Commit Graph

98421 Commits

Author SHA1 Message Date
Andreas Rheinhardt
a5ed8aeea4 avformat/mpsubdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon creating an AVStream.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
331799747e avformat/mpl2dec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
b12014a5b8 avformat/microdvddec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle
or when allocating extradata.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
d38694cea9 avformat/lrcdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
c13a752733 avformat/jacosubdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
5ab39c2d8c avformat/assdec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle
or if creating the extradata failed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
a86a5d06d8 avformat/aqtitledec: Fix memleak upon read header failure
The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
would leak if an error happened upon reading a subsequent subtitle.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:54:05 +02:00
Andreas Rheinhardt
ac378c535b avformat/mov: Fix memleaks upon read_header failure
By default, a demuxer's read_close function is not called automatically
if an error happens when reading the header; instead it is up to the
demuxer to clean up after itself in this case. The mov demuxer did this
by calling its read_close function when it encountered some errors when
reading the header. Yet for other errors (mostly adding side-data to
streams) this has been forgotten, so that all the internal structures
of the demuxer leak.

This commit fixes this by making sure mov_read_close is called when
necessary.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:46:15 +02:00
Andreas Rheinhardt
3d3ba43bc6 avformat/omadec: Fix memleaks upon read_header failure
Fixes possible leaks of id3v2 metadata as well as an AVDES struct in
case the content is encrypted and an error happens lateron.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:35:29 +02:00
Andreas Rheinhardt
0841063ce6 avformat/matroskadec: Fix memleaks in WebM DASH manifest demuxer
In certain error scenarios, the underlying Matroska demuxer was not
properly closed, causing leaks.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:35:28 +02:00
Andreas Rheinhardt
1ef30571a0 avformat/matroskadec: Use right number of tracks
When demuxing a Matroska/WebM file, streams are added for tracks and for
attachments, so that the array containing the former can be NULL even
when the corresponding AVFormatContext has streams. So check for there
to be tracks in the MatroskaDemuxContext instead of just streams in the
AVFormatContext before dereferencing the pointer to the tracks.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 16:15:47 +02:00
Andreas Rheinhardt
3714d452b8 avformat/matroskadec: Fix handling gigantic durations
matroska_parse_block currently asserts that the duration is not equal to
AV_NOPTS_VALUE, but there is nothing that actually guarantees this. It
is easy to create (spec-compliant) files which run into this assert;
so replace it and instead cap the duration to INT64_MAX, as the duration
field of an AVPacket is an int64_t.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 15:44:27 +02:00
Andreas Rheinhardt
cbe336c9e8 avformat/matroskadec: Move AVBufferRef instead of copying, fix memleak
EBML binary elements are already made reference-counted when read;
so when populating the AVStream.attached_pic, one does not need to
allocate a new buffer for the data; instead the current code just
creates a new reference to the underlying AVBuffer. But this can be
improved even further: Just move the already existing reference.

This also fixes a memleak that happens upon error because
matroska_read_close has not been called in this scenario.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 15:44:27 +02:00
Thilo Borgmann
b737575c76 lavdevice: Add AudioToolbox output device. 2020-06-15 15:09:33 +02:00
Przemysław Sobala
9d80f3ec4b avformat/dashenc: Add hls_master_name option 2020-06-15 12:31:57 +05:30
Andreas Rheinhardt
19a876fd69 avformat/hlsenc: Always treat numbers as decimal
c801ab43c3 caused a regression: The stream
number is now parsed with strtoll without a fixed basis; as a
consequence, the "010" in a variant stream mapping like "a:010" is now
treated as an octal number (i.e. as eight, not ten). This was not
intended and may break some scripts, so this commit restores the old
behaviour.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 05:09:07 +02:00
Andreas Rheinhardt
3aa0be003e avcodec/iirfilter: Fix memleak
Commit 17e88bf0df created a memleak by
removing a call to ff_iir_filter_free_coeffsp on error; this has been
found by Coverity (ID 1464159). This commit fixes the memleak by
readding the call to ff_iir_filter_free_coeffsp.

Notice that this is not a simple revert, because several macros that
were used before 17e88bf0df were replaced
in commit 44863b2c2d and completely removed
in 2658680df4.

Reviewed-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 04:22:28 +02:00
Andreas Rheinhardt
ea1b71e82f avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input
The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit
is so big that it extends beyond the end of the input packet; it does so
only implicitly by using the checked version of the bytestream2 API.
But this has downsides compared to real checks: It can lead to huge
allocations (up to 2GiB) even when the input packet is just a few bytes.
And furthermore it leads to uninitialized data being output.
So add a check to error out early if it happens.

Also check directly whether there is enough data for the length field.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-15 03:18:11 +02:00
Limin Wang
4b3b217e30 avcodec/h264: create user data unregistered SEI side data for H.264
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-15 07:19:55 +08:00
Limin Wang
567d571b20 avfilter/vf_showinfo: display H.26[45] user data unregistered sei message
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-15 07:19:55 +08:00
Limin Wang
ed6dbbfc16 avcodec/hevc_sei: add support for user data unregistered SEI message
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-15 07:19:55 +08:00
James Almer
318a1a383d avcodec/cbs_av1: abort when written inferred values don't match
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.

Prevents writing invalid bitstreams.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-14 16:42:40 -03:00
James Almer
ef13fafe22 avcodec/cbs_h2645: abort when written inferred values don't match
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.

Prevents writing invalid bitstreams.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-14 16:42:04 -03:00
Michael Niedermayer
0aa2768cb2 avformat/mxfdec: free duplicated utf16 strings
Fixes: memleak
Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744

Suggested-by: Marton Balint <cus@passwd.hu>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 21:22:47 +02:00
Michael Niedermayer
c517c3f474 avformat/4xm: Check that a video stream was created before returning packets for it
Fixes: assertion failure
Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 21:22:47 +02:00
Marton Balint
16d29c1be8 avcodec/libzvbi-teletextdec: fix txt_default_region limits
Max region ID is 87. Also the region affects not only the G0 charset but G2 and
the national subset as well.

Signed-off-by: Marton Balint <cus@passwd.hu>
2020-06-14 20:00:02 +02:00
Michael Niedermayer
584d334afd avcodec/ffwavesynth: Avoid undefined operation on ts overflow
Alternatively these conditions could be treated as errors
Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long')

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
75e2ac4f07 avcodec/mv30: check mode_size vs. input space
Fixes: Timeout (longer than my patience vs 1sec)
Fixes: 22984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5630021988515840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
e361785ee0 avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int'
Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
c579ceffbe avcodec/jpeg2000dec: Fix/check for multiple integer overflows
Fixes: shift exponent 35 is too large for 32-bit type 'int'
Fixes: 22857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5202709358837760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
04ddace9e8 avformat/utils: Print analyze duration and probesize when printing a suggestion to increase them
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
c0dfe134be avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c()
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int'
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
61d9bf514d avcodec/sonic: Fix several integer state overflows
Fixes: signed integer overflow: -234 * -14797801 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5695924975435776
Fixes: 22275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5695924975435776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
75d520e337 avcodec/sonic: Fix several integer overflows
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int'
Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
70277f1232 avformat/oggdec: Disable mid stream codec changes
Fixes: 22082/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5688619118624768
Fixes: crash from V-codecs/Theora/theora_testsuite_broken/multi2.ogg

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: Lynne on IRC
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:34:59 +02:00
Michael Niedermayer
e53235f06c avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile
Fixes: out of array access
Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Michael Niedermayer
bd0f81526d avcodec/pixlet: Fix log(0) check
Fixes: passing zero to clz(), which is not a valid argument
Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Michael Niedermayer
9b5fc789fb avformat/ape: Cleanup after ape_read_header() failure
Fixes: memleaks
Fixes: 23306/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5635436931448832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Michael Niedermayer
51225dee0a avcodec/iff: Fix off by x error
Fixes: out of array access
Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Nelson Gomez
360be03b8a swscale: cosmetic fixes
Signed-off-by: Nelson Gomez <nelson.gomez@microsoft.com>
2020-06-14 16:34:07 +01:00
Nelson Gomez
bc01337db4 swscale/x86/output: add AVX2 version of yuv2nv12cX
256 bits is just wide enough to fit all the operands needed to vectorize
the software implementation, but AVX2 is needed to for a couple of
instructions like cross-lane permutation.

Output is bit-for-bit identical to C.

Signed-off-by: Nelson Gomez <nelson.gomez@microsoft.com>
2020-06-14 16:34:07 +01:00
Nelson Gomez
7c39c3c1a6 swscale: make yuv2interleavedX more asm-friendly
Extracting information from SwsContext in assembly is difficult, and
rearranging SwsContext just for asm access didn't look good. These
functions only need a couple of fields from it anyway, so just make
them parameters in their own right.

Signed-off-by: Nelson Gomez <nelson.gomez@microsoft.com>
2020-06-14 16:34:07 +01:00
Limin Wang
01be03a4a0 avcodec/smvjpegdec: remove uninitialized ret
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-14 21:54:40 +08:00
Limin Wang
9bb46cf100 avcodec/mpegvideo: remove extra space
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-14 21:54:40 +08:00
Limin Wang
67a07dc778 swscale/utils: return better error code from initFilter()
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-14 21:54:40 +08:00
Limin Wang
8efecc9063 swscale/utils: reindent
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-14 21:54:40 +08:00
David Holroyd
ffc1208266 lavf/prompeg: prompeg_write() must report data all was written
Previously, prompeg_write() would only report to caller that bytes we
written when a FEC packet was actually created.  Not all RTP packets are
expected to generate a FEC packet however, so this behavior was causing
avio to retry writing the RTP packet, eventually forcing the FEC state
machine to send a FEC packet erroneously (and so breaking out of the
retry loop).

This was resulting in incorrect FEC data being generated, and far too
many FEC packets to be sent (~100% FEC overhead).

fix #7863

Signed-off-by: David Holroyd <david.holroyd@m2amedia.tv>
2020-06-14 12:27:49 +08:00
Jun Zhao
0a0158e45d lavu/internal: Fix comment for avpriv_dict_set_timestamp
Fix comment for avpriv_dict_set_timestamp from b72a7b96f8

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2020-06-14 12:27:10 +08:00
Jun Zhao
ab9ff762c1 lavc/qsv: fix make checkheaders warning
make checkheaders will get warning as follow:

In file included from libavcodec/qsv_internal.h.c:1:
./libavcodec/qsv_internal.h:24:5: warning: "CONFIG_VAAPI" is not defined, evaluates to 0 [-Wundef]
   24 | #if CONFIG_VAAPI
      |     ^~~~~~~~~~~~

include "config.h" to fix the warning

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2020-06-14 12:26:51 +08:00
Paul B Mahol
416dc133b9 avformat/sccdec: move pos variables outside of loop
Ensures that sub->pos is always correct.
2020-06-13 12:26:00 +02:00