Commit Graph

545 Commits

Author SHA1 Message Date
Michael Niedermayer
7d7ae68972 avformat/avidec: Use av_sat_sub64() in check_stream_max_drift()
Fixes: signed integer overflow: 8833900919969684211 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 26726/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5669377724383232
Fixes: 27587/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6294562263531520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-19 00:05:50 +01:00
Thierry Foucu
1c57b8ae3b libavformat/avidec: Extract more metadata from the header
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-10 16:37:37 +01:00
Anton Khirnov
cea7c19cda lavf: move AVStream.*index_entries* to AVStreamInternal
Those are private fields, no reason to have them exposed in a public
header. Since there are some (semi-)public fields located after these,
even though this section is supposed to be private, keep some dummy
padding there until the next major bump to preserve ABI compatibility.
2020-10-28 14:59:28 +01:00
Anton Khirnov
108864acee lavf: move AVStream.{request_probe,skip_to_keyframe} to AVStreamInternal
Those are private fields, no reason to have them exposed in a public
header.
2020-10-28 14:57:01 +01:00
Chris Miceli
0c90377a40 libavformat/avidec: check memory allocation
Memory allocation for AVIOContext should be checked. In this code,
all error conditions are sent to the "goto error".

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-14 21:11:49 +02:00
Andreas Rheinhardt
ea45d6e61a avformat/avidec: Fix memleak when error happens after creating DV stream
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-19 20:26:19 +02:00
Michael Niedermayer
cf0c700b0c avformat/avidec: Fix io_fsize overflow
Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long'
Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-05 17:48:59 +02:00
Andreas Rheinhardt
da44bbefaa avformat/avidec: Fix memleak with embedded GAB2 subtitles
The code for GAB2 subtitles predates refcounting AVPackets. So in order
to transfer the ownership of a packet's data pkt->data was simply stored
and the packet zeroed; in the end (i.e. in the read_close-function) this
data was then simply freed with av_freep(). This of course leads to a leak
of an AVBufferRef and an AVBuffer. It has been fixed by keeping and
eventually unreferencing the packet's buf instead.

Additionally, the packet is now reset via av_packet_unref().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-04-05 18:38:26 +02:00
Andreas Rheinhardt
de0b04551d avformat/avidec: Fix memleak when allocating DVDemuxContext fails
An AVIStream (intended to be used as private data for an AVStream) would
leak in this scenario.

Also return a more fitting error code instead of AVERROR_INVALIDDATA.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-04-05 18:30:50 +02:00
Andreas Rheinhardt
2084ea8c1d avformat/avidec: Fix memleak when DV demuxer is disabled
If one uses a build without dv demuxer, an AVIStream struct that is
destined to be used as private data for an AVStream by the avi demuxer
would leak, because it has been moved from the AVStream (that is going
to be freed) and only stored in a local variable (in order to be used
for another AVStream), but if the dv demuxer is disabled, the earlier
code returned immediately instead.

Also return a better error code in this scenario (instead of
AVERROR_INVALIDDATA).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-04-05 18:22:57 +02:00
Andreas Rheinhardt
7940655d14 avformat/avidec: Don't reimplement ff_free_stream()
Using ff_free_stream() makes the code more readable, more future-proof
(the old code freed AVCodecContexts and AVCodecParameters and its
substructures manually, so that there is a chance that there would be a
memleak for some time if new substructures were added) and reduces
code size.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-04-05 18:06:50 +02:00
Paul B Mahol
d4d74707fb avformat/avidec: recognize H265 fourcc as hevc
Fixes decoding of came2_2020-01-13__20-38-58_21-00-00__Chn2.avi
2020-03-12 18:57:39 +01:00
Michael Niedermayer
347920ca21 avformat/avidec: Avoid integer overflow in NI switch check
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
Fixes: Ticket8149

Found-by: Suhwan
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-02-16 15:13:25 +01:00
Andreas Rheinhardt
82d61a9ce3 avformat: Don't free old extradata before ff_alloc/get_extradata
These functions already free it themselves before they allocate the new
extradata.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-12 19:25:33 +01:00
Andreas Rheinhardt
c1e439d7e9 avformat: Forward errors where possible
It is not uncommon to find code where the caller thinks to know better
what the return value should be than the callee. E.g. something like
"if (av_new_packet(pkt, size) < 0) return AVERROR(ENOMEM);". This commit
changes several instances of this to instead forward the actual error.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-12 19:25:33 +01:00
Andreas Rheinhardt
982539a07a avformat/avidec: Remove superfluous header
bswap.h was included since 7b114c09, yet since 3788a3c0 no explicit use
of anything from bswap.h has been made, so remove this header.

(Only AV_RL32 is used and while this might imply swapping on
big-endian systems, it is contained in libavutil/intreadwrite.h.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-10-25 23:27:02 +02:00
Steven Liu
17236a2c40 avformat/avidec: add logging context to log
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2019-10-08 13:46:58 +08:00
Jun Zhao
3740bdee77 lavf/avidec: fix memory leak in error handling path
free the value in error handling path to avoid the memory leak.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-10 17:21:54 +02:00
Marton Balint
2e31774b40 avformat/avidec: add support for recognizing HEVC fourcc when demuxing
Some security cams generate this, as well as some versions of VirtualDub and
VLC so support for _reading_ such files is justified.

Fixes ticket #7110.

See also this discussion: https://patchwork.ffmpeg.org/patch/8744/

Signed-off-by: Marton Balint <cus@passwd.hu>
2019-08-31 17:38:25 +02:00
Carl Eugen Hoyos
ab648f79c8 lavf/avidec: Do not test for bitrate <= INT_MAX.
AVCodecContext->bit_rate is int64_t since 7404f3bd

Unbreaks non-interleaved detection of v210 4k avi files, broken since 0eec40b7.
Reported-by: Xavier Càmara, Centre de Conservació i Restauració, Filmoteca de Catalunya
2019-05-10 10:57:54 +02:00
Carl Eugen Hoyos
4d8875ec23 lavf: Constify the probe function argument.
Reviewed-by: Lauri Kasanen
Reviewed-by: Tomas Härdin
2019-03-21 11:42:17 +01:00
Carl Eugen Hoyos
3aa6208db9 lavf: Constify AVInputFormat pointer. 2019-03-20 18:52:38 +01:00
Paul B Mahol
6972dae5a4 avformat/avidec: fix demuxing of all keyframes of sample 200707170736151.avi 2018-08-21 12:14:44 +02:00
Michael Niedermayer
06e092e781 avformat/avidec: Fix integer overflow in cum_len check
Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long'
Fixes: Chromium bug 791237

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-03-10 02:44:45 +01:00
James Almer
ae100046ca avcodec/exif: remove GetByteContext usage from avpriv_exif_decode_ifd()
This prevents potential ABI issues with GetByteContext.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-10-26 00:45:49 -03:00
Anton Khirnov
78a7af823b Use the new AVIOContext destructor.
(cherry picked from commit 6f554521af)
Signed-off-by: James Almer <jamrial@gmail.com>
2017-09-01 02:16:33 -03:00
Michael Niedermayer
511e10f673 avformat/avidec: Move packet skip after prefix and related checks
This fixes loosing packets
Fixes: big.avi

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-11 12:07:08 +02:00
Michael Niedermayer
a5d849b149 avformat/avidec: Limit formats in gab2 to srt and ass/ssa
This prevents part of one exploit leading to an information leak

Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-31 02:32:42 +02:00
Michael Niedermayer
78f6ec32a3 avformat/avidec: Fix txts fmts parsing
Fixes: subtitle.avi from vlc/ticket/1162

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-31 02:32:42 +02:00
Clément Bœsch
bec96a7286 lavf: use av_fourcc2str() where appropriate 2017-03-29 14:49:29 +02:00
Clément Bœsch
cd4d6cba12 lavf: fix usages of av_get_codec_tag_string() 2017-03-29 14:49:29 +02:00
Clément Bœsch
1436769c57 Merge commit 'ca1e5eea0c7b72a6e30aa6488cfeced3a4853521'
* commit 'ca1e5eea0c7b72a6e30aa6488cfeced3a4853521':
  Remove some pointless TRACE level debug code

Merged-by: Clément Bœsch <u@pkh.me>
2017-03-24 13:23:52 +01:00
Clément Bœsch
554cc43ac6 Merge commit 'bad4aad4037f59ba0ad656164be9ab8f7a0fa2d4'
* commit 'bad4aad4037f59ba0ad656164be9ab8f7a0fa2d4':
  avidec: Do not special case palette on big-endian

This commit is a noop, see 64cafe340b

Merged-by: Clément Bœsch <u@pkh.me>
2017-03-23 11:26:32 +01:00
James Almer
4de591e6fb Merge commit '83548fe894cdb455cc127f754d09905b6d23c173'
* commit '83548fe894cdb455cc127f754d09905b6d23c173':
  lavf: fix usage of AVIOContext.seekable

Merged-by: James Almer <jamrial@gmail.com>
2017-03-21 17:02:30 -03:00
Tobias Rapp
5796048f6a avformat/avidec: clean-up identifier names
Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-01-03 13:46:55 +01:00
Tobias Rapp
6d579d7c1b avformat/avidec: skip odml master index chunks in avi_sync
Fixes pts gaps when reading AVI files > 256GiB generated by FFmpeg.

Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-23 21:47:47 +01:00
Andreas Cadhalpun
2c908f22c2 avidec: fix leaking extradata
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-30 02:22:50 +01:00
Diego Biurrun
ca1e5eea0c Remove some pointless TRACE level debug code
This also kills some warnings with certain compiler options.
2016-10-27 12:54:14 +02:00
Carl Eugen Hoyos
31a0a84216 lavf/avidec: Be more verbose when ignoring very large tag size. 2016-10-18 15:01:50 +02:00
Carl Eugen Hoyos
a20f3238be lavf/avidec: Do not fail for very large idx1 tags.
Fixes demuxing the sample file from github pull request 197,
the size of its idx1 tag is 6171936 bytes, followed by a JUNK
tag of 9505704 bytes.
2016-10-18 00:25:41 +02:00
Vittorio Giovara
bad4aad403 avidec: Do not special case palette on big-endian
This simplifies the code a bit, does not change output data in any way.
2016-10-02 15:42:03 -04:00
Vittorio Giovara
497c087939 avidec: Set palette alpha as fully opaque
Palette format is always in RGBA.
2016-10-02 15:42:03 -04:00
Anton Khirnov
83548fe894 lavf: fix usage of AVIOContext.seekable
It is supposed to be a flag. The only currently defined value is
AVIO_SEEKABLE_NORMAL, but other ones may be added in the future.
However all the current lavf code treats this field as a bool (mainly
for historical reasons).
Change all those cases to properly check for AVIO_SEEKABLE_NORMAL.
2016-09-30 16:54:33 +02:00
Michael Niedermayer
2679ad4773 avformat/avidec: Check nb_streams in read_gab2_sub()
Fixes null pointer dereference
Fixes: 1/null_point.avi

Found-by: 连一汉 <lianyihan@360.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-09-28 16:46:24 +02:00
Michael Niedermayer
14bac7e00d avformat/avidec: Remove ancient assert
This assert can with crafted files fail, a warning is already printed
for this case.

Fixes assertion failure
Fixes:1/assert.avi

Found-by: 连一汉 <lianyihan@360.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-09-28 16:46:24 +02:00
James Almer
aa0dc698db avformat/avidec: remove warning about deprecated declarations
Signed-off-by: James Almer <jamrial@gmail.com>
2016-09-25 16:03:21 -03:00
Michael Niedermayer
b98dafe045 avformat/avidec: Fix memleak with dv in avi
Found-by: 连一汉 <lianyihan@360.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-09-25 19:06:51 +02:00
Michael Niedermayer
e4e4a9cad7 avformat/avidec: Fix infinite loop in avi_read_nikon()
Fixes: 360/test.poc

Found-by: 连一汉 <lianyihan@360.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-09-02 13:57:40 +02:00
Clément Bœsch
8ef57a0d61 Merge commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb'
* commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb':
  cosmetics: Fix spelling mistakes

Merged-by: Clément Bœsch <u@pkh.me>
2016-06-21 21:55:34 +02:00
Michael Niedermayer
d08f2c172f avformat/avidec: Detect index with too short entries
Fixes Ticket5498

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-05-18 23:59:02 +02:00