Zane van Iperen
7a11cc29d6
avformat: add alp muxer
2020-10-25 23:44:26 +10:00
Zane van Iperen
5df7fd1cbe
avformat/alp: fix handling of TUN files
...
Sample rate is always 22050. Verified by trying various files in the game.
2020-10-25 23:44:25 +10:00
Michael Niedermayer
728330462c
avformat/rmdec: Make expected_len 64bit
...
Fixes: signed integer overflow: 1347551268 * 14 cannot be represented in type 'int'
Fixes: 26458/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5655364324032512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-25 09:49:40 +01:00
Michael Niedermayer
b23a619c13
avformat/pcm: Check block_align
...
Fixes: signed integer overflow: 321 * 8746632 cannot be represented in type 'int'
Fixes: 26461/clusterfuzz-testcase-minimized-ffmpeg_dem_PVF_fuzzer-6326427831762944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-25 09:49:31 +01:00
Michael Niedermayer
80bc2ac3c0
avformat/lrcdec: Clip timestamps
...
Fixes: signed integer overflow: 7111111111111531010 - -7335632962598013506 cannot be represented in type 'long'
Fixes: 26463/clusterfuzz-testcase-minimized-ffmpeg_dem_LRC_fuzzer-6015558333759488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-25 09:49:26 +01:00
Michael Niedermayer
857aba7c45
avformat/electronicarts: Check for EOF in each iteration of the loop in ea_read_packet()
...
Fixes: timeout(>20sec -> 1ms)
Fixes: 26526/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-5672328069120000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-25 09:05:01 +01:00
Michael Niedermayer
b990148d1e
avformat/ifv: Check that total frames do not overflow
...
Fixes: Infinite loop
Fixes: 26392/clusterfuzz-testcase-minimized-ffmpeg_dem_GIF_fuzzer-5713658237419520
Fixes: 26435/clusterfuzz-testcase-minimized-ffmpeg_dem_SUBVIEWER_fuzzer-6548251853193216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-24 19:11:12 +02:00
Michael Niedermayer
7c144b363e
avformat/nistspheredec: Check bps
...
Fixes: left shift of 1111111190 by 3 places cannot be represented in type 'int'
Fixes: 26437/clusterfuzz-testcase-minimized-ffmpeg_dem_NISTSPHERE_fuzzer-4886896091856896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-24 19:11:12 +02:00
Michael Niedermayer
715ff75e5d
avformat/jacosubdec: Use 64bit inside get_shift()
...
Fixes: signed integer overflow: 111111111 * 30 cannot be represented in type 'int'
Fixes: 26448/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5638440374501376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-24 19:11:12 +02:00
Michael Niedermayer
37396e9ba8
avformat/genh: Check block_align
...
Fixes: infinite loop
Fixes: 26440/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5632134020333568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-24 19:11:12 +02:00
Michael Niedermayer
a413ed9863
avformat/mvi: Check count for overflow
...
Fixes: left shift of 21378748 by 10 places cannot be represented in type 'int'
Fixes: 26449/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5680463374712832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-24 19:11:12 +02:00
Michael Niedermayer
209b9ff5c3
avformat/asfdec_f: Check for negative ext_len
...
Fixes: Infinite loop
Fixes: 26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016
Fixes: 26377/clusterfuzz-testcase-minimized-ffmpeg_dem_TY_fuzzer-4838195726123008
Fixes: 26384/clusterfuzz-testcase-minimized-ffmpeg_dem_G729_fuzzer-5173450337157120
Fixes: 26396/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_S24BE_fuzzer-5071092206796800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-23 10:07:57 +02:00
Michael Niedermayer
50b29f081e
avformat/bethsoftvid: Check image dimensions before use
...
Fixes: signed integer overflow: 55255 * 53207 cannot be represented in type 'int'
Fixes: 26387/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS2_fuzzer-5684222226071552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-23 10:07:57 +02:00
Michael Niedermayer
c95b47e18f
avformat/genh: Check block_align for how it will be used in SDX2_DPCM
...
Fixes: signed integer overflow: 19922944 * 1024 cannot be represented in type 'int'
Fixes: 26402/clusterfuzz-testcase-minimized-ffmpeg_dem_VMD_fuzzer-5745470053548032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-23 10:07:57 +02:00
Michael Niedermayer
e680d50eb4
avformat/au: Check for EOF in au_read_annotation()
...
Fixes: Timeout (too looong -> 1 ms)
Fixes: 26366/clusterfuzz-testcase-minimized-ffmpeg_dem_SDX_fuzzer-5655584843759616
Fixes: 26391/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-5484026133217280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-23 10:07:57 +02:00
Michael Niedermayer
c7a5face77
avformat/vividas: Check for zero v_size
...
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26482/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-4905102324006912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-23 09:47:12 +02:00
Michael Niedermayer
d34e4904cd
avformat/segafilm: Do not assume AV_CODEC_ID_NONE is 0
...
Suggested-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-22 18:51:27 +02:00
Michael Niedermayer
c0d7fd269b
avformat/segafilm: Check that there is a stream
...
Fixes: assertion failure
Fixes: 26472/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5759751591559168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-22 18:51:27 +02:00
Limin Wang
6fb2bdd1d0
avformat/udp: cosmetics
...
Signed-off-by: Limin Wang <lance.lmwang@gmail.com >
2020-10-22 20:53:57 +08:00
Limin Wang
2676277b6d
avformat/udp: clarify option description for timeout unit
...
Signed-off-by: Limin Wang <lance.lmwang@gmail.com >
2020-10-22 20:53:56 +08:00
Limin Wang
784ce1c294
avformat/rtsp: reuse POLLING_TIME and remove POLL_TIMEOUT_MS
...
Signed-off-by: Limin Wang <lance.lmwang@gmail.com >
2020-10-22 20:53:56 +08:00
Limin Wang
92c40ef882
avformat/rtsp: support for listen_timeout option for sdp
...
Now the listen timeout is hardcoded(10s).
How to test(30s timeout):
./ffprobe -listen_timeout 30 -protocol_whitelist rtp,udp,file -i test.sdp
Signed-off-by: Limin Wang <lance.lmwang@gmail.com >
2020-10-22 20:53:56 +08:00
Limin Wang
2aceae1438
avformat/rtpproto: support for rtp read timeout
...
then we can set the rtp read timeout instead of infinite timeout.
How to test(5s timeout):
./ffprobe -i rtp://192.168.1.67:1234?timeout=5000000
Signed-off-by: Limin Wang <lance.lmwang@gmail.com >
2020-10-22 20:53:56 +08:00
bevis
de59826703
libavformat/hls: use local var url for log to avoid crash
...
During operation, the user exits and interrupts,
causing pls->segment to be released,
resulting in a null pointer crash
Signed-off-by: bevis <javashu2012@gmail.com >
Signed-off-by: Steven Liu <lq@chinaffmpeg.org >
2020-10-22 17:13:15 +08:00
Michael Niedermayer
1868cb7316
avformat/wtvdec: Check dir_length
...
Fixes: Infinite loop
Fixes: 26445/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5125558331244544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-21 17:21:41 +02:00
Michael Niedermayer
a927128617
avformat/ffmetadec: finalize AVBPrint on errors
...
Fixes: memleak
Fixes: 26450/clusterfuzz-testcase-minimized-ffmpeg_dem_FFMETADATA_fuzzer-6249850443923456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-21 17:21:41 +02:00
Zane van Iperen
53ac499f01
avformat/riff: prevent muxing adpcm_swf with a variable block size
...
Prefer to error than to create a broken file. Closes ticket #5829 .
Effectively disables remuxing adpcm_swf from flv -> wav.
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com >
2020-10-21 11:23:23 +10:00
Chris Miceli
be852803eb
libavformat/utils: Fix misleading indent
...
6f69f7a8bfmichael@niedermayer.cc >
2020-10-20 15:33:13 +02:00
Michael Niedermayer
44ff5a1bff
avformat/boadec: Check that channels and block_align are set
...
Fixes: Infinite loop
Fixes: 26381/clusterfuzz-testcase-minimized-ffmpeg_dem_BOA_fuzzer-5745789089087488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-20 15:33:13 +02:00
Michael Niedermayer
2be51d14f2
avformat/av1dec: Fix padding in obu_get_packet()
...
Fixes: stack buffer overflow (read)
Fixes: 26369/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5721057325219840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-20 15:33:13 +02:00
Michael Niedermayer
0d088a47ca
avformat/asfdec_f: Check name_len for overflow
...
Fixes: signed integer overflow: -1172299744 * 2 cannot be represented in type 'int'
Fixes: 26258/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5672758488596480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-20 15:33:13 +02:00
Andreas Rheinhardt
fe2be5d9ce
avformat/hlsenc: Fix check for SPS
...
Check all the six bits, not only the two bits that are set for SPS.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
2020-10-20 13:00:04 +02:00
Andreas Rheinhardt
c4f65611bc
avformat/hlsenc: Fix mixed declaration and code
...
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
2020-10-20 12:55:22 +02:00
Andreas Rheinhardt
1ba174f461
avformat/hlsenc: Don't use uninitialized buffer in av_stristr()
...
Introduced in a2b1dd0ce3andreas.rheinhardt@gmail.com >
2020-10-20 12:52:49 +02:00
Andreas Rheinhardt
96ad55df5b
avformat/hlsenc: Fix extradata length check
...
Commit a2b1dd0ce3andreas.rheinhardt@gmail.com >
2020-10-20 12:43:16 +02:00
Michael Niedermayer
685ed1cbd1
avformat/sbgdec: Check for timestamp overflow in parse_time_sequence()
...
Fixes: signed integer overflow: 3458015007900000256 + 6425686373040000000 cannot be represented in type 'long'
Fixes: 26430/clusterfuzz-testcase-minimized-ffmpeg_dem_BRSTM_fuzzer-5761175004119040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-20 10:27:31 +02:00
Steven Liu
a2b1dd0ce3
avformat/hlsenc: support CODECS Attribute in hevc EXT-X-STREAM-INF
...
fix ticket: 8904
parse the SPS from extradata and get profile_tier_level
write the profile_tier_level info into CODECS Attribute
HLS CODECS Attribute reference to :https://developer.apple.com/documentation/http_live_streaming/hls_authoring_specification_for_apple_devices/hls_authoring_specification_for_apple_devices_appendixes
Signed-off-by: Steven Liu <lq@chinaffmpeg.org >
Signed-off-by: liuqi05 <liuqi05@kuaishou.com >
2020-10-20 11:41:44 +08:00
Steven Liu
b5ca8f2c66
avformat/hlsenc: compute video_keyframe_size after write keyframe
...
fix ticket: 8636
When write keyframe and the keyframe is the frist packet of the segment,
then compute the size of the keyframe which have been write into segment
first packet. and set the start position of the segment, should not use
avio_tell(vs->out) to get the keyframe position, because it can be set
to 0 if close at above of the workflow, that maybe inaccurate, but the
start_pos can be used here, because start_pos is set after write
the previous packet.
Signed-off-by: Steven Liu <lq@chinaffmpeg.org >
Signed-off-by: liuqi05 <liuqi05@kuaishou.com >
2020-10-20 11:41:44 +08:00
Steven Liu
1ee52b2b6c
avformat/dashdec: check the root url length
...
if the length of the root url is 0, unnecessary process the root_url
Signed-off-by: Steven Liu <lq@chinaffmpeg.org >
Signed-off-by: liuqi05 <liuqi05@kuaishou.com >
2020-10-20 11:41:44 +08:00
Steven Liu
a424671e4f
avformat/hlsenc: process hls_time value too small sence
...
The target duration will be a negative value when there are
some b frames after prevous frame, the pts after current packet
is large than the pts of current packet, so the target duration
will compute as 0.040000 - 0.080000, then the value of the target
duration will be -0.040000. so hls muxer should check the pts after
current packet minus the pts of current packet, hls muxer can split
the stream as a segment if the target duration is neither negative nor
zero, hls muxer cannot split the stream as a segment if the
target duration is either negative or zero then get the next packet
until the target duration is not negative or zero.
Signed-off-by: Steven Liu <lq@chinaffmpeg.org >
Suggested-by: Zhili Zhao <quinkblack@foxmail.com >
Signed-off-by: liuqi05 <liuqi05@kuaishou.com >
2020-10-20 11:41:44 +08:00
James Almer
bddf53841a
avformat/options: use the iterate API in format_child_class_next()
...
Signed-off-by: James Almer <jamrial@gmail.com >
2020-10-19 11:54:45 -03:00
Michael Niedermayer
7ac87a2c34
avformat/kvag: Fix integer overflow in bitrate computation
...
Fixes: signed integer overflow: 1077952576 * 4 cannot be represented in type 'int'
Fixes: 26152/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5674758518341632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-18 21:27:23 +02:00
Michael Niedermayer
3162482a14
avformat/ape: Remove seektable and bittable
...
Suggested-by: Andreas
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-18 20:42:20 +02:00
Michael Niedermayer
aee8477c6b
avformat/rmdec: sanity check coded_framesize
...
Fixes: signed integer overflow: -14671840 * 8224 cannot be represented in type 'int'
Fixes: 24793/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5101884323659776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-18 20:42:20 +02:00
Michael Niedermayer
33624f4f2e
avformat/flvdec: Check for EOF in amf_parse_object()
...
Fixes: Timeout (too long -> 1ms)
Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-17 14:36:11 +02:00
Michael Niedermayer
3300f5c133
avformat/icodec: Change order of operations to avoid NULL dereference
...
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-10-17 14:36:11 +02:00
Brad Hards
fcec7a6848
avformat/mpegts: replace magic descriptor_tag values with defines
...
This takes the used values from ISO/IEC 13818-1 Table 2-45 and adds
them to the mpegts.h header. No functional changes.
Signed-off-by: Brad Hards <bradh@frogmouth.net >
Signed-off-by: Marton Balint <cus@passwd.hu >
2020-10-16 23:31:45 +02:00
Zhao Zhili
15a74d21f3
avformat/udp: remove redundant setting of h->max_packet_size
...
h->max_packet_size is being reset in the following code.
Signed-off-by: Marton Balint <cus@passwd.hu >
2020-10-16 23:16:55 +02:00
Marton Balint
f076a5fef6
Revert "aviobuf: Discard old buffered, previously read data in ffio_read_partial"
...
This is unneeded after 2ca48e466653c25ee073cus@passwd.hu >
2020-10-16 23:16:46 +02:00
Marton Balint
fb0304fcc9
avformat/libsrt: fix cleanups on failed libsrt_open() and libsrt_setup()
...
- Call srt_epoll_release() to avoid fd leak on libsrt_setup() error.
- Call srt_cleanup() on libsrt_open() failure.
- Fix return value and method on mode parsing failure.
Based on a patch by Nicolas Sugino <nsugino@3way.com.ar >.
Signed-off-by: Marton Balint <cus@passwd.hu >
2020-10-16 23:15:09 +02:00
