aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat/mov.c
Commit message (Collapse)AuthorAgeFilesLines
* avformat/mov: item names can be NULL in infe boxesJames Almer2 days1-2/+1
| | | | | | Fixes assertions after 11a53339805950bf2d0b429cc598c5f6b83ae1c7. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: move AVC-Intra extradata generation to earlier in the stsd ↵James Almer2 days1-8/+25
| | | | | | | | | | | | parsing process This will ensure it will be stored in the stream's private context, so it can be fetched and replaced as required. Fixes a regression since eefa6de7d505ecd80e4674146067b99d1b74ddbe. Fixes avc-intra-panasonic-AG-HPX301E.mov Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: don't set stsc_count for item streams before the array is ↵James Almer2 days1-1/+1
| | | | | | allocated Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: free streams earlier on error when parsing infe boxesJames Almer2 days1-11/+11
| | | | | | Fixes clusterfuzz-testcase-minimized-fuzzer_loadfile-5365661771825152. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: free AVBPrint on error when parsing infe boxesJames Almer2 days1-3/+5
| | | | | | Should fix memleaks. Signed-off-by: James Almer <jamrial@gmail.com>
* all: fix typos found by codespellTimo Rothenpieler2 days1-4/+4
|
* avformat/mov: add extra sanity checks before setting the primary extradataJames Almer4 days1-1/+2
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* lavu/spherical: Add support for Spherical Immersive typeVittorio Giovara6 days1-0/+3
|
* mov: Export frame packing information from pack boxVittorio Giovara6 days1-0/+86
|
* libavformat/mov.c: Fix "statement will never be executed" warningzhaozhenghang6 days1-6/+2
| | | | | | | That occurs when H261, H263, and MPEG4 decoders are disabled. Signed-off-by: zhaozhenghang <15083277223@163.com> Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
* avformat/mov: export the correct initial extratada from samples with ↵James Almer6 days1-0/+14
| | | | | | | | | | multiple stsd The first sample in the stsc box may not refer to the first stsd entry. This is the case in h264/thezerotheorem-cut.mp4, and as such the fate-h264_redundant_pps-side_data test is updated accordingly. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: make sure file_checksum is fully initializedMichael Niedermayer8 days1-1/+3
| | | | | | | | Fixes: use of uninitialized memory Fixes: 394990189/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6431722199908352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: don't assume iloc and iinf entries for each item_id will be in ↵James Almer2025-07-181-15/+26
| | | | | | | | | | | the same order Nothing forbids them to be in any order the muxer desires. Fixes demuxing heif samples generated by S1II. Tested-by: Lynne <dev@lynne.ee> Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: Enable jpeg streams in HEIF MOVContextEric Joyner2025-07-171-0/+1
| | | | | | | | | | | | | Nikon HEIFs from a camera or NX studio include a small jpeg thumbnail in addition to the expected HEVC thumbnails; allowing jpegs allows all thumbnails to have an associated stream for Nikon HEIF files. With this, Nikon HEIFs can finally be decoded without failing and the thumbnails can be extracted into their own files. Signed-off-by: Eric Joyner <erj@erj.cc> Reviewed-by: Lynne <dev@lynne.ee> Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: Support multiple thumbnails in HEIFEric Joyner2025-07-171-7/+17
| | | | | | | | | | | | | | | | | | | | | | Prevents ffmpeg/ffprobe from erroring out when reading an HEIF that contains multiple hvcC thumbnails (e.g. from a Nikon Z6III camera). Before, move_read_iref_thmb() would always override the stored thmb_item_id in the MOVContext with each new read thumbnail, causing a stream and item_id mismatch later in mov_parse_heif_items(), resulting in the "HEIF thumbnail doesn't reference a stream" error message. To solve this, - Turn thmb_item_id into an array of IDs because multiple thumbnails can exist - Change check in mov_parse_heif_items() to compare against all stored thumbnail IDs to see if any item missing a stream is in the list of thumbnail IDs. Signed-off-by: Eric Joyner <erj@erj.cc> Reviewed-by: Lynne <dev@lynne.ee> Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: add support for APV streamsDawid Kozinski2025-07-071-1/+6
| | | | | Signed-off-by: Dawid Kozinski <d.kozinski@samsung.com> Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: allowing custom udta atoms to pass through their values ↵Ken McGaugh2025-07-051-1/+1
| | | | | | correctly when export_all option specified. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Check that sample_count is allocated in mov_parse_heif_items()Michael Niedermayer2025-06-261-1/+1
| | | | | | | | | Fixes: NULL pointer dereference Fixes: 416811958/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5425269114732544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: add more sanity checks when reading clap boxesJames Almer2025-06-221-0/+5
| | | | | | | | | If the apperture window is bigger than the canvas, then the clap box is invalid and there's no point calculating cropping values. Fixes: libavformat/mov.c:1295:14: runtime error: -256 is outside the range of representable values of type 'unsigned long' Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: set array entry count after the array is allocated in ↵James Almer2025-06-201-3/+3
| | | | | | | | heif_add_stream() Ensures no bogus values being preserved after returning. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: reject negative ELST durationsMichael Niedermayer2025-05-151-0/+5
| | | | | | | | Fixes: multiple integer overflows Fixes: 401016767/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6242067591790592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Reduce seek when interleaved_read is disabledZhao Zhili2025-04-291-1/+1
| | | | | | Don't select sample with small dts when interleaved_read is disabled. Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
* avutil/dict: Unavpriv avpriv_dict_set_timestamp()Andreas Rheinhardt2025-03-281-2/+1
| | | | | | | And move it to lavf, its only user. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: generalize sgpd_sync index lookupZhao Zhili2025-03-241-1/+1
| | | | | | The function has a nal_unit_type parameter but unused before. Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
* avformat/mov: fix overflow in corrected_dts calculationJames Almer2025-03-031-1/+1
| | | | | | | | Fixes: Integer-overflow Fixes: 400093647/clusterfuzz-testcase-minimized-media_metadata_parser_fuzzer-4794341562187776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: James Almer <jamrial@gmail.com>
* GOL-1361: Remove invalid CTTS sample_offset checkekir2025-02-261-7/+0
| | | | | | We checked in this places: * In 8.6.1.3 of ISO/IEC 14496-12 about the CTTS box * In Apples MOV spec: https://developer.apple.com/library/archive/documentation/QuickTime/QTFF/QTFFChap2/qtff2.html#//apple_ref/doc/uid/TP40000939-CH204-SW19
* avformat/mov: (v4) fix get_eia608_packetPavel Koshevoy2025-02-231-11/+59
| | | | | | | | | The problem is reproducible with "Test for Quicktime 608 CC file.mov" from https://samples.ffmpeg.org/MPEG2/subcc/ ffmpeg -i "Test for Quicktime 608 CC file.mov" -map 0 -c copy -y remuxed.mov See https://trac.ffmpeg.org/ticket/11470
* avformat/mov: further ensure mov_build_index isn't run twiceJames Almer2025-02-191-5/+5
| | | | | | | | | If sc->tts_count is not 0, then the sample index has already been built. Fixes: Null-dereference READ Fixes: 396192874/clusterfuzz-testcase-minimized-audio_decoder_fuzzer-4589309789143040 Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: Store trak > udta metadata on each streamRémi Bernon2025-02-111-2/+8
| | | | | | | | | Some files keep extra metadata such as 'name' fields within udta, and it is useful for Wine to access them with the "export_all" option so they can then be exposed to Windows applications. Signed-off-by: Rémi Bernon <rbernon@codeweavers.com> Signed-off-by: Martin Storsjö <martin@martin.st>
* avformat/mov: check for tts_count before deferencing tts_dataJames Almer2025-02-071-1/+1
| | | | | | Fixes ticket #11460. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: add an offset to IAMF streamsJames Almer2025-02-071-1/+28
| | | | | | | | Using audio_substream_id for AVStream ids is not ideal give that in containers like mp4, the IAMF structure is opaque to the outside and other streams may share such id values. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: fix eof check in mov_read_iinf()Kacper Michajłow2025-02-061-2/+2
| | | | | | | | | | | | This fix ensures that the loop stops early on EOF. The issue occurs because mov_read_infe() performs a version check and skips unsupported versions. The problem is that seeking within the stream clears the EOF flag, causing avio_feof() to not function as expected. This is resolved by moving the EOF check after reading the size and type, ensuring the EOF flag is set when necessary. Signed-off-by: Kacper Michajłow <kasper93@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: fix overflow in drift timestamp calculationJames Almer2025-01-301-1/+1
| | | | | | | Fixes: signed integer overflow: 7803923888585309955 - -3407677434275325337 cannot be represented in type 'int64_t' (aka 'long') Fixes: 377736723/clusterfuzz-testcase-minimized-media_pipeline_integration_fuzzer-5052449500889088 Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: perform sanity checks for heif before index buildingMichael Niedermayer2025-01-151-1/+2
| | | | | | | | | | | Fixes: undefined NULL pointer use Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-6363211175493632 This performs equivalent sanity checks as are done in mov_read_trak() before mov_build_index() Reported-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Factorize sanity check outMichael Niedermayer2025-01-151-13/+21
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: fix potential unsigned underflow in loop conditionJames Almer2025-01-131-1/+1
| | | | | | | | | if sc->tts_count is 0, this condition will wrap around to UINT_MAX and the code will try to dereference a NULL pointer. Fixes ticket #11417 Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: merge stts and ctts arrays into oneJames Almer2025-01-101-340/+238
| | | | | | Should reduce memory usage as well as remove code duplication. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: fix setting tile grid stream offsets when a stream is ↵James Almer2025-01-051-5/+17
| | | | | | | | | | | referenced more than once The amount of tiles does not necessarely need to match the amount of streams referenced in the grid, as there could be duplicates. Don't silently ignore EEXIST return codes from avformat_stream_group_add_stream() and instead store the index of the duplicate stream. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: fix crash when trying to get a fragment time for a ↵Eugene Zemtsov2024-12-241-0/+2
| | | | | | | | non-existing fragment Reviewed-by: Dale Curtis <dalecurtis@chromium.org> Reviewed-by: Marth64 <marth64@proxyid.net> Signed-off-by: Marth64 <marth64@proxyid.net>
* avformat/mov: dereference pointer after null checkMichael Niedermayer2024-12-241-1/+2
| | | | | | | | Fixes: null pointer dereference Fixes: 383397479/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4776829338058752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: free stream_info when the surrounding array is freedMichael Niedermayer2024-12-241-0/+3
| | | | | | | | Fixes: memleak Fixes: 378408474/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5699368121860096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: don't reallocate extradata when converting dvdsub paletteMarth642024-12-131-3/+2
| | | | | | | | | | | | After introduction of ff_dvdclut_palette_extradata_cat() to convert DVD subtitle palettes from YUV to RGB, a leak is introduced because of the call to ff_alloc_extradata(). This is not necessary, instead we should free the extradata because ff_bprint_to_codecpar_extradata() will finalize the bprint'ed string to the codecpar and set the length. Fixes leak introduced in 3b0e6c0eccd7d61eb089370fc5f2196c2b30336f. Signed-off-by: Marth64 <marth64@proxyid.net>
* avformat/mov: use dvdclut for YUV to RGB conversion of DVD subtitle palettesMarth642024-12-081-50/+19
| | | | Signed-off-by: Marth64 <marth64@proxyid.net>
* avformat/mov: add missing stts array syncing in mov_build_indexJames Almer2024-11-251-3/+40
| | | | | | | | | Also fix checks for sc->stts_count that assume it may not be in sync with sample count. Missed in 865c73c86f9d9d167be7e41ad6cef71eba92dadd. Fixes parsing durations in some cases. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: don't unconditionally set all audio packets in fragments as ↵James Almer2024-11-241-4/+1
| | | | | | | | key frames Some audio codecs, like TrueHD, have non key frames. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: Populate packet duration using stts atom instead of guessingDarren Mo2024-11-221-17/+164
| | | | | | Fixes tickets #7855 and #11312. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: rename MOVCtts.duration to offsetJames Almer2024-11-221-14/+15
| | | | | | The value is a timestamp offset, not a duration. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: check that items are allocated before accessing themJames Almer2024-11-121-6/+9
| | | | | | | | | | | Fixes NULL pointer dereferences introduced in 2e338152a274a5f10670cee3cd16097076216d72 Fixes: clusterfuzz-testcase-fuzzer_loadfile-4753810267897856 Fixes: clusterfuzz-testcase-minimized-fuzzer_loadfile-6042587212873728 Fixes: clusterfuzz-testcase-minimized-fuzzer_loadfile-6536211629408256 Reported-by: kasper93 Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: reindent after previous commitJames Almer2024-11-101-11/+11
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/mov: use an array of pointers for heif_itemJames Almer2024-11-101-28/+49
| | | | | | | | | | Pointers to specific entries in the array are stored in other structs, so in the scenario where heif_item was reallocated when parsing an iloc box after and iinf one, the pointers may end up referencing freed memory. Fixes use-after-free with such samples. Signed-off-by: James Almer <jamrial@gmail.com>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 22:25:17 +0000