1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-21 10:55:51 +02:00
Commit Graph

41288 Commits

Author SHA1 Message Date
Martin Storsjö
4895aa65c6 libavformat: Allow calling av_write_trailer with a NULL AVIOContext
Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-19 23:12:58 +02:00
Michael Niedermayer
cee4490b52 on2avc: check number of channels
Fixes invalid memory access.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8549
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2014-12-19 08:01:47 +01:00
Michael Niedermayer
d423dd72be smc: fix the bounds check
Fixes invalid writes when there are more blocks in a run than total
remaining blocks.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8548
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2014-12-19 08:01:47 +01:00
Michael Niedermayer
0b39ac6f54 gifdec: refactor interleave end handling
Fixes invalid writes with very small image heights.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8547
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2014-12-19 08:01:47 +01:00
Anton Khirnov
17ba719d9b mmvideo: check frame dimensions
The frame size must be set by the caller and each dimension must be a
multiple of 2.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8543
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2014-12-19 08:01:46 +01:00
Anton Khirnov
88626e5af8 jvdec: check frame dimensions
The frame size must be set by the caller and each dimension must be a
multiple of 8.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8542
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2014-12-19 08:01:46 +01:00
Anton Khirnov
809c3023b6 mjpegdec: check for pixel format changes
Fixes possible invalid memory access.

Based on code by Michael Niedermayer <michaelni@gmx.at>

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8541
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2014-12-19 08:01:46 +01:00
Anton Khirnov
64f7575fbd mov: avoid a memleak when multiple stss boxes are present
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2014-12-19 08:01:46 +01:00
Vittorio Giovara
210461c0a8 imgconvert: check memory allocations and propagate errors 2014-12-18 23:27:14 +01:00
Vittorio Giovara
596b5c488f wma: check memory allocations and propagate errors 2014-12-18 23:27:14 +01:00
Vittorio Giovara
63be97ec40 lavfi: always check av_expr_parse_and_eval() return value
CC: libav-stable@libav.org
Bug-Id: CID 703624
2014-12-18 23:27:14 +01:00
Vittorio Giovara
9e06327ecb xcbgrab: Move NULL check before pointer dereference
Bug-Id: CID 1254668
2014-12-18 23:27:14 +01:00
Vittorio Giovara
5ac06633cb takdec: check av_samples_get_buffer_size() return value
CC: libav-stable@libav.org
Bug-Id: CID 747734
2014-12-18 23:27:14 +01:00
Vittorio Giovara
16c7a8a142 aacps: invert the order of parameters of ipdopd_reset()
This is the order that the caller uses in the rest of the file. The
same operation is applied to both parameters, so this change is only
done for consistency, it doesn't change the actual behaviour.

Bug-Id: CID 732285 / CID 732286
2014-12-18 23:27:14 +01:00
Vittorio Giovara
76ccf114a6 rtsp: check ffurl_get_file_handle() return value
CC: libav-stable@libav.org
Bug-Id: CID 717844
2014-12-18 23:27:14 +01:00
Vittorio Giovara
b1306823d0 check memory errors from av_strdup() 2014-12-18 23:27:14 +01:00
Vittorio Giovara
9745f19ffc assdec: check the right variable
CC: libav-stable@libav.org
Bug-Id: CID 1257815
2014-12-18 23:27:14 +01:00
Vittorio Giovara
971099ff5a aacenc: correctly check returned value
CC: libav-stable@libav.org
2014-12-18 23:27:14 +01:00
Vittorio Giovara
ac467d94fa lcl: return an appropriate error code 2014-12-18 23:27:14 +01:00
Vittorio Giovara
8b263331c5 mpegts: check get16() return value
And break flow of execution rather than exiting the function.

CC: libav-stable@libav.org
Bug-Id: CID 732186
2014-12-18 23:27:13 +01:00
James Almer
430a816859 oggdec: add support for VP8 demuxing
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2014-12-18 23:27:07 +01:00
Vittorio Giovara
38129c26c5 cmdutils: check file access functions return values
CC: libav-stable@libav.org
Bug-Id: CID 703706
2014-12-18 23:23:00 +01:00
Vittorio Giovara
c63dd3f0a4 a64multi: check elbg return values 2014-12-18 23:22:59 +01:00
Vittorio Giovara
3beb9cbad3 roqvideo: check memory allocations and propagate errors 2014-12-18 23:22:59 +01:00
Vittorio Giovara
ae2d41ec87 elbg: check memory allocations and propagate errors 2014-12-18 23:22:59 +01:00
Luca Barbato
5d839778b9 lavu: Refactor side data wiping
And make sure the nb_side_data field is reset as well.

Based on an initial patch from wm4 <nfxjfg@googlemail.com>.

CC: libav-stable@libav.org
2014-12-18 23:22:59 +01:00
Vittorio Giovara
effa7d2a6a fate: add test for offset theora 2014-12-18 23:22:59 +01:00
Vittorio Giovara
67fc8a15e4 theora: support different visible and coded frame size
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2014-12-18 23:22:59 +01:00
Vittorio Giovara
a381e0cec8 fate: add a DPX parser test 2014-12-18 23:22:59 +01:00
Paul B Mahol
87bd298abe DPX parser
Additional improvements and fixes by Michael Niedermayer <michaelni@gmx.at>.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2014-12-18 23:22:59 +01:00
Carl Eugen Hoyos
3a3790b8f8 tiff: support encoding and decoding 64bit images 2014-12-18 23:22:59 +01:00
Martin Storsjö
59f0275dd0 movenc: Adjust the pts of new fragments similarly to what is done for dts
The pts and the corresponding duration is written in sidx
atoms, thus make sure these match up correctly.

Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-18 23:14:27 +02:00
Martin Storsjö
8a70ef94b9 libavformat: Add a muxer wrapping mpegts encoding into RTP
Since this structurally is quite different from normal RTP
(multiple streams are muxed into one single mpegts stream,
which is packetized into one single RTP session), it is kept
as a separate muxer.

Since this structurally also behaves differently than normal
RTP, all of the other muxers that do chained RTP muxing
(rtsp, sap, mp4) would need to be updated similarly to handle
this - in particular, creating one single rtp_mpegts muxer
for the whole presentation instead of one rtp muxer per stream.

Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-18 23:12:33 +02:00
Thomas Volkert
a505c0d737 rtp: Initial H.261 support
The packetizer only supports splitting at GOB headers - if
such aren't available frequently enough, it splits at any
random byte offset (not at a macroblock boundary either, which
would be allowed by the spec) and sends a payload header pretend
that it starts with a GOB header.

As long as a receiver doesn't try to handle such cases cleverly
but just drops broken frames, this shouldn't matter too much
in practice.

Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-18 23:11:37 +02:00
Martin Storsjö
adc214e679 rtpenc: Avoid brittle switch fallthroughs
Instead explicitly jump to the default case in the cases where
it is wanted, and avoid fallthrough between different codecs,
which could easily introduce bugs if people editing the code
aren't careful.

Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-18 23:11:37 +02:00
Michael Niedermayer
3bb465245f h261dec: Fix context initialization sequence
ff_mpv_common_init sets s->context_initialized.

This fixes decoding of h261 in the cases where the demuxer
hasn't already set the frame size.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-18 23:10:24 +02:00
Martin Storsjö
91bfac759d h261enc: Disallow sliced encoding
This avoids trying to do sliced encoding, even if a slice/packet
size is requested (via the -ps option or the rtp_payload_size
field), since the encoder currently doesn't support it (or at least
our decoder can't decode it, even if the h261_encode_gob_header
function is hooked up to be called from the slicing part in
mpegvideo_enc.c).

Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-18 12:00:01 +02:00
Martin Storsjö
df07c07b3d rtpdec_h263_rfc2190: Clear the stored bits if discarding buffered data
If we throw away the buffered incomplete frame, make sure to also
throw away the buffered bits of an incomplete byte at the same
time.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-18 11:59:54 +02:00
Martin Storsjö
42181740a3 rtpenc: Set the AVFMT_TS_NONSTRICT flag
In particular, when packetizing mpegts into rtp, the input packet
timestamp may come from more than one stream, which could cause
multiple packets be written with the same timestamp.

Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-18 11:59:19 +02:00
Martin Storsjö
01f251c44d rtpenc: Set the timestamp properly when sending mpegts data, too
Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-18 11:59:12 +02:00
Tristan Matthews
f2c614e8c4 srtpproto: fix option flag type
Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-18 11:58:23 +02:00
Martin Storsjö
456e93bfdd dashenc: Adjust the start time of a segment to the end of the previous segment
This is the same adjustment that the mp4 muxer does to the start
timestamp of fragments, since the timestamp of a sample in an mp4
file is implicit from the sum of earlier sample durations.

This avoids gaps in the timeline (which can stop dash.js from
playing it back), and makes sure the timestamp on the segmenter
level matches what the mp4 muxer actually writes into the segments.

This is only an issue if the AVPacket duration of the last
packet of a segment doesn't point to the actual start timestamp
of the next packet (the first in the next segment).

Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-17 09:43:08 +02:00
Martin Storsjö
2f628d5943 dashenc: Write segment timelines properly if the timeline has gaps
Write a new start time if the duration of the previous segment
didn't match the start of the next one. Check that segments
actually are continuous before writing a repeat count.

This makes sure timestamps deduced from the timeline actually
match the real start timestamp as written in filenames (if
using a template containing $Time$).

Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-17 09:42:30 +02:00
Martin Storsjö
6f4364aba9 mov: Fix handling of zero-length metadata values
Since 3cec81f4d4, a zero-length metadata value would try to
allocate 2*0 bytes, where av_malloc() returns NULL.

Always add one to the allocated length, to allow space for
a null terminator in the zero-length case.

Incidentally, this fixes fate-alac on RVCT 4.0, where a compiler
bug seems to mess up the mov muxer to the point that it writes
the wrong sort of metadata. Previously this bug was undetected,
but since 3cec81f4d4 such mov files started returning
AVERROR(ENOMEM) in the mov demuxer.

Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-15 23:42:10 +02:00
Vittorio Giovara
10d4c5e55e tiff: set the correct return value when check_size() fails
Only one instance affected and solved as other occurences.
2014-12-15 15:46:34 +01:00
Luca Barbato
3c27275c13 tiff: Check the check_size() return value and forward it
Also use the same type for add_entry and check_size.

Bug-Id: CID 700699
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Vittorio Giovara <vittorio.giovarao@gmail.com>
2014-12-15 15:46:34 +01:00
Luca Barbato
4690e01c3a prores: Evaluate all the quantizers
Prevent an uninitialized data access.

CC: libav-stable@libav.org
Bug-Id: CID 703824 / CID 703825
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2014-12-15 15:46:34 +01:00
Xiaohan Wang
490a3ebf36 matroskadec: Fix read-after-free in matroska_read_seek()
In matroska_read_seek(), |tracks| is assigned at the begining of the
function. However, functions like matroska_parse_cues() could reallocate
the tracks and invalidate |tracks|.

This assigns |tracks| only before using it, so that it will not get
invalidated elsewhere.

Bug-Id: chromium/427266
2014-12-15 15:46:34 +01:00
Vittorio Giovara
d75190aa93 mpegvideo: move REBASE_PICTURE where it is used
Drop an unused #undef from h264 decoder.
2014-12-15 15:46:34 +01:00
Vittorio Giovara
63fcedcf01 mpegvideo: remove unused function declaration 2014-12-15 15:46:34 +01:00