The array is only ever needed for streams where each sample entry may have a
different value. Given that for non animated HEIF there's a single value that
applies to the image, use the field defined for that.
Fixes: NULL pointer dereference
Fixes: 437528618/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6537287645331456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: James Almer <jamrial@gmail.com>
heif_items are reused and to avoid leaking memory or using stale name,
clear it first.
Fixes: 432505829/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6654363487764480
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Simple parser that only parses frame information.
This helps avoid requiring the software decoder on init to decode a
single frame, since the decoder can be quite slow.
This will ensure it will be stored in the stream's private context, so it can
be fetched and replaced as required.
Fixes a regression since eefa6de7d5.
Fixes avc-intra-panasonic-AG-HPX301E.mov
Signed-off-by: James Almer <jamrial@gmail.com>
That occurs when H261, H263, and MPEG4 decoders are disabled.
Signed-off-by: zhaozhenghang <15083277223@163.com>
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
The first sample in the stsc box may not refer to the first stsd entry.
This is the case in h264/thezerotheorem-cut.mp4, and as such the
fate-h264_redundant_pps-side_data test is updated accordingly.
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: use of uninitialized memory
Fixes: 394990189/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6431722199908352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Nothing forbids them to be in any order the muxer desires.
Fixes demuxing heif samples generated by S1II.
Tested-by: Lynne <dev@lynne.ee>
Signed-off-by: James Almer <jamrial@gmail.com>
Nikon HEIFs from a camera or NX studio include a small jpeg thumbnail in addition to
the expected HEVC thumbnails; allowing jpegs allows all thumbnails to
have an associated stream for Nikon HEIF files.
With this, Nikon HEIFs can finally be decoded without failing and the
thumbnails can be extracted into their own files.
Signed-off-by: Eric Joyner <erj@erj.cc>
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: James Almer <jamrial@gmail.com>
Prevents ffmpeg/ffprobe from erroring out when reading an HEIF that
contains multiple hvcC thumbnails (e.g. from a Nikon Z6III camera).
Before, move_read_iref_thmb() would always override the stored
thmb_item_id in the MOVContext with each new read thumbnail, causing a
stream and item_id mismatch later in mov_parse_heif_items(), resulting
in the "HEIF thumbnail doesn't reference a stream" error message.
To solve this,
- Turn thmb_item_id into an array of IDs because multiple thumbnails can
exist
- Change check in mov_parse_heif_items() to compare against all stored
thumbnail IDs to see if any item missing a stream is in the list of
thumbnail IDs.
Signed-off-by: Eric Joyner <erj@erj.cc>
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: James Almer <jamrial@gmail.com>
If the apperture window is bigger than the canvas, then the clap box is invalid
and there's no point calculating cropping values.
Fixes: libavformat/mov.c:1295:14: runtime error: -256 is outside the range of representable values of type 'unsigned long'
Signed-off-by: James Almer <jamrial@gmail.com>
If sc->tts_count is not 0, then the sample index has already been built.
Fixes: Null-dereference READ
Fixes: 396192874/clusterfuzz-testcase-minimized-audio_decoder_fuzzer-4589309789143040
Signed-off-by: James Almer <jamrial@gmail.com>
Some files keep extra metadata such as 'name' fields within udta, and
it is useful for Wine to access them with the "export_all" option so
they can then be exposed to Windows applications.
Signed-off-by: Rémi Bernon <rbernon@codeweavers.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
Using audio_substream_id for AVStream ids is not ideal give that in containers
like mp4, the IAMF structure is opaque to the outside and other streams may
share such id values.
Signed-off-by: James Almer <jamrial@gmail.com>
This fix ensures that the loop stops early on EOF. The issue occurs
because mov_read_infe() performs a version check and skips unsupported
versions. The problem is that seeking within the stream clears the EOF
flag, causing avio_feof() to not function as expected. This is resolved
by moving the EOF check after reading the size and type, ensuring the
EOF flag is set when necessary.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 7803923888585309955 - -3407677434275325337 cannot be represented in type 'int64_t' (aka 'long')
Fixes: 377736723/clusterfuzz-testcase-minimized-media_pipeline_integration_fuzzer-5052449500889088
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: undefined NULL pointer use
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-6363211175493632
This performs equivalent sanity checks as are done in mov_read_trak()
before mov_build_index()
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
if sc->tts_count is 0, this condition will wrap around to UINT_MAX and the
code will try to dereference a NULL pointer.
Fixes ticket #11417
Signed-off-by: James Almer <jamrial@gmail.com>
The amount of tiles does not necessarely need to match the amount of streams referenced
in the grid, as there could be duplicates.
Don't silently ignore EEXIST return codes from avformat_stream_group_add_stream() and
instead store the index of the duplicate stream.
Signed-off-by: James Almer <jamrial@gmail.com>
After introduction of ff_dvdclut_palette_extradata_cat() to convert
DVD subtitle palettes from YUV to RGB, a leak is introduced because
of the call to ff_alloc_extradata(). This is not necessary, instead
we should free the extradata because ff_bprint_to_codecpar_extradata()
will finalize the bprint'ed string to the codecpar and set the length.
Fixes leak introduced in 3b0e6c0ecc.
Signed-off-by: Marth64 <marth64@proxyid.net>
Also fix checks for sc->stts_count that assume it may not be in sync with
sample count.
Missed in 865c73c86f. Fixes parsing durations in
some cases.
Signed-off-by: James Almer <jamrial@gmail.com>
