github-mirrors/FFmpeg
1
0
Fork 0
mirror of https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg synced 2026-04-30 22:00:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
108,201 Commits 39 Branches 417 Tags
release/5.1
Commit Graph

530 Commits

Author SHA1 Message Date
Michael Niedermayer
ef236e509e avformat/mxfdec: Check edit unit for overflow in mxf_set_current_edit_unit() 
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
Fixes: 392672068/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6232335892152320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a6ad9eab2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2025-08-04 16:35:55 +02:00
Michael Niedermayer
1b1acf964f avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet() 
Fixes: Use of uninitialized memory
Fixes: 71444/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5448597561212928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ecc96f4d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2025-08-04 16:35:54 +02:00
Michael Niedermayer
910affb8a1 avformat/mxfdec: Check that key was read sucessfull 
Fixes: use of uninitialized value
Fixes: 70932/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4870202133643264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c62cbcae2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2025-08-04 16:35:47 +02:00
Michael Niedermayer
cbf8d621e1 avformat/mxfdec: Fix overflow in midpoint computation 
Fixes: signed integer overflow: 4611686016549392399 + 9223372033098784800 cannot be represented in type 'long long'
Fixes: 368503277/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5928227458056192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 23088a5ff2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2025-08-04 16:35:39 +02:00
Michael Niedermayer
4afe8f4484 avformat/mxfdec: Check timecode for overflow 
Fixes: signed integer overflow: 9223372036840103968 + 538976288 cannot be represented in type 'long'
Fixes: 70604/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4844090340999168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6be3786c82)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2025-08-04 16:35:33 +02:00
Michael Niedermayer
b409adb80c avformat/mxfdec: More offset_temp checks 
Fixes: signed integer overflow: 9223372036854775807 - -1927491430256034080 cannot be represented in type 'long'
Fixes: 70607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5282235077951488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a96aa435a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2025-08-04 16:35:33 +02:00
Michael Niedermayer
3b253df309 avformat/mxfdec: Reorder elements of expression in bisect loop 
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 68578/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6032171648221184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d8d288479d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-22 01:18:32 +02:00
Michael Niedermayer
691aa476d7 avformat/mxfdec: Check container_ul->desc before use 
Fixes: CID1592939 Dereference after null check

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4cab028bd0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-21 17:22:23 +02:00
Michael Niedermayer
a17885a73d avformat/mxfdec: Check body_offset 
Fixes: signed integer overflow: 538976288 - -9223372036315799520 cannot be represented in type 'long'
Fixes: 68060/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5523457266745344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 20a6bfda0f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-06-13 11:22:05 +02:00
Michael Niedermayer
cdbdfdf804 avformat/mxfdec: Check index_edit_rate 
Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62
Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed49391961)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-04 21:10:42 +02:00
Michael Niedermayer
f830fddbd3 avformat/mxfdec: Make edit_unit_byte_count unsigned 
Suggested-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f30fe5e8d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:04:50 +02:00
Michael Niedermayer
dcd1ed180b avformat/mxfdec: Check first case of offset_temp computation for overflow 
This is kind of ugly
Fixes: signed integer overflow: 255 * 1157565362826411919 cannot be represented in type 'long'
Fixes: 67313/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6250434245230592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6ed6f6e8d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:04:50 +02:00
Marton Balint
25c1d8cbcf avformat/mxfdec: remove resolve_strong_ref usage with AnyType 
UUIDs do not have to be unique if their type sets them apart, so avoid using
AnyType, since we are only interested in specific types.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit aa299faa9a)
 2024-03-19 20:58:41 +01:00
Marton Balint
68f0e9645d avformat/mxfdec: do not use AnyType when resolving Descriptors and MultipleDescriptors 
By using AnyType for resolving a strong reference we searched among all types,
not just the ones which can be the target of the reference, which in some cases
caused to find the wrong type, if the metadata set UUIDs were not unique.

UUIDs do not have to be unique if their type sets them apart, SMPTE 377M says:

> StrongRef: 'One to One’ relationship between sets and implemented in MXF
> with UUIDs. Strong References are typed which means that the definition
> identifies the kind of set which is the target of the reference.

Fixes ticket #10865.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 68f2b32ef2)
 2024-02-20 21:57:26 +01:00
Marton Balint
b0c647d1d9 avformat/mxfdec: move resolving Descriptors to the multi descriptor resolve function 
Also remove unused descriptor member from MXFPackage.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 41672f5586)
 2024-02-20 21:57:26 +01:00
Michael Niedermayer
905819d18a avformat/mxfdec: Check klv offset 
Fixes: Assertion klv_offset >= mxf->run_in failed at libavformat/mxfdec.c:736
Fixes: 62936/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5778404366221312.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 70f5fa6325)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-10-30 00:39:14 +01:00
Michael Niedermayer
b358b080a1 avformat/mxfdec: Remove this_partition 
Suggested-by: Tomas Härdin <git@haerdin.se>
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5130394286817280

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 442d9412d2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-10-30 00:39:06 +01:00
Michael Niedermayer
87e6221d53 avformat/mxfdec: Use 64bit in remainder 
Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int'
Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 64a04fc165)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-02-22 00:03:43 +01:00
Michael Niedermayer
a3d59e33d9 avformat/mxfdec: only probe max run in 
Suggested-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1182bbb2c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:17 +02:00
Michael Niedermayer
89c2911a3c avformat/mxfdec: Check run_in is within 65536 
Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7786097825)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:17 +02:00
Andreas Rheinhardt
9ff0fbbc0a avformat/mxfdec: Offload allocating string to av_dict_set() 
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2022-06-16 18:39:46 +02:00
Andreas Rheinhardt
6b5e3590c7 avformat/mxfdec: Use ff_data_to_hex() for data->hex conversion 
In this case it also stops pretending that the length of
the output string is somehow checked (which is currently
being done by using snprintf that is called with the amount
of space needed instead of the amount of space actually available).

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2022-06-16 18:39:25 +02:00
Andreas Rheinhardt
8823900b14 avformat/mxfdec: Don't duplicate av_uuid_unparse 
Also don't allocate the string ourselves, let av_dict_set()
do it.

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2022-06-16 18:39:09 +02:00
Andreas Rheinhardt
35ec5c819b avformat/demux: Add new demux.h header 
And move those stuff already in demuxer-only files to it.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2022-05-10 07:37:38 +02:00
Michael Niedermayer
7aebdb8bf1 avformat/mxfdec: Do not clear array in mxf_read_strong_ref_array() before writing 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-03-21 22:27:14 +01:00
Michael Niedermayer
8d6f49cfc3 avformat/mxfdec: Check for avio_read() failure in mxf_read_strong_ref_array() 
Fixes: 42827/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4900528511909888

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-03-21 22:27:14 +01:00
Michael Niedermayer
3015c556f3 avformat/mxfdec: Check count in mxf_read_strong_ref_array() 
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-03-21 22:27:14 +01:00
Vittorio Giovara
d219681a52 mxf: convert to new channel layout API 
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: James Almer <jamrial@gmail.com>
 2022-03-15 09:42:35 -03:00
Marc-Antoine Arnaud
47c4df2203 avformat/mxfdec: support MCA audio information 
Channel reordering is removed from this patch because the new channel layout
API will support it properly.

Signed-off-by: Marton Balint <cus@passwd.hu>
 2022-01-09 18:13:53 +01:00
Michael Niedermayer
4f44a218e5 avformat/mxfdec: Check for duplicate mxf_read_index_entry_array() 
Fixes: memleak
Fixes: 41596/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6439060204290048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-12-09 13:40:54 +01:00
Michael Niedermayer
a4af92d7cb avformat/mxfdec: Check component_depth in mxf_get_color_range() 
Fixes: shift exponent 4294967163 is too large for 32-bit type 'int'
Fixes: 41449/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6183636217495552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-12-09 13:12:45 +01:00
Marc-Antoine Arnaud
447cf53774 avformat/mxfdec: rename sub_descriptors as file_descriptors 
Signed-off-by: Marton Balint <cus@passwd.hu>
 2021-09-22 22:44:30 +02:00
Andreas Rheinhardt
1ea3650823 Replace all occurences of av_mallocz_array() by av_calloc() 
They do the same.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2021-09-20 01:03:52 +02:00
Andreas Rheinhardt
40bdd8cc05 avformat: Avoid allocation for AVStreamInternal 
Do this by allocating AVStream together with the data that is
currently in AVStreamInternal; or rather: Put AVStream at the
beginning of a new structure called FFStream (which encompasses
more than just the internal fields and is a proper context in its own
right, hence the name) and remove AVStreamInternal altogether.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2021-09-17 13:22:25 +02:00
Michael Niedermayer
3dd5a8a135 avformat/mxfdec: check channel number in mxf_get_d10_aes3_packet() 
Fixes: Out of array access
Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-13 21:13:05 +02:00
Marton Balint
f0d4077c53 avformat/mxfdec: store parition score instead of partition pointer in metadata 
Partition struct may be reallocated, so let's store the score directly in order
to avoid use-after-free.

Also mxf->current_partition might be null when reading some local tags.

Signed-off-by: Marton Balint <cus@passwd.hu>
 2021-08-14 11:19:39 +02:00
Marton Balint
188e17ac85 avformat/mxfdec: make MXFMetadataSet part of all metadata sets 
The code expects every kind of metadata set to start with the generic metadata
set attributes.

Signed-off-by: Marton Balint <cus@passwd.hu>
 2021-08-08 21:22:51 +02:00
Marton Balint
7b4bdcd68e avformat/mxfdec: prefer footer and complete partitions for metadata 
Also do not store inferior metadata with the same UID.

Signed-off-by: Marton Balint <cus@passwd.hu>
 2021-08-01 02:57:53 +02:00
Pierre-Anthony Lemieux
74e4382442 avformat/mxfdec: fix frame wrapping detection for J2K essence container 
For JPEG 2000 essence, the MXF input format module currently uses the value of
byte 14 of the essence container UL to determine whether the J2K essence is
clip- (byte 14 is 0x02) or frame-wrapped (byte 14 is 0x01). Otherwise it
assumes an unknown wrapping.

Additional wrappings are documented in SMPTE ST422:2019:

0x03: Interlaced Frame, 1 field/KLV
0x04: Interlaced Frame, 2 fields/KLV
0x05: Field-wrapped Picture Element
0x06: Frame-wrapped Picture Element

And these should also be handled as frame wrapped content.

Signed-off-by: Pierre-Anthony Lemieux <pal@sandflow.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
 2021-07-29 22:38:02 +02:00
Andreas Rheinhardt
fd101c9c3b avformat/internal: Move ff_read_line_to_bprint_overwrite to avio_internal.h 
It only uses an AVIOContext and an AVBPrint.

When doing so, it turned out that several non-users of
ff_read_line_to_bprint_overwrite() and ff_bprint_to_codecpar_extradata()
relied on libavformat/internal.h to include bprint.h or avstring.h
for them. In order to avoid a repeat of this and in order to reduce
unnecessary dependencies, a forward declaration of struct AVBPrint is
used instead of including bprint.h.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2021-07-29 22:02:05 +02:00
Andreas Rheinhardt
2934a4b9a5 Remove unnecessary avassert.h inclusions 
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2021-07-22 15:02:30 +02:00
Michael Niedermayer
65b862ab59 avformat/mxfdec: Check size for shrinking 
av_shrink_packet() takes int size, so size must fit in int
Fixes: out of array access
Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-07-17 10:48:27 +02:00
Andreas Rheinhardt
2135167c30 avformat/mxfdec: Simplify cleanup after read_header failure 
by setting the FF_FMT_INIT_CLEANUP flag.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2021-07-08 12:52:11 +02:00
Valerii Zapodovnikov
91ba771a3f avformat/mxfdec: fixed jp2k_rsiz and 170M matrix 
Again. 240M matrix is different from BT.601! And 170M is the same
as BT.601. It is primaries that are the same in 240M and 170M, as
for jp2k_rsiz see page 17 of ST 422:2019. IT WAS THERE since 2006.
This wrong jp2k_rsiz is a copy-paste of header_open_partition_key.
 2021-06-13 22:04:14 +02:00
James Almer
591b88e678 avformat: move AVStream.{first,cur}_dts to AVStreamInternal 
They are private fields, no reason to have them exposed in a public header.

Signed-off-by: James Almer <jamrial@gmail.com>
 2021-06-09 13:55:25 -03:00
James Almer
c768233293 avformat/utils: make ff_update_cur_dts() shared 
libavdevice needs it.

Signed-off-by: James Almer <jamrial@gmail.com>
 2021-06-09 13:55:25 -03:00
James Almer
b9c5fdf602 avformat: move AVStream.{parser,need_parsing} to AVStreamInternal 
Those are private fields, no reason to have them exposed in a public
header.

Signed-off-by: James Almer <jamrial@gmail.com>
 2021-05-07 09:27:21 -03:00
Andreas Rheinhardt
bc70684e74 avformat: Constify all muxer/demuxers 
This is possible now that the next-API is gone.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: James Almer <jamrial@gmail.com>
 2021-04-27 11:48:06 -03:00
Michael Niedermayer
f7c3484b26 avformat/mxfdec: Fix file position addition 
Fixes: signed integer overflow: 9223372036854775805 + 4 cannot be represented in type 'long'
Fixes: 29927/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5579985228267520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-04-22 16:22:22 +02:00
Andreas Rheinhardt
ea1e15fdc4 avformat/mxfdec: Fix leak on error 
It was introduced in d3d9b1fc8e2dfc8b4d66c9916ab7221062ff4660;
Fixes Coverity issue #733800.

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
 2021-03-19 00:42:27 +01:00