1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-03 05:10:03 +02:00
Commit Graph

225 Commits

Author SHA1 Message Date
Michael Niedermayer
5480e82d77 avcodec/pngdec: Clean up on av_frame_ref() failure
Fixes: memleak
Fixes: 3203/clusterfuzz-testcase-minimized-4514553595428864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-09-20 02:56:20 +02:00
Michael Niedermayer
a2e444d5bb avcodec/pngdec: Fix () placement
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-22 18:55:11 +02:00
Rostislav Pehlivanov
133dafe24f pngdec: fix potential memory leak
Fixes CID1412026.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2017-07-26 23:54:14 +01:00
Rostislav Pehlivanov
2e08bbb282 pngdec: decode and expose iCCP chunks as side data
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2017-07-25 20:12:44 +01:00
Michael Niedermayer
a0296fc056 avcodec/pngdec: Use ff_set_dimensions()
Fixes OOM
Fixes: 1314/clusterfuzz-testcase-minimized-4621997222920192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-04 18:41:30 +02:00
Muhammad Faiz
31f61b0d4f avcodec: do not use AVFrame accessor
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: Muhammad Faiz <mfcc64@gmail.com>
2017-04-23 14:27:47 +07:00
Ronald S. Bultje
eff2861a75 png: set AVFrame flags/fields before calling setup_finished().
Fixes tsan warnings in fate-apng:

WARNING: ThreadSanitizer: data race (pid=51230)
  Read of size 4 at 0x7d50000042fc by main thread (mutexes: write M1000):
    #0 frame_copy_props frame.c:302 (ffmpeg:x86_64+0x1019a35d6)
[..]
  Previous write of size 4 at 0x7d50000042fc by thread T1 (mutexes: write M997):
    #0 decode_idat_chunk pngdec.c:708 (ffmpeg:x86_64+0x100f5562a)
2017-04-03 14:46:26 -04:00
Ronald S. Bultje
478f1c3d5e png: split header state and data state in two separate variables.
Fixes a reported (but false) race condition in tsan for fate-apng:

WARNING: ThreadSanitizer: data race (pid=6274)
  Read of size 4 at 0x7d680001ec78 by main thread (mutexes: write M1338):
    #0 update_thread_context src/libavcodec/pngdec.c:1456 (ffmpeg+0x000000dacf0c)
[..]
  Previous write of size 4 at 0x7d680001ec78 by thread T1 (mutexes: write M1335):
    #0 decode_idat_chunk src/libavcodec/pngdec.c:737 (ffmpeg+0x000000dae951)
2017-04-03 10:08:29 -04:00
Clément Bœsch
2d12b910f7 lavc: use av_fourcc2str() where appropriate 2017-03-29 14:49:29 +02:00
Michael Niedermayer
310d2af319 avcodec/pngdec: Fix runtime error: left shift of 152 by 24 places cannot be represented in type 'int'
Fixes: 666/clusterfuzz-testcase-6581447227867136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-25 01:43:53 +01:00
Michael Niedermayer
4279613a26 avcodec/pngdec: Check bit depth for validity
Fixes: runtime error: shift exponent 132 is too large for 32-bit type 'int'
Fixes: 609/clusterfuzz-testcase-4825202619842560

See 11.2.2 IHDR Image header

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-19 19:48:57 +01:00
Michael Niedermayer
2ac6eedac5 avcodec/pngdec: Store metadata directly into AVFrame
Fixes memleak
Fixes: 500/clusterfuzz-testcase-6315221727576064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-19 15:39:36 +01:00
Derek Buitenhuis
91ed4e7196 avcodec: Mark some codecs with threadsafe init as such
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-07 23:31:25 +01:00
Michael Niedermayer
e477f09d0b avcodec/pngdec: Check trns more completely
Fixes out of array access
Fixes: 546/clusterfuzz-testcase-4809433909559296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-04 13:22:29 +01:00
Michael Niedermayer
e371f031b9 avcodec/pngdec: Fix off by 1 size in decode_zbuf()
Fixes out of array access
Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-01-23 01:43:35 +01:00
Andreas Cadhalpun
801b5c18c7 pngdec: check if previous frame exists instead of trusting sequence_number
This fixes a segmentation fault caused by calling memcpy with NULL as
second argument in handle_p_frame_apng.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27 23:46:30 +01:00
James Almer
16c429166d Revert "apngdec: use side data to pass extradata to the decoder"
This reverts commit e0c6b32046.

Said commit changed the behavior of the demuxer and decoder in a non
backwards compatible way.
Demuxers should make extradata available at init if possible, and send
new extradata as side data within a packet if needed.

A better fix for the remuxing crash will follow.

Signed-off-by: James Almer <jamrial@gmail.com>
2016-11-18 12:24:28 -03:00
Andreas Cadhalpun
e0c6b32046 apngdec: use side data to pass extradata to the decoder
Fixes remuxing apng streams coming from the apng demuxer.
This is a regression since 940b8908b9.

Found-by: James Almer <jamrial@gmail.com>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-01 18:49:28 +01:00
Clément Bœsch
8ef57a0d61 Merge commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb'
* commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb':
  cosmetics: Fix spelling mistakes

Merged-by: Clément Bœsch <u@pkh.me>
2016-06-21 21:55:34 +02:00
Vittorio Giovara
41ed7ab45f cosmetics: Fix spelling mistakes
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2016-05-04 18:16:21 +02:00
Michael Niedermayer
d433623fba avcodec/pngdec: Fix alpha detection with skip_frame
Fixes Ticket4816

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-04-09 01:10:58 +02:00
James Almer
1bb3b90db8 avcodec/pngdec: use av_mod_uintp2
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2016-01-29 19:58:41 -03:00
Michael Niedermayer
a62178be80 avcodec/pngdec: Replace assert by request for sample for unsupported TRNS cases
Fixes assertion failure
Fixes: 7f646252a30ee28b583aac1f82e7985e/signal_sigabrt_7ffff6ae7cc9_7353_62fc077bf2f454d39e188c69807193a6.png

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-16 18:48:02 +01:00
Matthieu Bouron
0cdc77f104 lavc/pngdec: set FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM capability 2015-11-15 10:13:24 +01:00
Andreas Cadhalpun
3e8e1a660e apng: use correct size for output buffer
The buffer needs s->bpp bytes, at maximum currently 10.
Assert that s->bpp is not larger.

This fixes a stack buffer overflow.

Reviewed-by: wm4 <nfxjfg@googlemail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-11-07 13:15:14 +01:00
Hendrik Leppkes
1fc13a6269 Merge commit '1720791e36f9cc24c05efea5bb275ab52156ce50'
* commit '1720791e36f9cc24c05efea5bb275ab52156ce50':
  png: read and write stereo3d frame side data information

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
2015-11-02 11:50:35 +01:00
Kirill Gavrilov
1720791e36 png: read and write stereo3d frame side data information
Use optional sTER chunk defining side-by-side stereo pair
within "Extensions to the PNG 1.2 Specification", version 1.3.0.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-10-30 12:46:56 +01:00
Matthieu Bouron
cbe2dfa4e5 lavc/pngdec: honor skip_frame option 2015-10-29 12:04:06 +01:00
Kirill Gavrilov
bea931c2eb avcodec/png: read and write stereo3d frame side data information
Use optional sTER chunk defining side-by-side stereo pair
within "Extensions to the PNG 1.2 Specification", version 1.3.0.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-10-28 12:59:43 +01:00
Michael Niedermayer
98b8bf12bc avcodec/pngdec: Use av_malloc_array()
Suggested-by: ubitux
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-10-11 16:39:41 +02:00
Michael Niedermayer
47c5a3058e avcodec/pngdec: Alloc buffer after blend_op check in handle_p_frame_apng()
Avoids memleak on error
Fixes CID1322342

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-10-11 13:09:56 +02:00
Michael Niedermayer
1e7e4f13f9 avcodec/pngdec: Check blend_op.
Fixes CID1322359, CID1322358

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-10-11 03:46:44 +02:00
Ganesh Ajjanagadde
2cbaa078d1 avcodec: use HAVE_THREADS header guards to silence -Wunused-function
When compiled with --disable-pthreads, e.g
http://fate.ffmpeg.org/report.cgi?time=20150917015044&slot=alpha-debian-qemu-gcc-4.7,
a bunch of -Wunused-functions are reported due to missing header guards
around threading related functions.
This patch should silence such warnings.

Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-10-04 12:47:34 -04:00
Michael Niedermayer
9e9d731b51 avcodec/pngdec: mark previous_picture as done on end of decode_frame_common()
Fixes deadlock with threads

Found-by: Paul B Mahol
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-10-01 01:11:45 +02:00
Paul B Mahol
1d0487f77f avcodec/pngdec: reset has_trns after every decode_frame_png()
Fixes #4887.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2015-09-28 20:54:09 +02:00
Donny Yang
51d4bca5a4 avcodec/pngdec: fully support the tRNS chunk
Signed-off-by: Donny Yang <work@kota.moe>
2015-08-31 09:52:46 +00:00
Hendrik Leppkes
00b5c19661 Merge commit '4fee11ab05fc8569ef35c0ce86a60375c903eefb'
* commit '4fee11ab05fc8569ef35c0ce86a60375c903eefb':
  png: Be more informative regarding signature errors

Conflicts:
	libavcodec/pngdec.c

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
2015-08-05 12:10:08 +02:00
Luca Barbato
4fee11ab05 png: Be more informative regarding signature errors
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2015-08-02 14:31:09 +02:00
Michael Niedermayer
444e9874a7 Merge commit 'def97856de6021965db86c25a732d78689bd6bb0'
* commit 'def97856de6021965db86c25a732d78689bd6bb0':
  lavc: AV-prefix all codec capabilities

Conflicts:
	cmdutils.c
	ffmpeg.c
	ffplay.c
	libavcodec/8svx.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.c
	libavcodec/adpcm.c
	libavcodec/alac.c
	libavcodec/atrac3plusdec.c
	libavcodec/bink.c
	libavcodec/dnxhddec.c
	libavcodec/dvdec.c
	libavcodec/dvenc.c
	libavcodec/ffv1dec.c
	libavcodec/ffv1enc.c
	libavcodec/fic.c
	libavcodec/flacdec.c
	libavcodec/flacenc.c
	libavcodec/flvdec.c
	libavcodec/fraps.c
	libavcodec/frwu.c
	libavcodec/gifdec.c
	libavcodec/h261dec.c
	libavcodec/hevc.c
	libavcodec/iff.c
	libavcodec/imc.c
	libavcodec/libopenjpegdec.c
	libavcodec/libvo-aacenc.c
	libavcodec/libvorbisenc.c
	libavcodec/libvpxdec.c
	libavcodec/libvpxenc.c
	libavcodec/libx264.c
	libavcodec/mjpegbdec.c
	libavcodec/mjpegdec.c
	libavcodec/mpegaudiodec_float.c
	libavcodec/msmpeg4dec.c
	libavcodec/mxpegdec.c
	libavcodec/nvenc_h264.c
	libavcodec/nvenc_hevc.c
	libavcodec/pngdec.c
	libavcodec/qpeg.c
	libavcodec/ra288.c
	libavcodec/rv10.c
	libavcodec/s302m.c
	libavcodec/sp5xdec.c
	libavcodec/takdec.c
	libavcodec/tiff.c
	libavcodec/tta.c
	libavcodec/utils.c
	libavcodec/v210dec.c
	libavcodec/vp6.c
	libavcodec/vp9.c
	libavcodec/wavpack.c
	libavcodec/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 22:50:18 +02:00
Vittorio Giovara
def97856de lavc: AV-prefix all codec capabilities
Express bitfields more simply.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:58 +01:00
Donny Yang
a906e86a8d apng: Fix decoding images with the PREVIOUS dispose op 2015-07-22 16:42:24 +00:00
Donny Yang
0030613d69 avcodec/apngdec: Fix typos in decoder causing incorrect results
Signed-off-by: Donny Yang <work@kota.moe>
2015-07-20 13:46:50 +00:00
Michael Niedermayer
b54ac8403b avcodec/pngdec: Check values before updating context in decode_fctl_chunk()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-06-29 22:32:02 +02:00
Michael Niedermayer
f1ffa01dd3 avcodec/pngdec: Copy IHDR & plte state from last thread
Previously these chunks where parsed again for each frame with threads
but not without leading to a different path and the potential for
inconsistencies

This also removes a related special case from decode_ihdr_chunk()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-06-29 22:16:58 +02:00
Michael Niedermayer
a1736926e9 avcodec/pngdec: Require a IHDR chunk before fctl
This is required by the APNG spec

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-06-29 21:57:12 +02:00
Michael Niedermayer
47f4e2d896 avcodec/pngdec: Only allow one IHDR chunk
Multiple IHDR chunks are forbidden in PNG
Fixes inconsistency and out of array accesses

Fixes: asan_heap-oob_4d5c5a_1738_cov_2638287726_c-m2-8f2b481b7fd9bd745e620b7c01a18df2.png

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-06-29 21:30:57 +02:00
Donny Yang
130a6c04a4 avcodec/apng: Add partial support for blending with PAL8 pixel format
Currently restricted to blending pixels that only contain either
0 or 255 in their alpha components

Signed-off-by: Donny Yang <work@kota.moe>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-06-08 16:27:57 +02:00
Donny Yang
33292c07fe avcodec/apng: Add support for blending with GRAY8A pixel format
Signed-off-by: Donny Yang <work@kota.moe>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-06-08 16:18:34 +02:00
Donny Yang
0ab1c46fe0 avcodec/apng: Add blending support for non-alpha pixel formats
Signed-off-by: Donny Yang <work@kota.moe>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-06-08 15:44:22 +02:00
Donny Yang
ed09bb3782 avcodec/apng: Dispose previous frame properly
The spec specifies the dispose operation as how the current (i.e., currently
being rendered) frame should be disposed when the next frame is blended onto it

This is contrary to ffmpeg's current behaviour of interpreting the dispose
operation as how the previous (i.e., already rendered) frame should be disposed

This patch fixes ffmpeg's behaviour to match those of the spec, which involved
a rewrite of the blending function

Signed-off-by: Donny Yang <work@kota.moe>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-06-08 15:32:49 +02:00