Commit Graph

19 Commits

Author SHA1 Message Date
Michael Niedermayer
4f05e2e2dc avformat/mvdec: Fix DoS due to lack of eof check
Fixes: loop.mv

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-27 19:23:37 +02:00
James Almer
4de591e6fb Merge commit '83548fe894cdb455cc127f754d09905b6d23c173'
* commit '83548fe894cdb455cc127f754d09905b6d23c173':
  lavf: fix usage of AVIOContext.seekable

Merged-by: James Almer <jamrial@gmail.com>
2017-03-21 17:02:30 -03:00
Andreas Cadhalpun
2c818c3821 mvdec: validate sample_rate
A negative sample rate doesn't make sense and triggers assertions in
av_rescale_rnd.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-07 00:51:49 +01:00
Anton Khirnov
83548fe894 lavf: fix usage of AVIOContext.seekable
It is supposed to be a flag. The only currently defined value is
AVIO_SEEKABLE_NORMAL, but other ones may be added in the future.
However all the current lavf code treats this field as a bool (mainly
for historical reasons).
Change all those cases to properly check for AVIO_SEEKABLE_NORMAL.
2016-09-30 16:54:33 +02:00
Derek Buitenhuis
6f69f7a8bf Merge commit '9200514ad8717c63f82101dc394f4378854325bf'
* commit '9200514ad8717c63f82101dc394f4378854325bf':
  lavf: replace AVStream.codec with AVStream.codecpar

This has been a HUGE effort from:
    - Derek Buitenhuis <derek.buitenhuis@gmail.com>
    - Hendrik Leppkes <h.leppkes@gmail.com>
    - wm4 <nfxjfg@googlemail.com>
    - Clément Bœsch <clement@stupeflix.com>
    - James Almer <jamrial@gmail.com>
    - Michael Niedermayer <michael@niedermayer.cc>
    - Rostislav Pehlivanov <atomnuker@gmail.com>

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-10 20:59:55 +01:00
Anton Khirnov
9200514ad8 lavf: replace AVStream.codec with AVStream.codecpar
Currently, AVStream contains an embedded AVCodecContext instance, which
is used by demuxers to export stream parameters to the caller and by
muxers to receive stream parameters from the caller. It is also used
internally as the codec context that is passed to parsers.

In addition, it is also widely used by the callers as the decoding (when
demuxer) or encoding (when muxing) context, though this has been
officially discouraged since Libav 11.

There are multiple important problems with this approach:
    - the fields in AVCodecContext are in general one of
        * stream parameters
        * codec options
        * codec state
      However, it's not clear which ones are which. It is consequently
      unclear which fields are a demuxer allowed to set or a muxer allowed to
      read. This leads to erratic behaviour depending on whether decoding or
      encoding is being performed or not (and whether it uses the AVStream
      embedded codec context).
    - various synchronization issues arising from the fact that the same
      context is used by several different APIs (muxers/demuxers,
      parsers, bitstream filters and encoders/decoders) simultaneously, with
      there being no clear rules for who can modify what and the different
      processes being typically delayed with respect to each other.
    - avformat_find_stream_info() making it necessary to support opening
      and closing a single codec context multiple times, thus
      complicating the semantics of freeing various allocated objects in the
      codec context.

Those problems are resolved by replacing the AVStream embedded codec
context with a newly added AVCodecParameters instance, which stores only
the stream parameters exported by the demuxers or read by the muxers.
2016-02-23 17:01:58 +01:00
Michael Niedermayer
26c0cc154e avformat/mvdec: Use 64bit for ret to avoid overflow
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-20 20:41:35 +01:00
Michael Niedermayer
f1c21a200b avformat/mvdec: Check size in read_table() for validity
This check is redundant with the previous commit but it provides
better error messages and feedback while the previous commit
ensures that var_read_string() doesnt return uninitialized arrays
if it itself is feeded with an invalid size possibly through a
different future codepath.

Fixes: asan_heap-oob_49b1e5_12_011.movie
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-10-28 17:51:14 +01:00
Michael Niedermayer
86e5749285 avformat/mvdec: Check size for validity in var_read_string()
Fixes out of array read
Fixes: asan_heap-oob_49b1e5_12_011.movie
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-10-28 17:06:16 +01:00
Michael Niedermayer
01a39a978c Merge commit '55ddd700c67529ff2c6c4e976673f1341bba7a82'
* commit '55ddd700c67529ff2c6c4e976673f1341bba7a82':
  Silicon Graphics Movie demuxer

Conflicts:
	Changelog
	libavformat/mvdec.c
	libavformat/version.h

See: 6fb40779cd
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-04-19 20:17:33 +02:00
Peter Ross
55ddd700c6 Silicon Graphics Movie demuxer
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2014-04-19 16:24:27 +02:00
Paul B Mahol
a9b424879f lavc & lavf: replace deprecated av_log* functions
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2013-03-15 18:10:28 +00:00
Michael Niedermayer
5de286ef88 mvdec: check var_read_string() return value
Prevent null pointer dereference

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-01-27 02:15:02 +01:00
Michael Niedermayer
362271d72f mvdec: Check the frame counter against the correct limit.
fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-01-27 02:11:19 +01:00
Michael Niedermayer
b89815f519 mvdec: check channel count.
Fixes division by 0

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-01-22 23:06:49 +01:00
Michael Niedermayer
e6cc3c869b mvdec: minor simplification, remove av_inv_q()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-01-22 22:52:23 +01:00
Michael Niedermayer
4c9f35bb7c mvdec: use avpriv_set_pts_info() instead of directly setting tb.
Fixes division by 0

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-01-22 22:41:09 +01:00
Michael Niedermayer
70d5cd103a mcdec: suppress "warning: a/vst may be used uninitialized in this function"
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-12-24 18:31:37 +01:00
Peter Ross
6fb40779cd Silicon Graphics Movie (.mv) demuxer
Signed-off-by: Peter Ross <pross@xvid.org>
2012-12-17 20:37:54 +11:00