Commit graph

26349 commits

Author SHA1 Message Date
James Almer
43be8d0728 avformat/mov: check for tts_count before deferencing tts_data
Fixes ticket #11460.

Signed-off-by: James Almer <jamrial@gmail.com>
2025-02-07 23:00:34 -03:00
James Almer
a8f2374507 avformat/mov: add an offset to IAMF streams
Using audio_substream_id for AVStream ids is not ideal give that in containers
like mp4, the IAMF structure is opaque to the outside and other streams may
share such id values.

Signed-off-by: James Almer <jamrial@gmail.com>
2025-02-07 19:44:13 -03:00
dank074
e945142df3
avformat/unix: set is_streamed to true
Currently when a Unix Domain Socket is used as input there is a loss
of data when data is consumed from the stream. Setting is_streamed to
true fixes this, since the unix domain socket is now treated like a
consumable stream.

Fixes: #9346
Signed-off-by: dank074 <torresefrain10@gmail.com>
Reviewed-by: Leo Izen <leo.izen@gmail.com>
2025-02-07 10:13:50 -05:00
Michael Niedermayer
8a6ad9eab2
avformat/mxfdec: Check edit unit for overflow in mxf_set_current_edit_unit()
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
Fixes: 392672068/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6232335892152320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-02-06 22:04:12 +01:00
Michael Niedermayer
cef3422b48
avformat/hls: Fix twitter
Allow mp4 with all mpegts extensions

Fixes: Ticket11435
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-02-06 22:04:11 +01:00
Kacper Michajłow
c17774a9ae
avformat/mov: fix eof check in mov_read_iinf()
This fix ensures that the loop stops early on EOF. The issue occurs
because mov_read_infe() performs a version check and skips unsupported
versions. The problem is that seeking within the stream clears the EOF
flag, causing avio_feof() to not function as expected. This is resolved
by moving the EOF check after reading the size and type, ensuring the
EOF flag is set when necessary.

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-02-06 22:04:11 +01:00
Tomas Härdin
9729444c7d lavf/mxfenc: Return AVERROR(EINVAL) in mxf_write_jpeg2000_subdesc() is pixfmt not set 2025-02-05 15:48:22 +01:00
Tomas Härdin
0202c7cc2e lavf/mxfenc: Make write_desc return int
This enables returning AVERRORs
2025-02-05 15:48:22 +01:00
Zhao Zhili
4307008b9a avformat/matroskaenc: log unsupported subtitle codec name
It's more user friendly than codec ID.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
Reviewed-by: Marth64 <marth64@proxyid.net>
2025-02-04 13:42:43 +08:00
Zhao Zhili
1c5961e4b4 avformat/seek: Remove always true condition
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2025-02-04 01:24:23 +08:00
Zhao Zhili
ef3ffd8c5c avformat/seek: Remove dead code
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
Reviewed-by: Marth64 <marth64@proxyid.net>
2025-02-04 01:22:57 +08:00
Michael Niedermayer
0113e30806
libavformat/hls: Be more restrictive on mpegts extensions
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-02-02 02:42:03 +01:00
Michael Niedermayer
9e12572933
avformat/hls: .ts is always ok even if its a mov/mp4
Maybe fixes: 11435

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-02-02 02:42:02 +01:00
Michael Niedermayer
d845533130
avformat/hls: Print input format in error message
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-31 23:10:02 +01:00
James Almer
02958ab715 avformat/mov: fix overflow in drift timestamp calculation
Fixes: signed integer overflow: 7803923888585309955 - -3407677434275325337 cannot be represented in type 'int64_t' (aka 'long')
Fixes: 377736723/clusterfuzz-testcase-minimized-media_pipeline_integration_fuzzer-5052449500889088

Signed-off-by: James Almer <jamrial@gmail.com>
2025-01-30 10:56:59 -03:00
Kacper Michajłow
4ba9ae7742 avformat/vqf: fix memory leak in add_metadata()
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
2025-01-29 21:57:10 +02:00
Jan Ekström
4401e4b606 avformat/id3v2: add image/webp for WebP attached pictures
Found out to have been utilized via a user reporting an attached
image not being available in a player utilizing avformat's demuxing
capabilities.
2025-01-28 21:57:35 +02:00
Martin Storsjö
8f4819ce01 rtmpproto: Avoid rare crashes in the fail: codepath in rtmp_open
When running the cleanup in rtmp_close on failures in rtmp_open,
we can in rare cases end up using rt->playpath, assuming that it
is still set.

The crash could happen if we hit the fail codepath in rtmp_open
while publishing (rt->is_input == 0) with rt->state set to
a value > STATE_FCPUBLISH.

This would normally not happen while publishing; either we have
an error (and rt->state <= STATE_FCPUBLISH) or we reach
rt->state = STATE_PUBLISHING, and then we also return successfully
from rtmp_open.

The unexpected combination of states could happen if the server
responds with e.g. "NetStream.Play.Stop" while expecting
"NetStream.Publish.Start"; this sets rt->state to STATE_STOPPED,
which also fulfills the condition "> STATE_FCPUBLISH".

We don't need to free the rt->playpath/tcurl/flashver strings here;
they're handled via AVOption, and thus are freed automatically when
the protocol instance is freed (that's why they aren't freed
manually within the rtmp_close function either).

We also don't need to free the AVDictionary with options; it's
owned by the caller.

A smaller fix would be to just call rtmp_close before freeing
the strings and dictionary, but as we don't need to free them
at all, let's remove that redundant code.

Signed-off-by: Martin Storsjö <martin@martin.st>
2025-01-28 19:56:39 +02:00
Michael Niedermayer
91d96dc8dd
avformat/hls: Be more picky on extensions
This blocks disallowed extensions from probing
It also requires all available segments to have matching extensions to the format
mpegts is treated independent of the extension

It is recommended to set the whitelists correctly
instead of depending on extensions, but this should help a bit,
and this is easier to backport

Fixes: CVE-2023-6602 II. HLS Force TTY Demuxer
Fixes: CVE-2023-6602 IV. HLS XBIN Demuxer DoS Amplification

The other parts of CVE-2023-6602 have been fixed by prior commits

Found-by: Harvey Phillips of Amazon Element55 (element55)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-26 01:12:28 +01:00
Michael Niedermayer
c733e2b5ed
Revert "avformat/mpegts: Add standard extension so hls can check in extension_picky mode"
The next commit implements the hls fix in a way that doesnt need this

This reverts commit 54897da7ce.
2025-01-26 01:12:28 +01:00
Michael Niedermayer
6ecc96f4d0
avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet()
Fixes: Use of uninitialized memory
Fixes: 71444/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5448597561212928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-21 22:55:11 +01:00
Michael Niedermayer
aec2933344
avformat/iamf_reader: Initialize padding and check read in ff_iamf_read_packet()
Fixes: Use of uninitialized memory
Fixes: 377642312/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-4554550985424896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-21 22:55:10 +01:00
Michael Niedermayer
788abe0d25
avformat/ipmovie: Check signature_buffer read
Fixes: use of uninitilaized data
Fixes: 385167047/clusterfuzz-testcase-minimized-ffmpeg_dem_IPMOVIE_fuzzer-5941477505564672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-21 22:55:09 +01:00
Michael Niedermayer
17b019c517
avformat/wtvdec: Initialize buf
ff_parse_mpeg2_descriptor() reads over what is initialized
Fixes: use of uninitialized memory
Fixes: 383825645/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5144130618982400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-21 22:55:09 +01:00
Michael Niedermayer
49fa3f6c5b
avformat/vqf: Propagate errors from add_metadata()
Suggested-by: Marton Balint <cus@passwd.hu>
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-21 22:55:08 +01:00
Michael Niedermayer
c43dbecbda
avformat/vqf: Check avio_read() in add_metadata()
Fixes: use of uninitialized data
Fixes: 383825642/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5380168801124352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-21 22:55:08 +01:00
Michael Niedermayer
54897da7ce
avformat/mpegts: Add standard extension so hls can check in extension_picky mode
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-21 21:06:14 +01:00
Timo Rothenpieler
a3e506455e avformat/flvdec: correctly skip command frame for enhanced flv 2025-01-18 21:57:02 +01:00
Timo Rothenpieler
ced9fddec0 avformat/flvdec: implement support for parsing ModEx data 2025-01-18 21:57:02 +01:00
Michael Niedermayer
4c96d6bf75
avformat/dashdec: Check whitelist
Fixes: CVE-2023-6602, V. DASH Playlist SSRF

Found-by: Harvey Phillips of Amazon Element55 (element55)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-17 23:33:27 +01:00
James Almer
c08d300481 avformat/avformat: also clear FFFormatContext packet queue when closing a muxer
packet_buffer is used in mux.c, and if a muxing process fails at a point where
packets remained in said queue, they will leak.

Fixes ticket #11419

Signed-off-by: James Almer <jamrial@gmail.com>
2025-01-17 10:10:51 -03:00
Michael Niedermayer
afbc3a1b23
avformat/mov: perform sanity checks for heif before index building
Fixes: undefined NULL pointer use
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-6363211175493632

This performs equivalent sanity checks as are done in mov_read_trak()
before mov_build_index()

Reported-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-15 01:27:45 +01:00
Michael Niedermayer
16b3d3e3eb
avformat/mov: Factorize sanity check out
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-15 01:27:45 +01:00
James Almer
fd1772b747 avformat/mov: fix potential unsigned underflow in loop condition
if sc->tts_count is 0, this condition will wrap around to UINT_MAX and the
code will try to dereference a NULL pointer.

Fixes ticket #11417

Signed-off-by: James Almer <jamrial@gmail.com>
2025-01-13 19:27:00 -03:00
James Almer
d5873be583 avformat/iamf_parse: add missing av_free() call on failure path
Fixes ticket #11416

Signed-off-by: James Almer <jamrial@gmail.com>
2025-01-13 17:28:22 -03:00
James Almer
df50370e1b avformat/matroska: add support for VVC streams
As defined in https://github.com/ietf-wg-cellar/matroska-specification/blob/master/codec_specs.md#v_mpegiisovvc

Signed-off-by: James Almer <jamrial@gmail.com>
2025-01-12 11:13:31 -03:00
Peter Ross
2202dcfc0f avformat/iff: ignore FVER tag when not processing DSD/DST files
Fixes ticket #10030.
2025-01-12 11:14:16 +11:00
Peter Ross
ba22d6a24f avformat/wtvenc: do not output negative 'third timestamp' field
Fixes ticket #3659.
2025-01-12 11:07:57 +11:00
Peter Ross
330470ef24 avformat/mlvdec: skip over some other known block types 2025-01-12 10:55:47 +11:00
Peter Ross
45c30bc51e avformat/mlvdec: process VERS block 2025-01-12 10:55:44 +11:00
Peter Ross
86dd15fd0d avformat/mlvdec: demux LJ92 huffman comressed frames
A minimal DNG header is added to each LJ92 compressed frame, allowing
thme to be decoded by the TIFF decoder. The TIFF decoder is responsible
for setting up the MJPEG decoder, signalling the correct s->bayer flag,
and setting pix_fmt.

The LJ92 compressed frames can be muxed out to DNG files, and manipulated
in DNG software. Tested with darktable and rawtherapee.

Contributor: South East <8billion.people@gmail.com>
2025-01-12 10:55:39 +11:00
Timo Rothenpieler
b76053d8bf avformat/flvdec: add support for legacy HEVC files 2025-01-10 21:55:23 +01:00
James Almer
292c1df7c1 avformat/mov: merge stts and ctts arrays into one
Should reduce memory usage as well as remove code duplication.

Signed-off-by: James Almer <jamrial@gmail.com>
2025-01-10 10:39:00 -03:00
Jonathan Baudanza
c0fbb6d5b7 avformat/rtpdec: int overflow in start_time_realtime
This was previously adjusted by me in 6b3f9c2e92.
Unfortunately, I traded one integer overflow bug for
another.

Currently, NTP timestamps that exceed INT64_MAX
(~Jan 20, 1968) will cause an overflow when passed
to av_rescale.

This patch replaces av_rescale, which operates on
int64_t, with ff_parse_ntp_time, which operates on
uint64_t. This will give the correct values for
timestamps back around the NTP epoch and present day
timestamps.

Fixes ticket #11388.

Signed-off-by: Martin Storsjö <martin@martin.st>
2025-01-10 12:09:27 +02:00
Michael Niedermayer
4485a0fd77
avformat/iamf_parse: Check output_channel_count
Fixes: -nan is outside the range of representable values of type 'int'
Fixes: 377072730/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6545416570601472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-08 23:23:26 +01:00
Michael Niedermayer
f7cc023f06
avformat/mxfdec: Check edit_unit for being larger than signed 64bit
Fixes: signed integer overflow: 2 * -4962931467012268000 cannot be represented in type 'long'
Fixes: 376496313/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4921469185884160

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-08 23:23:25 +01:00
Marth64
910e5a275d avformat/avformat.h: elaborate documentation for avformat_open_input() on error condition
Signed-off-by: Marth64 <marth64@proxyid.net>
2025-01-08 00:14:13 -06:00
NyanMaths
1215fefcb8
avformat/ipfsgateway: fix capitalizaton mistake
Fix the incorrect capitalization of the project name in a comment.
The project is named FFmpeg, not FFMpeg.

Signed-off-by: Leo Izen <leo.izen@gmail.com>
2025-01-07 17:47:15 -05:00
James Almer
692ce2503e avformat/flvdec: initialize ret in flv_read_packet() to AVERROR_BUG
This will ensure any future goto leave that may be added doesn't accidentally forget to
set ret to some proper value.

Reviewed-by: Timo Rothenpieler <timo@rothenpieler.org>
Signed-off-by: James Almer <jamrial@gmail.com>
2025-01-07 16:09:49 -03:00
Timo Rothenpieler
af74fe7139 avformat/flvdec: don't leak extradata pointer on realloc failure 2025-01-07 19:20:30 +01:00