140 Commits

Author SHA1 Message Date
Michael Niedermayer
85c92789b6 avcodec/h264_ps: Fix copying oversized pps&sps data
Fixes: https://trac.ffmpeg.org/attachment/ticket/685/movie.264

In the available testcase the actual PPS only uses a few bits
while there are 7kbyte of apparently random data after it

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-10-03 11:55:23 +02:00
wm4
069190f707 avcodec/h264: keep SPS and PPS bitstream data
We assume an upper bound of 4096 bytes for each raw SPS/PPS. It's hard
to determine an exact maximum size, but this value was was considered
high enough and safe.

Needed for the following VideotoolBox commit.
2015-10-02 19:08:54 +02:00
Michael Niedermayer
94d68a41fa Merge commit '7c6eb0a1b7bf1aac7f033a7ec6d8cacc3b5c2615'
* commit '7c6eb0a1b7bf1aac7f033a7ec6d8cacc3b5c2615':
  lavc: AV-prefix all codec flags

Conflicts:
	doc/examples/muxing.c
	ffmpeg.c
	ffmpeg_opt.c
	ffplay.c
	libavcodec/aacdec.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.c
	libavcodec/ac3enc_float.c
	libavcodec/atrac1.c
	libavcodec/atrac3.c
	libavcodec/atrac3plusdec.c
	libavcodec/dcadec.c
	libavcodec/ffv1enc.c
	libavcodec/h264.c
	libavcodec/h264_loopfilter.c
	libavcodec/h264_mb.c
	libavcodec/imc.c
	libavcodec/libmp3lame.c
	libavcodec/libtheoraenc.c
	libavcodec/libtwolame.c
	libavcodec/libvpxenc.c
	libavcodec/libxavs.c
	libavcodec/libxvid.c
	libavcodec/mpeg12dec.c
	libavcodec/mpeg12enc.c
	libavcodec/mpegaudiodec_template.c
	libavcodec/mpegvideo.c
	libavcodec/mpegvideo_enc.c
	libavcodec/mpegvideo_motion.c
	libavcodec/nellymoserdec.c
	libavcodec/nellymoserenc.c
	libavcodec/nvenc.c
	libavcodec/on2avc.c
	libavcodec/options_table.h
	libavcodec/opus_celt.c
	libavcodec/pngenc.c
	libavcodec/ra288.c
	libavcodec/ratecontrol.c
	libavcodec/twinvq.c
	libavcodec/vc1_block.c
	libavcodec/vc1_loopfilter.c
	libavcodec/vc1_mc.c
	libavcodec/vc1dec.c
	libavcodec/vorbisdec.c
	libavcodec/vp3.c
	libavcodec/wma.c
	libavcodec/wmaprodec.c
	libavcodec/x86/hpeldsp_init.c
	libavcodec/x86/me_cmp_init.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 22:10:35 +02:00
Vittorio Giovara
7c6eb0a1b7 lavc: AV-prefix all codec flags
Convert doxygen to multiline and express bitfields more simply.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:58 +01:00
Michael Niedermayer
037c9c25e6 Merge commit '86e1a35802df42f51337d3fed8d5d99d0898c8bf'
* commit '86e1a35802df42f51337d3fed8d5d99d0898c8bf':
  h264_ps: Return meaningful error codes and address a memory leak

Conflicts:
	libavcodec/h264_ps.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-04-20 22:49:50 +02:00
Vittorio Giovara
86e1a35802 h264_ps: Return meaningful error codes and address a memory leak
Bug-Id: CID 1026763
2015-04-20 14:59:40 +01:00
Michael Niedermayer
c658269cd1 avcodec/h264_ps: Validate num_units_in_tick/time_scale before setting them in the context
This probably makes no big difference but it is more correct

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-04-16 03:41:41 +02:00
Vittorio Giovara
7498f2221e h264: Do not fail on unsupported timing info
The spec madandate both time_scale and num_units_in_tick greater than 0,
however since they are not essential for decoding, just ignore the whole
block and try to finish parsing the VUI.

Related to Ticket4445.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-04-16 03:41:41 +02:00
Michael Niedermayer
bc48c88918 avcodec/h264: Do not fail with randomly truncated VUIs
Fixes Ticket4445

Tested-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-04-10 18:35:07 +02:00
Michael Niedermayer
32e06c485b avcodec/h264_ps: Move truncation check from VUI to SPS
This more completely checks for truncation

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-04-08 22:19:56 +02:00
Michael Niedermayer
cde98920da Merge commit '84f226a3bcd8b39801a4c9051c033ab7d61aaf76'
* commit '84f226a3bcd8b39801a4c9051c033ab7d61aaf76':
  h264: use the correct SPS during PPS parsing

Conflicts:
	libavcodec/h264_ps.c

See: dc35b77b28f40c99d27c073fe2c22219ba600202
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-04-05 20:48:14 +02:00
Anton Khirnov
84f226a3bc h264: use the correct SPS during PPS parsing
There is in general no reason for the currently active SPS to be the one
referenced by the PPS being parsed.
2015-04-05 12:01:34 +02:00
Michael Niedermayer
665e0c10a6 Merge commit 'd8a45d2d49f54fde042b195f9d5859251252493d'
* commit 'd8a45d2d49f54fde042b195f9d5859251252493d':
  h264_ps: properly check cropping parameters against overflow

Conflicts:
	libavcodec/h264_ps.c

See: c3bd306e78f9e3ca2f136f5b30cbe49fa0884f82
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-21 12:09:03 +01:00
Anton Khirnov
d8a45d2d49 h264_ps: properly check cropping parameters against overflow
CC: libav-stable@libav.org
2015-03-21 09:35:23 +01:00
Michael Niedermayer
69aa79365c avcodec/h264_ps: More completely check the bit depths
Fixes out of array read
Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-06 04:32:14 +01:00
Christophe Gisquet
6a2bfd52e5 h264_ps: move and export aspect_ratio
Needed for filters that may need it, like an SPS bsf.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-30 04:15:40 +01:00
Michael Niedermayer
fb33bff990 Merge commit 'f929ab0569ff31ed5a59b0b0adb7ce09df3fca39'
* commit 'f929ab0569ff31ed5a59b0b0adb7ce09df3fca39':
  cosmetics: Write NULL pointer equality checks more compactly

Conflicts:
	cmdutils.c
	ffmpeg_opt.c
	ffplay.c
	libavcodec/dvbsub.c
	libavcodec/dvdsubdec.c
	libavcodec/dvdsubenc.c
	libavcodec/dxa.c
	libavcodec/libxvid_rc.c
	libavcodec/mpegvideo.c
	libavcodec/mpegvideo_enc.c
	libavcodec/rv10.c
	libavcodec/tiffenc.c
	libavcodec/utils.c
	libavcodec/vc1dec.c
	libavcodec/zmbv.c
	libavdevice/v4l2.c
	libavformat/matroskadec.c
	libavformat/movenc.c
	libavformat/sdp.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-15 21:00:50 +02:00
Gabriel Dume
f929ab0569 cosmetics: Write NULL pointer equality checks more compactly
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2014-08-15 03:18:18 -07:00
Michael Niedermayer
45ba9d8545 Merge commit 'cba4e6062a02d5bf684e13a770be88aa1fec717e'
* commit 'cba4e6062a02d5bf684e13a770be88aa1fec717e':
  More correct printf format specifiers

Conflicts:
	libavcodec/h264_ps.c
	libavcodec/h264_refs.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-04-02 02:54:09 +02:00
Diego Biurrun
cba4e6062a More correct printf format specifiers
This avoids compiler warnings about argument and specifier type mismatch.
2014-04-02 00:27:22 +02:00
Michael Niedermayer
8d024c5107 Merge commit 'cc8163e1a3601a56f722a4720516e860bf1c6198'
* commit 'cc8163e1a3601a56f722a4720516e860bf1c6198':
  avcodec: more correct printf specifiers

Conflicts:
	libavcodec/4xm.c
	libavcodec/alsdec.c
	libavcodec/dfa.c
	libavcodec/h264_ps.c
	libavcodec/jpeg2000dec.c
	libavcodec/lagarith.c
	libavcodec/mpeg12dec.c
	libavcodec/rv10.c
	libavcodec/svq3.c
	libavcodec/wmaprodec.c
	libavcodec/xwddec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-22 18:43:40 +01:00
Diego Biurrun
cc8163e1a3 avcodec: more correct printf specifiers 2014-03-22 14:08:20 +01:00
Michael Niedermayer
a81a2b514e Merge commit '5d1c2e53ab3ce27b48c138d22bb01ff8e8304f27'
* commit '5d1c2e53ab3ce27b48c138d22bb01ff8e8304f27':
  h264: Replace mpegvideo-specific MAX_PICTURE_COUNT by private define

Conflicts:
	libavcodec/h264.c
	libavcodec/h264_ps.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-17 06:05:19 +01:00
Vittorio Giovara
5d1c2e53ab h264: Replace mpegvideo-specific MAX_PICTURE_COUNT by private define 2014-03-16 23:01:01 +01:00
Michael Niedermayer
983c7f4015 Merge commit 'ee6280ca12696a67535ce2245c77190edc513794'
* commit 'ee6280ca12696a67535ce2245c77190edc513794':
  h264: parse two additional constraint flags

Conflicts:
	libavcodec/h264_ps.c

See: 9091ba9dfa0901bdce8305cf282c747b0f4c942e
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-01 04:51:05 +01:00
Michael Niedermayer
3ec3f70ddb Merge commit 'e70ab7c1f5005041bba0e4efc1165410f83495b2'
* commit 'e70ab7c1f5005041bba0e4efc1165410f83495b2':
  h264: add MVCD to the list of High profiles in SPS

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-01 04:30:57 +01:00
Vittorio Giovara
ee6280ca12 h264: parse two additional constraint flags 2014-02-28 18:14:34 +01:00
Vittorio Giovara
e70ab7c1f5 h264: add MVCD to the list of High profiles in SPS
Also comment all previous profiles.
2014-02-28 18:14:33 +01:00
Michael Niedermayer
44b22bba42 avcodec/h264_ps: fix printed num_reorder_frames value
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-02-22 02:55:55 +01:00
Michael Niedermayer
27f55beba2 Merge commit '614b9e4db8f3d7c23fc0410fc04745a727a82f4e'
* commit '614b9e4db8f3d7c23fc0410fc04745a727a82f4e':
  h264: use avpriv_request_sample for chroma_format_idc

Conflicts:
	libavcodec/h264_ps.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-02-17 20:59:51 +01:00
Vittorio Giovara
614b9e4db8 h264: use avpriv_request_sample for chroma_format_idc 2014-02-16 23:51:44 +01:00
Michael Niedermayer
99b12357f4 Merge commit '3a0576702825423abecb32627c530dbc4c0f73bc'
* commit '3a0576702825423abecb32627c530dbc4c0f73bc':
  h264: store current_sps_id inside the current sps

Conflicts:
	libavcodec/h264.c
	libavcodec/h264_ps.c

The current_sps_id is not removed as it used in security related code.

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-02-14 13:58:02 +01:00
Michael Niedermayer
60b46a00c6 Merge commit '73e8fab31dc19c4371499e612856accbc00b2820'
* commit '73e8fab31dc19c4371499e612856accbc00b2820':
  h264: print values in case of error

Conflicts:
	libavcodec/h264.c
	libavcodec/h264_ps.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-02-14 13:35:45 +01:00
Vittorio Giovara
3a05767028 h264: store current_sps_id inside the current sps
In preparation for MVC support.
2014-02-14 05:05:46 +01:00
Vittorio Giovara
73e8fab31d h264: print values in case of error
Also make error style consistent and drop redundant information.
2014-02-14 05:05:35 +01:00
Michael Niedermayer
2510e820c4 Merge commit '9ecabd7892ff073ae60ded3fc0a1290f5914ed5c'
* commit '9ecabd7892ff073ae60ded3fc0a1290f5914ed5c':
  h264: reset num_reorder_frames if it is invalid

Note, num_reorder_frames is not used in the failure case

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-01-18 22:59:46 +01:00
Anton Khirnov
9ecabd7892 h264: reset num_reorder_frames if it is invalid
An invalid VUI is not considered a fatal error, so the SPS containing it
may still be used. Leaving an invalid value of num_reorder_frames there
can result in writing over the bounds of H264Context.delayed_pic.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
2014-01-18 20:53:06 +01:00
Michael Niedermayer
a60abb1ee0 Merge commit 'bfd26b7ce6efea594f2b99441d900419df3af638'
* commit 'bfd26b7ce6efea594f2b99441d900419df3af638':
  h264: reject mismatching luma/chroma bit depths during sps parsing

Conflicts:
	libavcodec/h264_ps.c

See: bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-01-06 16:28:55 +01:00
Anton Khirnov
bfd26b7ce6 h264: reject mismatching luma/chroma bit depths during sps parsing
There is no point in delaying the check and it avoids bugs with a
half-initialized context.

Fixes invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
2014-01-06 08:23:45 +01:00
Michael Niedermayer
ac3fa95e73 Merge commit '94603feb1b3ad01a821a1a1cef1570b13f471821'
* commit '94603feb1b3ad01a821a1a1cef1570b13f471821':
  h264_ps: when parsing a VUI fails, only abort when explode is set

Merge only for metadata, ignoring invalid data can put the context
into an invalid state and can possibly be used for remote code
execution exploits.
Also we support all non standard VUIs that have been reported so
ignoring parsing failure makes no sense for us unless theres
some issue that has not been reported

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-10-28 11:08:58 +01:00
Anton Khirnov
94603feb1b h264_ps: when parsing a VUI fails, only abort when explode is set
A VUI doesn't contain anything strictly necessary for decoding.
Apparently there are many samples with truncated VUIs in the wild, this
commit should allow decoding them.
2013-10-27 21:39:01 +01:00
Michael Niedermayer
70a73213b7 Merge commit 'c18838f5eb7d7001a9dc653f5162868c04c1b2a1'
* commit 'c18838f5eb7d7001a9dc653f5162868c04c1b2a1':
  h264_ps: Use more meaningful error values

Conflicts:
	libavcodec/h264_ps.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-08-21 13:03:40 +02:00
Michael Niedermayer
e853cf5325 Merge commit '330ad1f6a53a37dec228cb424ca57e1268fafc64'
* commit '330ad1f6a53a37dec228cb424ca57e1268fafc64':
  h264_ps: K&R formatting cosmetics

Conflicts:
	libavcodec/h264_ps.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-08-21 12:56:37 +02:00
Michael Niedermayer
8299ed261a Merge commit '8fed466b0a7d636ae5035f9c6074fba9a621539b'
* commit '8fed466b0a7d636ae5035f9c6074fba9a621539b':
  h264_ps: Drop commented-out cruft

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-08-21 12:32:33 +02:00
Michael Niedermayer
58e12732db Merge commit '2a61592573d725956a4377641344afe263382648'
* commit '2a61592573d725956a4377641344afe263382648':
  avcodec: Remove some commented-out debug cruft

Conflicts:
	libavcodec/h264_cabac.c
	libavcodec/h264_cavlc.c
	libavcodec/h264_loopfilter.c
	libavcodec/h264_mvpred.h
	libavcodec/mjpegdec.c
	libavcodec/mjpegenc.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-08-21 11:18:43 +02:00
Diego Biurrun
c18838f5eb h264_ps: Use more meaningful error values 2013-08-20 21:24:42 +02:00
Diego Biurrun
330ad1f6a5 h264_ps: K&R formatting cosmetics 2013-08-20 21:23:24 +02:00
Diego Biurrun
8fed466b0a h264_ps: Drop commented-out cruft 2013-08-20 21:09:05 +02:00
Diego Biurrun
2a61592573 avcodec: Remove some commented-out debug cruft 2013-08-20 19:59:50 +02:00
Michael Niedermayer
00b1401df6 avcodec/h264_ps: try to support Ambarella AVC
Fixes Ticket2763

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-07-09 05:21:26 +02:00