From c4182d72c9b6614490ba241c6721273ea2d784f4 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Sat, 8 Dec 2012 10:11:13 +0100 Subject: [PATCH 1/6] svq1: return meaningful error codes. --- libavcodec/svq1dec.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index 704cf58773..25837f51f6 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -192,7 +192,7 @@ static int svq1_decode_block_intra(GetBitContext *bitbuf, uint8_t *pixels, av_dlog(NULL, "Error (svq1_decode_block_intra): invalid vector: stages=%i level=%i\n", stages, level); - return -1; /* invalid vector */ + return AVERROR_INVALIDDATA; /* invalid vector */ } mean = get_vlc2(bitbuf, svq1_intra_mean.table, 8, 3); @@ -254,7 +254,7 @@ static int svq1_decode_block_non_intra(GetBitContext *bitbuf, uint8_t *pixels, av_dlog(NULL, "Error (svq1_decode_block_non_intra): invalid vector: stages=%i level=%i\n", stages, level); - return -1; /* invalid vector */ + return AVERROR_INVALIDDATA; /* invalid vector */ } mean = get_vlc2(bitbuf, svq1_inter_mean.table, 9, 3) - 256; @@ -287,7 +287,7 @@ static int svq1_decode_motion_vector(GetBitContext *bitbuf, svq1_pmv *mv, /* get motion code */ diff = get_vlc2(bitbuf, svq1_motion_component.table, 7, 2); if (diff < 0) - return -1; + return AVERROR_INVALIDDATA; else if (diff) { if (get_bits1(bitbuf)) diff = -diff; @@ -576,7 +576,7 @@ static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame) s->height = get_bits(bitbuf, 12); if (!s->width || !s->height) - return -1; + return AVERROR_INVALIDDATA; } else { /* get width, height from table */ s->width = ff_svq1_frame_size_table[frame_size_code].width; @@ -590,7 +590,7 @@ static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame) skip_bits1(bitbuf); /* component checksums after image data if (1) */ if (get_bits(bitbuf, 2) != 0) - return -1; + return AVERROR_INVALIDDATA; } if (get_bits1(bitbuf) == 1) { @@ -627,7 +627,7 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data, s->frame_code = get_bits(&s->gb, 22); if ((s->frame_code & ~0x70) || !(s->frame_code & 0x60)) - return -1; + return AVERROR_INVALIDDATA; /* swap some header bytes (why?) */ if (s->frame_code != 0x20) { @@ -657,7 +657,7 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data, pmv = av_malloc((FFALIGN(s->width, 16) / 8 + 3) * sizeof(*pmv)); if (!pmv) - return -1; + return AVERROR(ENOMEM); /* decode y, u and v components */ for (i = 0; i < 3; i++) { From 48238fd00b22518158999a0aac5d620bc31dc8d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Wed, 12 Dec 2012 11:27:03 +0200 Subject: [PATCH 2/6] svq1: Fix building with -DDEBUG MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö --- libavcodec/svq1dec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index 25837f51f6..515604222b 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -640,7 +640,7 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data, result = svq1_decode_frame_header(avctx, cur); if (result != 0) { - av_dlog(s->avctx, "Error in svq1_decode_frame_header %i\n", result); + av_dlog(avctx, "Error in svq1_decode_frame_header %i\n", result); return result; } avcodec_set_dimensions(avctx, s->width, s->height); @@ -707,7 +707,7 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data, previous, linesize, pmv, x, y); if (result != 0) { - av_dlog(s->avctx, + av_dlog(avctx, "Error in svq1_decode_delta_block %i\n", result); goto err; From 81ef5192529dd9ff6b7dc34b6528b9d8dafdd100 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Tue, 11 Dec 2012 18:58:59 +0200 Subject: [PATCH 3/6] rtpdec: Limit writing to the buffer size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes potential buffer overwrites. Signed-off-by: Martin Storsjö --- libavformat/rtpdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c index 3b03bdaa14..b83a79bdbb 100644 --- a/libavformat/rtpdec.c +++ b/libavformat/rtpdec.c @@ -531,7 +531,7 @@ static int rtp_parse_packet_internal(RTPDemuxContext *s, AVPacket *pkt, if (ret < 0) return AVERROR(EAGAIN); if (ret < len) { - s->read_buf_size = len - ret; + s->read_buf_size = FFMIN(len - ret, sizeof(s->buf)); memcpy(s->buf, buf + ret, s->read_buf_size); s->read_buf_index = 0; return 1; From e66d448c7564424e958332212083beecbc6e1868 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Tue, 11 Dec 2012 19:35:03 +0200 Subject: [PATCH 4/6] rtpdec: Remove unused context variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These stem from back when both the rtp muxer and rtp depacketizing shared the same struct. Signed-off-by: Martin Storsjö --- libavformat/rtpdec.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/libavformat/rtpdec.h b/libavformat/rtpdec.h index da3680d6ab..f643fa20a9 100644 --- a/libavformat/rtpdec.h +++ b/libavformat/rtpdec.h @@ -176,15 +176,12 @@ struct RTPDemuxContext { unsigned int packet_count; // TODO: move into statistics (outgoing) unsigned int octet_count; // TODO: move into statistics (outgoing) unsigned int last_octet_count; // TODO: move into statistics (outgoing) - int first_packet; /* buffer for output */ uint8_t buf[RTP_MAX_PACKET_LENGTH]; - uint8_t *buf_ptr; /* dynamic payload stuff */ DynamicPayloadPacketHandlerProc parse_packet; ///< This is also copied from the dynamic protocol handler structure PayloadContext *dynamic_protocol_context; ///< This is a copy from the values setup from the sdp parsing, in rtsp.c don't free me. - int max_frames_per_packet; }; void ff_register_dynamic_payload_handler(RTPDynamicProtocolHandler *handler); From d6ec745246fc39eb885fde1b296026467becbd33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Tue, 11 Dec 2012 19:57:18 +0200 Subject: [PATCH 5/6] rtpdec: Improve some comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous comment about the buffer was wildly inaccurate and misleading. Signed-off-by: Martin Storsjö --- libavformat/rtpdec.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/rtpdec.h b/libavformat/rtpdec.h index f643fa20a9..4a920a90b5 100644 --- a/libavformat/rtpdec.h +++ b/libavformat/rtpdec.h @@ -94,7 +94,8 @@ typedef struct RTPStatistics { * @param s stream context * @param st stream that this packet belongs to * @param pkt packet in which to write the parsed data - * @param timestamp pointer in which to write the timestamp of this RTP packet + * @param timestamp pointer to the RTP timestamp of the input data, can be + * updated by the function if returning older, buffered data * @param buf pointer to raw RTP packet data * @param len length of buf * @param flags flags from the RTP packet header (RTP_FLAG_*) @@ -176,7 +177,7 @@ struct RTPDemuxContext { unsigned int packet_count; // TODO: move into statistics (outgoing) unsigned int octet_count; // TODO: move into statistics (outgoing) unsigned int last_octet_count; // TODO: move into statistics (outgoing) - /* buffer for output */ + /* buffer for partially parsed packets */ uint8_t buf[RTP_MAX_PACKET_LENGTH]; /* dynamic payload stuff */ From 7941159df6aad2d219e2a7184489be7a735dd944 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Tue, 11 Dec 2012 18:50:10 +0200 Subject: [PATCH 6/6] rtpdec/enc: Remove outdated/useless/misleading comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö --- libavformat/rtpdec.h | 22 ++++++++++------------ libavformat/rtpenc.h | 10 +++++----- 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/libavformat/rtpdec.h b/libavformat/rtpdec.h index 4a920a90b5..415b77d0d8 100644 --- a/libavformat/rtpdec.h +++ b/libavformat/rtpdec.h @@ -31,7 +31,7 @@ typedef struct PayloadContext PayloadContext; typedef struct RTPDynamicProtocolHandler_s RTPDynamicProtocolHandler; #define RTP_MIN_PACKET_LENGTH 12 -#define RTP_MAX_PACKET_LENGTH 1500 /* XXX: suppress this define */ +#define RTP_MAX_PACKET_LENGTH 1500 #define RTP_REORDER_QUEUE_DEFAULT_SIZE 10 @@ -109,8 +109,7 @@ typedef int (*DynamicPayloadPacketHandlerProc) (AVFormatContext *ctx, int len, int flags); struct RTPDynamicProtocolHandler_s { - // fields from AVRtpDynamicPayloadType_s - const char enc_name[50]; /* XXX: still why 50 ? ;-) */ + const char enc_name[50]; enum AVMediaType codec_type; enum AVCodecID codec_id; int static_payload_id; /* 0 means no payload id is set. 0 is a valid @@ -138,7 +137,6 @@ typedef struct RTPPacket { struct RTPPacket *next; } RTPPacket; -// moved out of rtp.c, because the h264 decoder needs to know about this structure.. struct RTPDemuxContext { AVFormatContext *ic; AVStream *st; @@ -168,21 +166,21 @@ struct RTPDemuxContext { /*@}*/ /* rtcp sender statistics receive */ - int64_t last_rtcp_ntp_time; // TODO: move into statistics - int64_t first_rtcp_ntp_time; // TODO: move into statistics - uint32_t last_rtcp_timestamp; // TODO: move into statistics + int64_t last_rtcp_ntp_time; + int64_t first_rtcp_ntp_time; + uint32_t last_rtcp_timestamp; int64_t rtcp_ts_offset; /* rtcp sender statistics */ - unsigned int packet_count; // TODO: move into statistics (outgoing) - unsigned int octet_count; // TODO: move into statistics (outgoing) - unsigned int last_octet_count; // TODO: move into statistics (outgoing) + unsigned int packet_count; + unsigned int octet_count; + unsigned int last_octet_count; /* buffer for partially parsed packets */ uint8_t buf[RTP_MAX_PACKET_LENGTH]; /* dynamic payload stuff */ - DynamicPayloadPacketHandlerProc parse_packet; ///< This is also copied from the dynamic protocol handler structure - PayloadContext *dynamic_protocol_context; ///< This is a copy from the values setup from the sdp parsing, in rtsp.c don't free me. + DynamicPayloadPacketHandlerProc parse_packet; + PayloadContext *dynamic_protocol_context; }; void ff_register_dynamic_payload_handler(RTPDynamicProtocolHandler *handler); diff --git a/libavformat/rtpenc.h b/libavformat/rtpenc.h index 5351b4590c..369b413e9d 100644 --- a/libavformat/rtpenc.h +++ b/libavformat/rtpenc.h @@ -38,13 +38,13 @@ struct RTPMuxContext { int num_frames; /* rtcp sender statistics receive */ - int64_t last_rtcp_ntp_time; // TODO: move into statistics - int64_t first_rtcp_ntp_time; // TODO: move into statistics + int64_t last_rtcp_ntp_time; + int64_t first_rtcp_ntp_time; /* rtcp sender statistics */ - unsigned int packet_count; // TODO: move into statistics (outgoing) - unsigned int octet_count; // TODO: move into statistics (outgoing) - unsigned int last_octet_count; // TODO: move into statistics (outgoing) + unsigned int packet_count; + unsigned int octet_count; + unsigned int last_octet_count; int first_packet; /* buffer for output */ uint8_t *buf;