1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-21 10:55:51 +02:00
Commit Graph

98204 Commits

Author SHA1 Message Date
Andreas Rheinhardt
ea1b71e82f avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input
The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit
is so big that it extends beyond the end of the input packet; it does so
only implicitly by using the checked version of the bytestream2 API.
But this has downsides compared to real checks: It can lead to huge
allocations (up to 2GiB) even when the input packet is just a few bytes.
And furthermore it leads to uninitialized data being output.
So add a check to error out early if it happens.

Also check directly whether there is enough data for the length field.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 03:18:11 +02:00
Limin Wang
4b3b217e30 avcodec/h264: create user data unregistered SEI side data for H.264
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-15 07:19:55 +08:00
Limin Wang
567d571b20 avfilter/vf_showinfo: display H.26[45] user data unregistered sei message
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-15 07:19:55 +08:00
Limin Wang
ed6dbbfc16 avcodec/hevc_sei: add support for user data unregistered SEI message
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-15 07:19:55 +08:00
James Almer
318a1a383d avcodec/cbs_av1: abort when written inferred values don't match
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.

Prevents writing invalid bitstreams.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-14 16:42:40 -03:00
James Almer
ef13fafe22 avcodec/cbs_h2645: abort when written inferred values don't match
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.

Prevents writing invalid bitstreams.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-14 16:42:04 -03:00
Michael Niedermayer
0aa2768cb2 avformat/mxfdec: free duplicated utf16 strings
Fixes: memleak
Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744

Suggested-by: Marton Balint <cus@passwd.hu>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 21:22:47 +02:00
Michael Niedermayer
c517c3f474 avformat/4xm: Check that a video stream was created before returning packets for it
Fixes: assertion failure
Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 21:22:47 +02:00
Marton Balint
16d29c1be8 avcodec/libzvbi-teletextdec: fix txt_default_region limits
Max region ID is 87. Also the region affects not only the G0 charset but G2 and
the national subset as well.

Signed-off-by: Marton Balint <cus@passwd.hu>
2020-06-14 20:00:02 +02:00
Michael Niedermayer
584d334afd avcodec/ffwavesynth: Avoid undefined operation on ts overflow
Alternatively these conditions could be treated as errors
Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long')

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
75e2ac4f07 avcodec/mv30: check mode_size vs. input space
Fixes: Timeout (longer than my patience vs 1sec)
Fixes: 22984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5630021988515840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
e361785ee0 avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int'
Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
c579ceffbe avcodec/jpeg2000dec: Fix/check for multiple integer overflows
Fixes: shift exponent 35 is too large for 32-bit type 'int'
Fixes: 22857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5202709358837760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
04ddace9e8 avformat/utils: Print analyze duration and probesize when printing a suggestion to increase them
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
c0dfe134be avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c()
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int'
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
61d9bf514d avcodec/sonic: Fix several integer state overflows
Fixes: signed integer overflow: -234 * -14797801 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5695924975435776
Fixes: 22275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5695924975435776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
75d520e337 avcodec/sonic: Fix several integer overflows
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int'
Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
70277f1232 avformat/oggdec: Disable mid stream codec changes
Fixes: 22082/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5688619118624768
Fixes: crash from V-codecs/Theora/theora_testsuite_broken/multi2.ogg

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: Lynne on IRC
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:34:59 +02:00
Michael Niedermayer
e53235f06c avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile
Fixes: out of array access
Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Michael Niedermayer
bd0f81526d avcodec/pixlet: Fix log(0) check
Fixes: passing zero to clz(), which is not a valid argument
Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Michael Niedermayer
9b5fc789fb avformat/ape: Cleanup after ape_read_header() failure
Fixes: memleaks
Fixes: 23306/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5635436931448832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Michael Niedermayer
51225dee0a avcodec/iff: Fix off by x error
Fixes: out of array access
Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Nelson Gomez
360be03b8a swscale: cosmetic fixes
Signed-off-by: Nelson Gomez <nelson.gomez@microsoft.com>
2020-06-14 16:34:07 +01:00
Nelson Gomez
bc01337db4 swscale/x86/output: add AVX2 version of yuv2nv12cX
256 bits is just wide enough to fit all the operands needed to vectorize
the software implementation, but AVX2 is needed to for a couple of
instructions like cross-lane permutation.

Output is bit-for-bit identical to C.

Signed-off-by: Nelson Gomez <nelson.gomez@microsoft.com>
2020-06-14 16:34:07 +01:00
Nelson Gomez
7c39c3c1a6 swscale: make yuv2interleavedX more asm-friendly
Extracting information from SwsContext in assembly is difficult, and
rearranging SwsContext just for asm access didn't look good. These
functions only need a couple of fields from it anyway, so just make
them parameters in their own right.

Signed-off-by: Nelson Gomez <nelson.gomez@microsoft.com>
2020-06-14 16:34:07 +01:00
Limin Wang
01be03a4a0 avcodec/smvjpegdec: remove uninitialized ret
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-14 21:54:40 +08:00
Limin Wang
9bb46cf100 avcodec/mpegvideo: remove extra space
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-14 21:54:40 +08:00
Limin Wang
67a07dc778 swscale/utils: return better error code from initFilter()
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-14 21:54:40 +08:00
Limin Wang
8efecc9063 swscale/utils: reindent
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-14 21:54:40 +08:00
David Holroyd
ffc1208266 lavf/prompeg: prompeg_write() must report data all was written
Previously, prompeg_write() would only report to caller that bytes we
written when a FEC packet was actually created.  Not all RTP packets are
expected to generate a FEC packet however, so this behavior was causing
avio to retry writing the RTP packet, eventually forcing the FEC state
machine to send a FEC packet erroneously (and so breaking out of the
retry loop).

This was resulting in incorrect FEC data being generated, and far too
many FEC packets to be sent (~100% FEC overhead).

fix #7863

Signed-off-by: David Holroyd <david.holroyd@m2amedia.tv>
2020-06-14 12:27:49 +08:00
Jun Zhao
0a0158e45d lavu/internal: Fix comment for avpriv_dict_set_timestamp
Fix comment for avpriv_dict_set_timestamp from b72a7b96f8

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2020-06-14 12:27:10 +08:00
Jun Zhao
ab9ff762c1 lavc/qsv: fix make checkheaders warning
make checkheaders will get warning as follow:

In file included from libavcodec/qsv_internal.h.c:1:
./libavcodec/qsv_internal.h:24:5: warning: "CONFIG_VAAPI" is not defined, evaluates to 0 [-Wundef]
   24 | #if CONFIG_VAAPI
      |     ^~~~~~~~~~~~

include "config.h" to fix the warning

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2020-06-14 12:26:51 +08:00
Paul B Mahol
416dc133b9 avformat/sccdec: move pos variables outside of loop
Ensures that sub->pos is always correct.
2020-06-13 12:26:00 +02:00
Paul B Mahol
0c2623d3aa avcodec/ccaption_dec: switch active screen in end of caption early
Fixes dropping of last caption.
2020-06-13 12:02:44 +02:00
Paul B Mahol
847d0b99de avcodec/ccaption_dec: remove unused arguments from function 2020-06-13 12:02:44 +02:00
Paul B Mahol
6995ea3506 avcodec/ccaption_dec: check for error codes 2020-06-13 12:02:44 +02:00
Limin Wang
2658680df4 avutil/internal: remove FF_ALLOCx{_ARRAY}_OR_GOTO macros
These functions have a terrible design, let us fix them before extending
them.
First design mistake: no error code. A helper function for testing
memory allocation failure where AVERROR(ENOMEM) does not appear is
absurd.

Second design mistake: printing a message. Return the error code, let
the caller print the error message.

Third design mistake: hard-coded use of goto.

http://ffmpeg.org/pipermail/ffmpeg-devel/2020-May/262544.html

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
a408d03ee6 swscale/utils: remove FF_ALLOC_ARRAY_OR_GOTO macros
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
bdbe3f06a2 avcodec/alac: remove FF_ALLOC_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
67de2d6a8c avcodec/mpegvideo_enc: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos lable
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
70ad0b27c1 avcodec/mpegpicture: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
734e6a81b6 avcodec/mpegvideo: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
d3b2961200 avcodec/mpegvideo: simplify check for av_frame_alloc
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
44863b2c2d avcodec/iirfilter: remove FF_ALLOCZ_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
ebf2a8abdf avcodec/aacenc: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
e6628ac8ff avcodec/ac3enc_template: remove FF_ALLOC_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
861b20aa95 avcodec/ac3enc: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
d5d00cb516 avcodec/snow: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
479c89aa2e avcodec/dnxhdenc: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
afaaf27fc4 avcodec/twinvq: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00