1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Commit Graph

25811 Commits

Author SHA1 Message Date
Leo Izen
7c338f470f avcodec, avformat/ffjni: fix duplicate JNI symbols
Use SHLIBOBJS and STLIBOBJS in the Makefiles for avcodec and avformat,
and add a stub ffjni.c to libavformat, which allows the symbols to be
duplicated for shared builds but not static builds.

Signed-off-by: Leo Izen <leo.izen@gmail.com>
Signed-off-by: Matthieu Bouron <matthieu.bouron@gmail.com>
2024-04-04 21:51:21 +02:00
Michael Niedermayer
bf3b74142e
avformat/pcm: Use 64bit in bitrate computation
Fixes: signed integer overflow: 65792 * 65312 cannot be represented in type 'int'
Fixes: 67819/clusterfuzz-testcase-minimized-ffmpeg_dem_WADY_fuzzer-5236100912185344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-04-04 19:38:30 +02:00
Michael Niedermayer
ed49391961
avformat/mxfdec: Check index_edit_rate
Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62
Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-04-04 19:38:29 +02:00
Michael Niedermayer
4593cf7ab3
avformat/iamf_parse: Check sound_system
Fixes: index 13 out of bounds for type 'const struct IAMFSoundSystemMap [13]'
Fixes: 67796/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-4554553191104512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-04-04 19:38:29 +02:00
Eugene Zemtsov
591e27d1e7 configure: Separate subsystem for Immersive Audio Model
This change allows users to build libavfomat without support
for Immersive Audio Model by specifying --disable-iamf.
It helps to save on binary size in cases where it's important.

Co-authored-by: James Almer <jamrial@gmail.com>
Signed-off-by: Eugene Zemtsov <eugene@chromium.org>
Signed-off-by: James Almer <jamrial@gmail.com>
2024-04-03 09:57:52 -03:00
James Almer
50458b7fa1 avformat/isom: don't drop the known layout when parsing AAC decSpecificInfo
Signed-off-by: James Almer <jamrial@gmail.com>
2024-04-02 20:21:13 -03:00
Michael Niedermayer
d157725cf7 avformat/isom: Uninit layout in ff_mp4_read_dec_config_descr()
Fixes: memleak
Fixes: 67442/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5068813261406208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2024-04-02 20:20:04 -03:00
Marth64
58f04608c2 avformat/rcwtenc: remove repeated documentation
The high level summary of RCWT can be delegated doc/muxers, which
makes it easier to maintain and more consistent with the documentation
of the demuxer.

Signed-off-by: Marth64 <marth64@proxyid.net>
2024-04-02 20:09:05 +02:00
Marth64
536f0239c0 avformat/rcwtenc: don't assume .bin extension
Signed-off-by: Marth64 <marth64@proxyid.net>
2024-04-02 20:09:05 +02:00
Marth64
15406f8377 avformat/rcwtdec: add RCWT Closed Captions demuxer
RCWT (Raw Captions With Time) is a format native to ccextractor,
a commonly used OSS tool for processing 608/708 Closed Captions (CC).
RCWT can be used to archive the original extracted CC bitstream.
The muxer was added in January 2024. In this commit, add the demuxer.

One can now demux RCWT files for rendering in ccaption_dec or interop
with ccextractor (which produces RCWT). Using the muxer/demuxer combo,
the CC bits can be kept for processing or rendering with either tool.
This can be an effective way to backup an original CC stream, including
format extensions like EIA-708 and overall original presentation.

Signed-off-by: Marth64 <marth64@proxyid.net>
2024-04-02 20:08:51 +02:00
Marth64
1c35333671 avformat/subtitles: extend ff_subtitles_queue_insert() to support not yet available events
If ff_subtitles_queue_insert() were given a NULL buffer
with 0 length, it would still attempt to grow the packet
or memcpy depending on if merge option is enabled.

In this commit, allow passing a NULL buffer with 0 length
without attempting to do such operations. This way, if a
subtitle demuxer happens to pass an empty cue or wants to
use av_get_packet() to read bytes, there are no unnecessary
operations on the packet after it is allocated.

Signed-off-by: Marth64 <marth64@proxyid.net>
2024-04-02 19:59:01 +02:00
Nicolas Gaullier
ed9363052f avformat/demux: add duration_probesize AVOption
Yet another probesize used to get the durations when
estimate_timings_from_pts is required. It is aimed at users interested
in better durations probing for itself, or because using
avformat_find_stream_info indirectly and requiring exact values: for
concatdec for example, especially if streamcopying above it.
The current code is a performance trade-off that can fail to get video
stream durations in a scenario with high bitrates and buffering for
files ending cleanly (as opposed to live captures): the physical gap
between the last video packet and the last audio packet is very high in
such a case.

Default behaviour is unchanged: 250k up to 250k << 6 (step by step).
Setting this new option has two effects:
- override the maximum probesize (currently 250k << 6)
- reduce the number of steps to 1 instead of 6, this is to avoid
detecting the audio "too early" and failing to reach a video packet.
Even if a single audio stream duration is found but not the other
audio/video stream durations, there will be a retry, so at the end the
full user-overriden probesize will be used as expected by the user.

Signed-off-by: Nicolas Gaullier <nicolas.gaullier@cji.paris>
2024-04-02 19:53:40 +02:00
James Almer
8e294abd9d avformat/mov: simplify the entry count overflow check in the keys atom
Suggested-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2024-04-02 09:09:35 -03:00
James Almer
5a06d3810e avformat/mov: don't read key_size bytes twice in the keys atom
We only support mdta as type, yet we were not skipping other types,
but rather reading key_size worth of bytes twice per entry.

Signed-off-by: James Almer <jamrial@gmail.com>
2024-04-02 00:16:31 -03:00
James Almer
3d12ba77d9 avformat/mov: take into account the first eight bytes in the keys atom
Signed-off-by: James Almer <jamrial@gmail.com>
2024-04-02 00:13:12 -03:00
Eugene Zemtsov
8a23a145d8 avformat/mov: Check if a key is longer than the atom containing it
Stop reading keys and return AVERROR_INVALIDDATA if key_size
is larger than the amount of space left in the atom.

Bug: https://crbug.com/41496983
Signed-off-by: Eugene Zemtsov <eugene@chromium.org>
Signed-off-by: James Almer <jamrial@gmail.com>
2024-04-02 00:13:12 -03:00
Andreas Rheinhardt
9d219ff149 avformat/mov: Don't add attached pic if one is already present
Fixes: memleak
Fixes: 67714/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5671570999476224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-04-02 04:13:44 +02:00
James Almer
f492f1ac23 avformat/mov: ensure all items id referenced by a grid are valid
Fixes: null pointer dereference
Fixes: 67494/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6528714521247744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Tested-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2024-04-01 21:13:04 -03:00
Michael Niedermayer
cb9752d897
avformat/mpegts: Reset local nb_prg on add_program() failure
add_program() will deallocate the whole array on failure so
we must clear nb_prgs

Fixes: null pointer dereference
Fixes: crash-35a3b39ddcc5babeeb005b7399a3a1217c8781bc

Found-by: Catena cyber
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-04-01 19:03:06 +02:00
Michael Niedermayer
23b29f72ee
avformat/aiffdec: Check for previously set channels
Fixes: out of array access (av_channel_layout_copy())
Fixes: 67087/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4920720268263424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-04-01 18:59:07 +02:00
Michael Niedermayer
f30fe5e8d0
avformat/mxfdec: Make edit_unit_byte_count unsigned
Suggested-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-04-01 18:52:38 +02:00
Michael Niedermayer
d88c284c18
avformat/movenc: Check that cts fits in 32bit
Fixes: Assertion av_rescale_rnd(start_dts, mov->movie_timescale, track->timescale, AV_ROUND_DOWN) <= 0 failed at libavformat/movenc.c:3694
Fixes: poc2

Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-04-01 18:51:59 +02:00
James Almer
0a693bce62
avformat/iamf_parse: keep count_label consistent on language_label allocation failure
Fixes: null pointer dereference
Fixes: 67023/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6011025237278720

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-04-01 18:17:28 +02:00
Michael Niedermayer
f26ee6e066
avformat/iamf_reader: Check len before summing
Fixes: integer overflow
Fixes: 67275/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5438920751906816
Fixes: 67688/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5970342318243840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-04-01 18:17:28 +02:00
Michael Niedermayer
d6ed6f6e8d
avformat/mxfdec: Check first case of offset_temp computation for overflow
This is kind of ugly
Fixes: signed integer overflow: 255 * 1157565362826411919 cannot be represented in type 'long'
Fixes: 67313/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6250434245230592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-04-01 18:17:28 +02:00
Andreas Rheinhardt
0e5f71230a avutil/internal: Move avpriv_set_systematic_pal2 decl to imgutils_internal.h
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-03-31 00:08:43 +01:00
Andreas Rheinhardt
790f793844 avutil/common: Don't auto-include mem.h
There are lots of files that don't need it: The number of object
files that actually need it went down from 2011 to 884 here.

Keep it for external users in order to not cause breakages.

Also improve the other headers a bit while just at it.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-03-31 00:08:43 +01:00
Andreas Rheinhardt
b616be1649 lib*/version: Use static_assert for static asserts
Also update the checks that guard against inserting
a new enum entry in the middle of a range.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-03-31 00:08:42 +01:00
James Almer
e37b233ee2 Revert "avformat/mov: ignore item boxes for animated heif"
This reverts commit f6b7b473d4.
The image in the item boxes and the animation in the trak box are not
necessarely the same, so both should be exported.

Signed-off-by: James Almer <jamrial@gmail.com>
2024-03-30 12:25:59 -03:00
James Almer
e54591369f avformat/flac_picture: print a warning when mimetype is unknown
It's not an error since bba6df9ac7.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2024-03-28 18:00:34 -03:00
Dale Curtis
bba6df9ac7
Don't throw an error when attached picture isn't recognized.
The MIME type field is required per the FLAC standard, but it's
not an error just because ffmpeg doesn't recognize it.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-28 18:07:13 +01:00
Andreas Rheinhardt
5d71f97e0e all: Don't use ATOMIC_VAR_INIT
C11 required to use ATOMIC_VAR_INIT to statically initialize
atomic objects with static storage duration. Yet this macro
was unsuitable for initializing structures [1] and was actually
unneeded for all known implementations (this includes our
compatibility fallback implementations which simply wrap the value
in parentheses: #define ATOMIC_VAR_INIT(value) (value)).
Therefore C17 deprecated the macro and C23 actually removed it [2].

Since commit 5ff0eb34d2 we default
to C17 if the compiler supports it; Clang warns about ATOMIC_VAR_INIT
in this mode. Given that no implementation ever needed this macro,
this commit stops using it to avoid this warning.

[1]: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2396.htm#dr_485
[2]: https://en.cppreference.com/w/c/atomic/ATOMIC_VAR_INIT

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-03-28 09:12:48 +01:00
James Almer
189c32f536 avformat/mov: don't abort on duplicate Mastering Display Metadata boxes
The VP9 spec defines a SmDm box for this information, and the ISOBMFF spec defines a
mdvc one. If both are present, just ignore one of them.
This is in line with clli and CoLL boxes.

Fixes ticket #10711.

Signed-off-by: James Almer <jamrial@gmail.com>
2024-03-27 13:51:28 -03:00
Michael Niedermayer
6b213175c9
Bump after 7.0 branch point
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-27 01:04:54 +01:00
Michael Niedermayer
872980ace6
Bump prior release/7.0 branch
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-27 01:04:53 +01:00
Michael Niedermayer
86f73277bf
avformat/westwood_vqa: Fix 2g packets
Fixes: signed integer overflow: 2147483424 * 2 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4576211411795968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-26 23:25:43 +01:00
Michael Niedermayer
e849eb2343
avformat/matroskadec: Check timescale
Fixes: 3.82046e+18 is outside the range of representable values of type 'unsigned int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6381436594421760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-26 23:25:42 +01:00
Michael Niedermayer
61dca9e150
avformat/wavdec: satuarte next_tag_ofs, data_end
Fixes: signed integer overflow: 5053074104798691550 + 5053074104259715104 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6515315309936640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-26 23:25:41 +01:00
Michael Niedermayer
75317ec442
avformat/wavdec: sanity check channels and bps before using them for block_align
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-4704044498944000
Fixes: signed integer overflow: 520464 * 8224 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-26 23:25:40 +01:00
Michael Niedermayer
0bed22d597
avformat/sbgdec: Check for negative duration
Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-26 23:25:40 +01:00
Michael Niedermayer
878625812f
avformat/rpl: Use 64bit for total_audio_size and check it
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4677434693517312
Fixes: signed integer overflow: 5555555555555555556 * 8 cannot be represented in type 'long long'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-26 23:25:39 +01:00
Michael Niedermayer
f01a89c5a3
avformat/mov: use 64bit for intermediate for rounding
Fixes: signed integer overflow: 1768972133 + 968491058 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4802790784303104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-26 23:25:37 +01:00
Michael Niedermayer
746203af31
avformat/jacosubdec: Use 64bit for abs
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5401294942371840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-26 23:25:36 +01:00
Michael Niedermayer
007486058c
avformat/concatdec: Check user_duration sum
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6434245599690752
Fixes: signed integer overflow: 9223372026773000000 + 22337000000 cannot be represented in type 'long'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-26 23:25:35 +01:00
Michael Niedermayer
0a114d7318
avformat/mov: Do not deallocate heif_item in a input dependant way
Fixes: out of array access
Fixes: 67070/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5685384082161664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-03-26 23:19:49 +01:00
Marth64
9df1182065
avformat/dvdvideodec: add explicit inttypes.h include
Since log statements printing int64 were made portable in
4464b7eeb1, let us include
inttypes.h explicitly (as it is unclear where PRId64 and
such are coming from now).

Reported-by: Leo Izen <leo.izen@gmail.com>
Signed-off-by: Marth64 <marth64@proxyid.net>
2024-03-26 11:40:12 -04:00
James Almer
1e7ba76562 avformat/mov: free HEIFItem.name when cleaning items in mov_read_trak
Fixes memleaks.

Signed-off-by: James Almer <jamrial@gmail.com>
2024-03-26 10:43:45 -03:00
Andreas Rheinhardt
4a4dcde339 avformat/internal: Move FF_FMT_INIT_CLEANUP to demux.h
and rename it to FF_INFMT_INIT_CLEANUP. This flag is demuxer-only,
so this is the more appropriate place for it.
This does not preclude adding internal flags common to both
demuxer and muxer in the future.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-03-26 06:36:43 +01:00
Andreas Rheinhardt
27af88fb7f avformat/vqf: Return 0 on success in read_packet
Demuxers are not supposed to return the size of the packet read.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-03-26 06:36:43 +01:00
Andreas Rheinhardt
29aa499fc9 avformat/cdg: Don't store avio_size() return value in int
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-03-26 06:36:43 +01:00