1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-03 05:10:03 +02:00
Commit Graph

433 Commits

Author SHA1 Message Date
Michael Niedermayer
ecbdaa9b4c
avformat/flvdec: Use 64bit for sum_flv_tag_size
Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7124f10c1d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-25 13:52:01 +02:00
Michael Niedermayer
815efd3f68
avformat/flvdec: Check for EOF in index reading
Fixes: Timeout
Fixes: 47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ceff5d7b74)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-25 13:51:48 +02:00
Michael Niedermayer
be0109b881 avformat/flvdec: timestamps cannot use the full int64 range
We do not support this as we multiply by 1000
Fixes: signed integer overflow: -45318575073853696 * 1000 cannot be represented in type 'long'
Fixes: 42804/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-4630325425209344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c217ca7718)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-06 20:27:35 +02:00
Michael Niedermayer
81178db83b avformat/flvdec: Check array entry number
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 30209/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-5724831658147840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5d8fe1c87)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
James Almer
0be265e9a1 Revert "lavf: move AVStream.*index_entries* to AVStreamInternal"
This reverts commit cea7c19cda.

Until an API is added to make index_entries public in a proper way, keeping
this here is harmless.
2021-03-23 14:09:27 -03:00
Michael Niedermayer
09e5e406c7 avformat/flvdec: Check double before cast in parse_keyframes_index()
Fixes: -2.21166e+304 is outside the range of representable values of type 'long'
Fixes: 29169/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5725452796821504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-08 22:08:49 +01:00
Michael Niedermayer
f514113cfa avformat/flvdec: Treat high ts byte as unsigned
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 27516/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5152854660349952

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 21:18:16 +01:00
Michael Niedermayer
9725d07a17 avformat/flvdec: Check for EOF in amf_skip_tag()
Fixes: Timeout
Fixes: 29070/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5650106766458880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-29 19:36:46 +01:00
Michael Niedermayer
cb31667611 avformat/flvdec: Check for avio_read() failure in amf_get_string()
Suggested-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-26 18:37:12 +01:00
Michael Niedermayer
2ef522c918 avformat/flvdec: Check for nesting depth in amf_skip_tag()
Fixes: out of array access
Fixes: 29440/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5985279812960256.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-26 18:37:12 +01:00
Michael Niedermayer
074e204b42 avformat/flvdec: Check for nesting depth in amf_parse_object()
Fixes: out of array access
Fixes: 29202/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5112845840809984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-26 18:37:12 +01:00
Michael Niedermayer
7a6666b19d avformat/flvdec: Use av_sat_add64() for pts computation
Fixes: signed integer overflow: -9223372036854767583 + -65536 cannot be represented in type 'long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-6734549467922432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-23 14:32:54 +01:00
Anton Khirnov
cea7c19cda lavf: move AVStream.*index_entries* to AVStreamInternal
Those are private fields, no reason to have them exposed in a public
header. Since there are some (semi-)public fields located after these,
even though this section is supposed to be private, keep some dummy
padding there until the next major bump to preserve ABI compatibility.
2020-10-28 14:59:28 +01:00
Michael Niedermayer
33624f4f2e avformat/flvdec: Check for EOF in amf_parse_object()
Fixes: Timeout (too long -> 1ms)
Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-17 14:36:11 +02:00
Peter van der Spek
c476cfd7ec avformat/flvdec: RtmpSampleAccess no longer breaks stream detection
Since release 4.2, FFmpeg fails to detect the correct streams in an RTMP
stream that contains a |RtmpSampleAccess AMF object prior to the
onMetaData AMF object. In the debug log it would show "[flv] Unknown
type |RtmpSampleAccess".

This functionality broke in commit d7638d8dfc
as unknown metadata packets now result in an opaque data stream, and the
|RtmpSampleAccess packet was an "unknown" metadata packet type.

With this change the RTMP streams are correctly detected when there
is a |RtmpSampleAccess object prior to the onMetaData object.

Signed-off-by: Peter van der Spek <p.vanderspek@bluebillywig.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-23 21:33:21 +02:00
Andreas Rheinhardt
b054a3a216 avformat/flvdec: Cosmetics
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-22 12:19:56 +02:00
Andreas Rheinhardt
ed9bbcff6f avformat/flvdec: Avoid duplicating extradata when adding side-data
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-28 11:59:56 +02:00
Andreas Rheinhardt
82d61a9ce3 avformat: Don't free old extradata before ff_alloc/get_extradata
These functions already free it themselves before they allocate the new
extradata.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-12 19:25:33 +01:00
Andreas Rheinhardt
c1e439d7e9 avformat: Forward errors where possible
It is not uncommon to find code where the caller thinks to know better
what the return value should be than the callee. E.g. something like
"if (av_new_packet(pkt, size) < 0) return AVERROR(ENOMEM);". This commit
changes several instances of this to instead forward the actual error.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-12 19:25:33 +01:00
leozhang
b2bb09bcc3 avformat/flvdec: delete unused code
Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com>
Signed-off-by: leozhang <leozhang@qiyi.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-23 22:24:07 +02:00
Swaraj Hota
208ae228fa lavf/flvdec: added support for KUX container
Fixes ticket #4519.

The metadata starting at 0xe00004 is encrypted
with the password "meta" but zlib does not
support decryption, so no kux metadata is read.
2019-04-06 15:54:38 +02:00
Jun Zhao
e995e2395b lavf/flvdec: Cosmetics: Fix indentation for flv_read_packet
Commit e34ba5ec53 missed the indent

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-03-31 18:02:46 +08:00
Jun Zhao
24dac56e1d lavf/flvdec: add AMF date type support
Support AMF date type when parse the FLV metadata.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-03-31 18:02:46 +08:00
Jun Zhao
fba42b33b7 lavf/flvdec: fix typo in log message
fix typo in log message, it's come from cd141e71bd

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-03-23 12:06:06 +08:00
Carl Eugen Hoyos
4d8875ec23 lavf: Constify the probe function argument.
Reviewed-by: Lauri Kasanen
Reviewed-by: Tomas Härdin
2019-03-21 11:42:17 +01:00
Michael Niedermayer
b559c58a03 avformat/flvdec: Try to support some concatenated flv files
Fixes: discont.flv

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-01-31 00:24:38 +01:00
Martin Storsjö
d7638d8dfc flvdec: Export unknown metadata packets as opaque data
Signed-off-by: Martin Storsjö <martin@martin.st>
2018-11-05 16:02:51 +02:00
Martin Storsjö
e7ed9d81bf flvdec: Rename FLV_STREAM_TYPE_DATA into FLV_STREAM_TYPE_SUBTITLE
This is always treated as a subtitle at the moment anyway.

Signed-off-by: Martin Storsjö <martin@martin.st>
2018-11-05 15:53:39 +02:00
James Almer
701aca55fd avformat/flvdec: don't propagate empty extradata
Fixes ticket #7379

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2018-08-24 13:21:10 -03:00
Steven Liu
243ecadad5 avformat/flvdec: add flv_full_metadata option into flvdec
output all the metadata context when use this option.

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2018-08-07 15:51:36 +08:00
Steven Liu
3b99bb3889 avformat/flvdec: reindent code for previous commit
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2018-08-07 15:50:47 +08:00
Steven Liu
d37125fb91 avformat/flvdec: add flv_ignore_prevtag option into flvdec
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2018-08-07 15:48:23 +08:00
Carl Eugen Hoyos
c51e0cd6ed lavf/flvdec: Remove an outdated comment.
The buffer size was increased in b2fecce3 to prepare for 790a3cdf.
2018-07-25 15:08:43 +02:00
Nikolas Bowe
ce8a12fb72 avformat/flvdec: Set broken_sizes for FlixEngine.
we found some very old videos which suffered from
corruption after 9e6a242755, but were fine
before.
These had "End of AC stream reached in vp6_parse_coeff" warnings in logs.
These also had flv Packet mismatch warnings.
Adding FlixEngine to the list of flv muxers which produce broken packet
sizes fixes this corruption.

FlixEngine is very old and not maintained or available anymore (since
2010), so we won't need to worry about newer versions fixing the issue.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-02-23 01:53:34 +01:00
James Almer
220603d0c8 Merge commit '279e3aaa14daba6b7a37d75f3fb6e29c732d123f'
* commit '279e3aaa14daba6b7a37d75f3fb6e29c732d123f':
  flv: Validate the packet size

Merged-by: James Almer <jamrial@gmail.com>
2017-10-28 15:29:23 -03:00
Martin Storsjö
15537c904e flvdec: Check the avio_seek return value after reading a metadata packet
merge from libav: 585dc1aece

If the metadata packet is corrupted, flv_read_metabody can accidentally
read past the start of the next packet. If the start of the  next packet
had been flushed out of the IO buffer, we would be unable to seek to
the right position (on a nonseekable stream).

Prefer to clearly error out instead of silently  trying to read from a
desynced stream which will only be interpreted as garbage.
2017-10-27 08:27:43 +08:00
Steven Liu
171adca696 Revert "flvdec: Check the avio_seek return value after reading a metadata packet"
This reverts commit ef7fe81b85.
2017-10-27 08:26:11 +08:00
Steven Liu
ef7fe81b85 flvdec: Check the avio_seek return value after reading a metadata packet
merge from libav: 585dc1aece

If the metadata packet is corrupted, flv_read_metabody can accidentally
read past the start of the next packet. If the start of the next packet
had been flushed out of the IO buffer, we would be unable to seek to
the right position (on a nonseekable stream).

Prefer to clearly error out instead of silently trying to read from a
desynced stream which will only be interpreted as garbage.

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2017-09-07 08:30:14 +08:00
Alex Converse
4d2b9ece45 avformat/flvdec: Set need_context_update when setting the initial extradata
Fixes ticket 6398.

Debugged with the help of James Almer and Hendrik Leppkes.
2017-09-03 20:01:39 -07:00
Luca Barbato
279e3aaa14 flv: Validate the packet size
Size can be negative at that point.

Bug-Id: 1041
CC: libav-stable@libav.org
2017-04-20 15:39:18 +00:00
Steven Liu
c0628919b8 avformat/flvdec: check FLVHeader PreviousTagSize0
refer to SPEC:
Annex E. The FLV File Format said:
E.3 TheFLVFileBody have a table:
Field            Type    Comment
PreviousTagSize0 UI32    Always 0

Reviewed-by: Bela Bodecs <bodecsb@vivanet.hu>
Reviewed-by: Hendrik Leppkes <h.leppkes@gmail.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2017-03-28 16:51:28 +08:00
Carl Eugen Hoyos
628ce8b8b6 flvdec: Set avg_frame_rate for video streams
Signed-off-by: Martin Storsjö <martin@martin.st>
2017-03-22 14:26:15 +02:00
James Almer
4de591e6fb Merge commit '83548fe894cdb455cc127f754d09905b6d23c173'
* commit '83548fe894cdb455cc127f754d09905b6d23c173':
  lavf: fix usage of AVIOContext.seekable

Merged-by: James Almer <jamrial@gmail.com>
2017-03-21 17:02:30 -03:00
wm4
ef86488696 avformat/flvdec: remove meaningless warning
Ever since the codecpar changes, this has been always printed when
opening a flv file. This is because the codecpar changes made all
streams to be added lazily as read_packet is called.
2017-03-06 11:08:03 +01:00
Steven Liu
af7d0ad983 refine avformat/flvdec set bit_rate 2016-11-26 11:28:22 +08:00
Steven Liu
7c5478a203 avformat/flvdec: move set bit_rate from parse AMF OBJECT to
create_stream

before patch:
Stream #0:0: Video: h264 (High), yuv420p(progressive), 1280x714 [SAR 1:1 DAR 640:357], 25 fps, 25 tbr, 1k tbn, 50 tbc

after patch:
Stream #0:0: Video: h264 (High), yuv420p(progressive), 1280x714 [SAR 1:1 DAR 640:357], 2576 kb/s, 25 fps, 25 tbr, 1k tbn, 50 tbc

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-26 08:56:18 +08:00
Carl Eugen Hoyos
e0791c5aaf lavf/flvdec: Set avg_frame_rate for video streams.
Requested-by: qw, applemax82 at 163 dot com
Reviewed-by: Steven Liu
2016-11-25 11:06:14 +01:00
Andreas Cadhalpun
98b3a7979f flvdec: require need_context_update when changing codec id
Otherwise the codec context and codecpar might disagree on the codec id,
triggering asserts in av_parser_parse2.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-25 00:35:46 +01:00
Steven Liu
4696f7639b avformat/flvdec: add debug message to list keyframes index metadata
when parsing keyframe index metadata, list the message by trace log

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-19 02:15:27 +01:00
Michael Niedermayer
077939626e avformat/flvdec: Fix regression loosing streams
Fixes: unknown_video.flv

Found-by: Thierry Foucu <tfoucu@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-10-28 12:31:01 +02:00