Fixes: signed integer overflow: 9223371898743775808 - -138111000000 cannot be represented in type 'long'
Fixes: 46245/clusterfuzz-testcase-minimized-ffmpeg_dem_OGG_fuzzer-5075129786302464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This search takes alot of time especially when compared with small packets
46631 decicycles -> 15719 decicycles in read_frame_internal() for amr-nb in 3gp
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is a workaround until avcodec_close() stops freeing ch_layout through
av_opt_fre(), or the former is removed.
Fixes a regression since 327efa6633.
Signed-off-by: James Almer <jamrial@gmail.com>
This avoids unnecessary rebuilds of most source files if only the
list of enabled components has changed, but not the other properties
of the build, set in config.h.
Signed-off-by: Martin Storsjö <martin@martin.st>
Since the request_channel_layout is used only by a handful of codecs,
move the option to codec private contexts.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: James Almer <jamrial@gmail.com>
Mediates between old-style (de)muxers and new-style callers. Will be
removed once all the (de)muxers are converted to the new API.
Signed-off-by: James Almer <jamrial@gmail.com>
Up until now, we had a PacketList structure which is actually
a PacketListEntry; a proper PacketList did not exist
and all the related functions just passed pointers to pointers
to the head and tail elements around. All these pointers were
actually consecutive elements of their containing structs,
i.e. the users already treated them as if they were a struct.
So add a proper PacketList struct and rename the current PacketList
to PacketListEntry; also make the functions use this structure
instead of the pair of pointers.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
libavcodec currently exports four avpriv symbols that deal with
PixelFormatTags: avpriv_get_raw_pix_fmt_tags, avpriv_find_pix_fmt,
avpriv_pix_fmt_bps_avi and avpriv_pix_fmt_bps_mov. The latter two are
lists of PixelFormatTags, the former returns such a list and the second
searches a list for a pixel format that matches a given fourcc; only
one of the aforementioned three lists is ever searched.
Yet for avpriv_pix_fmt_bps_avi, avpriv_pix_fmt_bps_mov and
avpriv_find_pix_fmt the overhead of exporting these functions actually
exceeds the size of said objects (at least for ELF; the following numbers
are for x64 Ubuntu 20.10):
The code size of avpriv_find_pix_fmt is small (GCC 10.2 37B, Clang 11 41B),
yet exporting it adds a 20B string for the name alone to the exporting
as well as to each importing library; there is more: Four bytes in the
exporting libraries .gnu.hash; two bytes each for the exporting as well
as each importing libraries .gnu.version; 24B in the exporting as well
as each importing libraries .dynsym; 16B+24B for an entry in .plt as
well as the accompanying relocation entry in .rela.plt for each
importing library.
The overhead for the lists is similar: The strings are 23B and the
.plt+.rela.plt pair is replaced by 8B+24B for an entry in .got and
a relocation entry in .rela.dyn. These lists have a size of 80 resp.
72 bytes.
Yet for ff_raw_pix_fmt_tags, exporting it is advantageous compared to
duplicating it into libavformat and potentially libavdevice. Therefore
this commit replaces all library uses of the four symbols with a single
function that is exported for shared builds. It has an enum parameter
to choose the desired list besides the parameter for the fourcc. New
lists can be supported with new enum values.
Unfortunately, avpriv_get_raw_pix_fmt_tags could not be removed, as the
fourcc2pixfmt tool uses the table of raw pix fmts. No other user of this
function remains.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This piece of code has been added as FFmpeg's answer to
infinite loops in try_decode_frame() in commit
6072a19b4f. There is no loop
around try_decode_frame() any more, so this code can be removed.
This code is only triggered in case a) the codec parameter could
not be determined, b) the decode delay could not be guessed or
c) no packet was ever encountered and the encoder has the
AV_CODEC_CAP_CHANNEL_CONF. In these cases the new code will
no longer emit a "decoding for stream %d failed" message, which is
prima facie false. In case a) an additional "Could not find codec
parameters" message is (and will be) emitted. No warning will be
emitted any more in case b) (this happens e.g. with some
h264-conformance FATE-files).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
When flushing, try_decode_frame() itself loops until the desired
properties have been found or the decoder is drained.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Previously this was hardcoded to 2500000 bytes, so probing of the stream codecs
was always limited by this, and not probesize.
Also keep track of the actual size of packets in raw_packet_buffer and not the
remaining size for simplicity.
Fixes ticket #5860.
Signed-off-by: Marton Balint <cus@passwd.hu>
If original packet is corrupted, then parsed packet is probably corrupted too.
Let the application decide what to do.
Signed-off-by: Alex Shumsky <alexthreed@gmail.com>
libavformat/utils.c has over 4800 lines and is supposed to contain
"various utility functions for use within FFmpeg". In reality it
contains all that and the whole demuxing core of libavformat.
This is especially bad, because said file includes the FFMPEG_VERSION
(the git commit sha) so that it is rebuilt whenever the commit HEAD
points to changes. Therefore this commit makes it smaller by moving
the demuxing code out to a new file, demux.c (in analogy to mux.c
for the muxing code).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
libavformat/utils.c has over 5500 lines and is supposed to contain
"various utility functions for use within FFmpeg". In reality it
contains all that and the whole demuxing+seeking core of libavformat.
This is especially bad, because said file includes the FFMPEG_VERSION
(the git commit sha) so that it is rebuilt whenever the commit HEAD
points to changes. Therefore this commit starts making it smaller
by factoring the seeking code out.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Do this by allocating AVStream together with the data that is
currently in AVStreamInternal; or rather: Put AVStream at the
beginning of a new structure called FFStream (which encompasses
more than just the internal fields and is a proper context in its own
right, hence the name) and remove AVStreamInternal altogether.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This gets rid of ugly "->internal" and is in preparation for removing
AVStreamInternal altogether.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Do this by allocating AVFormatContext together with the data that is
currently in AVFormatInternal; or rather: Put AVFormatContext at the
beginning of a new structure called FFFormatContext (which encompasses
more than just the internal fields and is a proper context in its own
right, hence the name) and remove AVFormatInternal altogether.
The biggest simplifications occured in avformat_alloc_context(), where
one can now simply call avformat_free_context() in case of errors.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This gets rid of ugly "->internal" and is in preparation for removing
AVFormatInternal altogether.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: signed integer overflow: -5994697211974418462 + -3255307777713450286 cannot be represented in type 'long'
Fixes: 35332/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5868035117285376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It is unnecessary and also ill-defined: av_malloc() returns a 1-byte
block of memory in this case, but this is not documented.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The chapters are independently allocated, so that comparing
the pointers is undefined behaviour. Furthermore, its result
is not platform-independent (and may not even be deterministic
on a particular platform). So compare the chapters' ids instead.
(avpriv_new_chapter() ensures that there are no duplicate ids.)
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This structure is only used for demuxers (mostly in
avformat_find_stream_info()), so only allocate it for them.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
It has been allocated and initialized in avformat_find_stream_info()
until fd0368e7ca when the structure
was moved to AVStreamInternal and its allocation to avformat_new_stream.
In order to also initialize the struct for new streams that only get
created during avformat_find_stream_info() said the initialization has
been added to avformat_new_stream() later. Due to the Libav-FFmpeg split
this has been done twice: In 4cda8aa1c5
and in 30c26c2442. The initialization in
avformat_find_stream_info() has not been removed at all despite being
redundant. This commit removes it and the duplicated initialization in
avformat_new_stream().
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The packet queue is already flushed in avformat_free_context() which
is called a few lines below.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Since 1c0885334d ff_compute_frame_duration
is only called from within utils.c and only for demuxers. So make it
static and remove the code in it that deals with muxers.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
AVFormatContext.internal is already allocated by
avformat_alloc_context() on success; and on error,
avformat_alloc_context() cleans up manually without
avformat_free_context().
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Currently AVIOContext's private fields are all over AVIOContext.
This commit moves them into a new structure in avio_internal.h instead.
Said structure contains the public AVIOContext as its first element
in order to avoid having to allocate a separate AVIOContextInternal
which is costly for those use cases where one just wants to access
an already existing buffer via the AVIOContext-API.
For these cases ffio_init_context() can't fail and always returned zero,
which was typically not checked. Therefore it has been made to not
return anything.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
It is the more natural place for it given that it only deals with I/O;
in fact, the function already has the ffio prefix and its declaration
already is in avio_internal.h.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
It allows demuxers to perform certain tasks after
a successful generic seek.
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
It only uses an AVIOContext and an AVBPrint.
When doing so, it turned out that several non-users of
ff_read_line_to_bprint_overwrite() and ff_bprint_to_codecpar_extradata()
relied on libavformat/internal.h to include bprint.h or avstring.h
for them. In order to avoid a repeat of this and in order to reduce
unnecessary dependencies, a forward declaration of struct AVBPrint is
used instead of including bprint.h.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
If reading the header fails, the demuxer's read_close() function (if
existing) is not called automatically; instead several demuxers call it
via "goto fail" in read_header().
This commit intends to change this by adding an internal flag for
demuxers that can be used to set on a per-AVInputFormat basis whether
read_close() should be called generically after an error during
read_header().
The flag controlling this behaviour needs to be added because it might
be unsafe to call read_close() generally (e.g. this might lead to
read_close() being called twice and this might e.g. lead to double-frees
if av_free() is used instead of av_freep(); or a size field has not
been reset after freeing the elements (see the mov demuxer for an
example of this)).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: signed integer overflow: 9223126845747118112 - -2594073385365397472 cannot be represented in type 'long'
Fixes: 34936/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6739888002170880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>