avformat/matroskadec: Accept more unknown-length elements II
Up until now, one last kind of unknown-length element hasn't been
properly handled: Unknown-length elements that are supposed to be
skipped, i.e. the level 1 elements that might reside after the
clusters.
This commit changes this. To do this, ebml_parse got a mode that
essentially tries to skip everything except when parsing is needed
(namely for unknown-length elements for which parsing is necessary
as they can't be skipped). This mode is selected by using a NULL
as destination where the parsed data should be written to.
It is used to parse the level 1 elements in matroska_parse_cluster.
The syntax list used for parsing must of course include links to
the syntax of all the master elements that might need to be parsed.
In other words: Instead of matroska_clusters (which contained every
level 1 element except clusters as EBML_NONE elements designated to
be skipped) matroska_segment is needed and used; matroska_clusters has
been removed.
Furthermore, matroska_segment has been reordered so that clusters are at
the front as this is now the most common case for this list.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avformat/matroskadec: Fix probing of unknown-length headers
matroska_probe did not support the case of an unknown-length EBML header
at all; given that libavformat's Matroska muxer used to produce such
files in the streaming case, support for them has been added.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avformat/matroskadec: Accept more unknown-length elements
The current Matroska specifications mandate that only two elements may
use an unknown-length length: Segments and clusters. But this was not
always so: For the greater part of Matroska's existence, all master
elements were allowed to make use of the unknown-length feature.
And there were muxers creating such files: For several years
libavformat's Matroska muxer used unknown-length for all master
elements when the output wasn't seekable. This only stopped in March
2010 with 2529bb30. And even afterwards it was possible (albeit
unlikely) for libavformat to create unknown-length master elements
that are in violation of today's specifications, namely if the master
element was so big that the seek backwards to update the size could
no longer be performed inside the AVIOContext's write buffer. This
has only been fixed in October 2016 (with the patches that introduced
support for writing CRC-32 elements).
Libavformat's Matroska demuxer meanwhile has never really supported
unknown-length elements besides segments and clusters. Support for the
latter was hardcoded. This commit changes this: Now all master elements
for which a syntax to parse them is available are supported. This
includes the files produced by old versions of libavformat's muxer.
More precisely, master elements that have unknown length and are about
to be parsed (not skipped) are supported; only a warning is emitted for
them. For normal files, this means that level 1 elements after the
clusters that are encountered after the clusters have been parsed (i.e.
not because they are referenced by the seekhead at the beginning of the
file) are still unsupported (they would be skipped at this point if
their length were known).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
1. Up until now, the error message for EBML numbers whose length exceeds
the limits imposed upon them because of the element's type did not
distinguish between known-length and unknown-length elements. As a
consequence, the numerical value of the define constant
EBML_UNKNOWN_LENGTH was emitted as part of the error message which is
of course not appropriate. This commit changes this by adding error
messages designed for unknown-length elements.
2. We impose some (arbitrary) sanity checks on the lengths of certain
element types; these checks were conducted before the checks depending
on whether the element exceeds its containing master element. Now the
order has been reversed, because a failure at the (formerly) latter
check implies that the file is truly erroneous and not only fails our
arbitrary length limit. Moreover, this increases the informativeness of
the error messages.
3. Furthermore, the error message in general has been changed by replacing
the type of the element (something internal to this demuxer and
therefore suitable as debug output at best, not as an error message
intended for ordinary users) with the element ID. The element's position
has been added, too.
4. Finally, the length limit for EBML_NONE elements has been changed so
that all unknown-length elements of EBML_NONE-type trigger an error.
This is done because unknown-length elements can't be skipped and need
to be parsed, but there is no syntax to parse available for EBML_NONE
elements. This is done in preparation for a further patch which allows
more unknown-length elements than just clusters and segments.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avformat/matroskadec: Don't skip too much when unseekable
The Matroska (and WebM) file format achieves forward-compability by
insisting that demuxers ignore and skip elements they don't know about.
Unfortunately, this complicates the detection of errors as errors
resulting from loosing sync can't be reliably distinguished from
unknown elements that are part of a future version of the standard.
Up until now, the strategy to deal with this situation was to skip all
unknown elements that are not obviously erroneous; if an error happened,
it was tried to seek to the last known good position to resync from (and
resync to level 1 elements). This is working fine if the input is
seekable, but if it is not, then the skipped data can usually not be
rechecked lateron. This is particularly acute if unknown-length clusters
are in use, as the check for whether a child element exceeds the
containing master element is ineffective in this situation.
To remedy this, a new heuristic has been introduced: If an unknown
element is encountered in non-seekable mode, an error is presumed to
have happened based upon a combination of the length of the row of the
already encountered unknown elements and of how far away skipping this
element would take us.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Cosmetics include reordering EbmlType so that EBML_SINT is adjacent to
the other numbers (and matches the order in the switch in ebml_parse)
and also reordering the switch for assignment of default values so that
it matches the order in EbmlType.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Up until now, avio_tell was used multiple times in ebml_parse and its
subroutines, although the result of these calls can usually be simply
derived from the result of earlier calls to avio_tell. This has been
changed. Unnecessary calls to avio_tell in ebml_parse are avoided now.
Furthermore, there has been a slight change in the output of some error
messages relating to elements exceeding their containing master element:
The reported position of the element now points to the first byte of the
element ID and no longer to the first byte of the element's payload.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This commit closes the last hole in the system of checks for a
known-length file ending too early: Now an error message is emitted
in case the file ends directly after an EBML element.
Furthermore, this commit adds a check and a corresponding warning
whether there is data beyond the Matroska segment (only reasonable for
known-length segments). If everything looks alright, then parsing is
stopped as soon as EOF is reached (in contrast, the earlier code would
always call matroska_resync at the end).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
By including SimpleBlocks and BlockGroups twice in the same EbmlSyntax
array (with different semantics), one can reduce the duplication of the
other values.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avformat/matroskadec: Don't reset cluster position
The new code does not rely on whether the cluster's position is set or
not to infer whether a cluster needs to be closed or not (instead, this
is done in ebml_parse), so there is no need to reset the cluster's
position at all any more. It will be automatically set to the correct
value when a cluster is entered.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avformat/matroskadec: Make cluster parsing level compatible
Before this commit, the parsing of clusters mixed EBML levels by
allowing elements from different levels in a EbmlSyntax (namely
matroska_cluster_parsing). This has been changed. And the level
is now explicitly used to determine how to parse.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This commit changes how levels are handled: If the level used for
ebml_parse ends directly after an element that has been consumed, then
ebml_parse ends the level itself (and any known-length levels that end
there as well) and informs the caller via the return value; if the
current level is of unknown-length, then the level is ended as soon as
an element that is not valid on the current level, but on a higher
level is encountered (or if EOF has been encountered).
This is designed for situations where one wants to parse master elements
incrementally, i.e. not in one go via ebml_parse_nest.
The (incremental) parsing of clusters still mixes levels by using a
syntax list that contains elements from different levels and the level
is still ended manually via a call to ebml_level_end if the last cluster
was an unknown-length cluster (known-length clusters are already ended
when their last element is read), but only if the next element is a
cluster, too. A different level 1 element following an unknown-length
cluster will currently simply be presumed to be part of the earlier
cluster. Fixing this will be done in a future patch. The modifications
to matroska_parse_cluster contained in this patch are only intended not
to cause regressions.
Nevertheless, the fact that known-length levels are automatically ended
in ebml_parse when their last element has been read already fixes a bogus
error message introduced in 9326117b that was emitted when a known-length
cluster is followed by another level 1 element other than a cluster in
which case the cluster's level was not ended (which only happened when
a new cluster has been encountered) so that the length check (introduced
in 9326117b) failed for the level 1 element as it is of course not
contained in the previous cluster. Most Matroska files were affected by
this.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avformat/matroskadec: Link to parents in syntax tables
By linking to the syntax of the parent (i.e. the containing master
element) one can check whether an element is actually part of a higher
level in the EBML hierarchy. Knowing this is important for
unknown-length levels, because they end when an element that doesn't
belong to this, but to a higher hierarchy level is encountered.
Sometimes there are different syntaxes dealing with the same elements.
In this case it is important to use a parent that contains all the
elements at the parent level; whether this is the syntax actually used
to enter the child's level is irrelevant. This affects the list of level
1 elements (which has been used as parent for matroska_cluster, too) and
it affects recursive elements (currently only the SimpleTag), where the
non-recursive parent has to be choosen.
This is in preparation for a patch that redoes level handling.
Finally, the segment id has been added to ebml_syntax. This will enable
handling of unknown-length EBML headers.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avformat/matroskadec: Introduce a "last known good" position
Currently, resyncing during reading packets works as follows:
The current position is recorded, then a call to matroska_parse_cluster
is made and if said call fails, the demuxer tries to resync from the
earlier position. If the call doesn't fail, but also doesn't deliver a
packet, then this is looped.
There are two problems with this approach:
1. The Matroska file format aims to be forward-compatible; to achieve
this, a demuxer should simply ignore and skip elements it doesn't
know about. But it is not possible to reliably distinguish unknown
elements from junk. If matroska_parse_cluster encounters an unknown
element, it can therefore not simply error out; instead it returns zero
and the loop is iterated which includes an update of the position that
is intended to be used in case of errors, i.e. the element that is
skipped is not searched for level 1 element ids to resync to at all if
later calls to matroska_parse_cluster return an error.
Notice that in case that sync has been lost there can be a chain of
several unknown/possibly junk elements before an error is detected.
2. Even if a call to matroska_parse_cluster delivers a packet, this does
not mean that everything is fine. E.g. it might be that some of the
block's data is missing and that the data that was presumed to be from
the block just read actually contains the beginning of the next element.
This will only be apparent at the next call of matroska_read_packet,
which uses the (false) end of the earlier block as resync position so
that in the (not unlikely) case that the call to matroska_parse_cluster
fails, the data believed to be part of the earlier block is not searched
for a level 1 element to resync to.
To counter this, a "last known good" position is introduced. When an
element id that is known to be allowed at this position in the hierarchy
(according to the syntax currently in use for parsing) is read and some
further checks (regarding the length of the element and its containing
master element) are passed, then the beginning of the current element is
treated as a "good" position and recorded as such in the
MatroskaDemuxContext. Because of 2., only the start of the element is
treated as a "good" position, not the whole element. If an error occurs
later during parsing of clusters, the resync process starts at the last
known good position.
Given that when the header is damaged the subsequent resync never skips over
data and is therefore unaffected by both issues, the "last known good"
concept is not used there.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Since the changes to the parsing of SimpleBlocks, both ebml_parse_id and
ebml_parse_elem are only called from one place, so that it is possible
to inline these two function calls. This is done, but not completely:
ebml_parse_id still exists in a modified form. This is done in
preparation for a further patch regarding the handling of
unknown-length elements.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avformat/matroskadec: Use proper levels after discontínuity
The earlier code set the level to zero upon seeking and after a
discontinuity although in both cases parsing (re)starts at a level 1
element.
Also set the segment's length to unkown if an error occured in order not
to drop any valid data that happens to be beyond the designated end of
the segment.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avformat/matroskadec: Don't abort resyncing upon seek failure
When an error happens, the Matroska demuxer tries to resync to level 1
elements from an earlier position onwards. If the seek to said earlier
position fails, the demuxer currently treats this as an unrecoverable
error. And that behaviour is suboptimal as said failure is nothing
unrecoverable or unexpected (when the input isn't seekable).
It is preferable to simply resync from the earliest position available
(i.e. the start of the AVIOContext's buffer) onwards if the seek failed.
Here are some scenarios that might be treated as unrecoverable errors
by the current code if the input isn't seekable. They all have in
common that the current position is so far away from the desired
position that the seek can't be fulfilled from the AVIOContext's buffer:
1. Blocks (both SimpleBlocks as well as a Block in a BlockGroup) for
which reading them as binary EBML elements succeeds, but whose parsing
triggers an error (e.g. an invalid TrackNumber). In this case the
earlier position from which resyncing begins is at the start of the block
(or even earlier).
2. BlockGroups, whose parsing fails in one of the latter elements. Just
as in 1., the start of the BlockGroup (the target of the seek) might be
so far away from the current position that it is no longer in the
buffer.
3. At the beginning of parsing a cluster, the cluster is parsed until a
SimpleBlock or a BlockGroup is encountered. So if the input is damaged
between the beginning of the cluster and the first occurrence of a
SimpleBlock/BlockGroup and if said damage makes the demuxer read/skip so
much data that the beginning of the cluster is no longer in the buffer,
demuxing will currently fail completely.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Fixes: signed integer overflow: 32 * 538976288 cannot be represented in type 'int' Fixes: 15633/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5752273981931520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/vividas: Fixes overflow in shift in recover_key()
Fixes: left shift of 133 by 24 places cannot be represented in type 'int' Fixes: 15365/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5716153105645568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Suggested-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> Reviewed-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
dump_extra: Don't add extradata if it already exists
The dump_extra bitstream filter currently simply adds the extradata to
the packets indicated by the user without checking whether said
extradata already exists in the packets. Besides wasting space
duplicated extradata in the same packet/access unit is also forbidden
for some codecs, e.g. MPEG-2.
This check has been added to be able to use the mpeg2_qsv encoder (which
only adds the sequence headers to the first packet) in broadcast
scenarios where repeating sequence headers are required.
The check used here is not perfect: E.g. dump_extra would add the
extradata to a H.264 access unit consisting of an access unit delimiter,
SPS, PPS and slices.
Fixes #8007.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Steve Lhomme [Wed, 29 May 2019 13:16:14 +0000 (15:16 +0200)]
avcodec/h264_slice: set the SEI parameters early on the AVCodecContext
It's better to do it before the buffers are actually created. At least in VLC
we currently don't support changing some parameters dynamically easily so we
don't use the information if it comes after the buffer are created.
Co-authored-by: James Almer <jamrial@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
Steve Lhomme [Mon, 27 May 2019 14:06:47 +0000 (16:06 +0200)]
avcodec/hevcdec: set the SEI parameters early on the AVCodecContext
It's better to do it before the buffers are actually created. At least in VLC
we currently don't support changing some parameters dynamically easily so we
don't use the information if it comes after the buffer are created.
Co-authored-by: James Almer <jamrial@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
avcodec/dvbsub: add support for Display Definition Segment to DVB Subtitle encoder
Current version of dvbsub encoder doesn't support HD DVB subtitles. The high
resolution bitmaps are muxed into the stream but without the DDS (display definition
segment) the players asume that the DVB subtitles are in SD (720x576) resolution
which causes them to either render the subtitles too large and misplaced or don't
render them at all. By including the DDS as defined in section 7.7.1 of ETSI EN 300
743 (V1.3.1) this problem is fixed.
7.2.1 Display definition segment The display definition for a subtitle service may
be defined by the display definition segment if present in the stream. Absence of a
DDS implies that the stream is coded in accordance with EN 300 743 (V1.2.1) [5] and
that a display width of 720 pixels and a display height of 576 lines may be assumed.
avcodec/pngdec: Check that previous_picture has same w/h/format
Fixes: out of array access Fixes: 15540/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5684905029140480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/huffyuvdec: Check vertical subsampling in hymt
Fixes: out of array access Fixes: 15484/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5765377054736384 Fixes: 15559/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5710295743332352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/huffyuv: remove gray8a (the format is listed but not supported by the implementation)
Fixes: null pointer dereference Fixes: 15464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5681391150301184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/mpc8: Fixes invalid shift in mpc8_decode_frame()
Fixes: left shift of negative value -456 Fixes: 15561/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5758130404720640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Suggested-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/mpegts: respect program number when merging streams
merge_pmt_versions was not usable if multiple programs were present because
when it was searching for candidate streams it did not make sure that the PMT was
of the same program. This caused the streams of all programs to get merged into
a single (garbled) program.
This patch makes sure that the program number (service ID) is also matching
with the old streams when parsing the PMT making the feature useful for multi
program streams.
This change might cause issues for single program streams if the program number
changes, but I think it is acceptable because the goal of the option is to make
the parsing resilient to PID changes, and that is still working as expected.
The earlier version of the webm_chunk muxer had several bugs:
1. If the first packet of an audio stream didn't have a PTS of zero,
then no chunk will be started before a packet is delivered to the
underlying Matroska/WebM muxer, i.e. the AVFormatContext used to write
these packets had a NULL as AVIOContext for output. This is behind the
crash in ticket #5752.
2. If an error happens during writing a packet, the underlyimg
Matroska/WebM muxer context is freed. This leads to a use-after-free
coupled with a double-free in webm_chunk_write_trailer (which supposes
that the underlying AVFormatContext is still valid).
3. Even when no error occurs at all, webm_chunk_write_trailer is still
buggy: After the underlying Matroska/WebM muxer has written its trailer,
ending the chunk implicitly flushes it again which is illegal at this
point.
These bugs have been fixed.
Fixes #5752.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
James Zern [Wed, 10 Jul 2019 02:03:58 +0000 (19:03 -0700)]
avcodec/utils, avcodec_open2: close codec on failure
after a successful init if the function fails for another reason close
the codec without requiring FF_CODEC_CAP_INIT_CLEANUP which is meant to
cover init failures themselves. fixes a memory leak in those cases.
BUG=oss-fuzz:15529
Signed-off-by: James Zern <jzern@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The truehd_core bitstream filter decreases the sizes of the
major_sync_info structure (if present), of the
substream_directory and of the substreams themselves. As a consequence,
there is enough space available in front of the actual substream data
for the new header, so that one only needs to modify the header in front
of the actual data (which apart from shrinking is left untouched) and
the packet's size and buffer pointer (after having made sure that the
packet is writable).
This and switching to bsf_get_packet_ref also removed the need for
having separate packets for in- and output.
Even if the input is not writable, there are noticable performance
improvements: The average of 10 iterations of processing a file with 262144
runs each (inlcuding about 20 skips per iteration) went down from 5669
to 4362 decicycles. If the input is writable, it goes down to 1363
decicycles.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
truehd_core: Use byte offsets instead of bit offsets
Words of 16 bit are the unit for TrueHD's size and offset fields;
in particular the sizes of the high-level structures of TrueHD are
always a multiple of a byte; yet truehd_core unnecessarily used
bit offsets at several places. This has been changed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
1. The loop counter of the substream_directory loop is always less than
the number of substreams, yet within the loop it is checked whether it
is less than FFMIN(3, s->hdr.num_substreams), although the check for < 3
would suffice.
2. In case the packet is a major sync packet, the last two bytes of the
major sync structure were initialized to 0xff and then immediately
overwritten afterwards without ever making use of the values just set.
3. When updating the parity_nibble during writing the new
substream_directory, the parity_nibble is updated one byte at a time
with bytes that might be read from the output packet's data. But one can
do both bytes at the same time without resorting to the data just
written by XOR'ing with the variable that contains the value that has
just been written as a big endian number. This changes the intermediate
value of parity_nibble, but in the end it just amounts to a reordering
of the sum modulo two that will eventually be written as parity_nibble.
Due to associativity and commutativity, this value is unchanged.
4. init_get_bits8 already checks that no overflow happens during the
conversion of its argument from bytes to bits. ff_mlp_read_major_sync
makes sure not to overread (the maximum size of a major_sync_info is 60
bytes anyway) and last_offset is < 2^13, so that no overflow in the
calculation of size can happen, i.e. the check for whether size is >= 0
is unnecessary. But then size is completely unnecessary and can be
removed.
5. In case the packet is just passed through, it is unnecessary to read
the packet's dts. This is therefore postponed to when we know that the
packet is not passed through.
6. Given that it seems overkill to use a bitreader just for one
variable, the size of the input access unit is now read directly.
7. A substream's offset (of the end of the substream) is now stored as is
(i.e. in units of words).
These changes amount to a slight performance improvement: It improved
from 5897 decicycles of ten runs with about 262144 runs each (including
an insignificant amount -- about 20-25 usually of skips) to 5747
decicycles under the same conditions.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Several checks (e.g. when the size of the input packet is too small)
simply used "goto fail", but didn't set the return value appropriately
for an error.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
If truehd_core strips Atmos data away, three parts of the output differ
in size compared to the input access unit: a) The major_sync_info block
if the extra_channel_meaning_data is present, as the newly written
output never contains said block; b) the substream_directory (because
entries relating to discarded substreams are discarded, too); and c)
the actual substream data. b) and c) have already been taken into account
when choosing the size of the output packet, but a) has been forgotten.
This is also the reason behind the end of the output buffer having been
uninitialized until 801d78f0. The workaround added in said commit has
been removed, too.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
The most serious bit of the substream_info header field (in a mayor sync
packet) indicates whether a 16-channel presentation is present in the
bitstream. If set, the extended_substream_info header field contains
information about the 16-channel presentation. This presentation always
uses substream 3, a substream that is discarded by truehd_core. So
substream_info needs to be changed to no longer indicate the presence
of a 16-channel presentation in order for truehd_core's output to be
consistent. This is implemented in this commit.
This change also makes MediaInfo no longer display the presence of Atmos
in the output of truehd_core.
Also, set the (now irrelevant) extended_substream_info field to zero as
this seems to be the common value for ordinary TrueHD.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
cbs_h264, h264_metadata: Deleting SEI messages never fails
Given the recent changes to ff_cbs_delete_unit, it is no longer sensible
to use a return value for ff_cbs_h264_delete_sei_message; instead, use
asserts to ensure that the required conditions are met and remove the
callers' checks for the return value. Also, document said conditions.
An assert that is essentially equivalent to the one used in
ff_cbs_delete_unit has been removed, too.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
cbs: ff_cbs_delete_unit: Replace return value with assert
ff_cbs_delete_unit never fails if the index of the unit to delete is
valid, as it is with all current callers of the function. So just assert
in ff_cbs_delete_unit that the index is valid and change the return
value to void in order to remove the callers' checks for whether
ff_cbs_delete_unit failed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avcodec/ilbcdec: Simplify use of unsigned and fix more undefined overflows
Fixes: signed integer overflow: 2147475672 + 8192 cannot be represented in type 'int' Fixes: 15415/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5712074128228352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/utils: Check timebase before use in estimate_timings()
Fixes: division by 0 Fixes: 15480/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5746727434321920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 15530/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5637370344374272 Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/rv10: Fix integer overflow in aspect ratio compare
Fixes: signed integer overflow: 2040 * 1187872 cannot be represented in type 'int' Fixes: 15368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV20_fuzzer-5681657136283648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/vividas: Check for input length in get_v()
Fixes: out of array read Fixes: 15286/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5658245101780992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/4xm: Fix signed integer overflows in idct()
Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int' Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/qdm2: error out of qdm2_fft_decode_tones() before entering endless loop
Fixes: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int' Fixes: infinite loop Fixes: 15396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5116605501014016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/qdm2: Do not read out of array in fix_coding_method_array()
Instead we ask for a sample, its unclear what to do in this case.
Fixes: index 30 out of bounds for type 'int8_t [30][64]' Fixes: 15339/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5749441484554240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/simple_idct_template: Fix integer overflow in idctSparseColAdd()
Fixes: signed integer overflow: 1106434976 + 1041773512 cannot be represented in type 'int' Fixes: 15421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5669209314426880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/simple_idct_template: Fix integer overflow in idctSparseCol()
Fixes: signed integer overflow: -1027919784 + -1120041624 cannot be represented in type 'int' Fixes: 15406/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5700646528876544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
projects / ffmpeg / log