The check `start + res < start' is broken since pointer overflow is
undefined behavior in C. Many compilers such as gcc/clang optimize
away this check.
Use `res > end - start' instead. Also change `res' to unsigned int
to avoid signed left-shift overflow.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly. Also change a literal buffer
size to use sizeof, and limit the amount of data copied in another
memcpy call as well.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C. Many compilers such as gcc/clang optimize such
checks away.
Use `size < 0 || size >= data_end - data' instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C. Many compilers such as gcc/clang optimize such
checks away.
Use `size < 0 || size >= data_end - data' instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The check `start + res < start' is broken since pointer overflow is
undefined behavior in C. Many compilers such as gcc/clang optimize
away this check.
Use `res > end - start' instead. Also change `res' to unsigned int
to avoid signed left-shift overflow.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '4f56e773fe8a554b8c2662650aaf799c2ece2721':
x86: ac3: Fix HAVE_MMXEXT condition to only refer to external assembly
rtpenc: Start the sequence numbers from a random offset
Conflicts:
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Expose the current sequence number via an AVOption - this can
be used both for setting the initial sequence number, or for
querying the current number.
Signed-off-by: Martin Storsjö <martin@martin.st>
Use AVERROR_INVALIDDATA on invalid inputs, and AVERROR_EOF when no more
frames are available in an interleaved AVI.
Signed-off-by: Jindrich Makovicka <makovick@gmail.com>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
* commit '8a4f26206d7914eaf2903954ce97cb7686933382':
dsputil: remove butterflies_float_interleave.
srtp: Move a variable to a local scope
srtp: Add tests for the crypto suite with 32/80 bit HMAC
Conflicts:
libavcodec/x86/dsputil.asm
libavcodec/x86/dsputil_mmx.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '3ef6d22e1ba544ab37c73e8fc61382f13aac250f':
srtp: cosmetics: Use fewer lines for the test vectors
srtp: Don't require more input data than what actually is needed
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'a2a991b2ddf951454ffceb7bcedc9db93e26c610':
srtp: Improve the minimum encryption buffer size check
srtp: Add support for a few DTLS-SRTP related crypto suites
Conflicts:
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'f53490cc0c809975f8238d5a9edbd26f83bd2f84':
rtpdec/srtp: Handle CSRC fields being present
rtpdec: Check the return value from av_new_packet
ac3dec: fix non-optimal dithering of zero bit mantissas
Conflicts:
libavcodec/ac3dec.c
libavformat/rtpdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c6f1dc8e4cd967ae056698eafb891a08003c211c':
rtpdec: Move setting the parsing flags to the actual depacketizers
rtpdec: Split handling of mpeg12 audio/video to a separate depacketizer
Conflicts:
libavformat/rtpdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'a717f9904227d7979473bad40c50eb40af41d01d':
mpegts: Share the cleanup code between the demuxer and lavf-internal parser functions
rtpdec_mpeg4: Return one AAC AU per AVPacket
ppc: Include string.h for memset
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This clarifies where the limit number comes from, and only
requires exactly as much padding space as will be needed.
Signed-off-by: Martin Storsjö <martin@martin.st>
The theoretical minimum for a (not totally well formed) RTCP packet
is 8 bytes, so we shouldn't require 12 bytes as minimum input.
Also return AVERROR_INVALIDDATA instead of 0 if something that is
not a proper packet is given.
Signed-off-by: Martin Storsjö <martin@martin.st>
The main difference to the existing suites from RFC 4568 is
that the version with a 32 bit HMAC still uses 80 bit HMAC
for RTCP packets.
Signed-off-by: Martin Storsjö <martin@martin.st>
Several compilers such as clang/icc/pathscale will optimize the check
pos + size < pos (assuming size > 0) into false, since signed integer
overflow is undefined behavior in C. This breaks overflow checking.
Use a safe precondition check instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The lavf-internal parser functions are used when receiving
mpegts over RTP. This fixes memory leaks in this setup.
The normal mpegts demuxer close function was updated in ec7d0d2e in
2004 to fix leaks, but the parsing function used for RTP wasn't
updated and has been leaking ever since.
Signed-off-by: Martin Storsjö <martin@martin.st>
This makes the returned data valid to stream copy into other
containers as well, not only for decoding straight away.
Signed-off-by: Martin Storsjö <martin@martin.st>
Makes ff_id3v2_read reset stream position at the end of ID3 data if the
header size is not matched (caused by an EOF for example).
Current behaviour (without the patch):
filesize = 400
id3 data size = 399
file offset after ff_id3v2_read is 400 instead of 399
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Write the packet unaltered if found.
Fixes ticket #1917
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The code did not account properly for packets that where added to
the end of the packet list. Also flags for such packets where not
set correctly leading to incorrect chunked interleaving.
Reported-by: bcoudurier
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The exact packing of Opus inside Matroska is not finalized.
Use A_OPUS/EXPERIMENTAL as codec name, like mkvtoolnix.
The A_OPUS name stays to let ffmpeg open files it has produced
until now, but newly produced file use the EXPERIMENTAL version.
Once the spec is stabilized it will be possible to consider
options to ensure compatibility with these files.
a small value was rounded to 0 and then treated special as if
chunked_duration was 0. This led to a inconsistency that further led
to wrong interleaving
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
lavc: Move vector_fmul_window to AVFloatDSPContext
rtpdec_mpeg4: Check the remaining amount of data before reading
Conflicts:
libavcodec/dsputil.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '977d4a3b8a2dbc2fb5e747c7072485016c9cdfaa':
rtpdec_mpeg4: Check the return value from malloc
srtp: Mark a few variables as uninitialized
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '0eecafc948b74c247ebbc59f18f508db5d590d0b':
configure: Make the new srtp protocol depend on the rtp protocol
lavf: Add a fate test for the SRTP functions
lavu: Add a fate test for the HMAC API
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Attempting to re-parse the headers at demuxer level is a
pandora box the way its done currently.
This allows full reconfiguration of vorbis streams
Fixes Ticket2117
Fixes Ticket2121
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Untested, due to lack of rtp stream with CSRCs, but the code as
is does not work with multiple CSRCs
Reviewed-by: Luca Abeni <lucabe72@email.it>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '094a7405e5d8463d7d167d893e04934ec1a84ecd':
x86: ABSB: port to cpuflags
sdp: Include SRTP crypto params if using the srtp protocol
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '2f3bada63e57345329c4f9b48e9b81b5cfc03d05':
lavf: Add a protocol for SRTP encryption/decryption
rtsp: Support decryption of SRTP signalled via RFC 4568 (SDES)
Conflicts:
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'ab2ad8bd56882c0ea160b154e8b836eb71abc49d':
lavf: Add functions for SRTP decryption/encryption
lavu: Add an API for calculating HMAC (RFC 2104)
Conflicts:
doc/APIchanges
libavutil/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '3f111804eb5c603a344706b84b7164cbf7b4e0df':
libvpx: make vp8 and vp9 selectable
libvpx: support vp9
nut: support vp9 tag
mkv: support vp9 tag
rtpdec: Make variables that should wrap unsigned
Conflicts:
configure
libavcodec/Makefile
libavcodec/allcodecs.c
libavcodec/avcodec.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'ba0c72a9ae1e2954e5dcf920f7b4e9a8f8a22f3e':
build: Remove stray Makefile entry for non-existent VCR1 encoder
rtpdec: Handle more received packets than expected when sending RR
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'd0fe217e3990b003b3b3f2c2daaadfb2af590def':
rtpdec: Simplify insertion into the linked list queue
rtpdec: Remove a woefully misplaced comment
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This is mostly useful for encryption together with the RTP muxer,
but could also be set up as IO towards the peer with the SDP
demuxer with custom IO.
Signed-off-by: Martin Storsjö <martin@martin.st>
This only takes care of decrypting incoming packets; the outgoing
RTCP packets are not encrypted. This is enough for some use cases,
and signalling crypto keys for use with outgoing RTCP packets
doesn't fit as simply into the API. If the SDP demuxer is hooked
up with custom IO, the return packets can be encrypted e.g. via the
SRTP protocol.
If the SRTP keys aren't available within the SDP, the decryption
can be handled externally as well (when using custom IO).
Signed-off-by: Martin Storsjö <martin@martin.st>
This supports the AES_CM_128_HMAC_SHA1_80 and
AES_CM_128_HMAC_SHA1_32 cipher suites (from RFC 4568) at the
moment. The main missing features are replay protection (which can be
added later without changing the internal API), and the F8 and null
ciphers.
Signed-off-by: Martin Storsjö <martin@martin.st>
The function is a callback that is called by ff_gen_search with
a constant stream index.
Avoid a false positive on older gcc version.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This makes the behaviour defined when they wrap around. The value
assigned to expected_prior was a uint32_t already.
Signed-off-by: Martin Storsjö <martin@martin.st>
Without this, we'd signal a huge loss rate (due to unsigned
wraparound) if we had received one packet more than expected (that
is, one seq number sent twice). The code has a check for lost_interval
<= 0, but that doesn't do what was intended as long as the variable is
unsigned.
Signed-off-by: Martin Storsjö <martin@martin.st>
The code below the comment does not at all relate to statistics,
and even if moved to the right place, the comment adds little
value.
Signed-off-by: Martin Storsjö <martin@martin.st>
"analyzeduration" is not used to detect the input duration, but to
specify the max probe data duration. Fix option description and related
doc entry accordingly.
* commit 'abae27ed3acd0a7c54f11760c5be2d2653c4edf8':
rtpdec: Fix the calculation of expected number of packets
fate: vp3: Fix fate-vp3-coeff-level64 test dependencies
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Previously, we always signalled a zero time since the last RTCP
SR, which is dubious.
The code also suggested that this would be the difference in
RTP NTP time units (32.32 fixed point), while it actually is
in in 1/65536 second units. (RFC 3550 section 6.4.1)
Signed-off-by: Martin Storsjö <martin@martin.st>
This brings back some code that was added originally in 4a6cc061
but never was used, and was removed as unused in 4cc843fa. The
code is updated to actually work and is tested to return sane
values.
Signed-off-by: Martin Storsjö <martin@martin.st>
The base_seq variable is set to first_seq - 1 (in
rtp_init_sequence), so no + 1 is needed here.
This avoids reporting 1 lost packet from the start.
Signed-off-by: Martin Storsjö <martin@martin.st>
* commit '54cb096ee4558b3bfc28c2fcd6418ce82dc39fe1':
rtsp: Remove an outdated comment
rtsp: Remove references to weirdly named variables in other files
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c44784c9bb9d0ddf5d39d0dfa640816a57b8f457':
rtp: Rename a static variable to normal naming conventions
rtp: Cosmetic cleanup
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The question can be answered: No, we do not know the initial sequence
number from the SDP. In certain cases, it can be known from the
RTP-Info response header in RTSP though. (In that case, we use it as
timestamp origin, but not for rtp receiver statistics.)
Signed-off-by: Martin Storsjö <martin@martin.st>
It is unclear what the bug exactly was and if it ever was fixed,
and we don't even support decoding via faad any longer. The
comment has been present since d0deedcb in 2006.
Signed-off-by: Martin Storsjö <martin@martin.st>
One of them is renamed now, but mentioning it by name serves
no purpose here. The other table mentioned ceased to exist
under that name in 4934884a1 in 2006.
Signed-off-by: Martin Storsjö <martin@martin.st>
Fixes division by zero
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Matthieu Bouron <matthieu.bouron@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '7b8c5b263bc680eff5710bee5994de39d47fc15e':
vc1dec: prevent a crash due missing pred_flag parameter
matroska: Fix use after free
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
rtpdec_vp8: Don't trim too much data from broken frames
rtpdec_vp8: Simplify code by using an existing helper function
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'ed79093222ceb42f0c3a39095a69af0b32be5450':
rtpdec: Add a terminating null byte at the end of the SDES/CNAME
yuv4mpeg: do not use deprecated functions
oggdec: fix faulty cleanup prototype
idcin: return 0 from idcin_read_packet() on success.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '7040e479a1530b2eda4b89a182d5eb50a77bd907':
idcin: allow seeking back to the first packet
idcin: set AV_PKT_FLAG_KEY for video packets with a palette
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'ccc0ffb1ba3fc1adb05a9f56dfc26131e61db3fb':
idcin: set start_time and packet duration instead of manually tracking pts.
idcin: set channel_layout
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '12c2530b1d87fa94f81ea97df575b77c825e6f4f':
idcin: fix check for presence of an audio stream
idcin: validate header parameters
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c88d245c9866e48cb8a238b7564964c1fcf3315f':
au: use ff_raw_write_packet()
au: set stream start time and packet durations
Conflicts:
libavformat/au.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'af68a2baae6761044cbed95575e8bcfebf55c6f1':
au: use %u when printing id and channels since they are unsigned
au: validate sample rate
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c837b38dd33a11c3810e988a60193a858eb4f58c':
au: move skipping of unused data to before parameter validation
au: do not arbitrarily limit channel count
Conflicts:
libavformat/au.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9a7b56883d1333cdfcdf0fa7584a333841b86114':
au: set bit rate
au: validate bits-per-sample separately from codec tag
rtpdec_vp8: Mark broken packets with AV_PKT_FLAG_CORRUPT
Conflicts:
libavformat/au.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Previously, for broken frames, we only returned the first partition
of the frame (we would append all the received packets to the packet
buffer, then set pkt->size to the size of the first partition, since
the rest of the frame could have lost data inbetween) - now instead
return the full buffered data we have, but don't append anything more
to the buffer after the lost packet discontinuity. Decoding the
truncated packet should hopefully get better quality than trimming out
everything after the first partition.
Signed-off-by: Martin Storsjö <martin@martin.st>
This is required by RFC 3550 (section 6.5):
The list of items in each chunk MUST be terminated by one or more
null octets, the first of which is interpreted as an item type of
zero to denote the end of the list.
This was implicitly added as padding before, unless the host name
length matched up so no padding was added.
This makes wireshark parse the packets properly if other RTCP items
are appended to the same packet.
Signed-off-by: Martin Storsjö <martin@martin.st>