Commit Graph

23308 Commits

Author SHA1 Message Date
Marton Balint
daac7f4d9c avformat/swf: add support for reading and writing VP6A and Flash Screen Video codecs
Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-23 20:10:05 +01:00
Marton Balint
8d5f2a005d avformat/swfenc: add support for muxing png images
Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-23 20:10:04 +01:00
Marton Balint
041e735c81 avformat/swfenc: fix generation of FileAttributes tag
Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-23 20:10:04 +01:00
Michael Niedermayer
7a6666b19d avformat/flvdec: Use av_sat_add64() for pts computation
Fixes: signed integer overflow: -9223372036854767583 + -65536 cannot be represented in type 'long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-6734549467922432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-23 14:32:54 +01:00
Michael Niedermayer
d82ee907d6 avformat/utils: Check dts - (1<<pts_wrap_bits) overflow
Fixes: signed integer overflow: -9223372036842389247 - 2147483648 cannot be represented in type 'long long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-4845007531671552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-23 14:32:54 +01:00
Michael Niedermayer
638a151a87 avformat/bfi: Check chunk_header
Fixes: signed integer overflow: -2147483648 - 3 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6665764123836416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-23 14:32:54 +01:00
Michael Niedermayer
c78b2b138c avformat/ads: Check size
Fixes: signed integer overflow: -2147483616 - 64 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_ADS_fuzzer-6617769344892928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-23 14:32:54 +01:00
Michael Niedermayer
b17ffe8f8f avformat/iff: Check block align also for ID_MAUD
Fixes: Timeout & OOM
Fixes: 28701/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5185094964871168
Fixes: 29116/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4874284795297792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-23 14:32:54 +01:00
Michael Niedermayer
14bbb6bb30 avformat/fitsdec: Better size checks
Fixes: out of array access
Fixes: 26819/clusterfuzz-testcase-minimized-ffmpeg_dem_FITS_fuzzer-5634559355650048
Fixes: 26820/clusterfuzz-testcase-minimized-ffmpeg_dem_FITS_fuzzer-5760774955597824
Fixes: 27379/clusterfuzz-testcase-minimized-ffmpeg_dem_FITS_fuzzer-5129775942991872.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-23 01:05:25 +01:00
Michael Niedermayer
d3d9b1fc8e avformat/mxfdec: Fix integer overflow in next position in mxf_read_local_tags()
Fixes: signed integer overflow: 9223372036854775723 + 8192 cannot be represented in type 'long'
Fixes: 29072/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4812604904177664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-23 01:05:25 +01:00
Limin Wang
6dad428546 avformat/async: Use AVERROR macro
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2021-01-22 07:40:29 +08:00
Michael Niedermayer
1b373b41d9 avformat/avidec: dv does not support palettes
Fixes: memleak
Fixes: 26937/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5763003338981376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-21 20:21:32 +01:00
Michael Niedermayer
7540d60bf6 avformat/dhav: Break out of infinite dhav search loop
Fixes: Infinite loop
Fixes: 26922/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-5794549613723648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-21 20:21:32 +01:00
Michael Niedermayer
1b1dac2716 libavformat/utils: consider avio_size() failure in ffio_limit()
Fixes: Timeout (>20sec -> 3ms)
Fixes: 26918/clusterfuzz-testcase-minimized-ffmpeg_dem_THP_fuzzer-5750425191710720

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-21 20:21:32 +01:00
Michael Niedermayer
60770a50fb avformat/nistspheredec: Check bits_per_coded_sample and channels
Fixes: signed integer overflow: 80 * 92233009 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NISTSPHERE_fuzzer-6669100654919680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-21 20:21:32 +01:00
Michael Niedermayer
631ee3f8e4 avformat/paf: Do not zero allocated tables which are immedeately filled
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-21 20:21:32 +01:00
Michael Niedermayer
0bee216ad4 avformat/asfdec_o: Check size vs. offset in detect_unknown_subobject()
Fixes: signed integer overflow: 2314885530818453566 + 7503032301549264928 cannot be represented in type 'long'
Fixes: 26639/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6024222100684800

Alternatively this could be ignored but then the end condition of the loop
would be hard to reach as avio_tell() is int64_t

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-20 21:26:46 +01:00
Michael Niedermayer
03c479ce23 avformat/utils: check for integer overflow in av_get_frame_filename2()
Fixes: signed integer overflow: 317316873 * 10 cannot be represented in type 'int'
Fixes: 24708/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5731180885049344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-20 21:26:46 +01:00
rcombs
eabf5e6d6b All: update names in copyright headers 2021-01-20 01:02:56 -06:00
Michael Niedermayer
c48110a4a4 avformat/id3v2: Check against max compression ratio before allocation
Fixes: Timeout (>10sec -> 12ms)
Fixes: 27612/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_S24BE_fuzzer-6605893000757248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-19 00:05:50 +01:00
Michael Niedermayer
7d7ae68972 avformat/avidec: Use av_sat_sub64() in check_stream_max_drift()
Fixes: signed integer overflow: 8833900919969684211 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 26726/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5669377724383232
Fixes: 27587/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6294562263531520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-19 00:05:50 +01:00
Michael Niedermayer
8c9a5a0fe9 avformat/mov: Check a.size before computing next_root_atom
Fixes: signed integer overflow: 64 + 9223372036854775799 cannot be represented in type 'long'
Fixes: 27563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6244650163372032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-19 00:05:50 +01:00
Michael Niedermayer
ac6c8993f7 avformat/sbgdec: Reduce the amount of floating point in str_to_time()
Fixes: 1e+75 is outside the range of representable values of type 'long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6626834808700928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-19 00:05:50 +01:00
tpol
71ce5c32f0 avformat/rtsp: correctly set media control uri with mpegts
Fixes #1941

Currently the media control uri is not correctly assigned when mpegts is
signalled in the media description.

The code checks whether at least one AVStream has been setup before
assigning to the media's uri. With mpegts the AVStreams are setup when
parsing packets and so the media's uri is skipped. This is fixed by
using rt->nb_rtsp_streams in the check which counts all medias in the
sdp.

Reviewed-by: Andriy Gelman <andriy.gelman@gmail.com>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2021-01-17 21:36:16 -05:00
Limin Wang
bf1cc9a43b avformat/hlsenc: reindent the code
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2021-01-16 08:53:27 +08:00
Limin Wang
5ef20244de avformat/udp: add memory alloc checks
Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2021-01-16 08:51:31 +08:00
Limin Wang
f6eaa864f3 avformat/udp: return the error code instead of generic EIO
Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2021-01-16 08:51:22 +08:00
Martin Storsjö
c2424b1f35 movenc: Present durations in mvhd/tkhd/mdhd as they are after edits
If the edit lists remove parts of the output timeline, or add a
delay to it, this should be included in the mvhd/tkhd/mdhd durations,
which should correspond to the edit lists.

For tracks starting with pts < 0, the edit list trims out the segment
before pts=0. For tracks starting with pts > 0, a delay element is
added in the edit list, delaying the start of the track data.

In both cases, the practical effect is that the post-edit output
is as if the track had started with pts = 0. Thus calculate the range
from pts=0 to end_pts, for the purposes of mvhd/tkhd/mdhd, unless
edit lists explicitly are disabled.

mov_write_edts_tag needs to operate on the actual pts duration of
the track samples, not the duration that already takes the edit
list effect into account.

Signed-off-by: Martin Storsjö <martin@martin.st>
2021-01-15 15:01:03 +02:00
Idan Freiberg
a6912e5b88 avformat/dhav: Fix incorrect non-DHAV chunk skipping logic
DAV files may contain a variable length padding in between chunks
filled with 0xff bytes. The current skipping logic is incorrect as it
may skip over DHAV chunks not appearing sequentially in the file.

We now look for the 'DHAV' tag using a byte-by-byte search in order
to handle such situations. Also the dhav->last_good_pos field will
not be updated while skipping unrecognized data.
2021-01-14 14:20:02 +01:00
AlexisWilke
ca21cb1e36 avformat/allformats: test pointer to be used
Two tests check the opposite pointer before using it. If only one of these
is set to a valid pointer, one of these functions will crash, the other will
ignore the pointer.

Signed-off-by: James Almer <jamrial@gmail.com>
2021-01-12 00:17:30 -03:00
Michael Niedermayer
88519be8db avformat/mxfdec: Free all types for both Descriptors
Fixes: memleak
Fixes: 26352/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5201158714687488

Suggested-by: Tomas Härdin <tjoppen@acc.umu.se>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-11 23:23:36 +01:00
Michael Niedermayer
b0259aa248 avformat/utils: wrap_timestamp() is only needed for less than 64 bits
Fixes: shift exponent 64 is too large for 64-bit type 'unsigned long long'
Fixes: 26497/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5690188355076096
Fixes: 26903/clusterfuzz-testcase-minimized-ffmpeg_dem_LUODAT_fuzzer-5641466929741824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-11 23:17:36 +01:00
Michael Niedermayer
fcc263caa9 avformat/aaxdec: Check string before strcmp()
Fixes: NULL ptr dereference
Fixes: 26508/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5694725249826816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-11 23:15:04 +01:00
Michael Niedermayer
7186ec88b9 uavformat/rsd: check for EOF in extradata
Fixes: OOM
Fixes: 26503/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6530816735444992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-11 23:15:04 +01:00
Marton Balint
2e2891383e avformat: remove some mpegts details from AVStream
These fields were added to support -merge_pmt_versions, but the mpegts demuxer
is also keeping track its programs internally, so that should be a better place
to handle it.

Also it is not a very good idea to keep fields like program_num or
pmt_stream_idx in an AVStream, because a single stream can be part of multiple
programs, multiple PMTs, so the stream attributes can refer to any program the
stream is part of.

Since they are not part of public API, lets simply remove them, or rather
replace them with placeholders for ABI compatibility with libavdevice.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-09 22:38:12 +01:00
Marton Balint
e57879ec18 avformat/mpegts: use stream index based lookup with merge_pmt_versions if stream identifier matches multiple streams
Also make sure we are checking the old state of the streams because otherwise
some streams might already have the newly parsed stream identifiers which
corrupts matching.

Fixes streams having the same identifier mixed up on pmt version change.

Fixes ticket #9006.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-09 22:38:12 +01:00
Marton Balint
f143a6c151 avformat/mpegts: only clear programs which no longer exist or have a new PMT
Otherwise there can be a small period when the programs only contain the PMT
pid.

Also make sure skip_clear only affects AVProgram clear, and that pmt_pid is
always kept as the first entry of the PID list of the programs. Also reject
PMTs for programs on the wrong PID.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-09 22:38:12 +01:00
Marton Balint
10c8e53294 avformat/mpegts: rework clearing and adding pid to program
And use better function names.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-09 22:38:12 +01:00
Marton Balint
5ea37923a8 avformat/mpegts: never discard PAT pid
PID 0 was removed from the pid list when then PMT was parsed, it is better
to explictly avoid it from being discarded instead of keeing it in the list of
every program.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-09 22:38:12 +01:00
Marton Balint
9298e8eb61 avformat/utils: do not overwrite already existing program with defaults in av_new_program
av_new_program returns the existing program if that already exists, in that
case it makes no sense to overwrite existing attributes.

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-09 22:38:12 +01:00
Matthieu Bouron
2e17435480 avformat/mov: adjust skip_samples according to seek timestamp
Currently skip_samples is set to start_pad if sample_time is lesser or
equal to 0. This can cause issues if the stream starts with packets that
have negative pts. Calling avformat_seek_file() with ts set to 0 on such
streams makes the mov demuxer return the right corresponding packets
(near the 0 timestamp) but set skip_samples to start_pad which is
incorrect as the audio decoder will discard the returned samples
according to skip_samples from the first packet it receives (which has
its timestamp near 0).

For example, considering the following audio stream with start_pad=1344:

 [PKT pts=-1344] [PKT pts=-320] [PKT pts=704] [PKT pts=1728] [...]

Calling avformat_seek_file() with ts=0 makes the next call to
av_read_frame() return the packet with pts=-320 and a skip samples
side data set to 1344 (start_pad). This makes the audio decoder
incorrectly discard (1344 - 320) samples.

This commit makes the move demuxer adjust skip_samples according to the
stream start_pad, seek timestamp and first sample timestamp.

The above example will now result in av_read_frame() still returning the
packet with pts=-320 but with a skip samples side data set to 320
(src_pad - (seek_timestamp - first_timestamp)). This makes the audio
decoder only discard 320 samples (from pts=-320 to pts=0).

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-09 17:08:27 +01:00
Michael Niedermayer
0a0b92b4b2 avformat/dhav: Check position for overflow
Fixes: signed integer overflow: 9223372036854775807 + 32768 cannot be represented in type 'long'
Fixes: 27744/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-5179319491756032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-08 18:08:57 +01:00
Michael Niedermayer
ac5a568e6d avformat/utils: Change compute_chapters_end() from O(n²) to O(n log n)
Fixes: Timeout (49sec -> 9sec)
Fixes: 27427/clusterfuzz-testcase-minimized-ffmpeg_dem_FFMETADATA_fuzzer-5140589838073856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-08 18:02:55 +01:00
Andreas Rheinhardt
cb4c3b6162 avformat/hashenc: Deduplicate (stream)hash options
Also saves relocations.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-01-08 05:06:11 +01:00
Andreas Rheinhardt
ac0e75b647 avformat/mxf: Deduplicate random_index_pack_key
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-01-08 05:05:13 +01:00
Michael Niedermayer
66deab3a26 avformat/vividas: Check number of audio channels
Fixes: division by 0
Fixes: 28597/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5752201490333696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-05 02:00:05 +01:00
Jonathan Baudanza
6c24f2bf41 avformat/rtpdec: export Opus extradata in ff_rtp_parse_open() 2021-01-03 20:30:33 -03:00
erankor
fde5593c7c avformat/http: support retry on connection error
Add 2 new options:
- reconnect_on_http_error - a list of http status codes that should be
    retried. the list can contain explicit status codes / the strings
    4xx/5xx.
- reconnect_on_network_error - reconnects on arbitrary errors during
    connect, e.g. ECONNRESET/ETIMEDOUT

the retry employs the same exponential backoff logic as the existing
reconnect/reconnect_at_eof flags.

related tickets:
https://trac.ffmpeg.org/ticket/6066
https://trac.ffmpeg.org/ticket/7768

Signed-off-by: Marton Balint <cus@passwd.hu>
2021-01-03 16:47:29 +01:00
Michael Niedermayer
f26b5acfc0 avformat/wavdec: Avoid zeroing written to array
Fixes: OOM
Fixes: 26934/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5996784213819392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-03 01:16:25 +01:00
Andreas Rheinhardt
2c6f532e0a Mark some pointers as const
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-01-01 15:25:48 +01:00