- 05 Mar, 2020 16 commits
-
-
Andreas Rheinhardt authored
Mainly reindentation, but some variables were also put into a smaller scope. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
1. Left shifts of signed values are undefined as soon as the result is no longer representable in the target type. Therefore make nal_size an uint32_t and drop the check for whether it is < 0. 2. The two checks for overreads (whether the length field is contained in the packet and whether the actual unit is contained in the packet) can be combined into one because the packet is padded, i.e. a potential overread caused by reading the length field without checking whether said length field is actually part of the packet's buffer is allowed as one always stays within the padding. But one has to be aware of a pitfall: The comparison must be performed in (at least) int64_t as otherwise buf_end - buf might be promoted to uint32_t in which case an already occured overread would appear as a very large number. A comment explaining this has been added, too. 3. Units of size zero are now silently dropped; the earlier code would instead read the first byte of the next length field (or the first byte of padding) to infer the type of the current unit. 4. Futhermore, the earlier code returned the wrong error code. This has been fixed, too. Fixes #8290. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Up until now, h264_mp4toannexb would grow the output packet's buffer by the desired amount every time another NAL unit of the input packet has been read; this commit changes this: The input buffer is now essentially parsed twice, once to determine the final size of the output packet and once to write the output packet's data. Fixes: Timeout Fixes: 19322/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_MP4TOANNEXB_fuzzer-5688407821123584 Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
h264_mp4toannexb_filter currently uses both indices/offsets as well as direct pointers comparisons for the checks whether one has reached or even surpassed the end. This commit removes the offsets. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
If processing an input NAL unit triggers the insertion of data from extradata in front of said NAL unit, the output packet is grown (i.e. reallocated) once to accomodate both the new extradata as well as the input NAL unit itself; this has been changed: In such a situation, the packet is now grown twice. While this is bad for performance, it allows to simplify the code and ultimately to stop reallocating the packet altogether. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
According to the H.264 specifications, the only NAL units that need to have four byte startcodes in H.264 Annex B format are SPS/PPS units and units that start a new access unit. Before af7e953a, the first of these conditions wasn't upheld as already existing in-band parameter sets would not automatically be written with a four byte startcode, but only when they already were at the beginning of their input packets. But it made four byte startcodes be used too often as every unit that is written together with a parameter set that is inserted from extradata received a four byte startcode although a three byte start code would suffice unless the unit itself were a parameter set. FATE has been updated to reflect the changes. Although the patch leaves the extradata unchanged, the size of the extradata according to the FATE reports changes. This is due to a quirk in ff_h2645_packet_split which is used by extract_extradata: If the input is Annex B, the first zero of a four byte startcode is considered a part of the last unit (if any). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Up until now, h264_mp4toannexb stored the offset of the first SPS and the first PPS in the (output) extradata in its context and used these two numbers together with the size of the extradata and the pointer to the extradata to determine what to insert when inserting extradata. This led to some very long lines like "s->pps_offset != -1 ? s->pps_offset : ctx->par_out->extradata_size - s->sps_offset". Therefore now pointers to SPS and PPS are stored along with their respective sizes, so that e.g. the above line can be changed to "s->sps_size". Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
The format of an AVCDecoderConfigurationRecord, the out-of-band extradata of H.264 in mp4, is as follows: First four bytes containing version, profile and level, one byte for the length size and one byte each for the number of SPS, followed by the SPS (each with its own size field), followed by a byte containing the number of PPS followed by the PPS with their size fields. While the number of SPS/PPS may be zero, the bytes containing these numbers are mandatory. Yet the byte containing the number of PPS has been ignored in two places: 1. In the initial check for whether the extradata can contain an AVCDecoderConfigurationRecord. The minimum size is 7, not 6. 2. No check is made for whether the extradata ended right after the last byte of the last SPS of the SPS array. Instead the first byte of the padding is read as if it were part of the extradata and contained the number of PPS (namely zero, given that the padding is zeroed). No error or warning was ever raised. This has been changed. Such truncated extradata is now considered invalid; the check for 2. has been incorporated into the general size check. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Before reading a 16bit size field during parsing of extradata, no check is performed to make sure that said length field is actually contained in the extradata. Given that this overread is not dangerous (the extradata is supposed to be padded), only a comment for it has been added; the error itself will be detected as part of the normal check for overreads. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Currently during parsing the extradata, h264_mp4toannexb checks for overreads by adding the size of the current unit to the current position pointer and comparing this to the end position of the extradata. But pointer comparisons and pointer arithmetic are only defined if it does not exceed the object it is used on (one past the last element of an array is allowed, too). In practice, this might lead to overflows. Therefore the check has been changed to use bytestream2_get_bytes_left() which means that the pointers get subtracted and the result gets compared to the available size. Furthermore, the error code has been fixed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
This is done in order to improve readability. No functional change is intended with this commit at all; in particular, the unsafe read functions are used throughout as h264_extradata_to_annexb already performs its own checks. (These checks will nevertheless be improved in further commits.) Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
bytestream2_get_bytes_left returns an unsigned int; as a result, it returns big positive numbers if an overread already happened, making it unsuitable for scenarios where one wants to allow this in a controlled way (because the buffer is actually padded so that no segfaults can happen). So change it to return an ordinary int. Also, bytestream2_get_bytes_left_p has been modified in the same way. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: assertion failure Fixes: 19301/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_MERGE_fuzzer-5743212006473728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Jun Zhao authored
Enabled the 3GP-DASH Release-10/Relase-11(3GPP TS26.247) profile to dash demuxer probe. Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
Dashdec can able to handle MPEG-2 TS streams by default as well, used MP4Box to create the segmented MPEG-2 TS files for verification. Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
Add missed framesync part in filter docs. Reviewed-by: Gyan Doshi <ffmpeg@gyani.pro> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
- 04 Mar, 2020 1 commit
-
-
Michael Niedermayer authored
Fixes: Multiple out of array accesses Fixes: 20817/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SIREN_fuzzer-5754041227542528.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
- 03 Mar, 2020 7 commits
-
-
James Almer authored
It's a duplicate of the properly implemented nvdec libavcodec hwaccel Reviewed-by: Timo Rothenpieler <timo@rothenpieler.org> Signed-off-by: James Almer <jamrial@gmail.com>
-
Paul B Mahol authored
Make possible to parse expressions and store results as arguments for target filters.
-
James Almer authored
Simplifies code considerably. Reviewed-by: Anton Khirnov <anton@khirnov.net> Reviewed-by: Timo Rothenpieler <timo@rothenpieler.org> Signed-off-by: James Almer <jamrial@gmail.com>
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Guo, Yejun authored
Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Reviewed-by: Pedro Arthur <bygrandao@gmail.com>
-
- 02 Mar, 2020 5 commits
-
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 20828/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_APM_fuzzer-5712770106654720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
ff_alloc_extradata() already sets the size of the extradata so doing it again is unnecessary. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Gyan Doshi <ffmpeg@gyani.pro> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Marton Balint authored
The standard does not seem to require the counter to be zero based, but some checker tools (MyriadBits MXFInspect, Interra Baton) have validations against 0 start... Fixes ticket #6781. Signed-off-by: Marton Balint <cus@passwd.hu>
-
Paul B Mahol authored
-
Paul B Mahol authored
-
- 01 Mar, 2020 2 commits
-
-
Paul B Mahol authored
-
Paul B Mahol authored
-
- 29 Feb, 2020 8 commits
-
-
Paul B Mahol authored
-
Andreas Rheinhardt authored
The second ; in a double ;; is actually a null statement. It triggers the typical declaration-after-statement compiler-warnings if it occurs in the middle of several declarations (like here). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Fixes #8094. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Paul B Mahol authored
Other part of size is calculated from both available horizontal and vertical FOV and given one size component.
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
- 28 Feb, 2020 1 commit
-
-
Andreas Rheinhardt authored
The second ; in a double ;; is actually a null statement. It triggers the typical declaration-after-statement compiler-warnings if it occurs in the middle of several declarations (like here). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-