1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Commit Graph

101832 Commits

Author SHA1 Message Date
Andreas Rheinhardt
f0042e573e avcodec/msmpeg4enc: Don't use code for static init that can fail
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-02 16:01:10 +02:00
Andreas Rheinhardt
afa511ad34 avformat/dss: Don't prematurely modify context variable
The DSS demuxer currently decrements a counter that should be positive
at the beginning of read_packet; should it become negative, it means
that the data to be read can't be read contiguosly, but has to be read
in two parts. In this case the counter is incremented again after the
first read if said read succeeded; if not, the counter stays negative.

This can lead to problems in further read_packet calls; in tickets #9020
and #9023 it led to segfaults if one tries to seek lateron if the seek
failed and generic seek tried to read from the beginning. But it could
also happen when av_new_packet() failed and the user attempted to read
again afterwards.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-02 15:36:32 +02:00
Andreas Rheinhardt
543e4a1942 avformat/utils: Check allocations for failure
There would be leaks in case of failure.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-02 15:27:42 +02:00
Andreas Rheinhardt
18bb323da4 avcodec/ac3enc: Simplify AC-3 bit counting
When encoding E-AC-3, whether coupling is on or not determines whether
an additional frame based coupling exponent strategy element frmcplexpstr
(of size five bits) is present in the bitstream. So just add five to the
number of bits when counting them instead of adding 5*s->cpl_on (the
latter field is currently only 0 or 1, so it doesn't make a difference).

Furthermore, move some parts of the bit allocation that doesn't change
per-frame to count_frame_bits_fixed() (which is only run once during
init).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-02 12:19:07 +02:00
Andreas Rheinhardt
eca36784b8 avcodec/[e]ac3enc: Fix indentation
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-02 12:19:07 +02:00
Andreas Rheinhardt
5d4234b3ea avcodec/ac3enc: Avoid needlessly copying encoded packets around
AC-3 and EAC-3 are codecs whose packet sizes are known in advance,
so one can use the min_size parameter of ff_alloc_packet2() to
allocate exactly this amount. This avoids a memcpy later in
av_packet_make_refcounted() in encode_simple_internal().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-02 12:06:56 +02:00
Andreas Rheinhardt
968c158abd avcodec/ac3enc: Use actual size of buffer in init_put_bits()
Since the very beginning (since de6d9b6404)
the AC-3 encoder used AC3_MAX_CODED_FRAME_SIZE (namely 3840) for the
size of the output buffer (without any check at all).
This causes problems when encoding EAC-3 for which the maximum is too small,
smaller than the actual size of the buffer: One can run into asserts used
by the PutBits API. Ticket #8513 is about such a case and this commit
fixes it by using the real size of the buffer.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-02 12:06:56 +02:00
Gyan Doshi
3d97a0061c doc/muxers: add entry for A64 muxer 2021-04-02 15:21:32 +05:30
Gyan Doshi
a3f695d54b doc/encoders: add entry for a64 encoders 2021-04-02 15:20:14 +05:30
Zane van Iperen
aa1cfe05a5
avcodec/adpcmenc: don't share a single AVClass between multiple AVCodecs.
Temporary fix until AVClass::child_class_next is gone.

Reviewed-By: James Almer <jamrial@gmail.com>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-04-02 09:00:32 +10:00
Alan Kelly
3ce8d09244 libswscale/x86/yuv2yuvX: Removes unrolling for mmx and mmxext
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 20:47:52 +02:00
Alan Kelly
dc57762cb4 libswscale/x86/swscale: Only call ff_yuv2yuvX functions if the input size is > 0
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 20:47:52 +02:00
Alan Kelly
e1484bc455 tests/checkasm/sw_scale: adds additional tests sizes for yux2yuvX
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 20:47:52 +02:00
Andreas Rheinhardt
ec4c04aa7b avformat/asf: Use ff_add_attached_pic() to read attached pics
Also removes a stack packet.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-01 18:23:13 +02:00
Andreas Rheinhardt
7aee4762d3 avformat/utils: Free new streams in ff_add_attached_pic on error
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-01 18:23:13 +02:00
Andreas Rheinhardt
39ecb63d0f avformat: Add and use helper function to add attachment streams
All instances of adding attached pictures to a stream or adding
a stream and an attached packet to said stream have several things
in common like setting the index and flags of the packet, setting
the stream disposition etc. This commit therefore factors this out.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-01 18:23:13 +02:00
Andreas Rheinhardt
b7b73e83e3 avcodec/flashsv2enc: Fix undefined NULL + 0
Affected the vsynth*-flashsv2 FATE-tests.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:52:43 +02:00
Andreas Rheinhardt
b7565b65b8 avutil/pixdesc: Fix 1 << 32
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:52:18 +02:00
Andreas Rheinhardt
3ef65fd4d1 avcodec/motion_est: Fix invalid left shift of negative numbers
Affected many FATE-tests.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:50:25 +02:00
Andreas Rheinhardt
3c151e7999 avfilter/vf_codecview: Fix undefined left shifts of negative numbers
Affected the filter-codecview-mvs FATE-test.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:49:41 +02:00
Andreas Rheinhardt
a86f3e983e avcodec/g2meet: Fix undefined NULL + 0
Affected the g2m4 FATE-test.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:48:01 +02:00
Andreas Rheinhardt
bbf8431b1b avutil/base64: Fix undefined NULL + 0
Affected the base64 FATE test.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:47:00 +02:00
Andreas Rheinhardt
566bf56791 avcodec/vmdvideo: Fix NULL + 0
Affected the FATE tests filter-gradfun-sample and sierra-vmd-video.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:45:54 +02:00
Andreas Rheinhardt
8429661db8 avcodec/mss12: Don't apply non-zero offset to null pointer
Affected the FATE tests mss2-wmv and mss1-pal.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:44:40 +02:00
Andreas Rheinhardt
dd9cbd1cc3 avcodec/lcldec: Fix undefined NULL + 0
Affected the FATE tests vsynth*-zlib, mszh and zlib.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:41:31 +02:00
Andreas Rheinhardt
911fe69c5f avcodec/qtrleenc: Fix negative linesizes, don't use NULL + offset
Before commit f1e17eb446, the qtrle
encoder had undefined pointer arithmetic: Outside of a loop, two
pointers were set to point to the ith element (with index i-1) of
a line of a frame. At the end of each loop iteration, these pointers
were decremented, so that they pointed to the -1th element of the line
after the loop. Furthermore, one of these pointers can be NULL (in which
case all pointer arithmetic is automatically undefined behaviour).

Commit f1e17eb44 added a check in order to ensure that the elements
never point to the -1th element of the array: The pointers are only
decremented if they are bigger than the frame's base pointer
(i.e. AVFrame.data[0]). Yet this check does not work at all in case of
negative linesizes; furthermore in case the pointer that can be NULL is
NULL initializing it still involves undefined pointer arithmetic.

This commit fixes both of these issues: First, non-NULL pointers are
initialized to point to the element after the ith element and
decrementing is moved to the beginning of the loop. Second, if a pointer
is NULL, it is just made to point to the other pointer, as this allows
to avoid checks before decrementing it.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:41:20 +02:00
Andreas Rheinhardt
d5fc16a6a8 avcodec/qtrleenc: Use keyframe when no previous frame is available
If keeping a reference to an earlier frame failed, the next frame must
be an I frame for lack of reference frame. This commit implements this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:15:52 +02:00
Andreas Rheinhardt
64977ed7ae libswresample/audioconvert: Fix undefined NULL + 0
Affected 26 FATE tests like swr-resample_async-s16p-44100-8000.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:15:20 +02:00
Andreas Rheinhardt
f83976344e avcodec/proresdec2: Don't apply non-zero offset to null pointer
Affected ProRes without alpha; affected 32 FATE tests, e.g. prores-422,
prores-422_proxy, prores-422_lt or matroska-prores-header-insertion-bz2.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:13:50 +02:00
Andreas Rheinhardt
4863671d88 avcodec/mpegvideo_enc: Don't apply non-zero offset to null pointer
Affected many FATE tests (mostly vsynth ones).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:06:33 +02:00
Andreas Rheinhardt
9eadd616b7 avfilter/af_hdcd: Fix undefined shifts
Affected the filter-hdcd-* FATE tests.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:06:02 +02:00
Andreas Rheinhardt
659a925939 avcodec/dcaenc: Fix undefined left shift of negative numbers
Affected the acodec-dca and acodec-dca2 FATE tests.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-04-01 14:01:47 +02:00
Andreas Rheinhardt
0c7d02844c tests/matroska: Add test for remuxing annex B H.264 into Matroska
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-04-01 10:45:28 +02:00
Michael Niedermayer
79ac8d5546 avcodec/pnm_parser: Check image size addition for overflow
Fixes: assertion failure
Fixes: out of array access
Fixes: 32664/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6533642202513408.fuzz
Fixes: 32669/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6001928875147264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 10:10:21 +02:00
Michael Niedermayer
c01cd2a8b2 avcodec/lscrdec: Check length in decode_idat()
Fixes: out of array access
Fixes: 32264/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LSCR_fuzzer-6684504010915840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 10:10:21 +02:00
Michael Niedermayer
6055b93379 tools/target_dem_fuzzer: Fix packet leak
Fixes: 32121/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-4512973109460992

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 10:10:21 +02:00
Michael Niedermayer
f7a5150447 avformat/imx: Check palette chunk size
Fixes: out of array write
Fixes: 32116/clusterfuzz-testcase-minimized-ffmpeg_dem_SIMBIOSIS_IMX_fuzzer-6702533894602752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 10:10:21 +02:00
Michael Niedermayer
497ea04dbd avcodec/h265_metadata_bsf: Check nb_units before accessing the first in h265_metadata_update_fragment()
Fixes: null pointer dereference
Fixes: 32113/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-4803262287052800

Same as 0c48c332ee

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 10:10:21 +02:00
Michael Niedermayer
cf2fd9204b avformat/rmdec: use larger intermediate type for audio_framesize * sub_packet_h check
Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
Fixes: 31406/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5024692843970560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 10:10:21 +02:00
Michael Niedermayer
9e8475c7c7 avcodec/exr: Check oe in huf_decode() before use
Fixes: out of array access
Fixes: 31386/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5773234709594112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 10:10:21 +02:00
Martin Storsjö
b484e140ef tls_gnutls: Print the underlying IO error message and pass the error code through
Signed-off-by: Martin Storsjö <martin@martin.st>
2021-04-01 09:05:10 +03:00
Martin Storsjö
84ad471fce tls_openssl: Improve quality of printed error messages, pass IO error codes through
Print every error in the stack, if more than one, and don't print
bogus errors if there's none logged within OpenSSL.

Retain the underlying IO error code, print an error message out of
it, and pass the error code on to the caller.

Signed-off-by: Martin Storsjö <martin@martin.st>
2021-04-01 09:05:10 +03:00
Gyan Doshi
eac77f7cf0 rtpenc_mpegts: add AVClass to the muxer context 2021-04-01 09:34:58 +05:30
Michael Niedermayer
ceae92cb29 avcodec/h264_slice: Check input SPS in ff_h264_update_thread_context()
Fixes: crash
Fixes: check_pkt.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-31 23:09:35 +02:00
Michael Niedermayer
76cea1d2ce avcodec/mpegpicture: Keep ff_mpeg_framesize_alloc() failure state consistent
Fixes: null pointer dereference
Fixes: ff_put_pixels16_sse2.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Regression-since: 4b2863ff01
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-31 23:09:35 +02:00
Michael Niedermayer
6cc65d3d67 avformat/mpc8: check for size overflow in mpc8_get_chunk_header()
Fixes: signed integer overflow: -9223372036854775760 - 50 cannot be represented in type 'long'
Fixes: 31673/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-580134751869337

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-31 23:09:35 +02:00
Michael Niedermayer
c1fe1114bc avformat/mov: Do not zero memory that is written too or unused
Fixes: OOM
Fixes: 31220/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6033383962574848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-31 23:09:35 +02:00
Michael Niedermayer
87d87e6587 avcodec/mpegvideo: Update chroma_?_shift in ff_mpv_common_frame_size_change()
Fixes: out of array access
Fixes: 31201/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4627865612189696.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-31 23:09:35 +02:00
Michael Niedermayer
2611d20d35 avformat/mov: Ignore multiple STSC / STCO
Fixes: STSC / STCO inconsistency and assertion failure
Fixes: crbug1184666.mp4

Found-by: Chromium ASAN fuzzer
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-31 23:09:35 +02:00
Michael Niedermayer
b37ff29e0e avformat/utils: Extend overflow check in dts wrap in compute_pkt_fields()
Fixes: signed integer overflow: -9223372032574480351 - 4294967296 cannot be represented in type 'long long'
Fixes: 30022/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5568610275819520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-31 23:09:35 +02:00