Commit graph

26622 commits

Author SHA1 Message Date
Kacper Michajłow
a9b9636046 avformat/vivo: fix sscanf specifer for double
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
2025-07-25 21:10:16 +02:00
Kacper Michajłow
c6ea6ac39b avformat/os_support: check invalid socket value correctly on Windows
SOCKET defined in winsock2.h is unsigned and invalid value is defined as
INVALID_SOCKET. Check this explicity to avoid compiler warnings.

See: https://learn.microsoft.com/en-us/windows/win32/winsock/socket-data-type-2
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
2025-07-25 21:10:16 +02:00
Kacper Michajłow
d6b72d1d26 avformat/options_table: supress implicit conversion warnings
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
2025-07-25 21:10:13 +02:00
Kacper Michajłow
29d274afe7 avformat/udp: avoid warning about always false comparison
socklen_t underlying type can be signed or unsigned depending on
platform. This is fine, just cast it to size_t before comparison.

Fixes: warning: result of comparison of unsigned expression < 0 is
       always false [-Wtautological-unsigned-zero-compare]

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
2025-07-22 19:56:34 +02:00
James Almer
87cc213748 avformat/hevc: don't print parameter_set_id for any NALU
It's not a value stored in the hvcC structure.
Fixes use of uninitialized variable errors under sanitizer when the input extradata is
already hvcC formatted, given we don't parse parameter sets for those.

Signed-off-by: James Almer <jamrial@gmail.com>
2025-07-22 09:47:18 -03:00
Marvin Scholz
080dc4cf54 avformat/tls_openssl: load default verify locations
When no explicit CAs file is set, load the default locations,
else there is no way for verification to succeed.

This matches the behavior of other TLS backends.
2025-07-22 02:43:54 +02:00
Marvin Scholz
f4befeb767 avformat/tls_openssl: verify setting hostname for SNI 2025-07-22 02:43:54 +02:00
Daniel N Pettersson
e56fd2af1a avformat/tls_openssl: add hostname for verification
When verification is enabled (using -tls_verify 1) now
the hostname will be verified properly too, while before
only other aspects of the certificate were checked.

Co-Authored-By: Marvin Scholz <epirat07@gmail.com>
2025-07-22 02:43:54 +02:00
Michael Niedermayer
8cdb47e47a
avformat/concatdec: Clip duration in one more case in get_best_effort_duration()
Fixes: signed integer overflow: 40000 - -9223372036854770000 cannot be represented in type 'long'
Fixes: 427262541/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-4831506940100608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-07-21 01:27:23 +02:00
James Almer
85ac589211 avformat/apv: use memset to zero initialize frame_info
Don't rely on implicit zeroing.
Should fix fate failures on msvc targets.

Found-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2025-07-19 20:01:57 -03:00
James Almer
36b8c200fb avformat/hevc: don't print parameter_set_id for SEI NALUs
The field is unset for those.

Fixes use of uninitialized variable errors under sanitizer.

Signed-off-by: James Almer <jamrial@gmail.com>
2025-07-18 17:41:41 -03:00
James Almer
e32264a1e1 avformat/mov: don't assume iloc and iinf entries for each item_id will be in the same order
Nothing forbids them to be in any order the muxer desires.

Fixes demuxing heif samples generated by S1II.

Tested-by: Lynne <dev@lynne.ee>
Signed-off-by: James Almer <jamrial@gmail.com>
2025-07-18 14:57:09 -03:00
Dawid Kozinski
8baa691e5f avformat/mov_muxer: Extended MOV muxer to handle APV video content
- Changes in mov_write_video_tag function to handle APV elementary stream
- Provided structure APVDecoderConfigurationRecord that specifies the decoder configuration information for APV video content

Co-Authored-by: James Almer <jamrial@gmail.com>
Signed-off-by: Dawid Kozinski <d.kozinski@samsung.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2025-07-18 14:54:36 -03:00
Eric Joyner
291ec0faf3 avformat/mov: Enable jpeg streams in HEIF MOVContext
Nikon HEIFs from a camera or NX studio include a small jpeg thumbnail in addition to
the expected HEVC thumbnails; allowing jpegs allows all thumbnails to
have an associated stream for Nikon HEIF files.

With this, Nikon HEIFs can finally be decoded without failing and the
thumbnails can be extracted into their own files.

Signed-off-by: Eric Joyner <erj@erj.cc>
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: James Almer <jamrial@gmail.com>
2025-07-17 21:54:03 -03:00
Eric Joyner
fb163eb28b avformat/mov: Support multiple thumbnails in HEIF
Prevents ffmpeg/ffprobe from erroring out when reading an HEIF that
contains multiple hvcC thumbnails (e.g. from a Nikon Z6III camera).

Before, move_read_iref_thmb() would always override the stored
thmb_item_id in the MOVContext with each new read thumbnail, causing a
stream and item_id mismatch later in mov_parse_heif_items(), resulting
in the "HEIF thumbnail doesn't reference a stream" error message.

To solve this,

- Turn thmb_item_id into an array of IDs because multiple thumbnails can
  exist
- Change check in mov_parse_heif_items() to compare against all stored
  thumbnail IDs to see if any item missing a stream is in the list of
  thumbnail IDs.

Signed-off-by: Eric Joyner <erj@erj.cc>
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: James Almer <jamrial@gmail.com>
2025-07-17 21:54:03 -03:00
Jack Lau
25e710c61e avformat/whip: force NONBLOCK for rtp
We need to ensure rtp sets NONBLOCK since the dtls
handshake has potentially overriden the sockets mode.

Signed-off-by: Jack Lau <jacklau1222@qq.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2025-07-17 14:33:47 +02:00
Timo Rothenpieler
e6d2c67cd0 avformat/tls_openssl: avoid unusual inline-if style 2025-07-17 14:06:07 +02:00
Jack Lau
abb274b154 avformat/tls_openssl: make tls and dtls use one close function
Signed-off-by: Jack Lau <jacklau1222@qq.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2025-07-17 14:04:32 +02:00
Jack Lau
e6af82c498 avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass
Signed-off-by: Jack Lau <jacklau1222@qq.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2025-07-17 02:35:11 +02:00
Jack Lau
dda91b87e8 avformat/tls_openssl: replace 1 with TLS_ST_OK to be more clear
Signed-off-by: Jack Lau <jacklau1222@qq.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2025-07-17 02:35:07 +02:00
Jack Lau
7bd3bdbd62 avformat/whip: free udp socket after dtls free
the SSL_shutdown in tls_close need call the url_bio_bwrite
so we should keep udp still alive

Signed-off-by: Jack Lau <jacklau1222@qq.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2025-07-17 02:35:01 +02:00
Timo Rothenpieler
95eae5dd50 avformat/tls_openssl: unset nonblock flag on correct URLContext during dtls handshake
The internal BIO functions do not in fact look at this flag, only the outer
tls_read and tls_write functions do.
2025-07-17 02:20:34 +02:00
Jack Lau
7afe1167e5 avformat/tls_openssl: set tlsext host name after init ssl
Signed-off-by: Jack Lau <jacklau1222@qq.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2025-07-17 02:04:38 +02:00
Timo Rothenpieler
9015d595a1 avformat/flvdec: don't skip backwards or over EOF
Skipping backwards (and even forwards) resets the EOF flag, and can thus
lead to infinite looping if the conditions are just right.

Fixes: Infinite loop
Fixes: 427538726/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-6582567304495104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2025-07-16 19:05:51 +02:00
Timo Rothenpieler
483e509169 avformat/tls_openssl: automatically generate self-signed certificate when none is provided in listen mode 2025-07-16 18:46:55 +02:00
Timo Rothenpieler
454f161b4b avformat/tls_openssl: make generating fingerprints optional 2025-07-16 18:46:55 +02:00
Timo Rothenpieler
40ce64eae7 avformat/tls_openssl: don't expose deprecated EC_KEY outside of its function 2025-07-16 18:46:55 +02:00
Timo Rothenpieler
5339db2cf4 avformat/tls_openssl: properly free generated/read keys and certificates 2025-07-16 18:46:55 +02:00
Timo Rothenpieler
49badc8689 avformat/tls_openssl: don't enable read_ahead in dtls mode
OpenSSL docs say:
These functions have no impact when used with DTLS.
2025-07-16 18:46:55 +02:00
Timo Rothenpieler
31abcc1505 avformar/tls_openssl: use correct info callback in DTLS mode 2025-07-16 18:46:55 +02:00
Timo Rothenpieler
5edbfc4bae avformat/tls_openssl: clean up peer verify logic in dtls mode 2025-07-16 18:46:55 +02:00
Timo Rothenpieler
95fd0840fe avformat/tls_openssl: don't hardcode ciphers and curves for dtls 2025-07-16 18:46:55 +02:00
Timo Rothenpieler
f3355a1fff avformat/tls_openssl: properly limit written size to data mtu 2025-07-16 18:46:55 +02:00
Timo Rothenpieler
576f44016a avformat/tls_openssl: set default MTU if none is set 2025-07-16 18:46:55 +02:00
Timo Rothenpieler
b6e808d28b avformat/tls_openssl: initialize DTLS context with correct method 2025-07-16 18:46:55 +02:00
Timo Rothenpieler
db0adbbd3f avformat/tls_openssl: don't abort if dtls has no key/cert set 2025-07-16 18:46:55 +02:00
Timo Rothenpieler
951013e603 avformat/tls_openssl: force dtls handshake to be blocking
There is no sensible way to handle this otherwise anyway, one just has
to loop over this function until it succeeds.
2025-07-16 18:46:55 +02:00
Timo Rothenpieler
87b09f3931 avformat/tls_openssl: set dtls remote addr in listen mode
Taken from the first received packet, which will signify the now
permanent peer of this DTLS "connection".
2025-07-16 18:46:55 +02:00
James Almer
307983b292 avformat/tls_schannel: add check for Windows 10 only types and defines
Old Mingw-w64 releases provided by some distros seemingly don't have them, so
check for them and disable the dtls protocol if unavailable.

Signed-off-by: James Almer <jamrial@gmail.com>
2025-07-15 10:24:08 -03:00
Timo Rothenpieler
9b6638e125 avformat/tls_schannel: fix non-blocking write breaking TLS sessions 2025-07-11 17:49:58 +02:00
Timo Rothenpieler
9cd86c431b avformat/tls_schannel: add option to load server certificate from store 2025-07-11 17:49:57 +02:00
Timo Rothenpieler
90fa9636ef avformat/tls_schannel: add DTLS support 2025-07-11 17:49:57 +02:00
Timo Rothenpieler
6af099522e avformat/tls: make passing an external socket universal 2025-07-11 17:49:57 +02:00
Timo Rothenpieler
2604c86c1f avformat/udp: add function to set remote address directly 2025-07-11 17:49:57 +02:00
Timo Rothenpieler
585cae13fa avformat/udp: separate rx and tx fifo 2025-07-11 17:49:57 +02:00
Timo Rothenpieler
af04a27893 avformat/udp: make recv addr of each packet available 2025-07-11 17:49:57 +02:00
Timo Rothenpieler
2c7e117fe0 avformat/tls: move whip specific init out of generic tls code 2025-07-11 17:49:57 +02:00
Marvin Scholz
7c91ae9419 avformat/rtsp: check copy_tls_opts_dict
Properly check av_dict_set return values and propagate them to
the caller so they can be handled.
2025-07-11 16:32:05 +02:00
Marvin Scholz
c4e8ac3d0e avformat/rtsp: use av_unreachable 2025-07-11 16:32:05 +02:00
Marvin Scholz
c425951c05 avformat/rtsp: fix misleading indentation 2025-07-11 16:32:05 +02:00