1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00
Commit Graph

101873 Commits

Author SHA1 Message Date
Alok Priyadarshi
62f486e793 avformat/rtpdec: Fix prft wallclock time.
Timestamp difference is available in media timebase (1/90K) where as
rtcp time is in the default microseconds timebase. This patch fixes
the calculated prft wallclock time by rescaling the timestamp delta
to the microseconds timebase.

Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-30 11:59:15 -03:00
Andreas Rheinhardt
e7cbbd9026 avcodec/put_bits: Don't set size_in_bits, fix overflow
A PutBitContext has a field called size_in_bits which is set to the
context's bitsize init_put_bits(); but it isn't used at all (the PutBits
API uses pointers directly and not bit indexes), so remove it (due to
ABI concerns the actual element is only removed at the next bump).

Furthermore, the multiplication inherent in setting this field can lead
to undefined integer overflows. This is particularly true for FFV1,
which uses a very big worst-case buffer (37*4*width*height; even
ordinary 1080p triggers an overflow). Ticket #8350 is about this
overflow which this commit fixes.

This means that the effective range of the PutBits API is no longer
restricted by the /8 as long as one isn't using put_bits_(count|left).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-30 12:36:32 +02:00
Andreas Rheinhardt
c81b8e04aa Avoid intermediate bitcount for number of bytes in PutBitContext
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-30 12:36:32 +02:00
Andreas Rheinhardt
73fb1b8a9b avcodec/dvenc: Avoid using PutBitContext fields directly
Also avoid using bitcounts in case one is actually byte-aligned.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-30 12:36:32 +02:00
Andreas Rheinhardt
f9d1528fc9 avcodec/proresenc_kostya: Factor flushing PutBitContext out
The function to write an ordinary (luma or chroma) plane as well as
the function for writing an alpha plane have some similarities:
They record the initial bitposition (despite said position always being
byte-aligned), flush the PutBitContext themselves and return the amount
of bytes they wrote.

This commit factors this out; it also replaces bitpositions by
bytepositions and it avoids recording the initial byteposition because
said information is already available from the position at the end of
the last plane.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-30 12:36:32 +02:00
Andreas Rheinhardt
df1c30f139 avcodec/utvideoenc: Don't use bitcounts when byte-aligned
Despite write_huff_codes() receiving an ordinary buffer (not a
PutBitContext), it returned the amount of data written in bits,
not in bytes. This has been changed: There is now no intermediate
bitcount any more.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-30 12:36:32 +02:00
Andreas Rheinhardt
67f6e7ed6d avcodec: Remove cumbersome way of checking for amount of bytes left
Several encoders used code like the following to check for the amount of
bytes left in a PutBitContext:
pb->buf_end - pb->buf - (put_bits_count(pb) >> 3)
Besides the fact that using the pointers directly might pose
a maintainence burden in the future this also leads to suboptimal code:
The above code reads all three pointers (buf, buf_ptr and buf_end), but
touching buf is unnecessary and switching to put_bytes_left()
automatically fixes this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-30 12:36:32 +02:00
Andreas Rheinhardt
11ff9cb5e9 avcodec/put_bits: Add functions for amount of bytes written/left
Often a caller doesn't want the amount of bits written via a
PutBitContext, but the amount of bytes. This in particular happens
after one has flushed the PutBitContext (e.g. at the end of encoding,
when one wants to know the actual packet size). The current way of doing
this is with put_bits_count(pb)/8 (or (put_bits_count(pb) + 7)/8).

Yet this has some issues: It contains implicit multiplications and
divisions by 8 with a cast in between; it obscurs the intent; and
it restricts the size of the buffer to (currently) INT_MAX/8 (or
to 1/8 of the maximum of whatever put_bits_count() returns), although
said restriction is not really necessary for users that don't need
a bitcount.

Corresponding functions for the amount of bytes left have also been
addded.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-30 12:36:32 +02:00
Andreas Rheinhardt
e48f18e2d5 avcodec/vorbisenc, wmavoice: Use put_bits_left() where appropriate
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-30 12:36:32 +02:00
Andreas Rheinhardt
ddd0f5dbe9 avcodec/dvenc: Remove dead error message
The PutBits API checks the available space before every write,
so this check for overread is dead.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-30 12:36:31 +02:00
Andreas Rheinhardt
3183eda0fa avcodec/mlpenc: Avoid redundant temporary PutBitContext
We are already word-aligned here, so one can just as well flush the main
PutBitContext.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-30 12:36:31 +02:00
Andreas Rheinhardt
0ab70230f2 avcodec/sonic: Remove outdated outcommented line
Compilation would fail if it were outcommented as it refers to a
nonexistent PutBitContext.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-30 12:36:31 +02:00
Andreas Rheinhardt
e4ccd348c1 avcodec/vorbisenc: Remove always-false check
The PutBitContext is big enough: It has just been initialized to 8192B.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-30 12:36:31 +02:00
Michael Niedermayer
7fc8ba9068 avcodec/setts_bsf: Check timebase
Fixes: Division by 0
Fixes: 30952/clusterfuzz-testcase-minimized-ffmpeg_BSF_SETTS_fuzzer-6601016202100736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-29 22:19:39 +02:00
Michael Niedermayer
1f74661543 avformat/wtvdec: Check size in SBE2_STREAM_DESC_EVENT / stream2_guid
Fixes: signed integer overflow: 539033600 - -1910497124 cannot be represented in type 'int'
Fixes: 30928/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5922630966312960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-29 22:19:39 +02:00
Michael Niedermayer
6dc6e1cce0 avformat/utils: Fix integer overflow with duration_gcd in ff_rfps_calculate()
Fixes: signed integer overflow: 136323327 * 281474976710656 cannot be represented in type 'long'
Fixes: 30913/clusterfuzz-testcase-minimized-ffmpeg_dem_IVF_fuzzer-5753392189931520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-29 22:19:39 +02:00
Michael Niedermayer
7b4510d2a8 avcodec/dvbsubdec: Support computing clut only once
This avoids crafted files from consuming excessive resources recomputing the clut after each pixel change

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-29 22:19:39 +02:00
Michael Niedermayer
46c4f39307 tools/target_dec_fuzzer: Adjust threshold for H264
Fixes: Timeout (too long -> 3sec)
Fixes: 28047/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-4662727980875776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-29 22:19:39 +02:00
Michael Niedermayer
301f378768 tools/target_dec_fuzzer: Compute CLUT for DVBSUB only once
Fixes: Timeout
Fixes: 30845/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5744263725973504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-29 22:19:39 +02:00
Michael Niedermayer
ea12590c8e avformat/cafdec: Do not build an index if all packets are the same
Fixes: Timeout
Fixes: 28214/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6495999421579264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-29 22:19:39 +02:00
Andreas Rheinhardt
558426b847 avformat/sierravmd: Make struct smaller by reordering
Also remove keyframe from vmd_frame, it is unused.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-28 19:09:29 +02:00
Andreas Rheinhardt
440a401d89 avformat/sierravmd: Remove outdated check
The check has been added at a time when the code performed the
multiplication itself instead of deferring it to av_malloc_array()
and when our allocation functions used unsigned instead of size_t.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-28 19:09:29 +02:00
Andreas Rheinhardt
117a41b7e3 avformat/segafilm: Remove outdated check
The check has been added at a time when the code performed the
multiplication itself instead of deferring it to av_malloc_array()
and when our allocation functions used unsigned instead of size_t.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-28 19:09:29 +02:00
Andreas Rheinhardt
63fcf3da01 avformat/utils: Remove redundant check
This check is outdated because the caller doesn't need to check that
the multiplication overflows when using av_realloc_array() (the code
in question used av_realloc() before that); furthermore, the check
is also a remnant of the time in which our allocation functions
didn't use size_t parameters.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-28 19:09:29 +02:00
Andreas Rheinhardt
797c2ecc8f avfilter/vf_paletteuse: Fix left shift outside of range of int
by keeping the variable uint32_t which in this situation is the natural
type anyway. This affected the FATE-test filter-paletteuse-sierra2_4a.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-28 18:47:15 +02:00
Andreas Rheinhardt
55b46902c1 avfilter/asrc_sine: Fix invalid left shift of negative number
by using a multiplication instead. The multiplication can never overflow
an int because the sin-factor is only an int16_t.

Affected the FATE-tests filter-concat and filter-concat-vfr.

Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-28 18:45:20 +02:00
Andreas Rheinhardt
a42c47b77f avformat/webmdashenc: Don't pass NULL to memcmp
Affects the FATE-tests webm-dash-manifest-unaligned-video-streams,
webm-dash-manifest and webm-dash-manifest-representations.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-28 17:50:17 +02:00
Michael Niedermayer
e44214a824 avformat/vividas: Use equals check with n in read_sb_block()
Fixes: OOM
Fixes: 27780/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5097985075314688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-28 14:20:00 +02:00
Michael Niedermayer
075d793ba8 avcodec/sonic: Use unsigned temporary in predictor_calc_error()
Fixes: signed integer overflow: -2147471366 - 18638 cannot be represented in type 'int'
Fixes: 30157/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5171199746506752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-28 14:20:00 +02:00
Michael Niedermayer
2c477be08a avformat/jacosubdec: Use 64bit intermediate for start/end timestamp shift
Fixes: signed integer overflow: -1957694447 + -1620425806 cannot be represented in type 'int'
Fixes: 30207/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5050791771635712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-28 14:20:00 +02:00
Michael Niedermayer
b5d8fe1c87 avformat/flvdec: Check array entry number
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 30209/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-5724831658147840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-28 14:20:00 +02:00
Gyan Doshi
8b2bde0494 avformat/rtpenc_mpegts: stop leaks
Fixes CID 1474460 & 1474461
2021-03-28 15:55:02 +05:30
Gyan Doshi
1d1a96acf5 doc/filters: note default for elbg pal8 option 2021-03-28 15:26:56 +05:30
James Almer
cad3a5d715 avcodec/libxvid: remove unnecessary output packet data check
The user buffers passed to avcodec_encode_video2() haven't been propagated to
AVCodec.encode2 implementations since 93016f5d1d.
Also, the generic encode code already unrefs the packet if nothing was encoded.

Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-26 18:36:28 -03:00
Derek Buitenhuis
f404a2716a avformat/mov: Properly forward error codes from av_seek
This is important, for example, for connection timed out events,
when used over a network, returning AVERROR(ETIMEDOUT).

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2021-03-26 20:04:12 +00:00
Michael Niedermayer
896395bbcf tools/target_dec_fuzzer: Adjust threshold for flac
Fixes: Timeout
Fixes: 31464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-4843965653319680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
8047243899 avcodec/h264_slice: Check sps in h264_slice_header_init()
Fixes: null pointer dereference
Fixes: h264_slice_header_init.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Tested-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
28859d6e7c avcodec/aacpsy: Check model_priv_data before dereferencing in psy_3gpp_end()
Fixes: null pointer dereference
Fixes: av_freep.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Tested-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
5c2ff44f91 avformat/movenc: Avoid loosing cluster array on failure
Fixes: crash
Fixes: check_pkt.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
d0a937caec tools/target_dec_fuzzer: Adjust VP4 threshold
Fixes: Timeout (>10sec -> <100ms)
Fixes: 31515/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP4_fuzzer-5247114134290432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
f733688d30 avformat/avidec: Check for dv streams before using priv_data in parse ##dc/##wb
Fixes: null pointer dereference
Fixes: 31588/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6165716135968768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
d35677736a avformat/mov: Check sample size for overflow in mov_parse_stsd_audio()
Fixes: signed integer overflow: 2 * 1914708000 cannot be represented in type 'int'
Fixes: 31639/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6303428239294464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
e8bd34fe4f avcodec/sga: Check for array end in lzss_decompress()
Fixes: out of array access
Fixes: 31640/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5630883286614016
Fixes: 31619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5176667708456960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
f44068db1e avformat/sbgdec: Check for overflow in last loop in expand_timestamps()
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long'
Fixes: 31003/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6256298771480576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 15:53:30 +01:00
Michael Niedermayer
be08b84f8b avcodec/ffwavesynth: Avoid signed integer overflow in phi_at()
Fixes: signed integer overflow: 2314885530818453536 - -9070214327174160352 cannot be represented in type 'long'
Fixes: 31000/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-6558389742206976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 15:53:30 +01:00
Gyan Doshi
2c806aa2b4 avformat/rtpenc_mpegts: convey options for rtp muxer 2021-03-26 12:37:10 +05:30
Gyan Doshi
325bb04188 avformat/rtpenc_mpegts: relay streamid to mpegts muxer streams. 2021-03-26 12:35:37 +05:30
Gyan Doshi
affe911c65 avformat/rtpenc_mpegts: convey options for mpeg-ts muxer
Fixes #5239
2021-03-26 12:34:27 +05:30
Andreas Rheinhardt
6599960940 avcodec/pthread_frame: Reindentation
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-26 03:04:28 +01:00
Andreas Rheinhardt
c85fcc96b7 avcodec/pthread_frame: Check initializing mutexes/condition variables
Up until now, initializing the mutexes/condition variables wasn't
checked by ff_frame_thread_init(). This commit changes this.

Given that it is not documented to be save to destroy a zeroed but
otherwise uninitialized mutex/condition variable, one has to choose
between two approaches: Either one duplicates the code to free them
in ff_frame_thread_init() in case of errors or one records which have
been successfully initialized. This commit takes the latter approach:
For each of the two structures with mutexes/condition variables
an array containing the offsets of the members to initialize is added.
Said array is used both for initializing and freeing and the only thing
that needs to be recorded is how many of these have been successfully
initialized.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-26 03:04:28 +01:00