summaryrefslogtreecommitdiffstats
path: root/libavformat/swfdec.c
Commit message (Collapse)AuthorAgeFilesLines
* avformat/swfdec: Check outlen before allocationMichael Niedermayer2021-03-081-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: Timeout (too long -> 241ms) Fixes: 29083/clusterfuzz-testcase-minimized-ffmpeg_dem_SWF_fuzzer-6273684478230528 The source of the magic number is A very quick simulation of the best case compression for "compress" below is not nice written code as i did not expect I or anyone else would ever see it again I would have preferred some nicer expression or course, but thats what it seems to be asymptotically. For smaller amounts of data a tighter bound is possible but i saw no nice way to consider that and it seems also overkill to try to do it more fine grained for just this main(){ int64_t bits = 0; int bank = 256; int bitbank = 8; for(unsigned i = 0; i<1024*1024*1024*4U-100000;) { int word_size = bank-255; i += word_size; bits += bitbank; if (!(bank & (bank-1))) bitbank ++; bank++; if (bitbank > 16) { printf("BEST %f \n", 8.0 * i / bits ); bank = 256; bitbank = 8; } } } above assumes i remembered correctly how the algorithm works but the value was close to what actual compession of zeros gave Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/swf: add support for reading and writing VP6A and Flash Screen ↵Marton Balint2021-01-231-0/+10
| | | | | | Video codecs Signed-off-by: Marton Balint <[email protected]>
* avformat/swfdec: Allocate output buffer after reading inputMichael Niedermayer2020-12-241-3/+10
| | | | | | | | Fixes: Timeout (>10sec -> 0.26sec) Fixes: 27419/clusterfuzz-testcase-minimized-ffmpeg_dem_SWF_fuzzer-5678307361947648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]>
* lavf: move AVStream.{*skip_samples.*_discard_sample} to AVStreamInternalAnton Khirnov2020-10-281-1/+1
| | | | | Those are private fields, no reason to have them exposed in a public header.
* avformat/swfdec: Reorder allocations/initializationsAndreas Rheinhardt2020-09-231-14/+10
| | | | | | | | | | | | | | | | | The earlier code would first attempt to allocate two buffers, then attempt to allocate an AVIOContext, using one of the new buffers I/O buffer, then check the allocations. On success, a z_stream that is used in the AVIOContext's read_packet callback is initialized afterwards. There are two problems with this: In case the allocation of the I/O buffer fails avio_alloc_context() will be given a NULL read buffer with a size > 0. This works right now, but it is fragile. The second problem is that the z_stream used in the read_packet callback is not functional when avio_alloc_context() is allocated (it might be that avio_alloc_context() might already fill the buffer in the future). This commit fixes both of these problems by reordering the operations. Signed-off-by: Andreas Rheinhardt <[email protected]>
* avformat/swfdec: Fix memleaks on errorAndreas Rheinhardt2020-09-231-1/+6
| | | | Signed-off-by: Andreas Rheinhardt <[email protected]>
* avformat/swf: Separate mux and demux contextsAndreas Rheinhardt2020-09-201-5/+17
| | | | | | | | | There was almost no overlap between them: The only field used by both was an int named samples_per_frame. Therefore this commit separates them. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Andreas Rheinhardt <[email protected]>
* avformat/swfdec: Avoid unnecessary skipAndreas Rheinhardt2020-09-201-2/+1
| | | | | Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Andreas Rheinhardt <[email protected]>
* avformat: Remove unnecessary av_packet_unref()Andreas Rheinhardt2020-02-101-3/+0
| | | | | | | | | Since bae8844e the packet will always be unreferenced when a demuxer returns an error, so that a lot of calls to av_packet_unref() in lots of demuxers are now redundant and can be removed. Signed-off-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Marton Balint <[email protected]>
* avformat/swfdec: fix memleak when inflateInit failedSteven Liu2019-10-281-0/+2
| | | | Signed-off-by: Steven Liu <[email protected]>
* lavf: Constify the probe function argument.Carl Eugen Hoyos2019-03-211-1/+1
| | | | | Reviewed-by: Lauri Kasanen Reviewed-by: Tomas Härdin
* lavf/swfdec: Reduce score when auto-detecting swf files.Carl Eugen Hoyos2018-01-201-1/+1
| | | | Not more than 32bit are tested.
* Use the new AVIOContext destructor.Anton Khirnov2017-09-011-1/+1
| | | | | (cherry picked from commit 6f554521afdf7ab4edbfaa9536660a1dca946b19) Signed-off-by: James Almer <[email protected]>
* lavf: fix typosMoritz Barsnick2016-10-091-1/+1
| | | | | Signed-off-by: Moritz Barsnick <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/swfdec: Fix memleak on errorMichael Niedermayer2016-08-221-0/+1
| | | | | | | Fixes: 9eb9cf5b8c26dd0fa7107ed0348dcc1f/signal_sigabrt_7ffff6ae7c37_8925_1f676b5229d009f2b56dfd9e149fa6ba.swf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/swfdec: Fix inflate() error code checkMichael Niedermayer2016-08-191-2/+2
| | | | | | | | Fixes infinite loop Fixes endless.poc Found-by: 连一汉 <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/swfdec: Move packet size check before side data allocationMichael Niedermayer2016-08-191-4/+5
| | | | | | | | Fixes memleak Fixes: 9eb9cf5b8c26dd0fa7107ed0348dcc1f/signal_sigabrt_7ffff6ae7c37_8927_f14c2a6ae1ad0bbde2c94f1da50e7074.swf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* Merge commit '9200514ad8717c63f82101dc394f4378854325bf'Derek Buitenhuis2016-04-101-29/+29
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '9200514ad8717c63f82101dc394f4378854325bf': lavf: replace AVStream.codec with AVStream.codecpar This has been a HUGE effort from: - Derek Buitenhuis <[email protected]> - Hendrik Leppkes <[email protected]> - wm4 <[email protected]> - Clément Bœsch <[email protected]> - James Almer <[email protected]> - Michael Niedermayer <[email protected]> - Rostislav Pehlivanov <[email protected]> Merged-by: Derek Buitenhuis <[email protected]>
| * lavf: replace AVStream.codec with AVStream.codecparAnton Khirnov2016-02-231-18/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, AVStream contains an embedded AVCodecContext instance, which is used by demuxers to export stream parameters to the caller and by muxers to receive stream parameters from the caller. It is also used internally as the codec context that is passed to parsers. In addition, it is also widely used by the callers as the decoding (when demuxer) or encoding (when muxing) context, though this has been officially discouraged since Libav 11. There are multiple important problems with this approach: - the fields in AVCodecContext are in general one of * stream parameters * codec options * codec state However, it's not clear which ones are which. It is consequently unclear which fields are a demuxer allowed to set or a muxer allowed to read. This leads to erratic behaviour depending on whether decoding or encoding is being performed or not (and whether it uses the AVStream embedded codec context). - various synchronization issues arising from the fact that the same context is used by several different APIs (muxers/demuxers, parsers, bitstream filters and encoders/decoders) simultaneously, with there being no clear rules for who can modify what and the different processes being typically delayed with respect to each other. - avformat_find_stream_info() making it necessary to support opening and closing a single codec context multiple times, thus complicating the semantics of freeing various allocated objects in the codec context. Those problems are resolved by replacing the AVStream embedded codec context with a newly added AVCodecParameters instance, which stores only the stream parameters exported by the demuxers or read by the muxers.
* | Merge commit '7570c9e04f010c9b3bfdeb4338d330f2cdd25278'Hendrik Leppkes2016-01-191-0/+6
|\| | | | | | | | | | | | | * commit '7570c9e04f010c9b3bfdeb4338d330f2cdd25278': swfdec: support compressed swf Merged-by: Hendrik Leppkes <[email protected]>
| * swfdec: support compressed swfClément Bœsch2016-01-111-4/+82
| | | | | | | | Signed-off-by: Vittorio Giovara <[email protected]>
* | Replace remaining occurances of av_free_packet with av_packet_unrefHendrik Leppkes2015-10-271-2/+2
| |
* | avformat/swfdec: Check return value of init_get_bits8()Michael Niedermayer2015-09-031-1/+2
| | | | | | | | | | | | Fixes: CID1322320 Signed-off-by: Michael Niedermayer <[email protected]>
* | Replace av_dlog with ff_dlog.Ronald S. Bultje2015-08-181-1/+2
| | | | | | | | | | ff_dlog checks compilability, and is non-public. av_dlog is deprecated and no longer exists if FF_API_DLOG=0.
* | lavf/swf: Fix auto-detection of compressed files.Carl Eugen Hoyos2015-08-041-0/+4
| | | | | | | | | | | | Fixes auto-detection of compressed swf files as in http://samples.ffmpeg.org/SWF/compressed-swf/ Reported by forum user Zard1096.
* | avformat/swfdec: Fix "}else" styleMichael Niedermayer2015-07-081-1/+1
| | | | | | | | | | Found-by: durandal_170 Signed-off-by: Michael Niedermayer <[email protected]>
* | avformat/swfdec: Do not error out on pixel format changesMichael Niedermayer2015-07-081-4/+2
| | | | | | | | | | | | | | | | Instead print an error and continue Fixes Ticket4702 Signed-off-by: Michael Niedermayer <[email protected]>
* | avformat/swfdec: Check frame size rectangle in probe()Michael Niedermayer2014-12-211-1/+18
| | | | | | | | | | | | fixes probetest failure Signed-off-by: Michael Niedermayer <[email protected]>
* | avformat/swfdec: Do not change the pixel formatMichael Niedermayer2014-09-071-3/+10
| | | | | | | | | | | | | | This is currently not supported Fixes part of Ticket 3539 Signed-off-by: Michael Niedermayer <[email protected]>
* | avformat/swfdec: Use side data to communicate w/h changes to the decoderMichael Niedermayer2014-09-021-2/+6
| | | | | | | | | | | | | | | | Fixes reading from freed data Fixes part of Ticket3539 Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]>
* | replace calls to url_feof() with avio_feof()James Almer2014-08-081-1/+1
| | | | | | | | | | Signed-off-by: James Almer <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]>
* | avformat/swfdec: clear 4 bytes at the end of a packet if they are not ↵Michael Niedermayer2013-12-191-0/+1
| | | | | | | | | | | | | | | | | | initialized Fixes use of uninitialized memory Fixes part of msan_uninit-mem_7f055dd0ab1b_9558_videopop_guitar_300k.swf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | avformat/swfdec: check avio_read() return codeMichael Niedermayer2013-12-191-2/+12
| | | | | | | | | | | | | | Fixes use of uninitialized memory Fixes part of msan_uninit-mem_7f055dd0ab1b_9558_videopop_guitar_300k.swf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | avformat/swfdec: check avio_read() return codeMichael Niedermayer2013-12-191-1/+4
| | | | | | | | | | | | | | Fixes use of uninitialized memory Fixes msan_uninit-mem_7f90d9cce964_9558_videopop_guitar_300k.swf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | avformat/swfdec: return AVPROBE_SCORE_MAX / 4 for unexpected versionsMichael Niedermayer2013-11-101-4/+7
| | | | | | | | Signed-off-by: Michael Niedermayer <[email protected]>
* | avformat/swfdec: check version and size during probingMichael Niedermayer2013-11-061-1/+4
| | | | | | | | | | | | Fixes probetest failure Signed-off-by: Michael Niedermayer <[email protected]>
* | lavf/swfdec: remove 8-bit audio FIXME.Clément Bœsch2013-02-211-1/+0
| | | | | | | | Implemented since 624fb5f9.
* | lavf/swfdec: support 8-bits PCM audio.Clément Bœsch2013-02-201-1/+4
| |
* | lavf/swfdec: factorize the creation of a new stream.Clément Bœsch2013-02-201-26/+25
| | | | | | | | This also makes the changes of a3949fe11 applicable in both cases.
* | Merge commit 'd04c17c91363a6b15d1ac2d79c817f3d5e2998b3'Michael Niedermayer2012-12-121-16/+16
|\| | | | | | | | | | | | | * commit 'd04c17c91363a6b15d1ac2d79c817f3d5e2998b3': swfdec: cosmetics: fix indentation Merged-by: Michael Niedermayer <[email protected]>
| * swfdec: cosmetics: fix indentationJustin Ruggles2012-12-111-16/+16
| |
* | swfdec: print warning when len is clipedMichael Niedermayer2012-12-121-0/+2
| | | | | | | | Signed-off-by: Michael Niedermayer <[email protected]>
* | Merge commit 'e70c5b034c4787377e82cab2d5565486baec0c2a'Michael Niedermayer2012-12-121-4/+16
|\| | | | | | | | | | | | | | | | | | | | | * commit 'e70c5b034c4787377e82cab2d5565486baec0c2a': swfdec: do better validation of tag length Make LOCAL_ALIGNED syntactically similar on all systems Conflicts: libavformat/swfdec.c Merged-by: Michael Niedermayer <[email protected]>
| * swfdec: do better validation of tag lengthJustin Ruggles2012-12-111-3/+19
| | | | | | | | | | | | | | Avoids trying to read a packet with 0 or negative size. Avoids a potential infinite loop due to seeking backwards. Partially based on a patch by Michael Niedermayer.
* | swfdec: check lens validityMichael Niedermayer2012-12-101-0/+4
| | | | | | | | Signed-off-by: Michael Niedermayer <[email protected]>
* | Add debug output when skipping unknown swf tags.Carl Eugen Hoyos2012-12-041-0/+2
| | | | | | | | Reviewed-by: Clément Bœsch
* | Merge remote-tracking branch 'qatar/master'Michael Niedermayer2012-11-131-1/+8
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * qatar/master: (24 commits) yop: set channel layout wtv: set channel layout for mpeg audio westwood_aud: set channel layout wc3movie: set channel layout tmv: set channel layout tiertexseq: set channel layout swfdec: set channel layout sol: set channel layout smacker: set channel layout siff: set channel layout sierravmd: set channel layout rtpdec_amr: set channel layout rsodec: set channel layout rmdec: set channel layout for RA version 3 qcp: set channel layout psxstr: set channel layout omadec: set channel layout oggparsespeex: validate channel count and set channel layout nuv: set channel layout mxg: set channel layout ... Conflicts: libavformat/swfdec.c libavformat/wtv.c Merged-by: Michael Niedermayer <[email protected]>
| * swfdec: set channel layoutJustin Ruggles2012-11-121-1/+8
| |
* | swfdec: check space before copyMichael Niedermayer2012-11-121-0/+5
| | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | lavf/swfdec: support DefineBitsLossless{,2} tag.Clément Bœsch2012-10-171-0/+123
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-12 05:07:48 +0000