Fixes out of array read
Fixes: asan_heap-oob_ae74b5_3610_cov_1739568095_test.3g2
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
On input ACLR will be used to set colour range no matter which codec
it is associated with.
No change for when it will be output.
Rework mov_read_extradata function to allow detection of truncated
atom reads by callers.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The new mov code uses a temporally non sorted index since 4abfa387b8
and can thus no longer be filled with av_add_index_entry() which expects the index to be sorted.
Reverting 4abfa387b8 and this commit would be
a alternative fix as would be various other options.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
CTS-based seek is reasonable since player requests frames in output order
not coded order.
This change fixes seek to a keyframe within consecutive keyframes.
Let's say P[0|-1] and P[1|0], here x and y inside [x|y] are PTS and DTS
respectively, and both two frames are a keyframe. If you try to seek on
PTS=0, i.e. P[0|-1], you'll get P[1|0] if the demuxer is DTS based. This
is obviously undesirable.
Signed-off-by: Martin Storsjö <martin@martin.st>
* commit 'e3528d2a7bf29ba148d7ac1678552ce0089cd14f':
mov: Implement parsing of the "HandlerName" from the MP4 HDLR atom
Conflicts:
libavformat/mov.c
See: b76bc01034
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This atom typically is used for a track title. The handler name is stored
as a Pascal string in the QT specs (first byte is the length of the string),
so do not export it.
A second length check based on the first character is added to avoid
overwriting an already specified handler_name (it happens with YouTube
videos for instance, the handler_name get masked), or specifying an
empty string metadata.
The Pascal string fix and the second length check are written
by Clément Bœsch <clement.boesch@smartjog.com>.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This partially reverts cf70ba37ba, since
it didn't take into account when rotation is 0, but there is another
valid operation (eg. translation) in the matrix.
Found-by: Michael Niedermayer <michaelni@gmx.at>
When the timecode value is in counter mode then it is important to use
the timescale and frameduration to calculate the timecode fps.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The original code was intended purely for rotation == 0
In cf70ba37ba the condition was
changed to use it only for rotation != 0
which broke the cases for which it was intended to be used
as well as breaking cases for which it was not intended to be
used.
This changes the code so it could work for the more general
case and fixes the regressions
If you have sample files that are not handled correctly
please open tickets or mail me!
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'cf70ba37ba74089a18295b29e77dead0a3222c9e':
mov: Check angle rather than full matrix when updating SAR
Merged-by: Michael Niedermayer <michaelni@gmx.at>
When the display matrix is not the identity one, but the rotation angle
is zero, there is no need to update the sample aspect ratio.
Otherwise, it is possible to obtain negative values which interferes
with transcoding in later stages. This kind of behaviour is reproducible
on mov files with "major_brand: MSNV".
CC: libav-stable@libav.org
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
The previous code assumed if an atom was marked with a 64-bit
size extension, it actually had that data available. The new
code verfies there's enough data in the atom for this to be
done.
Failure to verify causes total_size > atom.size which will
result in negative size calculations later on.
Found-by: Paul Mehta <paul@paulmehta.com>
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Under abnormal conditions the item_count may exceed the max
allocation size on 32-bit systems, this causes the allocated
size to overflow and become too small for the given count.
Additionally, if av_reallocp() fails its allocation, the
fragment_index_count is not correctly decremented.
Ensuring further havoc may be wrought, the error code for
read_tfra() is not checked upon return.
Found-by: Paul Mehta <paul@paulmehta.com>
positive return code and use of _array functions by commiter
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Since 3cec81f4d4, a zero-length metadata value would try to
allocate 2*0 bytes, where av_malloc() returns NULL.
Always add one to the allocated length, to allow space for
a null terminator in the zero-length case.
Incidentally, this fixes fate-alac on RVCT 4.0, where a compiler
bug seems to mess up the mov muxer to the point that it writes
the wrong sort of metadata. Previously this bug was undetected,
but since 3cec81f4d4 such mov files started returning
AVERROR(ENOMEM) in the mov demuxer.
Signed-off-by: Martin Storsjö <martin@martin.st>
This was suggested by cbsrobot, ubitux and koda
There are files with huge amounts of XMP data, which would otherwise
be displayed in the terminal output of FFmpeg
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '3c01039e0bc7d269900e15551f8171c4328a0223':
mov: further expand the list of parsed metadata tags
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b704b648f9ecb830874627db958a37e004107d1b':
mov: parse XMP metadata on demand
Conflicts:
libavformat/isom.h
libavformat/version.h
See: 054c506e3d
The default is left unchanged at enabled
We can change the default if people prefer but i do not want to do that
in a merge.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '35384934d6e27e0334060a23a0c83a3cb5cef198':
mov: cosmetics: reorder the list of tags
Conflicts:
libavformat/mov.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The Extensible Metadata Platform tag can contain various kind of data
which are not strictly related to the video file, such as history of edits
and saves from the project file. So display XMP metadata only when the
user explicitly requires it.
Based on a patch by Marek Fort <marek.fort@chyronhego.com>.
These tags describe the product and quicktime library version respectively.
They originate from Adobe Premiere, but also some other programs use them.
Contrary to other tags, they contain 'raw' data which is not to be
interpreted as iso639 or mac strings.
Based on a patch by Peter Ross <pross@xvid.org>.
Fixes decting channel layout for files with uncommon audio, such as
FL and FR in two separate streams. Introduced in 3bab7cd.
CC: libav-devel@libav.org
Sample-Id: ticket1474.mov
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
* commit '3cec81f4d4f26b62bc2d22bb450bbf51ec3a7f09':
mov: allocate the tag value dynamically
Conflicts:
libavformat/mov.c
See: f31445a82d
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'e352b293712ff7cbde67eba3ce3f8510b037de09':
mov: Add an option for exporting all metadata
Conflicts:
libavformat/isom.h
libavformat/mov.c
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '5639ed9abb58311f82cf3499b682d228290adb09':
mov: do not truncate the language-prefixed tag
Conflicts:
libavformat/mov.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This allows to load metadata entries longer than 1024 bytes.
Displaying them is still limited to 1024 characters, but applications
can load them fully now.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Also see [FFmpeg-devel] [PATCH] avformat/mov: strengthen some table allocations
which contains more fixes but is unfinished
Fixes: signal_sigabrt_7ffff6ac7bb9_3484_cov_1830000177_starfox2.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '82ee7d0dda0fec8cdb670f4e844bf5c2927ad9de':
Use gmtime_r instead of gmtime and localtime_r instead of localtime
Conflicts:
libavformat/mov.c
libavformat/mxfenc.c
libavformat/wtvdec.c
libavutil/parseutils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9dcf2397219ca796f0fafce2a703770d6fd09920':
lavf: Check the return value of strftime
Conflicts:
libavformat/wtvdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
gmtime isn't thread safe in general. In msvcrt (which lacks gmtime_r),
the buffer used by gmtime is thread specific though.
One call to localtime is left in avconv_opt.c, where thread safety
shouldn't matter (instead of making avconv depend on the libavutil
internal header).
Signed-off-by: Martin Storsjö <martin@martin.st>
If the buffer provided to strftime is too small, the buffer contents
are indeterminate - it does not guarantee actually null terminating
the buffer.
Signed-off-by: Martin Storsjö <martin@martin.st>
If using MFRA for timestamps, the stream may start from a large offset
and/or have gaps. With this change we calculate the bitrate based on
frames we've seen.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '74b02377980321934e33969c84733ace7e9f4eeb':
mov: Correctly check the color transfer characteristics range
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This introduces a new option to the mov demuxer: -use_mfra_for
(pts|dts). When it's given and moofs and a MFRA are present, the MFRA's
TFRAs are read for fragment start times.
Unfortunately some programs that produce fragmented mp4s use the TFRA
time field for dts and some for pts. There is no realistic way to detect
which is the case, hence the responsibility is punted onto the user.
This also means that no behavioural change is enabled by default - you
must pass either dts or pts for anything to happen.
Without this change, timestamps for some discontinuous fragmented mp4 are
wrong, and cause audio/video desync and are not usable for generating
HLS.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
syncframes in E-AC-3 can be combined to provide 6 audio blocks per
sample, thus requiring parsing for proper decoding.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes regression from Ticket3962
This basically favors the first global header while since 34751f8313
it was the last. If this heuristic turns out worse, do not hesitate to revert this and
reopen 3962 as a feature request for multiple STSD
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '86dfcfd0e30d6645eea2c63c1c60a0550e7c97ea':
mov: Drop unused parameter from ff_mov_read_esds()
Merged-by: Michael Niedermayer <michaelni@gmx.at>