1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-19 05:49:09 +02:00

276 Commits

Author SHA1 Message Date
Jiasheng Jiang
c513bd4803
avformat/nutdec: Add check for avformat_new_stream
Check for failure of avformat_new_stream() and propagate
the error code.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9cf652cef49d74afe3d454f27d49eb1a1394951e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-04-07 23:40:47 +02:00
Michael Niedermayer
7a42dcf088
avformat/nutdec: Check fields
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c146406eac06f3d3cd3d981c29e7affd834cb4d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-25 13:52:01 +02:00
Michael Niedermayer
46f74da439
avformat/nutdec: Check get_packetheader() in mainheader
Fixes; Timeout
Fixes: 48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5de084aa63b79586bc445e6a7fea837688b3941)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-09-25 13:51:48 +02:00
Michael Niedermayer
acfce11c48 avformat/nutdec: Check tmp_size
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6739990530883584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1ca00b5e44f21840b608e238fa135a1aab6e576b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-09-08 21:31:50 +02:00
James Almer
0be265e9a1 Revert "lavf: move AVStream.*index_entries* to AVStreamInternal"
This reverts commit cea7c19cda0ea1630ae1de8c102ab14231b9db10.

Until an API is added to make index_entries public in a proper way, keeping
this here is harmless.
2021-03-23 14:09:27 -03:00
Andreas Rheinhardt
e318438f2f avformat: Make AVChapter.id an int64_t on next major bump
64 bits are needed in order to retain the uid values of Matroska
chapters; the type is kept signed because the semantics of NUT chapters
depend upon whether the id is > 0 or < 0.

Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-19 02:36:58 +01:00
Michael Niedermayer
c425198558 avformat/nutdec: Check timebase count against main header length
Fixes: Timeout (long -> 3ms)
Fixes: 28514/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6078669009321984
Fixes: 30095/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-5074433016463360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-14 19:55:02 +01:00
Michael Niedermayer
0014249fd9 avformat/nutdec: Fix integer overflow in count computation
Note, the value is checked a few lines later already

Fixes: signed integer overflow: -440402016 - 1879048064 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6603876618469376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-26 18:37:12 +01:00
Anton Khirnov
cea7c19cda lavf: move AVStream.*index_entries* to AVStreamInternal
Those are private fields, no reason to have them exposed in a public
header. Since there are some (semi-)public fields located after these,
even though this section is supposed to be private, keep some dummy
padding there until the next major bump to preserve ABI compatibility.
2020-10-28 14:59:28 +01:00
Andreas Rheinhardt
c1e439d7e9 avformat: Forward errors where possible
It is not uncommon to find code where the caller thinks to know better
what the return value should be than the callee. E.g. something like
"if (av_new_packet(pkt, size) < 0) return AVERROR(ENOMEM);". This commit
changes several instances of this to instead forward the actual error.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-12 19:25:33 +01:00
Jun Zhao
12e6057fb0 lavf/nutdec: add logging context to log
Add logging context to log, it's will help debuging.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-09-30 10:06:21 +08:00
Carl Eugen Hoyos
4d8875ec23 lavf: Constify the probe function argument.
Reviewed-by: Lauri Kasanen
Reviewed-by: Tomas Härdin
2019-03-21 11:42:17 +01:00
Paul B Mahol
6bfc935232 avformat/nutdec: fix pts overflow
Probably fixes #6913.
2018-12-14 21:53:41 +01:00
Paul B Mahol
f2179afb01 avformat/nutdec: fix obvious typo
Fixes #6742.
2018-12-14 10:45:32 +01:00
Carl Eugen Hoyos
20da413502 lavf/nutdec: Fix an impossible condition, regression since e0c53c34.
Fixes ticket #6362.
2017-05-02 08:43:12 +02:00
Clément Bœsch
bb9fdd9f61 Merge commit '07eea5a5ded1141632aefecfa59dcdc26de2d7ea'
* commit '07eea5a5ded1141632aefecfa59dcdc26de2d7ea':
  nut: Drop pointless TRACE level debug code

Merged-by: Clément Bœsch <u@pkh.me>
2017-03-24 13:21:04 +01:00
James Almer
4de591e6fb Merge commit '83548fe894cdb455cc127f754d09905b6d23c173'
* commit '83548fe894cdb455cc127f754d09905b6d23c173':
  lavf: fix usage of AVIOContext.seekable

Merged-by: James Almer <jamrial@gmail.com>
2017-03-21 17:02:30 -03:00
Diego Biurrun
07eea5a5de nut: Drop pointless TRACE level debug code
The code has little usefulness and uses the __PRETTY_FUNCTION__ GNU extension.
2016-10-27 12:54:07 +02:00
Anton Khirnov
83548fe894 lavf: fix usage of AVIOContext.seekable
It is supposed to be a flag. The only currently defined value is
AVIO_SEEKABLE_NORMAL, but other ones may be added in the future.
However all the current lavf code treats this field as a bool (mainly
for historical reasons).
Change all those cases to properly check for AVIO_SEEKABLE_NORMAL.
2016-09-30 16:54:33 +02:00
Paul B Mahol
323b8c95e4 avformat: add AVFormatContext to ff_get_extradata()
Needed for av_log() inside that function.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-14 18:21:08 +02:00
Derek Buitenhuis
6f69f7a8bf Merge commit '9200514ad8717c63f82101dc394f4378854325bf'
* commit '9200514ad8717c63f82101dc394f4378854325bf':
  lavf: replace AVStream.codec with AVStream.codecpar

This has been a HUGE effort from:
    - Derek Buitenhuis <derek.buitenhuis@gmail.com>
    - Hendrik Leppkes <h.leppkes@gmail.com>
    - wm4 <nfxjfg@googlemail.com>
    - Clément Bœsch <clement@stupeflix.com>
    - James Almer <jamrial@gmail.com>
    - Michael Niedermayer <michael@niedermayer.cc>
    - Rostislav Pehlivanov <atomnuker@gmail.com>

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-10 20:59:55 +01:00
Anton Khirnov
9200514ad8 lavf: replace AVStream.codec with AVStream.codecpar
Currently, AVStream contains an embedded AVCodecContext instance, which
is used by demuxers to export stream parameters to the caller and by
muxers to receive stream parameters from the caller. It is also used
internally as the codec context that is passed to parsers.

In addition, it is also widely used by the callers as the decoding (when
demuxer) or encoding (when muxing) context, though this has been
officially discouraged since Libav 11.

There are multiple important problems with this approach:
    - the fields in AVCodecContext are in general one of
        * stream parameters
        * codec options
        * codec state
      However, it's not clear which ones are which. It is consequently
      unclear which fields are a demuxer allowed to set or a muxer allowed to
      read. This leads to erratic behaviour depending on whether decoding or
      encoding is being performed or not (and whether it uses the AVStream
      embedded codec context).
    - various synchronization issues arising from the fact that the same
      context is used by several different APIs (muxers/demuxers,
      parsers, bitstream filters and encoders/decoders) simultaneously, with
      there being no clear rules for who can modify what and the different
      processes being typically delayed with respect to each other.
    - avformat_find_stream_info() making it necessary to support opening
      and closing a single codec context multiple times, thus
      complicating the semantics of freeing various allocated objects in the
      codec context.

Those problems are resolved by replacing the AVStream embedded codec
context with a newly added AVCodecParameters instance, which stores only
the stream parameters exported by the demuxers or read by the muxers.
2016-02-23 17:01:58 +01:00
Andreas Cadhalpun
9cdddb93bb nutdec: only copy the header if it exists
Fixes runtime error: null pointer passed as argument 2, which is
declared to never be null

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2016-01-13 09:44:44 +01:00
Andreas Cadhalpun
ce10f572c1 nutdec: reject negative value_len in read_sm_data
If it is negative, it can cause the byte position to move backwards in
avio_skip, which in turn makes sm_size negative and thus size larger
than the size of the packet buffer, causing invalid writes in avio_read.

Also fix potential overflow of avio_tell(bc) + value_len.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-12-19 17:57:56 +01:00
Andreas Cadhalpun
9f82506c79 nutdec: only copy the header if it exists
Fixes ubsan runtime error: null pointer passed as argument 2, which is
declared to never be null

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-12-19 12:30:59 +01:00
Hendrik Leppkes
2ee89553aa Merge commit '0e2395293bff089536b97131b32fea8b58bca0ba'
* commit '0e2395293bff089536b97131b32fea8b58bca0ba':
  nut: Mark non-fatal errors as warnings

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
2015-11-29 16:17:36 +01:00
Hendrik Leppkes
2e4d10ae55 Merge commit '62f72b40c0b0d2cd6a2b81977287fa01d9f4ca6d'
* commit '62f72b40c0b0d2cd6a2b81977287fa01d9f4ca6d':
  nut: Provide more information on failure

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
2015-11-29 16:16:15 +01:00
Luca Barbato
0e2395293b nut: Mark non-fatal errors as warnings
And make one more informative.
2015-11-25 09:01:25 +01:00
Luca Barbato
62f72b40c0 nut: Provide more information on failure 2015-11-25 09:01:25 +01:00
Hendrik Leppkes
c2f861ca42 Replace remaining occurances of av_free_packet with av_packet_unref 2015-10-27 14:35:30 +01:00
Ganesh Ajjanagadde
7c8fcbbde3 avutil/tree: add additional const qualifier to the comparator
libc's qsort comparator has a const qualifier on both arguments. This
adds a missing const qualifier to exactly match the comparator API.

Existing usages of av_tree_find, av_tree_insert are appropriately
modified: type signature changes of the comparators, and removal of
unnecessary void * casts of function pointers.

Reviewed-by: Henrik Gramner <henrik@gramner.com>
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-10-24 20:38:07 -04:00
Vittorio Giovara
059a934806 lavc: Consistently prefix input buffer defines
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:59 +01:00
Michael Niedermayer
60ec3007e6 avformat/nutdec: Check ff_gen_search() for failure
Fixes assertion failure

Found-by: durandal_1707
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-07-01 14:28:41 +02:00
Andreas Cadhalpun
6b9fdf7f4f nutdec: check maxpos in read_sm_data before returning success
Otherwise sm_size can be larger than size, which results in a negative
packet size.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-06-27 19:22:27 +02:00
Andreas Cadhalpun
ed4932a694 nutdec: fix various memleaks on failure
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-05-23 17:42:35 +02:00
Andreas Cadhalpun
0b79a389ba nutdec: always check the get_str return value
If it fails, the buffers can be (partially) uninitialized.

This fixes 'Conditional jump or move depends on uninitialised value(s)'
valgrind warnings.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-05-23 10:36:44 +02:00
Michael Niedermayer
ebb0ca3d70 avformat/nutdec: Check X in 2nd branch of index reading
Prevents read of uninitialized variable

Based on patch by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-23 00:23:05 +02:00
Andreas Cadhalpun
bb23a15df5 nutdec: abort if EOF is reached in decode_info_header/read_sm_data
These loops can take a lot of time if count is very large.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-05-20 20:43:54 +02:00
Andreas Cadhalpun
fa7dec8cb0 nutdec: stop skipping bytes at EOF
This can unnecessarily waste a lot of time.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-05-20 19:07:26 +02:00
Andreas Cadhalpun
37e679881d nutdec: fix infinite resync loops
nut->last_syncpoint_pos doesn't necessarily change between resync
attempts, so find_any_startcode can return the same startcode again.

Thus remember where the last resync happened and don't try to resync
before that.

This can't be done locally in nut_read_packet, because this wouldn't
prevent infinite resync loops, where after the resync a packet is
returned and while reading a following packet the resync happens again.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-05-20 19:07:26 +02:00
Michael Niedermayer
b3496b4a33 avformat/nutdec: Fix recovery when immedeately after seeking a failure happens
Found-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-20 17:48:28 +02:00
Michael Niedermayer
6bbb2f8f4d avformat/nutdec: Return error on EOF from get_str()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-20 17:20:58 +02:00
Michael Niedermayer
88f29406b7 avformat/nutdec: Remove unused variable
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-14 02:23:08 +02:00
Timothy Gu
eaeb632198 nutdec: Remove unused label
Added in 361702660d2c37a63b7d6381d39e1e1de8405260. Modified version that
doesn't use this label merged in 55231323b0fdc84a529418d673148cf1f3157229,
thus obsoleting this label.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-14 02:08:12 +02:00
Michael Niedermayer
56abf35151 avformat/nutdec: Fix use of uinitialized value
Fixes CID1041175

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-12 18:20:23 +02:00
Michael Niedermayer
55231323b0 Merge commit '254f3daba4271c1918d9a7ad155b1442ef93ed29'
* commit '254f3daba4271c1918d9a7ad155b1442ef93ed29':
  nut: Make sure to clean up on read_header failure

Conflicts:
	libavformat/nutdec.c

See: 361702660d2c37a63b7d6381d39e1e1de8405260
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-10 22:31:39 +02:00
Michael Niedermayer
8b0ceb96da Merge commit 'b34257eefd98cb768ea2f53a390b8684d51e689a'
* commit 'b34257eefd98cb768ea2f53a390b8684d51e689a':
  nut: Check chapter creation in decode_info_header

Conflicts:
	libavformat/nutdec.c

See: 3ff1af2b0db7132d5717be6395227a94c8abab07
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-10 22:09:48 +02:00
Luca Barbato
254f3daba4 nut: Make sure to clean up on read_header failure
Based on Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> work.

CC: libav-stable@libav.org
2015-05-09 15:55:50 +02:00
Andreas Cadhalpun
b34257eefd nut: Check chapter creation in decode_info_header
This fixes a segmentation fault when accessing the metadata.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

CC: libav-stable@libav.org
2015-05-08 11:10:51 +02:00
Andreas Cadhalpun
7c24ca1bda nutdec: fix illegal count check in decode_main_header
The existing check has two problems:
 1) i + count can overflow, so that the check '< 256' returns true.
 2) In the (i == 'N') case occurs a j-- so that the loop runs once more.

This can trigger the assertion 'nut->header_len[0] == 0' or cause
segmentation faults or infinite hangs.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-04-28 22:56:14 +02:00