1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00
Commit Graph

1546 Commits

Author SHA1 Message Date
Michael Niedermayer
1d277b92fa avformat/mov: Check element count in mov_metadata_hmmt()
Fixes: Timeout
Fixes: 30325/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6048395703746560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-16 19:02:24 +01:00
Michael Niedermayer
cb90e1c4d0 avformat/mov: sanity check STSD entries
The choosen value is arbitrary. I am not sure if this is a good idea
but i dont immedeately see an alternative better way, it seems either
an arbitrary limit or OOM

Fixes: OOM
Fixes: 27492/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6194970578649088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-14 19:55:02 +01:00
Michael Niedermayer
0b78016b2d avformat/mov: Ignore tags with invalid size during probing
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 21:14:47 +01:00
Michael Niedermayer
1ad6801a61 avformat/mov: Factor offset advancement out in probing
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 21:14:47 +01:00
Michael Niedermayer
941e747d66 avformat/mov: simplify size code in probing a bit
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 21:14:47 +01:00
Michael Niedermayer
fec4a2d232 avformat/mov: Support size = 1 and size = 0 special cases in probing
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 21:14:47 +01:00
Michael Niedermayer
658f0606cb avformat/mov: Check for duplicate st3d
Fixes: memleak
Fixes: 29585/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6594188688490496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 12:28:30 +01:00
Michael Niedermayer
2c60eb6c5a avformat/mov: factor size out of probe code
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-09 19:37:27 +01:00
Michael Niedermayer
4f70e1ec0c avformat/mov: Use av_mul_q() to avoid integer overflows
Fixes: signed integer overflow: 538976288 * 538976288 cannot be represented in type 'int'
Fixes: 27473/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5758978289827840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-04 23:34:29 +01:00
Michael Niedermayer
8c9a5a0fe9 avformat/mov: Check a.size before computing next_root_atom
Fixes: signed integer overflow: 64 + 9223372036854775799 cannot be represented in type 'long'
Fixes: 27563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6244650163372032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-19 00:05:50 +01:00
Matthieu Bouron
2e17435480 avformat/mov: adjust skip_samples according to seek timestamp
Currently skip_samples is set to start_pad if sample_time is lesser or
equal to 0. This can cause issues if the stream starts with packets that
have negative pts. Calling avformat_seek_file() with ts set to 0 on such
streams makes the mov demuxer return the right corresponding packets
(near the 0 timestamp) but set skip_samples to start_pad which is
incorrect as the audio decoder will discard the returned samples
according to skip_samples from the first packet it receives (which has
its timestamp near 0).

For example, considering the following audio stream with start_pad=1344:

 [PKT pts=-1344] [PKT pts=-320] [PKT pts=704] [PKT pts=1728] [...]

Calling avformat_seek_file() with ts=0 makes the next call to
av_read_frame() return the packet with pts=-320 and a skip samples
side data set to 1344 (start_pad). This makes the audio decoder
incorrectly discard (1344 - 320) samples.

This commit makes the move demuxer adjust skip_samples according to the
stream start_pad, seek timestamp and first sample timestamp.

The above example will now result in av_read_frame() still returning the
packet with pts=-320 but with a skip samples side data set to 320
(src_pad - (seek_timestamp - first_timestamp)). This makes the audio
decoder only discard 320 samples (from pts=-320 to pts=0).

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-09 17:08:27 +01:00
Michael Niedermayer
0afbaabdca avformat/mov: Check if hoov is at the end
Fixes: Timeout, probably infinite loop
Fixes: 26559/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5391165484171264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-19 20:07:56 +01:00
Zhao Zhili
345d04e870 avformat/mov: remove an always true condition 2020-12-10 19:38:00 +08:00
Thierry Foucu
4d97acfe33 libavformat/mov.c: export vendor id as metadata 2020-12-05 10:16:51 +05:30
Michael Niedermayer
c34004d82f avformat/mov: Use av_sat_add64() in mov_read_sidx()
This avoids a potential integer overflow, no testcase is known

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-05 00:08:33 +01:00
Michael Niedermayer
7d75ecf8d2 avformat/mov: Avoid overflow in end computation in mov_read_custom()
Fixes: signed integer overflow: 18 + 9223372036854775799 cannot be represented in type 'long'
Fixes: 26731/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5696846019952640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-05 00:08:33 +01:00
Michael Niedermayer
3b8a263c4f avformat/mov: Fix memleak in dref reading
Fixes: leak in mov_read_dref()
Fixes: 26698/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5638785444085760
Fixes: 27554/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6256643054239744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-27 00:25:42 +01:00
Vesselin Bontchev
03fb314acf Add support for playing Audible AAXC (.aaxc) files [PATCH v4]
The AAXC container format is the same as the (already supported) Audible
AAX format but it uses a different encryption scheme.

Note: audible_key and audible_iv values are variable (per file) and are
externally fed.

It is possible to extend https://github.com/mkb79/Audible to derive the
audible_key and audible_key values.

Relevant code:

def decrypt_voucher(deviceSerialNumber, customerId, deviceType, asin, voucher):
    buf = (deviceType + deviceSerialNumber + customerId + asin).encode("ascii")
    digest = hashlib.sha256(buf).digest()
    key = digest[0:16]
    iv = digest[16:]

    # decrypt "voucher" using AES in CBC mode with no padding
    cipher = AES.new(key, AES.MODE_CBC, iv)
    plaintext = cipher.decrypt(voucher).rstrip(b"\x00")  # improve this!
    return json.loads(plaintext)

The decrypted "voucher" has the required audible_key and audible_iv
values.

Update (Nov-2020): This patch has now been tested by multiple folks -
details at the following URL:

https://github.com/mkb79/Audible/issues/3

Signed-off-by: Vesselin Bontchev <vesselin.bontchev@yandex.com>
2020-11-05 21:40:20 +05:30
Anton Khirnov
cea7c19cda lavf: move AVStream.*index_entries* to AVStreamInternal
Those are private fields, no reason to have them exposed in a public
header. Since there are some (semi-)public fields located after these,
even though this section is supposed to be private, keep some dummy
padding there until the next major bump to preserve ABI compatibility.
2020-10-28 14:59:28 +01:00
Anton Khirnov
456b170bd7 lavf: move AVStream.{*skip_samples.*_discard_sample} to AVStreamInternal
Those are private fields, no reason to have them exposed in a public
header.
2020-10-28 14:56:20 +01:00
Anton Khirnov
c1b916580a lavf: move AVStream.{inject_global_side_data,display_aspect_ratio} to AVStreamInternal
Those are private fields, no reason to have them exposed in a public
header.
2020-10-28 14:53:45 +01:00
Justin Ruggles
2be3eb7f77 Allow using only the mfra info for seeking using the fragment index
The mfra has enough information to enable seeking, and reading it is
behind an AVOption flag, so we shouldn't require that sidx information
also be present in order to seek using the fragment index.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2020-10-11 12:16:47 +01:00
Zhao Zhili
b17e5c3416 avformat/mov: fix typo in comments
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-20 18:03:52 +02:00
Jun Zhao
856363710f lavf/mov: Remove redundant code
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2020-09-12 17:27:26 +08:00
Derek Buitenhuis
2c0d6ac9ae avformat/mov: Stash mfra size if we're reading it anyway
This also changes a check for mfra_size from < 0 to == 0, since
it was always wrong, as avio_rb32 returns an unsigned integer.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2020-09-03 19:04:29 +01:00
Derek Buitenhuis
97fa669a6f avformat/mov: Only read the mfra size once during sidx parsing
On files with more than one sidx box, like live fragmented MP4
files, it was previously re-reading and seeking on every singl
sidx box, leading to extremely poor performance on larger files,
especially over the network.

Only do it on the first one, and stash its result.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2020-09-03 19:04:29 +01:00
Derek Buitenhuis
19064a36e3 avformat/mov: Do not try and seek to an mfra if the reader can't seek
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2020-09-03 19:04:29 +01:00
Derek Buitenhuis
0c13f8a28c avformat/mov: Fix return type used for av_seek in mfra code
It should be a 64-bit integer, otherwise it overflows and fails
on files greater than 2GB on some systems like x86_64 Linux.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2020-09-03 19:04:29 +01:00
Dale Curtis
2ff3c466ec avformat/mov: See if mfra makes up the difference for an incomplete sidx.
A few popular sites have started generating MP4 files which have a
sidx plus an mfra. The sidx accounts for all size except the mfra,
so the old code did not mark the fragment index as complete.

Instead we can just check if there's an mfra and if its size makes
up the difference we can mark the index as complete.

Bug: https://crbug.com/1107130
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2020-08-28 15:58:47 +01:00
Vikas Agrawal
026fea827d Set AVSTREAM_PARSE_HEADERS flag for AV1 MP4 streams
It help initialize chroma format and other info properly
Chroma format wasn't correct if I use below code:
        avformat_find_stream_info(fmtc, NULL);
        iVideoStream = av_find_best_stream(fmtc, AVMEDIA_TYPE_VIDEO, -1, -1, NULL, 0);
        eChromaFormat = (AVPixelFormat)fmtc->streams[iVideoStream]->codecpar->format;

Signed-off-by: James Almer <jamrial@gmail.com>
2020-08-24 11:40:03 -03:00
Michael Niedermayer
ffa6072fc7 avformat/mov: Check comp_brand_size
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 24457/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5760093644390400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-04 18:27:51 +02:00
Zhao Zhili
af7b1031e1 avformat/mov: fix atom type to string conversion
The conversion was endian-dependent, and it may contain non-printable
characters.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-07-16 17:44:53 +02:00
Moritz Barsnick
2dabee7c0f avformat/mov: fix missing line break in messages
One of them can be triggered by https://samples.ffmpeg.org/F4V/H263_NM_f.mp4.

Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
2020-07-12 20:40:54 +05:30
Zhao Zhili
806a4d5187 avformat/mov: Fix unaligned read of uint32_t and endian-dependance in mov_read_default
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-07-07 19:25:19 +02:00
Zhao Zhili
f3dc38a186 avformat/mov: fix memleaks
Fix two cases of memleaks:
1. The leak of dv_demux
2. The leak of dv_fctx upon dv_demux allocate failure

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-07-01 15:28:03 +02:00
Andreas Rheinhardt
61f5c6ab06 libavformat/mov: Fix memleaks when demuxing DV audio
The code for demuxing DV audio predates the introduction of refcounted
packets and when the latter was added, changes to the former were
forgotten. This meant that when avpriv_dv_produce_packet initialized the
packet containing the AVBufferRef, the AVBufferRef as well as the
underlying AVBuffer leaked; the actual packet data didn't leak: They
were directly freed, but not via their AVBuffer's free function.

https://samples.ffmpeg.org/ffmpeg-bugs/trac/ticket4671/dir1.tar.bz2
contains samples for this (enable_drefs needs to be enabled for them).

Moreover, errors in avpriv_dv_produce_packet were ignored; this has been
changed, too.

Furthermore, in the hypothetical scenario that the track has a palette,
this would leak, too, so reorder the code so that the palette code
appears after the DV audio code.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-07-01 15:12:49 +02:00
Andreas Rheinhardt
7256c363a0 avformat/mov: Cosmetics
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-22 13:16:01 +02:00
Andreas Rheinhardt
9ce1eb5eb0 avformat/mov: Avoid allocation when reading ddts atom
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-22 13:14:52 +02:00
Andreas Rheinhardt
316a3e91be avformat/mov: Use ffio_read_size where appropriate
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-22 13:13:48 +02:00
Andreas Rheinhardt
526f5f59df avformat/mov: Avoid allocation+copy when moving extradata
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-22 13:12:49 +02:00
Andreas Rheinhardt
88dc77e243 avformat/mov: Read attached pics directly into st->attached_pic
Given that av_get_packet returns a blank packet on error, the only
difference to the current approach (that uses intermediate AVPackets on
the stack) is that st->attached_pic will be properly initialized on error
(i.e. the timestamps are AV_NOPTS_VALUE) whereas right now st->attached_pic
is only zeroed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-22 13:10:58 +02:00
Andreas Rheinhardt
ddd6274944 avformat/mov: Check earlier whether reel_name string is empty
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-22 12:41:20 +02:00
Paul B Mahol
f91906973c avformat/mov: fix demuxing of eia-608
Fixes #4616.
2020-06-15 19:27:20 +02:00
Andreas Rheinhardt
ff3fad6b0e avformat/mov: Fix reel_name size check
Only read str_size bytes from offset 30 of extradata if the extradata is
indeed at least 30 + str_size bytes long.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 17:11:41 +02:00
Andreas Rheinhardt
dfef1d5e3c avformat/mov: Fix memleak upon encountering repeating tags
mov_read_custom tries to read three strings belonging to three different
tags. When an already encountered tag is encountered again, a new buffer
for the string to be read is allocated and stored in the pointer
destined for this particular tag. But in this scenario, said pointer
already holds the address of the string read earlier, leading to a leak.

This commit therefore aborts the reading process upon encountering
an already encountered tag.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 17:11:09 +02:00
Andreas Rheinhardt
ac378c535b avformat/mov: Fix memleaks upon read_header failure
By default, a demuxer's read_close function is not called automatically
if an error happens when reading the header; instead it is up to the
demuxer to clean up after itself in this case. The mov demuxer did this
by calling its read_close function when it encountered some errors when
reading the header. Yet for other errors (mostly adding side-data to
streams) this has been forgotten, so that all the internal structures
of the demuxer leak.

This commit fixes this by making sure mov_read_close is called when
necessary.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:46:15 +02:00
Dale Curtis
bf446711bc avformat/mov: Check if DTS is AV_NOPTS_VALUE in mov_find_next_sample().
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-13 00:43:09 +02:00
Dale Curtis
cd0771c38c avformat/mov: Free temp buffer upon negative sample_size error.
2d8d554f15 added a new error condition
to mov_read_stsz() but forgot to free a temporary buffer when it
occurs.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-20 15:47:22 +02:00
Thierry Foucu
1187cbf0ff avformat/mov: Read the QT Metadata Keys only once
If you have a file with multiple Metadata Keys, the second time you parse
the keys, you will re-alloc c->meta_keys without freeing the old one.
This change will avoid parsing all the consecutive Metadata keys.

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-15 22:03:36 +02:00
Dale Curtis
2d8d554f15 avformat/mov: Don't allow negative sample sizes.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-15 22:03:36 +02:00