1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-21 10:55:51 +02:00
Commit Graph

52 Commits

Author SHA1 Message Date
Michael Niedermayer
5f44489cc5
avformat/vividas: Check packet size
Fixes: signed integer overflow: 119760682 - -2084600173 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6745781167587328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-04 23:47:54 +02:00
Anton Khirnov
f799b6e23c vividas: convert to new channel layout API
Signed-off-by: James Almer <jamrial@gmail.com>
2022-03-15 09:42:38 -03:00
Andreas Rheinhardt
45bfe8b838 avformat/avio: Move internal AVIOContext fields to avio_internal.h
Currently AVIOContext's private fields are all over AVIOContext.
This commit moves them into a new structure in avio_internal.h instead.
Said structure contains the public AVIOContext as its first element
in order to avoid having to allocate a separate AVIOContextInternal
which is costly for those use cases where one just wants to access
an already existing buffer via the AVIOContext-API.
For these cases ffio_init_context() can't fail and always returned zero,
which was typically not checked. Therefore it has been made to not
return anything.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-08-25 23:01:54 +02:00
Andreas Rheinhardt
21e40af378 avformat/vividas: Simplify cleanup after read_header failure
by setting the FF_FMT_INIT_CLEANUP flag.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-07-08 14:21:49 +02:00
Andreas Rheinhardt
bc70684e74 avformat: Constify all muxer/demuxers
This is possible now that the next-API is gone.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2021-04-27 11:48:06 -03:00
Andreas Rheinhardt
af867e59d9 avformat/vividas: Fix crash when seeking without audio stream
The current code tries the access the codecpar of a nonexistent
audio stream when seeking. Stop that. Fixes ticket #9121.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-02 21:03:39 +02:00
Michael Niedermayer
e44214a824 avformat/vividas: Use equals check with n in read_sb_block()
Fixes: OOM
Fixes: 27780/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5097985075314688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-28 14:20:00 +02:00
Michael Niedermayer
66deab3a26 avformat/vividas: Check number of audio channels
Fixes: division by 0
Fixes: 28597/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5752201490333696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-05 02:00:05 +01:00
Michael Niedermayer
b1bced5433 avformat/vividas: Check sample_rate
Fixes: Assertion c > 0 failed at libavutil/mathematics.c
Fixes: 27001/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5726041328582656
Fixes: 27453/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5716060384526336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-09 21:41:15 +01:00
Michael Niedermayer
b29d351f97 avformat/vividas: Make len signed
Fixes: out of array access
Fixes: 27424/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5682070692823040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-09 21:41:15 +01:00
Michael Niedermayer
27a99e2c7d avformat/vividas: improve extradata packing checks in track_header()
Fixes: out of array accesses
Fixes: 26622/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6581200338288640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-04 23:30:53 +01:00
Michael Niedermayer
b848baef0d avformat/vividas: better check of current_sb_entry
This is the simplest fix for the problem, it is possible to instead check
this when the variables are set and propagate errors and then fail earlier

Fixes: out of array access
Fixes: 26490/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5723367078100992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-30 17:49:51 +01:00
Michael Niedermayer
d5c42b8c08 avformat/vividas use avpriv_set_pts_info()
Fixes: assertion failure
Fixes: 26482/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-4905102324006912
Fixes: 26491/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6002953141616640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-30 17:46:34 +01:00
Michael Niedermayer
c7a5face77 avformat/vividas: Check for zero v_size
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26482/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-4905102324006912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-23 09:47:12 +02:00
Carl Eugen Hoyos
86f0bba776 lavc, lavf: Remove newlines from calls to avpriv_request_sample(). 2020-10-11 19:59:24 +02:00
Michael Niedermayer
7170d342e5 avformat/vividas: Check for EOF in first loop in track_header()
Fixes: timeout (243sec -> a few ms)
Fixes: 25716/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5764093666131968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-21 11:55:35 +02:00
Andreas Rheinhardt
c4a4fe938d avformat/vividas: Check allocation for success
Reviewed-by: Zane van Iperen <zane@zanevaniperen.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-09 19:07:23 +02:00
Andreas Rheinhardt
a3dced69c8 avformat/vividas: Check return value before storing it in smaller type
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-09 19:07:23 +02:00
Limin Wang
386dbf5726 avformat/vividas: simplify, use av_rescale_q() instead
note it'll cause a small difference in accuracy for the pts, please see the testing result below:
 $ wget http://samples.ffmpeg.org/archive/all/unknown+unknown+unknown+unknown+5029_paramount_en_1250.viv
 $ ./ffmpeg -t 0.04 -i ./unknown+unknown+unknown+unknown+5029_paramount_en_1250.viv -f null -
 old:
 pts: 522
 pts: 1044
 pts: 1567
 pts: 3918
 pts: 8097
 pts: 12277
 pts: 16457
 ...

 new:
 pts: 522
 pts: 1045
 pts: 1567
 pts: 3918
 pts: 8098
 pts: 12278
 pts: 16457
 ...

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-10 22:32:33 +08:00
Andreas Rheinhardt
c1e439d7e9 avformat: Forward errors where possible
It is not uncommon to find code where the caller thinks to know better
what the return value should be than the callee. E.g. something like
"if (av_new_packet(pkt, size) < 0) return AVERROR(ENOMEM);". This commit
changes several instances of this to instead forward the actual error.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-12 19:25:33 +01:00
Jun Zhao
d965589022 lavf/vividas: check avformat_new_stream() return
check avformat_new_stream() return.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-11-29 10:09:29 +08:00
Andreas Rheinhardt
ff5c8e57e7 avformat/vividas: Avoid allocation of AVIOContext
Put an AVIOContext whose lifetime doesn't extend beyond the function where
it is allocated on the stack instead of allocating and freeing it. This
also avoids the need to free it, which in this case fixes possible
memleaks on error.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-29 00:03:28 +01:00
Michael Niedermayer
d83002179f avformat/vividas: Error out on audio packets in the absence of audio streams
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-25 00:07:07 +01:00
Michael Niedermayer
3e5a528bbe avformat/vividas: Check and require 1 video stream
The decoder hardcodes that audio is stream_id = 1 so it does not
currently work with more or less than 1 video stream at st=0

Fixes: assertion failure
Fixes: 18602/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6259277199310848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-25 00:07:07 +01:00
Michael Niedermayer
faea5b4462 avformat/vividas: Add EOF check in val_1 loop in track_header()
Fixes: Timeout (148sec -> 0.1sec)
Fixes: 18427/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5682124627116032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-20 15:50:15 +01:00
Michael Niedermayer
114ddf6430 avformat/vividas: Fix n_sb_blocks Check
Fixes: signed integer overflow: 1540265776 * 2 cannot be represented in type 'int'
Fixes: 18160/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5758808818712576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-09 13:46:21 +01:00
Michael Niedermayer
27a2f65948 avformat/vividas: Test size and packet numbers a bit more
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Michael Niedermayer
8e51f35f81 avformat/vividas: Check n_sb_blocks against input space
Fixes: OOM
Fixes: 16726/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5719320750981120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Michael Niedermayer
8e8fd25272 avformat/vividas: Remove align offset which is always masked off
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-16 00:53:18 +02:00
Michael Niedermayer
08dc354ef7 avformat/vividas: remove dead assignment
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-16 00:53:18 +02:00
Michael Niedermayer
55d4e22d71 avformat/vividas: check for tiny blocks using alignment
Ask for a sample for these
Fixes: out of array access
Fixes: 16624/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5762455661182976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-06 22:25:35 +02:00
Michael Niedermayer
5937f05503 avformat/vividas: Check av_xiphlacing() return value before use
Fixes: out of array access
Fixes: 16277/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5696629440512000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-22 18:35:44 +02:00
Michael Niedermayer
1d72b5d2d5 avformat/vividas: Fix another infinite loop
Not found by the fuzzer

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
52b564ef13 avformat/vividas: Fix infinite loop in header parser
Fixes: Timeout (Infinite -> Finite)
Fixes: 16010/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5638616102993920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
76133d7c8b avformat/vividas: Fix memleak of AVIOContext in track_header()
Fixes: memleak
Fixes: 16127/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5649290914955264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 17:54:24 +02:00
Michael Niedermayer
07357cd933 avformat/vividas: Check that value from ffio_read_varlen() does not overflow
Fixes: signed integer overflow: -1241665686 + -1340629419 cannot be represented in type 'int'
Fixes: 15922/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5692826442006528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-03 17:44:23 +02:00
Michael Niedermayer
8bac648359 avformat/vividas: forward errors from track_header()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-03 17:44:23 +02:00
Michael Niedermayer
c3ef24d9ba avformat/vividas: Check buffer size before allocation
Fixes: out of array access
Fixes: 15365/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5716153105645568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-03 17:44:23 +02:00
Michael Niedermayer
8e41675e18 avformat/vividas: Check if extradata was read successfully
Fixes: OOM
Fixes: 15575/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5654666781655040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-03 17:44:23 +02:00
Michael Niedermayer
62d10ec35c avformat/vividas: Fixes overflow in shift in recover_key()
Fixes: left shift of 133 by 24 places cannot be represented in type 'int'
Fixes: 15365/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5716153105645568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Reviewed-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-14 22:17:43 +02:00
Michael Niedermayer
e69106e70c avformat/vividas: Check for input length in get_v()
Fixes: out of array read
Fixes: 15286/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5658245101780992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:50:00 +02:00
Michael Niedermayer
d8716e3df9 avformat/vividas: check length in read_vblock()
Fixes: out of array access
Fixes: 15166/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5731062396747776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-06-25 13:30:09 +02:00
Michael Niedermayer
01d8c72b95 avformat/vividas: reduce keybits to require half the space
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-06-21 18:28:00 +02:00
Michael Niedermayer
8c6c2747bc avformat/vividas: Fix invalid shift in decode_key()
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15118/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5740230004441088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-06-21 18:28:00 +02:00
Carl Eugen Hoyos
4d8875ec23 lavf: Constify the probe function argument.
Reviewed-by: Lauri Kasanen
Reviewed-by: Tomas Härdin
2019-03-21 11:42:17 +01:00
Carl Eugen Hoyos
01db03f158 lavf/vividas: Support demuxing on big-endian hardware. 2018-12-28 00:20:47 +01:00
Carl Eugen Hoyos
17aed996bc lavf/vividas: Do not increase extradata_size after allocation.
Avoids a crash in avcodec_parameters_from_context().
2018-12-28 00:20:41 +01:00
Paul B Mahol
d62cb29716 avformat/vividas: check if viv->sb_pb is not NULL 2018-12-22 13:36:36 +01:00
Paul B Mahol
e9909fe194 avformat/vividas: check if size is enough big in xor_block 2018-12-22 11:14:39 +01:00
Paul B Mahol
14c2f7f652 avformat/vividas: fix undefined behaviour 2018-12-22 11:14:21 +01:00