Commit Graph

8063 Commits

Author SHA1 Message Date
Tomas Härdin
df2a85085e mxfdec: Sanity check PreviousPartition
Without this certain files could get the demuxer stuck in a loop.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-02-09 12:54:05 +01:00
Tomas Härdin
11800c8c89 mxfdec: Never seek back in local sets and KLVs
Specially crafted files can lead the parsing code to take too long.
We fix a lot of these problems by not allowing local tags to extend
past the end of the set and not allowing other KLVs to be read past
the end of themselves.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-02-09 12:46:12 +01:00
Tomas Härdin
687e2fdebd mxfdec: Move the current_partition check inside mxf_read_header()
This fixes SIGSEGV on files where this is the case, such as zzuf4.mxf.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-02-09 12:43:47 +01:00
Tomas Härdin
e352c96c17 mxfdec: Fix infinite loop in mxf_packet_timestamps()
This can happen if an index table segment has a very large IndexStartPosition.
zzuf3.mxf is an example of such a file.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-02-09 12:42:59 +01:00
Tomas Härdin
0373ec635d mxfdec: Check eof_reached in mxf_read_local_tags()
This fixes an infinite loop with zzuf2.mxf.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-02-09 12:41:50 +01:00
Tomas Härdin
effe3b9575 mxfdec: Check for NULL component
This fixes a SIGSEGV with zzuf1.mxf.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-02-09 12:41:50 +01:00
Tomas Härdin
29fc8f50cd mxfdec: Make sure mxf->nb_index_tables > 0 in mxf_packet_timestamps()
Only the OPAtom demuxing logic is guaranteed to have index tables,
meaning OP1a files that lack an index would cause SIGSEGV.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-02-09 12:41:42 +01:00
Tomas Härdin
a3923482f2 mxfdec: Make sure x < index_table->nb_ptses
Avoids a SIGSEGV on files with IndexEntryCount < IndexDuration.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-02-09 12:40:34 +01:00
Paul B Mahol
a16c3a07a6 apetag: fix comment
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2012-02-08 21:47:12 -05:00
Diego Biurrun
32f3c541bc doxygen: Do not include license boilerplates in Doxygen comment blocks. 2012-02-06 19:39:24 +01:00
Justin Ruggles
f1c3d4a68a ape: skip packets with invalid size 2012-02-06 13:22:01 -05:00
Justin Ruggles
ac3f8d317c ape: calculate final packet size instead of guessing
Calculates based on total file size and wavetaillength from the header.
Falls back to multiplying finalframeblocks by 8 instead of 4 so that it will
at least be overestimating for 24-bit. Currently it can underestimate the
final packet size, leading to decoding errors.
2012-02-06 13:22:01 -05:00
Justin Ruggles
c2c316158f ape: stop reading after the last frame has been read
This avoids buffer overread when the last packet size estimate is too small.
2012-02-06 13:09:11 -05:00
Justin Ruggles
66f7be3603 ape: return AVERROR_EOF instead of AVERROR(EIO) when demuxing is finished 2012-02-06 13:09:11 -05:00
Justin Ruggles
1bc035bc03 ape: return error if seeking to the current packet fails in ape_read_packet() 2012-02-06 13:09:11 -05:00
Paul B Mahol
86b57e4efe ape: fix seeking
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2012-02-04 14:32:33 -05:00
Alex Converse
29a20ac4a1 movdec: Avoid av_malloc(0) in stss
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-02-03 10:44:04 -08:00
Anton Khirnov
d2afbd9a56 frame{crc/md5}: set the stream timebase from codec timebase.
Right now those muxers use the default timebase in all cases(1/90000).

This patch avoid unnecessary rescaling and makes the printed timestamps
more readable.

Also, extend the printed information to include the timebases and packet
pts/duration and align the columns.

Obviously changes the results of all fate tests which use those two
muxers.
2012-02-03 09:29:02 +01:00
Martin Storsjö
89415b8e3f movdec: Parse the dvc1 atom
Normally, the actual payload data contains sequence headers, too,
and the parser can extract this and set it as extradata. However,
the data in the dvc1 atom is the "official" extradata for the file.

This is required for proper stream copy of vc1 from ismv to ismv.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-02-02 21:39:27 +02:00
Janne Grunau
7f19bdc2a2 movdec: fix dts generation in fragmented files
Do not use AVStream's duration for dts generation since it contains in
some cases the duration of the whole file instead of duration of the
samples in the moov. This happens if the mdhd holds the duration of the
whole file but has no entries or a zero duration in its stts.
2012-02-02 17:39:13 +01:00
Alex Converse
2d1c0dea5f dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936.
Found with asan.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-31 18:32:13 -08:00
Michael Niedermayer
5a396bb3a6 dv: Fix null pointer dereference due to ach=0
dv: Fix null pointer dereference due to ach=0

Fixes part2 of CVE-2011-3929

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-31 18:32:13 -08:00
Michael Niedermayer
635bcfccd4 dv: check stype
dv: check stype

Fixes part1 of CVE-2011-3929
Possibly fixes part of CVE-2011-3936

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-31 18:32:13 -08:00
Alex Converse
c0bc7bd1e7 swfdec: Simplify sample rate calculation. 2012-01-31 15:55:46 -08:00
Anton Khirnov
dd6d3b0e02 lavf: add functions for accessing the fourcc<->CodecID mapping tables.
Fixes bug 212.
2012-01-31 16:53:35 +01:00
Anton Khirnov
bc90199848 lavc: set AVCodecContext.codec in avcodec_get_context_defaults3().
This way, if the AVCodecContext is allocated for a specific codec, the
caller doesn't need to store this codec separately and then pass it
again to avcodec_open2().

It also allows to set codec private options using av_opt_set_* before
opening the codec.
2012-01-31 16:53:35 +01:00
Anton Khirnov
af08d9aeea lavc: add avcodec_is_open().
It allows to check whether an AVCodecContext is open in a documented
way. Right now the undocumented way this check is done in lavf/lavc is
by checking whether AVCodecContext.codec is NULL. However it's desirable
to be able to set AVCodecContext.codec before avcodec_open2().
2012-01-31 07:55:24 +01:00
Anton Khirnov
f7fe41a04f lavf: rename AVInputFormat.value to raw_codec_id.
It's only used by raw demuxers for storing the codec id.
2012-01-31 07:50:31 +01:00
Anton Khirnov
9a463917d3 lavf: remove the pointless value field from flv and iv8
The demuxers don't use it in any way.
2012-01-31 07:48:03 +01:00
Anton Khirnov
afa4069e3b lavc/lavf: remove unnecessary symbols from the symbol version script. 2012-01-31 07:26:31 +01:00
Anton Khirnov
183eaa9a25 lavf: reorder AVInput/OutputFormat fields.
Put all private fields at the end and mark them as such so they can be
easily changed/removed.

This breaks ABI.
2012-01-31 07:21:06 +01:00
Martin Storsjö
75ab1e62d4 movdec: Ignore sample_degradation_priority bits when checking first_sample_flags
This makes the first packet of a track fragment run to get
the keyframe flag set properly if sample_degradation_priority
is nonzero.

This makes the keyframes flag be set properly for ismv files
created by Microsoft.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-31 00:13:31 +02:00
Martin Storsjö
89f6e8a20c flvdec: Interpret a toplevel 'object' type metadata item as normal metadata, too
Previously, we've only passed the key string on to the recursive
amf_parse_object for the mixedarray type, not for 'object'. By
passing the key string on, the recursive amf_parse_object can
store the amf objects as metadata.

This kind of data was seen in data from XSplit Broadcaster, received
over RTMP via Wowza. This patch allows reading this metadata.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-30 23:34:47 +02:00
Alex Converse
c898431ca5 nsvdec: Propagate errors
Related to CVE-2011-3940.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-01-30 10:15:41 -08:00
Alex Converse
8fd8a48263 nsvdec: Be more careful with av_malloc().
Check results for av_malloc() and fix an overflow in one call.

Related to CVE-2011-3940.

Based in part on work from Michael Niedermayer.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-01-30 10:15:19 -08:00
Michael Niedermayer
6a89b41d97 nsvdec: Fix use of uninitialized streams.
Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write)

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5c011706bc)

Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-30 10:14:06 -08:00
Martin Storsjö
b7d3dd907f movenc: cosmetics: Get rid of camelCase identifiers
Also add spacing around operators on touched lines, and split
one line to match the common style.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-30 19:24:39 +02:00
Diego Biurrun
a846202343 rtsp: Remove some unused variables from ff_rtsp_connect(). 2012-01-30 10:19:47 +01:00
Rafaël Carré
420df8b7c4 avformat_write_header(): detail error message
Give the exact aspect ratios when there is a mismatch between encoder
and muxer.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-01-30 07:32:57 +01:00
Mike Melanson
cc09dc7863 s/vbsf/bsf/
-vbsf doesn't exist anymore. It got renamed to -bsf somewhere along the
line. Update print statement accordingly.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-01-30 07:30:21 +01:00
Mike Melanson
b864b38397 yuv4mpeg: allow YUV4MPEG2 demuxer to recognize 'C420' colorspace.
Current demuxer recognizes several colorspace formats that begin with 'C420'
but does not yet recognize plain 'C420'. GStreamer's y4menc component
generates .y4m files with a 'C420' colorspace. This new comparison is
placed after the other 'C420' checks so that it doesn't interfere with
them.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-01-30 07:30:21 +01:00
Alex Converse
7181c4edee cosmetics: Remove extra newlines at EOF 2012-01-27 17:19:09 -08:00
Martin Storsjö
e771e6dd63 movenc: Allow writing to a non-seekable output if using empty moov
In this mode, no seeks will be done except for within moov/moof
fragments, which should fit within the AVIOContext buffer.

This allows pushing live smooth streaming format data to
a live publishing point on IIS over http.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-27 21:12:41 +02:00
Martin Storsjö
f532210499 movenc: Support adding isml (smooth streaming live) metadata
This metadata is required for pushing a live stream to an IIS
publishing point.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-27 21:12:28 +02:00
Anton Khirnov
c5254755c0 lavf: remove disabled FF_API_SET_PTS_INFO cruft 2012-01-27 10:52:43 +01:00
Anton Khirnov
374e469b8d lavf: remove disabled FF_API_OLD_INTERRUPT_CB cruft 2012-01-27 10:52:43 +01:00
Anton Khirnov
bf868727d7 lavf: remove disabled FF_API_REORDER_PRIVATE cruft 2012-01-27 10:52:43 +01:00
Anton Khirnov
fd87ba3220 lavf: remove disabled FF_API_SEEK_PUBLIC cruft 2012-01-27 10:52:43 +01:00
Anton Khirnov
bd4c51312b lavf: remove disabled FF_API_STREAM_COPY cruft 2012-01-27 10:52:43 +01:00
Anton Khirnov
2a0f868cfa lavf: remove disabled FF_API_PRELOAD cruft 2012-01-27 10:52:43 +01:00