summaryrefslogtreecommitdiff
path: root/libavformat/avidec.c
Commit message (Collapse)AuthorAgeFilesLines
* avformat/avidec: Prevent entity expansion attacksMichael Niedermayer2022-09-261-1/+11
| | | | | | | | | Fixes: Timeout Fixes no testcase, this is the same idea as similar attacks against XML parsers Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f3e823c2aa04d4f5571a5e04c27a244890704c8d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Check heightMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: Ticket8486 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ec8ff659f57786c4cb089b07dfeab7e5cbab8d52) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Check read_odml_index() for failureMichael Niedermayer2022-04-061-2/+5
| | | | | | | | | | Fixes: Timeout Fixes: 40950/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6478873068437504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 57adb26d058490daf2c5d6ddd3cf0cf2d2212256) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* oavformat/avidec: Check offset in odmlMichael Niedermayer2021-10-201-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long' Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 255a7b423ed5e07536bdc72e993056daa4efe009) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Use 64bit for frame number in odml index parsingMichael Niedermayer2021-10-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int' Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a4c98c507ed3c729fc92d641b974385f8aa37b33) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: fix position overflow in avi_load_index()Michael Niedermayer2021-10-061-1/+4
| | | | | | | | | | Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 527821a2dd6f19d9a4d2abe05833346ae86c66c6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Check for dv streams before using priv_data in parse ##dc/##wbMichael Niedermayer2021-10-061-1/+1
| | | | | | | | | | | Fixes: null pointer dereference Fixes: 31588/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6165716135968768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f733688d30021587c3f3a1b280d6ece8b04f26ff) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Fix memleak when error happens after creating DV streamAndreas Rheinhardt2021-02-271-14/+17
| | | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit ea45d6e61a8562fa8094499d2b052ba2e3ce8f6b)
* avformat/avidec: Use 64bit in get_duration()Michael Niedermayer2021-02-201-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483424 + 8224 cannot be represented in type 'int' Fixes: 29619/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5191424373030912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a0ceb0cdd41b56241697cd8f83e22cdb4822d2d9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: dv does not support palettesMichael Niedermayer2021-02-021-2/+3
| | | | | | | | | | Fixes: memleak Fixes: 26937/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5763003338981376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1b373b41d940e3058cdfb3d17703e23ed665353c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Fix io_fsize overflowMichael Niedermayer2021-02-021-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long' Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cf0c700b0c25f5d9fe50dd27086a06812822f11a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Fix memleak with embedded GAB2 subtitlesAndreas Rheinhardt2020-04-051-4/+5
| | | | | | | | | | | | | The code for GAB2 subtitles predates refcounting AVPackets. So in order to transfer the ownership of a packet's data pkt->data was simply stored and the packet zeroed; in the end (i.e. in the read_close-function) this data was then simply freed with av_freep(). This of course leads to a leak of an AVBufferRef and an AVBuffer. It has been fixed by keeping and eventually unreferencing the packet's buf instead. Additionally, the packet is now reset via av_packet_unref(). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/avidec: Fix memleak when allocating DVDemuxContext failsAndreas Rheinhardt2020-04-051-3/+6
| | | | | | | | | An AVIStream (intended to be used as private data for an AVStream) would leak in this scenario. Also return a more fitting error code instead of AVERROR_INVALIDDATA. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/avidec: Fix memleak when DV demuxer is disabledAndreas Rheinhardt2020-04-051-3/+4
| | | | | | | | | | | | | | If one uses a build without dv demuxer, an AVIStream struct that is destined to be used as private data for an AVStream by the avi demuxer would leak, because it has been moved from the AVStream (that is going to be freed) and only stored in a local variable (in order to be used for another AVStream), but if the dv demuxer is disabled, the earlier code returned immediately instead. Also return a better error code in this scenario (instead of AVERROR_INVALIDDATA). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/avidec: Don't reimplement ff_free_stream()Andreas Rheinhardt2020-04-051-15/+2
| | | | | | | | | | Using ff_free_stream() makes the code more readable, more future-proof (the old code freed AVCodecContexts and AVCodecParameters and its substructures manually, so that there is a chance that there would be a memleak for some time if new substructures were added) and reduces code size. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/avidec: recognize H265 fourcc as hevcPaul B Mahol2020-03-121-0/+3
| | | | Fixes decoding of came2_2020-01-13__20-38-58_21-00-00__Chn2.avi
* avformat/avidec: Avoid integer overflow in NI switch checkMichael Niedermayer2020-02-161-3/+4
| | | | | | | | | Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long' Fixes: Ticket8149 Found-by: Suhwan Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat: Don't free old extradata before ff_alloc/get_extradataAndreas Rheinhardt2019-12-121-2/+0
| | | | | | | | These functions already free it themselves before they allocate the new extradata. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat: Forward errors where possibleAndreas Rheinhardt2019-12-121-4/+6
| | | | | | | | | | It is not uncommon to find code where the caller thinks to know better what the return value should be than the callee. E.g. something like "if (av_new_packet(pkt, size) < 0) return AVERROR(ENOMEM);". This commit changes several instances of this to instead forward the actual error. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Remove superfluous headerAndreas Rheinhardt2019-10-251-1/+0
| | | | | | | | | | | bswap.h was included since 7b114c09, yet since 3788a3c0 no explicit use of anything from bswap.h has been made, so remove this header. (Only AV_RL32 is used and while this might imply swapping on big-endian systems, it is contained in libavutil/intreadwrite.h.) Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: add logging context to logSteven Liu2019-10-081-7/+7
| | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
* lavf/avidec: fix memory leak in error handling pathJun Zhao2019-09-101-1/+3
| | | | | | | free the value in error handling path to avoid the memory leak. Signed-off-by: Jun Zhao <barryjzhao@tencent.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: add support for recognizing HEVC fourcc when demuxingMarton Balint2019-08-311-0/+3
| | | | | | | | | | | Some security cams generate this, as well as some versions of VirtualDub and VLC so support for _reading_ such files is justified. Fixes ticket #7110. See also this discussion: https://patchwork.ffmpeg.org/patch/8744/ Signed-off-by: Marton Balint <cus@passwd.hu>
* lavf/avidec: Do not test for bitrate <= INT_MAX.Carl Eugen Hoyos2019-05-101-1/+1
| | | | | | | AVCodecContext->bit_rate is int64_t since 7404f3bd Unbreaks non-interleaved detection of v210 4k avi files, broken since 0eec40b7. Reported-by: Xavier Càmara, Centre de Conservació i Restauració, Filmoteca de Catalunya
* lavf: Constify the probe function argument.Carl Eugen Hoyos2019-03-211-1/+1
| | | | | Reviewed-by: Lauri Kasanen Reviewed-by: Tomas Härdin
* lavf: Constify AVInputFormat pointer.Carl Eugen Hoyos2019-03-201-1/+1
|
* avformat/avidec: fix demuxing of all keyframes of sample 200707170736151.aviPaul B Mahol2018-08-211-0/+5
|
* avformat/avidec: Fix integer overflow in cum_len checkMichael Niedermayer2018-03-101-1/+1
| | | | | | | | | Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long' Fixes: Chromium bug 791237 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exif: remove GetByteContext usage from avpriv_exif_decode_ifd()James Almer2017-10-261-2/+2
| | | | | | | This prevents potential ABI issues with GetByteContext. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
* Use the new AVIOContext destructor.Anton Khirnov2017-09-011-1/+1
| | | | | (cherry picked from commit 6f554521afdf7ab4edbfaa9536660a1dca946b19) Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/avidec: Move packet skip after prefix and related checksMichael Niedermayer2017-08-111-13/+12
| | | | | | | This fixes loosing packets Fixes: big.avi Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Limit formats in gab2 to srt and ass/ssaMichael Niedermayer2017-05-311-0/+3
| | | | | | | | | This prevents part of one exploit leading to an information leak Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Fix txts fmts parsingMichael Niedermayer2017-05-311-1/+2
| | | | | | Fixes: subtitle.avi from vlc/ticket/1162 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf: use av_fourcc2str() where appropriateClément Bœsch2017-03-291-7/+3
|
* lavf: fix usages of av_get_codec_tag_string()Clément Bœsch2017-03-291-6/+2
|
* Merge commit 'ca1e5eea0c7b72a6e30aa6488cfeced3a4853521'Clément Bœsch2017-03-241-18/+0
|\ | | | | | | | | | | | | * commit 'ca1e5eea0c7b72a6e30aa6488cfeced3a4853521': Remove some pointless TRACE level debug code Merged-by: Clément Bœsch <u@pkh.me>
| * Remove some pointless TRACE level debug codeDiego Biurrun2016-10-271-17/+0
| | | | | | | | This also kills some warnings with certain compiler options.
| * avidec: Set palette alpha as fully opaqueVittorio Giovara2016-10-021-1/+1
| | | | | | | | Palette format is always in RGBA.
* | Merge commit 'bad4aad4037f59ba0ad656164be9ab8f7a0fa2d4'Clément Bœsch2017-03-231-1/+1
|\ \ | |/ | | | | | | | | | | | | | | * commit 'bad4aad4037f59ba0ad656164be9ab8f7a0fa2d4': avidec: Do not special case palette on big-endian This commit is a noop, see 64cafe340bd5ddfe704efa95cd9f21471ca12a12 Merged-by: Clément Bœsch <u@pkh.me>
| * avidec: Do not special case palette on big-endianVittorio Giovara2016-10-021-5/+1
| | | | | | | | This simplifies the code a bit, does not change output data in any way.
* | Merge commit '83548fe894cdb455cc127f754d09905b6d23c173'James Almer2017-03-211-2/+2
|\ \ | |/ | | | | | | | | | | * commit '83548fe894cdb455cc127f754d09905b6d23c173': lavf: fix usage of AVIOContext.seekable Merged-by: James Almer <jamrial@gmail.com>
| * lavf: fix usage of AVIOContext.seekableAnton Khirnov2016-09-301-2/+3
| | | | | | | | | | | | | | | | It is supposed to be a flag. The only currently defined value is AVIO_SEEKABLE_NORMAL, but other ones may be added in the future. However all the current lavf code treats this field as a bool (mainly for historical reasons). Change all those cases to properly check for AVIO_SEEKABLE_NORMAL.
* | avformat/avidec: clean-up identifier namesTobias Rapp2017-01-031-7/+7
| | | | | | | | | | Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avformat/avidec: skip odml master index chunks in avi_syncTobias Rapp2016-12-231-1/+2
| | | | | | | | | | | | | | Fixes pts gaps when reading AVI files > 256GiB generated by FFmpeg. Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avidec: fix leaking extradataAndreas Cadhalpun2016-11-301-0/+8
| | | | | | | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* | lavf/avidec: Be more verbose when ignoring very large tag size.Carl Eugen Hoyos2016-10-181-1/+5
| |
* | lavf/avidec: Do not fail for very large idx1 tags.Carl Eugen Hoyos2016-10-181-0/+2
| | | | | | | | | | | | Fixes demuxing the sample file from github pull request 197, the size of its idx1 tag is 6171936 bytes, followed by a JUNK tag of 9505704 bytes.
* | avformat/avidec: Check nb_streams in read_gab2_sub()Michael Niedermayer2016-09-281-0/+2
| | | | | | | | | | | | | | | | Fixes null pointer dereference Fixes: 1/null_point.avi Found-by: 连一汉 <lianyihan@360.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avformat/avidec: Remove ancient assertMichael Niedermayer2016-09-281-1/+0
| | | | | | | | | | | | | | | | | | | | | | This assert can with crafted files fail, a warning is already printed for this case. Fixes assertion failure Fixes:1/assert.avi Found-by: 连一汉 <lianyihan@360.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avformat/avidec: remove warning about deprecated declarationsJames Almer2016-09-251-0/+4
| | | | | | | | Signed-off-by: James Almer <jamrial@gmail.com>
View Lorry Controller Status