[FFmpeg-devel] [PATCH 1/5] avcodec/apng: Add APNG_FCTL_CHUNK_SIZE define

[FFmpeg-devel] [PATCH 1/5] avcodec/apng: Add APNG_FCTL_CHUNK_SIZE define

[Andreas Rheinhardt]

Also use it where appropriate.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavcodec/apng.h     | 3 +++
 libavcodec/pngdec.c   | 2 +-
 libavcodec/pngenc.c   | 6 +++---
 libavformat/apngdec.c | 4 ++--
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/libavcodec/apng.h b/libavcodec/apng.h
index 41249e0df0..abd8795334 100644
--- a/libavcodec/apng.h
+++ b/libavcodec/apng.h
@@ -38,4 +38,7 @@ enum {
     APNG_BLEND_OP_OVER   = 1,
 };
 
+/* Only the payload data, not including length, fourcc and CRC-32. */
+#define APNG_FCTL_CHUNK_SIZE    26
+
 #endif /* AVCODEC_APNG_H */
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index 6b44af59f2..87b0c639e3 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -972,7 +972,7 @@ static int decode_fctl_chunk(AVCodecContext *avctx, PNGDecContext *s,
     uint32_t sequence_number;
     int cur_w, cur_h, x_offset, y_offset, dispose_op, blend_op;
 
-    if (bytestream2_get_bytes_left(gb) != 26)
+    if (bytestream2_get_bytes_left(gb) != APNG_FCTL_CHUNK_SIZE)
         return AVERROR_INVALIDDATA;
 
     if (!(s->hdr_state & PNG_IHDR)) {
diff --git a/libavcodec/pngenc.c b/libavcodec/pngenc.c
index d79b4e3895..93463dd341 100644
--- a/libavcodec/pngenc.c
+++ b/libavcodec/pngenc.c
@@ -988,7 +988,7 @@ static int encode_apng(AVCodecContext *avctx, AVPacket *pkt,
         // to have the image data write to the correct place in the buffer
         fctl_chunk.sequence_number = s->sequence_number;
         ++s->sequence_number;
-        s->bytestream += 26 + 12;
+        s->bytestream += APNG_FCTL_CHUNK_SIZE + 12;
 
         ret = apng_encode_frame(avctx, pict, &fctl_chunk, &s->last_frame_fctl);
         if (ret < 0)
@@ -1002,7 +1002,7 @@ static int encode_apng(AVCodecContext *avctx, AVPacket *pkt,
 
     if (s->last_frame) {
         uint8_t* last_fctl_chunk_start = pkt->data;
-        uint8_t buf[26];
+        uint8_t buf[APNG_FCTL_CHUNK_SIZE];
         if (!s->extra_data_updated) {
             uint8_t *side_data = av_packet_new_side_data(pkt, AV_PKT_DATA_NEW_EXTRADATA, s->extra_data_size);
             if (!side_data)
@@ -1020,7 +1020,7 @@ static int encode_apng(AVCodecContext *avctx, AVPacket *pkt,
         AV_WB16(buf + 22, s->last_frame_fctl.delay_den);
         buf[24] = s->last_frame_fctl.dispose_op;
         buf[25] = s->last_frame_fctl.blend_op;
-        png_write_chunk(&last_fctl_chunk_start, MKTAG('f', 'c', 'T', 'L'), buf, 26);
+        png_write_chunk(&last_fctl_chunk_start, MKTAG('f', 'c', 'T', 'L'), buf, sizeof(buf));
 
         *got_packet = 1;
     }
diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c
index e84f74e9d0..47cdbfcbfb 100644
--- a/libavformat/apngdec.c
+++ b/libavformat/apngdec.c
@@ -222,7 +222,7 @@ static int apng_read_header(AVFormatContext *s)
                                     ctx->num_frames, ctx->num_play);
             break;
         case MKTAG('f', 'c', 'T', 'L'):
-            if (!acTL_found || len != 26) {
+            if (!acTL_found || len != APNG_FCTL_CHUNK_SIZE) {
                 return AVERROR_INVALIDDATA;
             }
             if ((ret = avio_seek(pb, -8, SEEK_CUR)) < 0)
@@ -336,7 +336,7 @@ static int apng_read_packet(AVFormatContext *s, AVPacket *pkt)
 
     switch (tag) {
     case MKTAG('f', 'c', 'T', 'L'):
-        if (len != 26)
+        if (len != APNG_FCTL_CHUNK_SIZE)
             return AVERROR_INVALIDDATA;
 
         if ((ret = decode_fctl_chunk(s, ctx, pkt)) < 0)
-- 
2.34.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/5] avformat/apngenc: Check for incomplete chunks

[Andreas Rheinhardt]

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavformat/apngenc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/apngenc.c b/libavformat/apngenc.c
index 88d4a41462..7443c77504 100644
--- a/libavformat/apngenc.c
+++ b/libavformat/apngenc.c
@@ -50,7 +50,7 @@ typedef struct APNGMuxContext {
 static uint8_t *apng_find_chunk(uint32_t tag, uint8_t *buf, size_t length)
 {
     size_t b;
-    for (b = 0; b < length; b += AV_RB32(buf + b) + 12)
+    for (b = 0; AV_RB32(buf + b) + 12ULL <= length - b; b += AV_RB32(buf + b) + 12ULL)
         if (AV_RB32(&buf[b + 4]) == tag)
             return &buf[b];
     return NULL;
-- 
2.34.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 3/5] avformat/apngenc: Check fcTL size

[Andreas Rheinhardt]

The remaining code relies on it having the value it should have.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavformat/apngenc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavformat/apngenc.c b/libavformat/apngenc.c
index 7443c77504..1c039685f2 100644
--- a/libavformat/apngenc.c
+++ b/libavformat/apngenc.c
@@ -27,6 +27,7 @@
 #include "libavutil/intreadwrite.h"
 #include "libavutil/log.h"
 #include "libavutil/opt.h"
+#include "libavcodec/apng.h"
 #include "libavcodec/png.h"
 
 typedef struct APNGMuxContext {
@@ -181,6 +182,9 @@ static int flush_packet(AVFormatContext *format_context, AVPacket *packet)
         if (existing_fcTL_chunk) {
             AVRational delay;
 
+            if (AV_RB32(existing_fcTL_chunk) != APNG_FCTL_CHUNK_SIZE)
+                return AVERROR_INVALIDDATA;
+
             existing_fcTL_chunk += 8;
             delay.num = AV_RB16(existing_fcTL_chunk + 20);
             delay.den = AV_RB16(existing_fcTL_chunk + 22);
-- 
2.34.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 4/5] avformat/apngenc: Don't modify input packet

[Andreas Rheinhardt]

It might not be writable at this point.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavformat/apngenc.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/libavformat/apngenc.c b/libavformat/apngenc.c
index 1c039685f2..c219b80161 100644
--- a/libavformat/apngenc.c
+++ b/libavformat/apngenc.c
@@ -159,6 +159,7 @@ static int flush_packet(AVFormatContext *format_context, AVPacket *packet)
             avio_write(io_context, apng->prev_packet->data, apng->prev_packet->size);
         }
     } else {
+        const uint8_t *data, *data_end;
         uint8_t *existing_fcTL_chunk;
 
         if (apng->frame_number == 0) {
@@ -178,6 +179,8 @@ static int flush_packet(AVFormatContext *format_context, AVPacket *packet)
             }
         }
 
+        data     = apng->prev_packet->data;
+        data_end = data + apng->prev_packet->size;
         existing_fcTL_chunk = apng_find_chunk(MKBETAG('f', 'c', 'T', 'L'), apng->prev_packet->data, apng->prev_packet->size);
         if (existing_fcTL_chunk) {
             AVRational delay;
@@ -190,6 +193,8 @@ static int flush_packet(AVFormatContext *format_context, AVPacket *packet)
             delay.den = AV_RB16(existing_fcTL_chunk + 22);
 
             if (delay.num == 0 && delay.den == 0) {
+                uint8_t new_fcTL_chunk[APNG_FCTL_CHUNK_SIZE];
+
                 if (packet) {
                     int64_t delay_num_raw = (packet->dts - apng->prev_packet->dts) * codec_stream->time_base.num;
                     int64_t delay_den_raw = codec_stream->time_base.den;
@@ -205,16 +210,20 @@ static int flush_packet(AVFormatContext *format_context, AVPacket *packet)
                     delay = apng->prev_delay;
                 }
 
+                avio_write(io_context, data, (existing_fcTL_chunk - 8) - data);
+                data = existing_fcTL_chunk + APNG_FCTL_CHUNK_SIZE + 4 /* CRC-32 */;
                 // Update frame control header with new delay
-                AV_WB16(existing_fcTL_chunk + 20, delay.num);
-                AV_WB16(existing_fcTL_chunk + 22, delay.den);
-                AV_WB32(existing_fcTL_chunk + 26, ~av_crc(av_crc_get_table(AV_CRC_32_IEEE_LE), ~0U, existing_fcTL_chunk - 4, 26 + 4));
+                memcpy(new_fcTL_chunk, existing_fcTL_chunk, sizeof(new_fcTL_chunk));
+                AV_WB16(new_fcTL_chunk + 20, delay.num);
+                AV_WB16(new_fcTL_chunk + 22, delay.den);
+                apng_write_chunk(io_context, MKBETAG('f', 'c', 'T', 'L'),
+                                 new_fcTL_chunk, sizeof(new_fcTL_chunk));
             }
             apng->prev_delay = delay;
         }
 
         // Write frame data
-        avio_write(io_context, apng->prev_packet->data, apng->prev_packet->size);
+        avio_write(io_context, data, data_end - data);
     }
     ++apng->frame_number;
 
-- 
2.34.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 5/5] avformat/apngenc: Add const where possible

[Andreas Rheinhardt]

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavformat/apngenc.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/libavformat/apngenc.c b/libavformat/apngenc.c
index c219b80161..cddb148d50 100644
--- a/libavformat/apngenc.c
+++ b/libavformat/apngenc.c
@@ -48,7 +48,8 @@ typedef struct APNGMuxContext {
     int extra_data_size;
 } APNGMuxContext;
 
-static uint8_t *apng_find_chunk(uint32_t tag, uint8_t *buf, size_t length)
+static const uint8_t *apng_find_chunk(uint32_t tag, const uint8_t *buf,
+                                      size_t length)
 {
     size_t b;
     for (b = 0; AV_RB32(buf + b) + 12ULL <= length - b; b += AV_RB32(buf + b) + 12ULL)
@@ -134,15 +135,15 @@ static int flush_packet(AVFormatContext *format_context, AVPacket *packet)
     }
 
     if (apng->frame_number == 0 && !packet) {
-        uint8_t *existing_acTL_chunk;
-        uint8_t *existing_fcTL_chunk;
+        const uint8_t *existing_acTL_chunk;
+        const uint8_t *existing_fcTL_chunk;
 
         av_log(format_context, AV_LOG_INFO, "Only a single frame so saving as a normal PNG.\n");
 
         // Write normal PNG headers without acTL chunk
         existing_acTL_chunk = apng_find_chunk(MKBETAG('a', 'c', 'T', 'L'), apng->extra_data, apng->extra_data_size);
         if (existing_acTL_chunk) {
-            uint8_t *chunk_after_acTL = existing_acTL_chunk + AV_RB32(existing_acTL_chunk) + 12;
+            const uint8_t *chunk_after_acTL = existing_acTL_chunk + AV_RB32(existing_acTL_chunk) + 12;
             avio_write(io_context, apng->extra_data, existing_acTL_chunk - apng->extra_data);
             avio_write(io_context, chunk_after_acTL, apng->extra_data + apng->extra_data_size - chunk_after_acTL);
         } else {
@@ -152,7 +153,7 @@ static int flush_packet(AVFormatContext *format_context, AVPacket *packet)
         // Write frame data without fcTL chunk
         existing_fcTL_chunk = apng_find_chunk(MKBETAG('f', 'c', 'T', 'L'), apng->prev_packet->data, apng->prev_packet->size);
         if (existing_fcTL_chunk) {
-            uint8_t *chunk_after_fcTL = existing_fcTL_chunk + AV_RB32(existing_fcTL_chunk) + 12;
+            const uint8_t *chunk_after_fcTL = existing_fcTL_chunk + AV_RB32(existing_fcTL_chunk) + 12;
             avio_write(io_context, apng->prev_packet->data, existing_fcTL_chunk - apng->prev_packet->data);
             avio_write(io_context, chunk_after_fcTL, apng->prev_packet->data + apng->prev_packet->size - chunk_after_fcTL);
         } else {
@@ -160,10 +161,10 @@ static int flush_packet(AVFormatContext *format_context, AVPacket *packet)
         }
     } else {
         const uint8_t *data, *data_end;
-        uint8_t *existing_fcTL_chunk;
+        const uint8_t *existing_fcTL_chunk;
 
         if (apng->frame_number == 0) {
-            uint8_t *existing_acTL_chunk;
+            const uint8_t *existing_acTL_chunk;
 
             // Write normal PNG headers
             avio_write(io_context, apng->extra_data, apng->extra_data_size);
-- 
2.34.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".