Commit Graph

1677 Commits

Author SHA1 Message Date
Michael Niedermayer
4cdf2c7f76
avformat/mov: Ignore duplicate ftyp
Fixes: switch_1080p_720p.mp4
Found-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-12-05 12:12:10 +01:00
Dale Curtis
2182173a69
avformat/mov: Fix integer overflow in mov_read_packet().
Fixes https://crbug.com/1499669:
runtime error: signed integer overflow: 9223372036853334272 + 1375731456
cannot be represented in type 'int64_t' (aka 'long')

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-12-02 00:25:15 +01:00
Michael Niedermayer
19fcf43131
avformat/mov: Disallow FTYP after streams
Fixes: Assertion !c->fc->nb_streams failed at libavformat/mov.c:7799
Fixes: 63875/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5479178702815232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-11-10 00:14:02 +01:00
Michael Niedermayer
98c2711b58
avformat/mov: Check that is_still_picture_avif has no trak based streams
Fixes: Assertion failure in mov_read_iloc( in mov_read_iloc())
Fixes: 62866/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5282997370486784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-11-01 16:40:20 +01:00
Andreas Rheinhardt
37b5f4a1f6 avformat/matroskadec, mov: Fix declaration-after-statement warnings
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-09 00:21:43 +02:00
Michael Niedermayer
3508b496e1
avformat/mov: compute absolute dts difference without overflow in mov_find_next_sample()
Fixes: signed integer overflow: -9223372036854775808 - 9222726413022000000 cannot be represented in type 'long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5959420033761280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-08 21:36:01 +02:00
Vignesh Venkatasubramanian via ffmpeg-devel
9132a0fbe2
avformat/mov: Disallow more than one meta box for AVIF
This is not allowed per the spec.

Signed-off-by: Vignesh Venkatasubramanian <vigneshv@google.com>
Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-08 18:56:34 +02:00
James Almer
5432d2aaca avformat/avformat: use the side data from AVStream.codecpar
Deprecate AVStream.side_data and its helpers in favor of the AVStream's
codecpar.coded_side_data.

This will considerably simplify the propagation of global side data to decoders
and from encoders. Instead of having to do it inside packets, it will be
available during init().
Global and frame specific side data will therefore be distinct.

Signed-off-by: James Almer <jamrial@gmail.com>
2023-10-06 10:03:57 -03:00
Michael Niedermayer
9a3bbf89bd
avformat/mov: Check avif_info
Fixes: leak
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6674082962997248
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6674082962997248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-09-29 23:08:38 +02:00
Michael Niedermayer
3aff8503a9
avformat/mov: Avoid cloning encryption info if its unchanged
Fixes: OOM
Fixes: 45834/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5419540462305280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-09-22 23:47:39 +02:00
Zhao Zhili
a8d9da4c8b avformat/mov: add interleaved_read option
For badly interleaved files, interleave packets from multiple tracks
at the demuxer level can trigger seeking back and forth, which can be
dramatically slow depending on the protocol. Demuxer level interleave
can be useless sometimes, e.g., reading mp4 via http and then
transcoding/remux to DASH. Disable this option when you don't need the
demuxer level interleave, and want to avoid the IO penalizes.

Co-authored-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2023-09-14 18:49:51 +08:00
Andreas Rheinhardt
7001ff74ba avformat/aviobuf: Add ffio_init_(read|write)_context()
Most users of ffio_init_context() simply want to wrap
a buffer into an AVIOContext; they do not provide
function pointers at all.

Therefore this commit adds shortcuts for these two common
operations. This also allows to accept const data when reading
(i.e. the const is now cast away at a central place in
ffio_init_read_context() instead of at several callers).
This also allows to constify the data in ff_text_init_buf().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-07 00:41:45 +02:00
Jan Ekström
b300552dfb avformat/mov: enable identifying TTML subtitle streams as such
The contents are full TTML XML documents. TTML writing tests'
results are updated as the streams are now properly identified
as TTML ones.

Signed-off-by: Jan Ekström <jan.ekstrom@24i.com>
2023-07-28 15:31:56 +03:00
Zhao Zhili
be7ac511a6 avformat/mov: avss box should be AV_CODEC_ID_CAVS
I cannot find the spec, but according to the original commit
d4fdba0df7, it's CAVS. e571305a71 changed it to AVS by
accident. Ten years on, nothing happened. We still have the
sample [1], however, since there is no cavs_mp4tofoobar bsf, the
cavs decoder doesn't work. I don't know if there is any use case.

[1] https://samples.ffmpeg.org/AVS/AVSFileFormat/AVSFileFormat.mp4

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2023-07-19 22:43:33 +08:00
Zhao Zhili
af3f120785 avformat/mov: fix overallocation when reading pssh/saiz
mov_try_read_block() allocates 1MB at least, which can be more than
enough. It was called when reading saiz box, which can appear
periodically inside fmp4. This consumes a lot of memory.

We can fix mov_try_read_block() by clamp 'block_size' with 'size'.
However, the function is harmful than helpful. It avoids allocating
large memory when the real data is small. Even in that case, if
allocating large memory directly failed, it's fine to return ENOMEM;
if allocating success and reading doesn't match the given size, it's
fine to free and return AVERROR_INVALIDDATA. In other cases, it's a
waste of CPU and memory.

So I decided to remove the function, and replace it by call
av_malloc() and avio_read() directly.

mov_read_saiz() and mov_read_pssh() need more check, but they don't
belong to this patch.

Fixes #7641 and #9243.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2023-06-24 12:58:15 +08:00
Dawid Kozinski
091705cd55 avformat/mov_demuxer: Extended MOV demuxer to handle EVC video content
- Added evc extension to the list of extensions for ff_mov_demuxer

Signed-off-by: Dawid Kozinski <d.kozinski@samsung.com>
2023-06-15 09:57:41 -03:00
Zhao Zhili
b7e79ba395 avformat/mov: decrease probe score for a random tag
The tag comes from samples/ffmpeg/mov/unrecognized/bartjones.mov
really looks like some random data. Now the random tag matched
another file, which isn't a mov.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2023-06-08 11:16:46 +08:00
Michael Niedermayer
0c78b0dd3b
avformat/mov: creation time should be non negative
Fixes: signed integer overflow: -9223372036854775808 - 2082844800 cannot be represented in type 'long'
Fixes: 58384/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6428383700713472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-05-29 00:43:39 +02:00
Derek Buitenhuis
f7d64881f8 mov: Do not blindly disable advanced edit lists if use_mfra_for is set
This was a bug/mistake in dae3679a9b.

use_mfra_for by defintion only has an effect on fragmented MP4 files,
making the check not only redundant, but also broken if a user used
the option globally (i.e. set on non-fragmented MP4s).

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2023-04-25 20:44:23 +01:00
Marton Balint
5cdbf817c9 avformat/mov: restrict unix timestamp hack to version 0 mdhd/mvhd
Commit 23eeffcd48a15e73fb2649b712870b6d101c5471 added a hack to support invalid
files where the creation date was encoded as a classic unix timestamp. Let's
reduce the scope of the hack by only applying it to version 0 mdhd/mvhd atoms.
Also warn the user of such possibly broken files.

Signed-off-by: Marton Balint <cus@passwd.hu>
2023-04-24 23:00:50 +02:00
Marton Balint
bbb885e6a5 avformat/mov: factorize reading creation time metadata
Signed-off-by: Marton Balint <cus@passwd.hu>
2023-04-24 23:00:50 +02:00
Zhao Zhili
d7e864366b avformat/mov: parse ISO-14496-12 ChannelLayout
Only support chnl version 0 now.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2023-03-15 00:12:59 +08:00
Zhao Zhili
d04dbf48fc avformat/mov: fix ISO/IEC 23003-5 support
Missing floating-point formats support.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2023-03-15 00:12:59 +08:00
Jan Ekström
912ac82a3c avformat/mov: base pcmC endianness on just the LSB
As per 23003-5:2020, the rest of the bits are reserved, and thus
in the future they may be utilized for something else.

Quote:
format_flags is a field of flags that modify the default PCM sample format.
Undefined flags are reserved and shall be zero. The following flag is defined:
  0x01 indicates little-endian format. If not present, big-endian format is used.
2023-03-05 23:58:04 +02:00
Jan Ekström
adca877acb avformat/mov: check that pcmC box is of the expected type
As per 23003-5:2020 this box is defined as
PCMConfig extends FullBox(‘pcmC’, version = 0, 0), which means
that version is 0 and flags should be zero.
2023-03-05 23:48:32 +02:00
Michael Niedermayer
53c1f5c2e2
avformat/mov: Check samplesize and offset to avoid integer overflow
Fixes: signed integer overflow: 9223372036854775584 + 536870912 cannot be represented in type 'long'
Fixes: 55844/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-510613920664780

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-02-22 18:01:37 +01:00
Martin Storsjö
431f6260ac mov: Reduce the verbosity of the warning about fragmented MP4 vs advanced edit lists
Only warn if the advanced_editlist option is enabled (it is enabled
by default though) so we don't print one warning for each track, and
demote the warning to AV_LOG_LEVEL_VERBOSE; this message does get
generated whenever parsing a fragmented MP4 file, regardless of
whether the file actually uses multiple edits or not.

Later when parsing the mov structures, the demuxer does warn if
the file did contain multiple edits which would require the
advanced_editlist option enabled for decoding correctly.

Adjust the warning message for the case when the file seemed like it
actually would have needed handling of advanced edit lists, to
reflect the fact that it doesn't help to try set the option as
it has been automatically disabled.

Signed-off-by: Martin Storsjö <martin@martin.st>
2023-01-31 14:29:08 +02:00
Derek Buitenhuis
dae3679a9b mov: Disable advanced_editlist for fragmented MP4 input
Advanced edit list support is entirely broken for fragmented MP4s,
currently. mov_fix_index is never run in mov_build_index, since
in fragmented MP4s the stco, stsz, stts, and stsc boxes have zero
entries, with the index being filled in as each fragment's trun
box is seen.

The result of this is that the skip samples is never set properly,
since half the code thinks it doesn't need to, as advanced_editlist
is enabled, but as mov_fix_index is never called, it doesnt get set.
This means that any edits for e.g. priming are not properly applied
as skip samples side data.

This also means remuxing to fragmented MP4 from progressive MP4 with
lavf will quietly drop the edit list, currently.

Example:

    $ ffmpeg -loglevel quiet -advanced_editlist 1 -i non_fragmented.mp4 -f md5 -
    MD5=d02d929f8eb4edef624758a298d5f7c6
    $ ffmpeg -loglevel quiet -advanced_editlist 0 -i non_fragmented.mp4 -f md5 -
    MD5=d02d929f8eb4edef624758a298d5f7c6
    $ ffmpeg -loglevel quiet -advanced_editlist 1 -i fragmented.mp4 -f md5 -
    MD5=e38b110f586fa886ff94e0ca98a95d59 <-- wrong, extra samples are output instead of being skipped
    $ ffmpeg -loglevel quiet -advanced_editlist 0 -i fragmented.mp4 -f md5 -
    MD5=d02d929f8eb4edef624758a298d5f7c6

We cannot call mov_fix_index after reading a trun box
since mov_fix_index seems to assume it is only called once, on a
fully complete index, an multiple calls to it don't seem like
they'd work, so the "best" option seems to be disabling advanced
edit list support entirely for the time being, as it is broken
for these types of files.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2023-01-09 15:23:41 +00:00
Sasi Inguva
9d8d7bdffb avformat/mov: Set duration to zero if the duration is UINT_MAX
Fixes some MP4F files which have duration in mdhd set to UINT_MAX instead of zero.

Signed-off-by: Sasi Inguva <isasi@google.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2022-11-29 08:39:32 -03:00
Wang Yaqiang
0744782de3 avformat/mov: get the correct fragment stsd_id when decrypting the sample
When determining whether a packet should be decrypted,
should use the stsd_id of the fragment where the current packet is located.

Reviewed-by: Zhao Zhili <zhilizhao@tencent.com>
Signed-off-by: Wang Yaqiang <wangyaqiang03@kuaishou.com>
2022-09-21 13:58:40 +08:00
James Almer
836b8001c9 avformat/mov: don't read duration from mvhd atom
This duration is equal to the longest duration in all track's tkhd atoms, which
may be comprised of the sum of all edit lists in each track. Empty edit lists
in tracks represent start_time, and the actual media duration is stored in the
mdhd atom.
This change lets the generic demux code derive the longest track duration taken
from mdhd atoms, so the correct duration and start_time combination will be
reported.

Should fix ticket #9775.

Reviewed-by: zhilizhao(赵志立) <quinkblack@foxmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2022-09-08 20:06:06 -03:00
Anton Khirnov
693c1e631c lavf/mov: avoid leaks with multiple dv-audio streams 2022-09-05 08:14:36 +02:00
Anton Khirnov
090f12b157 lavf/dv: make returning the video packet optional
The mov demuxer only returns DV audio, video packets are discarded.

It first reads the data to be parsed into a packet. Then both this
packet and the pointer to its data are passed together to
avpriv_dv_produce_packet(), which parses the data and partially
overwrites the packet. This is confusing and potentially dangerous, so
just pass NULL and avoid pointless packet modification.
2022-09-05 08:10:55 +02:00
Andreas Rheinhardt
04b7217872 avutil/dict: Move avpriv_dict_set_timestamp() to a header of its own
It is used almost nowhere, so it needn't be auto-included
almost everywhere.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-03 15:41:44 +02:00
Michael Niedermayer
c953baa084
avformat/mov: Check count sums in build_open_gop_key_points()
Fixes: ffmpeg.md
Fixes: Out of array access
Fixes: CVE-2022-2566

Found-by: Andy Nguyen <theflow@google.com>
Found-by: 3pvd <3pvd@google.com>
Reviewed-by: Andy Nguyen <theflow@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-08-28 22:06:45 +02:00
Derek Buitenhuis
e1e981c65e mov: Compare frag times in correct time base when seeking a stream without a corresponding sidx
Some muxers, such as GPAC, create files with only one sidx, but two streams
muxed into the same fragments pointed to by this sidx.

Prevously, in such a case, when we seeked in such files, we fell back
to, for example, using the sidx associated with the video stream, to
seek the audio stream, leaving the seekhead in the wrong place.

We can still do this, but we need to take care to compare timestamps
in the same time base.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2022-08-19 17:02:55 +01:00
Zhao Zhili
1af7797d21 avformat/mov: fix encryption index in the case of multiple trun
frag_stream_info->index_entry isn't the first sample/trun index.
cenc.frag_index_entry_base failed to catch the case since
current_index > 0.

Fix ticket #9807.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2022-08-16 18:47:40 +08:00
Zhao Zhili
98dcdd1868 avformat/mov: fix frag_index.current out of sync
frag_index.current is used by cenc_filter, and is updated inside
mov_read_moof. It can out of sync regarding to mov_read_packet.

Partly fix ticket #9807.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2022-08-16 18:47:33 +08:00
Vignesh Venkatasubramanian
d931554f66 avformat/mov: Rework the AVIF parser to handle multiple items
Stores the item ids of all the items found in the file and
processes the primary item at the end of the meta box. This patch
does not change any behavior. It sets up the code for parsing
alpha channel (and possibly images with 'grid') in follow up
patches.

Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Vignesh Venkatasubramanian <vigneshv@google.com>
Signed-off-by: James Zern <jzern@google.com>
2022-08-09 13:15:55 -07:00
Michael Niedermayer
744ad45c44 avformat/mov: Check for EOF in mov_read_iloc()
Fixes: Timeout
Fixes: 49216/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6563000529584128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-21 19:27:45 +02:00
Zhao Zhili
811f2f91da avformat/mov: discard data streams with all zero sample_delta
Streams with all zero sample_delta in 'stts' have all zero dts.
They have higher chance be chose by mov_find_next_sample(), which
leads to seek again and again.

For example, GoPro created a 'GoPro SOS' stream:
  Stream #0:4[0x5](eng): Data: none (fdsc / 0x63736466), 13 kb/s (default)
    Metadata:
      creation_time   : 2022-06-21T08:49:19.000000Z
      handler_name    : GoPro SOS

With 'ffprobe -show_frames http://example.com/gopro.mp4', ffprobe
blocks until all samples in 'GoPro SOS' stream are consumed first.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2022-07-18 11:06:17 +08:00
ShuangxiLi
046b05082d avformat/mov: fix possible crash in cenc_scheme_decrypt
Data does not have to be decrypted in 16-byte blocks for AES-CTR mode, so
existing buggy code can be hugely simplified.

Fixes ticket #9829.

Signed-off-by: Marton Balint <cus@passwd.hu>
2022-07-12 18:48:54 +02:00
Marton Balint
03d81a044a avformat/mov: disallow a zero sample size in trun atoms
In order to not generate 0 sized packets or create a huge index table
needlessly.

Fixes: Timeout
Fixes: 43717/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5206008287330304
Fixes: 45738/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6142535657979904

Signed-off-by: Marton Balint <cus@passwd.hu>
2022-07-06 23:37:29 +02:00
Martijn van Beurden
c8d839df73 avformat/mov: prevent potential use of uninitialized value 2022-07-05 14:11:23 +02:00
Vignesh Venkatasubramanian
be4d1caad4 avformat/mov: Only read the primary item for AVIF
Update the still AVIF parser to only read the primary item. With this
patch, AVIF still images with exif/icc/alpha channel will no longer
fail to parse.

For example, this patch enables parsing of files in:
https://github.com/AOMediaCodec/av1-avif/tree/master/testFiles/Microsoft

Adding two fate tests:
1) demuxing of still image with 1 item - this test will pass regardless
   of this patch.
2) demuxing of still image with 2 items - this test will fail without
   this patch and will pass with patch applied.

Partially fixes trac ticket #7621

Signed-off-by: Vignesh Venkatasubramanian <vigneshv@google.com>
Signed-off-by: James Zern <jzern@google.com>
2022-06-29 12:16:40 -07:00
Ivan Baykalov
cbe216d3a6 avformat/mov: read PCM audio configuration box ('pcmC') if available
For ipcm and fpcm streams, big-endian format is the default, but it can be changed
with additional 'pcmC' sub-atom of audio sample description.

Details can be found in ISO/IEC 23003-5:2020

Fixes ticket #9763.
Fixes ticket #9790.

Patch simplified by Marton Balint.

Signed-off-by: Marton Balint <cus@passwd.hu>
2022-06-27 20:29:47 +02:00
Marton Balint
cd83383f4d avformat/mov: factorize setting little endian PCM streams
Signed-off-by: Marton Balint <cus@passwd.hu>
2022-06-27 20:29:47 +02:00
Michael Niedermayer
9274fb2532 avformat/mov: Non overflowing ambisonic order check
Fixes: signed integer overflow: 536870913 * 536870913 cannot be represented in type 'int'
Fixes: 45862/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4730373768085504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-06-14 16:46:28 +02:00
Pierre-Anthony Lemieux
a2c1a439b3
avformat/mov: refactor to use avutil/uuid 2022-06-12 18:34:37 +10:00
Andreas Rheinhardt
35ec5c819b avformat/demux: Add new demux.h header
And move those stuff already in demuxer-only files to it.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-05-10 07:37:38 +02:00