: don't read outside frag_index bounds
Potentially fixes:
https://bugs.chromium.org/p/chromium/issues/detail?id=786269#c1

In theory, the crash can be triggered by an invalid stream that has
either tfdt or trun outside of the moof

Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-18 11:57:57 +01:00
Dale Curtis
d073be2291 Fix leak of frame_duration_buffer in mov_fix_index().
Should be unconditionally freed at the end of mov_fix_index() in
case it hasn't been used during the fix up.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Reviewed-by: Sasi Inguva <isasi-at-google.com@ffmpeg.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-18 11:57:57 +01:00
Fredrik Hubinette
a6fdd75fe6 avformat/mov: Check size of STSC allocation
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-16 23:26:36 +01:00