1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Commit Graph

99306 Commits

Author SHA1 Message Date
Michael Niedermayer
bc0e776c9a avcodec/ansi: Check nb_args for overflow
Fixes: Integer overflow (no testcase)

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-20 18:03:52 +02:00
Michael Niedermayer
b78860e769 avformat/wc3movie: Cleanup on wc3_read_header() failure
Fixes: memleak
Fixes: 23660/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6007508031504384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-20 18:03:52 +02:00
Michael Niedermayer
0c635f2ce6 avformat/wc3movie: Move wc3_read_close() up
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-20 18:03:52 +02:00
Zhao Zhili
b17e5c3416 avformat/mov: fix typo in comments
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-20 18:03:52 +02:00
Andreas Rheinhardt
9f7e592df2 avformat/tedcaptionsdec: Fix leak of AVBPrint upon error
The tedcaptions demuxer uses an AVBPrint whose string is not restricted
to its internal buffer; it therefore needs to be cleaned up, yet this is
not done on error, as parse_file() returned simply returned directly.
This is fixed by going to fail first in such cases.
Furthermore, there is also a second way how this string can leak: By
having more than one subtitle per subtitle block, as the new one simply
overwrites the old one in this case as the AVBPrint is initialized each
time upon encountering a subtitle line. The code has been modified to
simply append the new subtitle to the old one, so that the old one can't
leak any more.

Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-20 16:58:17 +02:00
Zane van Iperen
b0dee629da
avformat/argo_brp: don't pass AVStream into avpriv_request_sample()
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-09-20 19:27:12 +10:00
Zane van Iperen
9ab54eb501
avformat/argo_brp: set BVID packet duration
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-09-20 19:27:12 +10:00
Zane van Iperen
52c5c97740
avformat/argo_brp: handle multiple BASF blocks
Turns out that there are files with multiple (reasonably-sized) BASF
blocks. Some of the files just have particularly large frames (~10s).

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-09-20 19:21:01 +10:00
Zane van Iperen
a68c91f6bc
avformat/argo_brp: make sure stream ids match
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-09-20 19:21:01 +10:00
Zane van Iperen
e76102a2d8
avformat/argo_brp: cleanup 'goto fail's
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-09-20 19:21:01 +10:00
Zane van Iperen
3cf650bda9
avformat/argo_brp: remove an allocation
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-09-20 19:21:00 +10:00
Zane van Iperen
39801adc19
avformat/argo_asf: cosmetics
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-09-20 19:21:00 +10:00
Zane van Iperen
101ac40f69
avformat/argo_asf: fix enforcement of chunk count
Enforcing num_chunks == 1 only makes sense when demuxing from an ASF
file. When embedded in a BRP file, an ASF stream can have multiple chunks.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-09-20 19:20:53 +10:00
Andreas Rheinhardt
ef29e5bf42 avformat/swfdec: Avoid unnecessary skip
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-20 11:14:26 +02:00
Andreas Rheinhardt
d554aabdaf avformat/swfenc: Fix memleak upon write_header error
The SWF muxer accepts at most one mp3 audio and at most one VP6F, FLV1
or MJPEG stream. Upon encountering an mp3 stream, a fifo is allocated
that leaks if one of the subsequent streams is incompliant with the
restrictions mentioned above or if the framerate or samplerate are
invalid. This is fixed by adding a deinit function to free said fifo.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-20 11:14:11 +02:00
Xu Jun
a39fcbdffb dnn_backend_native_layer_conv2d.c: fix bug of loop boundary in single thread mode.
Before patch, fate test for dnn may fail in some Windows environment
while succeed in my Linux. The bug was caused by a wrong loop boundary.
After patch, fate test succeed in my windows mingw 64-bit.

Signed-off-by: Xu Jun <xujunzz@sjtu.edu.cn>
Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
2020-09-20 12:30:47 +08:00
Andreas Rheinhardt
5aafdb4e5f avformat/rmdec: Fix potential crash on allocation failure
The RealMedia demuxer uses the priv_data of its streams to store a
structure containing an AVPacket. These packets are unreferenced in the
read_close function, yet said function simply presumed that the
priv_data has been successfully allocated. This implies that it mustn't
be called when an allocation of priv_data fails; but this can happen
since commit 35bbc1955a if one has a
stream with multiple substreams (also exported as AVStream) and if
allocating the priv_data for one of these substreams fails.

This has been fixed by making sure that read_close can handle the case
in which priv_data has not been successfully allocated.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 20:26:53 +02:00
Andreas Rheinhardt
4cc43d30c3 avformat/rmdec: Actually return value < 0 on read_header failure
The RealMedia demuxer's read_header function initially initializes ret,
the variable designated for the return variable to -1. Afterwards, chunks
of the file are parsed in a loop until an error happens or until the actual
frame data is encountered. If the first function whose return
value is put into ret doesn't fail, then ret contains a value >= 0
(actually == 0) and this is what will be returned if an error is
encountered afterwards.

This is a regression since 35bbc1955a.
Before that, ret had never been overwritten with a nonnegative value.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 20:26:50 +02:00
Andreas Rheinhardt
ea45d6e61a avformat/avidec: Fix memleak when error happens after creating DV stream
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 20:26:19 +02:00
Andreas Rheinhardt
c7867b6ed1 avcodec/mpegaudiodec*: Cleanup generically on init failure
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:52:41 +02:00
Andreas Rheinhardt
e9831b1e98 avcodec/mpegaudiodec_float: Avoid indirection with float dsp function
Do this by only keeping the only function pointer from the
AVFloatDSPContext that is needed lateron. This also allows to remove the
decoders' close function.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:48:38 +02:00
Andreas Rheinhardt
dac9e88a99 avcodec/mpegaudiodec_template: Check return value of subdecoder
After all, allocating an AVFloatDSPContext might have failed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:48:30 +02:00
Andreas Rheinhardt
6015a6921e avcodec/ljpegenc: Don't free buffer known to be NULL
The lossless JPEG encoder allocates one buffer in its init function
and freeing said buffer is the only thing done in its close function.
Despite this the init function called the close function if allocating
said buffer fails, although there is nothing to free in this case.
This commit stops doing this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:47:54 +02:00
Andreas Rheinhardt
3d83de4187 avcodec/j2kenc: Fix leaks on init failure
The JPEG2000 encoder did not clean up after itself on error.
This commit fixes this by modifying the cleanup function to be able to
handle only partially allocated structures and by setting the
FF_CODEC_CAP_INIT_CLEANUP flag.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:47:39 +02:00
Andreas Rheinhardt
3507ab07ec avcodec/indeo3: Cleanup generically after init failure
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:47:27 +02:00
Andreas Rheinhardt
ab4876163b avcodec/imc: Avoid indirection when calling float dsp function
Do this by only keeping the only function pointer from
the AVFloatDSPContext that is needed lateron.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:47:10 +02:00
Andreas Rheinhardt
84d27385ae avcodec/hq_hqadata: Make local arrays static
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:47:05 +02:00
Andreas Rheinhardt
dff4012ab7 avcodec/hnm4video: Don't reimplement FFSWAP()
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:47:01 +02:00
Andreas Rheinhardt
cc83f36b9d avcodec/hnm4video: Don't return nonsense error messages
The HNM 4 video decoder's init function claimed that an allocation
failed if the image dimensions are wrong. This is fixed in this commit:
The dimensions are checked before the allocations are attempted.
The check whether width * height is zero is redundant as
av_image_check_size() already checks for this; it has been removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:46:56 +02:00
Andreas Rheinhardt
042af30303 avcodec/hnm4video: Cleanup generically on init failure
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:46:53 +02:00
Andreas Rheinhardt
23daf8e67f avcodec/g722enc: Cleanup generically on init failure
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:46:45 +02:00
Andreas Rheinhardt
b14c42aa2a avcodec/flashsv2enc: Return better error codes
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:45:30 +02:00
Andreas Rheinhardt
42ed9707b5 avcodec/flashsv2enc: Cleanup generically after init failure
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:45:03 +02:00
Andreas Rheinhardt
319dbcf440 avcodec/flashsv2enc: Check allocations for success before usage
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:39:58 +02:00
Andreas Rheinhardt
d1487659ee avcodec/flashsvenc: Remove unused z_stream
This encoder uses the compress2 utility function provided by zlib
instead of using a z_stream.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:39:58 +02:00
Andreas Rheinhardt
ec6f4c5158 avcodec/flashsvenc: Avoid allocation of buffer, fix memleak
Up until now, the flashsv encoder tried to allocate two buffers in its
init function; if only one of these allocations succeeds, the other
buffer leaks. Fix this by making one of these buffers part of the
context (its size is a compile-time constant).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 18:39:58 +02:00
Paul B Mahol
cdc4c268e2 avfilter/vf_datascope: fix oscilloscope with gray>8 depth 2020-09-19 16:38:21 +02:00
Zane van Iperen
52d362c6e0
avformat/argo_{asf,brp}: use variable frame sizes when (de)muxing adpcm_argo
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-09-19 15:55:00 +10:00
Zane van Iperen
bb021be31c
avcodec/adpcm_{psx,argo}: add missing indent
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-09-19 15:34:31 +10:00
Zane van Iperen
9eabe9c4b5
avcodec/adpcm_argo: support decoding multiple frames
Increases decode speed significantly.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-09-19 15:34:25 +10:00
Michael Niedermayer
624f6df19f avformat/3dostr: Check remaining buffer in probe before 8 byte step
Fixes: segfault
Fixes: signal_sigabrt_7ffff6ae7cc9_7213_0d6457b9d6897fa7c78507fa5de53510.ts
Regression since: 3ac45bf665

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-19 00:55:04 +02:00
Michael Niedermayer
d54c24acde avcodec/tiff: Fix default white level
According to the spec bits per sample should be used

Fix invalid shift with bpp=32
Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int'
Fixes: 23507/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4815432665268224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-19 00:40:56 +02:00
Michael Niedermayer
ca3c6c981a avcodec/diracdsp: Fix integer anomaly in dequant_subband_*
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 23760/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-604209011412172

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-19 00:40:56 +02:00
Michael Niedermayer
5dae33bb39 tools/target_dec_fuzzer: Adjust VQA threshold
Fixes: Timeout (169sec -> 9sec)
Fixes: 23745/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-5638172179693568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-19 00:40:56 +02:00
Michael Niedermayer
4a02ae49c2 avutil/fixed_dsp: Fix integer overflows in butterflies_fixed_c()
Fixes: signed integer overflow: 0 - -2147483648 cannot be represented in type 'int'
Fixes: 23646/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5480991098667008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-19 00:37:45 +02:00
Andreas Rheinhardt
6401a5d4b8 Revert "avcodec/vlc: Add macro for ff_init_vlc_sparse()"
This reverts commit 61669b7c40.

This commit broke building with MSVC due to its spec-incompliant handling
of ',' in __VA_ARGS__: These are not treated as argument separators for
further macros, so that in our case the init_vlc2() macro is treated as
having only one argument whenever the init_vlc() macro is used. See [1]
for further details.

[1]: https://reviews.llvm.org/D69626

Reviewed-by: Hendrik Leppkes <h.leppkes@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-18 12:20:16 +02:00
Paul B Mahol
92396cee60 avformat: add CRI AAX demuxer 2020-09-18 11:34:11 +02:00
Paul B Mahol
0ea6ec3d00 avformat: add DAT CCTV demuxer 2020-09-18 11:30:03 +02:00
Andreas Rheinhardt
01506c290a avcodec/ffwavesynth: Cleanup generically after init failure
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-18 02:52:45 +02:00
Andreas Rheinhardt
3d51f2a12c avcodec/escape130: Cleanup generically on init failure
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-18 02:52:32 +02:00