Compare commits

...

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

13 changed files with 86 additions and 1311 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/v1.7.0.tar.gz
SOURCES/v1.9.0.tar.gz

View File

@ -1 +1 @@
fb3d4b80596d1e3b1a7f53757d63e7d2b3eeb7c9 SOURCES/v1.7.0.tar.gz
2ab8203ad8922bdf3256e4a197d1348fa8db9a62 SOURCES/v1.9.0.tar.gz

View File

@ -1,45 +0,0 @@
From 953b0b85f8462efeac179341c912617c1bae8d4c Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Wed, 25 Mar 2020 13:39:30 +0100
Subject: [PATCH 1/2] CVE-2019-9232: Fix OOB memory access on fuzzed data
vp8_norm table has 256 elements while index to it can be higher on
fuzzed data. Typecasting it to unsigned char will ensure valid range and
will trigger proper error later. Also declaring "shift" as unsigned char to
avoid UB sanitizer warning
BUG=b/122373286,b/122373822,b/122371119
---
vp8/decoder/dboolhuff.h | 2 +-
vpx_dsp/bitreader.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/vp8/decoder/dboolhuff.h b/vp8/decoder/dboolhuff.h
index 04c027cd7..f3b080509 100644
--- a/vp8/decoder/dboolhuff.h
+++ b/vp8/decoder/dboolhuff.h
@@ -76,7 +76,7 @@ static int vp8dx_decode_bool(BOOL_DECODER *br, int probability) {
}
{
- register int shift = vp8_norm[range];
+ register unsigned char shift = vp8_norm[(unsigned char)range];
range <<= shift;
value <<= shift;
count -= shift;
diff --git a/vpx_dsp/bitreader.h b/vpx_dsp/bitreader.h
index 6ee2a5863..4b87e986c 100644
--- a/vpx_dsp/bitreader.h
+++ b/vpx_dsp/bitreader.h
@@ -94,7 +94,7 @@ static INLINE int vpx_read(vpx_reader *r, int prob) {
}
{
- register int shift = vpx_norm[range];
+ register unsigned char shift = vpx_norm[(unsigned char)range];
range <<= shift;
value <<= shift;
count -= shift;
--
2.25.1

View File

@ -1,103 +0,0 @@
From 0b9c2b782ae87f820aa34a19be7be6268f258172 Mon Sep 17 00:00:00 2001
From: Jerome Jiang <jianj@google.com>
Date: Thu, 30 Jun 2022 13:48:56 -0400
Subject: [PATCH] Fix bug with smaller width bigger size
Fixed previous patch that clusterfuzz failed on.
Local fuzzing passing overnight.
Bug: webm:1642
Change-Id: If0e08e72abd2e042efe4dcfac21e4cc51afdfdb9
(cherry picked from commit 263682c9a29395055f3b3afe2d97be1828a6223f)
---
vp9/common/vp9_alloccommon.c | 13 ++++++-------
vp9/encoder/vp9_encoder.c | 27 +++++++++++++++++++++++++--
2 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/vp9/common/vp9_alloccommon.c b/vp9/common/vp9_alloccommon.c
index 7345e259b..2989ee015 100644
--- a/vp9/common/vp9_alloccommon.c
+++ b/vp9/common/vp9_alloccommon.c
@@ -122,13 +122,6 @@ int vp9_alloc_context_buffers(VP9_COMMON *cm, int width, int height) {
cm->free_mi(cm);
if (cm->alloc_mi(cm, new_mi_size)) goto fail;
}
-
- if (cm->seg_map_alloc_size < cm->mi_rows * cm->mi_cols) {
- // Create the segmentation map structure and set to 0.
- free_seg_map(cm);
- if (alloc_seg_map(cm, cm->mi_rows * cm->mi_cols)) goto fail;
- }
-
if (cm->above_context_alloc_cols < cm->mi_cols) {
vpx_free(cm->above_context);
cm->above_context = (ENTROPY_CONTEXT *)vpx_calloc(
@@ -143,6 +136,12 @@ int vp9_alloc_context_buffers(VP9_COMMON *cm, int width, int height) {
cm->above_context_alloc_cols = cm->mi_cols;
}
+ if (cm->seg_map_alloc_size < cm->mi_rows * cm->mi_cols) {
+ // Create the segmentation map structure and set to 0.
+ free_seg_map(cm);
+ if (alloc_seg_map(cm, cm->mi_rows * cm->mi_cols)) goto fail;
+ }
+
if (vp9_alloc_loop_filter(cm)) goto fail;
return 0;
diff --git a/vp9/encoder/vp9_encoder.c b/vp9/encoder/vp9_encoder.c
index 2ae59dd98..01a6d907b 100644
--- a/vp9/encoder/vp9_encoder.c
+++ b/vp9/encoder/vp9_encoder.c
@@ -1751,6 +1751,17 @@ static void alloc_copy_partition_data(VP9_COMP *cpi) {
}
}
+static void free_copy_partition_data(VP9_COMP *cpi) {
+ vpx_free(cpi->prev_partition);
+ cpi->prev_partition = NULL;
+ vpx_free(cpi->prev_segment_id);
+ cpi->prev_segment_id = NULL;
+ vpx_free(cpi->prev_variance_low);
+ cpi->prev_variance_low = NULL;
+ vpx_free(cpi->copied_frame_cnt);
+ cpi->copied_frame_cnt = NULL;
+}
+
void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) {
VP9_COMMON *const cm = &cpi->common;
RATE_CONTROL *const rc = &cpi->rc;
@@ -1834,6 +1845,8 @@ void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) {
new_mi_size = cm->mi_stride * calc_mi_size(cm->mi_rows);
if (cm->mi_alloc_size < new_mi_size) {
vp9_free_context_buffers(cm);
+ vp9_free_pc_tree(&cpi->td);
+ vpx_free(cpi->mbmi_ext_base);
alloc_compressor_data(cpi);
realloc_segmentation_maps(cpi);
cpi->initial_width = cpi->initial_height = 0;
@@ -1849,8 +1862,18 @@ void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) {
update_frame_size(cpi);
if (last_w != cpi->oxcf.width || last_h != cpi->oxcf.height) {
- memset(cpi->consec_zero_mv, 0,
- cm->mi_rows * cm->mi_cols * sizeof(*cpi->consec_zero_mv));
+ vpx_free(cpi->consec_zero_mv);
+ CHECK_MEM_ERROR(
+ cm, cpi->consec_zero_mv,
+ vpx_calloc(cm->mi_rows * cm->mi_cols, sizeof(*cpi->consec_zero_mv)));
+
+ vpx_free(cpi->skin_map);
+ CHECK_MEM_ERROR(
+ cm, cpi->skin_map,
+ vpx_calloc(cm->mi_rows * cm->mi_cols, sizeof(cpi->skin_map[0])));
+
+ free_copy_partition_data(cpi);
+ alloc_copy_partition_data(cpi);
if (cpi->oxcf.aq_mode == CYCLIC_REFRESH_AQ)
vp9_cyclic_refresh_reset_resize(cpi);
rc->rc_1_frame = 0;
--
2.41.0

View File

@ -1,109 +0,0 @@
From 6b98423e19a68b182cd50e3c640f9828b025818b Mon Sep 17 00:00:00 2001
From: Wan-Teh Chang <wtc@google.com>
Date: Wed, 10 Apr 2024 17:01:10 -0700
Subject: [PATCH 1/3] Fix integer overflows in calc of stride_in_bytes
A port of the libaom CL
https://aomedia-review.googlesource.com/c/aom/+/188761.
Fix unsigned integer overflows in the calculation of stride_in_bytes in
img_alloc_helper() when d_w is huge.
Change the type of stride_in_bytes from unsigned int to int because it
will be assigned to img->stride[VPX_PLANE_Y], which is of the int type.
Test:
. ../libvpx/tools/set_analyzer_env.sh integer
../libvpx/configure --enable-debug --disable-optimizations
make -j
./test_libvpx --gtest_filter=VpxImageTest.VpxImgAllocHugeWidth
Bug: chromium:332382766
Change-Id: I3b39d78f61c7255e10cbf72ba2f4975425a05a82
---
vpx/src/vpx_image.c | 32 +++++++++++++++++++-------------
1 file changed, 19 insertions(+), 13 deletions(-)
diff --git a/vpx/src/vpx_image.c b/vpx/src/vpx_image.c
index af7c529a7..a01aab29c 100644
--- a/vpx/src/vpx_image.c
+++ b/vpx/src/vpx_image.c
@@ -20,9 +20,9 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, vpx_img_fmt_t fmt,
unsigned int buf_align,
unsigned int stride_align,
unsigned char *img_data) {
- unsigned int h, w, s, xcs, ycs, bps;
- unsigned int stride_in_bytes;
- int align;
+ unsigned int h, w, xcs, ycs, bps;
+ uint64_t s;
+ int stride_in_bytes, align;
/* Treat align==0 like align==1 */
if (!buf_align) buf_align = 1;
@@ -92,9 +92,11 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, vpx_img_fmt_t fmt,
* and height shouldn't be adjusted. */
w = d_w;
h = d_h;
- s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8;
- s = (s + stride_align - 1) & ~(stride_align - 1);
- stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
+ s = (fmt & VPX_IMG_FMT_PLANAR) ? w : (uint64_t)bps * w / 8;
+ s = (s + stride_align - 1) & ~((uint64_t)stride_align - 1);
+ s = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
+ if (s > INT_MAX) goto fail;
+ stride_in_bytes = (int)s;
/* Allocate the new image */
if (!img) {
@@ -117,9 +119,11 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, vpx_img_fmt_t fmt,
align = (1 << ycs) - 1;
h = (d_h + align) & ~align;
- s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8;
- s = (s + stride_align - 1) & ~(stride_align - 1);
- stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
+ s = (fmt & VPX_IMG_FMT_PLANAR) ? w : (uint64_t)bps * w / 8;
+ s = (s + stride_align - 1) & ~((uint64_t)stride_align - 1);
+ s = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
+ if (s > INT_MAX) goto fail;
+ stride_in_bytes = (int)s;
alloc_size = (fmt & VPX_IMG_FMT_PLANAR) ? (uint64_t)h * s * bps / 8
: (uint64_t)h * s;
@@ -185,18 +189,19 @@ int vpx_img_set_rect(vpx_image_t *img, unsigned int x, unsigned int y,
if (img->fmt & VPX_IMG_FMT_HAS_ALPHA) {
img->planes[VPX_PLANE_ALPHA] =
data + x * bytes_per_sample + y * img->stride[VPX_PLANE_ALPHA];
- data += img->h * img->stride[VPX_PLANE_ALPHA];
+ data += (size_t)img->h * img->stride[VPX_PLANE_ALPHA];
}
img->planes[VPX_PLANE_Y] =
data + x * bytes_per_sample + y * img->stride[VPX_PLANE_Y];
- data += img->h * img->stride[VPX_PLANE_Y];
+ data += (size_t)img->h * img->stride[VPX_PLANE_Y];
if (!(img->fmt & VPX_IMG_FMT_UV_FLIP)) {
img->planes[VPX_PLANE_U] =
data + (x >> img->x_chroma_shift) * bytes_per_sample +
(y >> img->y_chroma_shift) * img->stride[VPX_PLANE_U];
- data += (img->h >> img->y_chroma_shift) * img->stride[VPX_PLANE_U];
+ data +=
+ (size_t)(img->h >> img->y_chroma_shift) * img->stride[VPX_PLANE_U];
img->planes[VPX_PLANE_V] =
data + (x >> img->x_chroma_shift) * bytes_per_sample +
(y >> img->y_chroma_shift) * img->stride[VPX_PLANE_V];
@@ -204,7 +209,8 @@ int vpx_img_set_rect(vpx_image_t *img, unsigned int x, unsigned int y,
img->planes[VPX_PLANE_V] =
data + (x >> img->x_chroma_shift) * bytes_per_sample +
(y >> img->y_chroma_shift) * img->stride[VPX_PLANE_V];
- data += (img->h >> img->y_chroma_shift) * img->stride[VPX_PLANE_V];
+ data +=
+ (size_t)(img->h >> img->y_chroma_shift) * img->stride[VPX_PLANE_V];
img->planes[VPX_PLANE_U] =
data + (x >> img->x_chroma_shift) * bytes_per_sample +
(y >> img->y_chroma_shift) * img->stride[VPX_PLANE_U];
--
2.45.2

View File

@ -1,34 +0,0 @@
From 3a03995efe86129cde5df3a7de32fecdfce3259e Mon Sep 17 00:00:00 2001
From: James Zern <jzern@google.com>
Date: Mon, 25 Sep 2023 18:55:59 -0700
Subject: [PATCH] VP8: disallow thread count changes
Currently allocations are done at encoder creation time. Going from
threaded to non-threaded would cause a crash.
Bug: chromium:1486441
Change-Id: Ie301c2a70847dff2f0daae408fbef1e4d42e73d4
(cherry picked from commit 3fbd1dca6a4d2dad332a2110d646e4ffef36d590)
---
vp8/encoder/onyx_if.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/vp8/encoder/onyx_if.c b/vp8/encoder/onyx_if.c
index 224318242..e0c22070c 100644
--- a/vp8/encoder/onyx_if.c
+++ b/vp8/encoder/onyx_if.c
@@ -1449,6 +1449,11 @@ void vp8_change_config(VP8_COMP *cpi, VP8_CONFIG *oxcf) {
last_h = cpi->oxcf.Height;
prev_number_of_layers = cpi->oxcf.number_of_layers;
+ if (cpi->initial_width) {
+ // TODO(https://crbug.com/1486441): Allow changing thread counts; the
+ // allocation is done once in vp8_create_compressor().
+ oxcf->multi_threaded = cpi->oxcf.multi_threaded;
+ }
cpi->oxcf = *oxcf;
switch (cpi->oxcf.Mode) {
--
2.41.0

View File

@ -1,34 +0,0 @@
From f8472f581ed1b4dd0d205efdec72e43742f579fb Mon Sep 17 00:00:00 2001
From: Wan-Teh Chang <wtc@google.com>
Date: Thu, 11 Apr 2024 16:38:45 -0700
Subject: [PATCH 2/3] Apply stride_align to byte count, not pixel count
A port of the libaom CL
https://aomedia-review.googlesource.com/c/aom/+/188962.
stride_align is documented to be the "alignment, in bytes, of each row
in the image (stride)."
Change-Id: I2184b50dc3607611f47719319fa5adb3adcef2fd
(cherry picked from commit 7d37ffacc6f7c45554b48ca867be4223248f1ed6)
---
vpx/src/vpx_image.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/vpx/src/vpx_image.c b/vpx/src/vpx_image.c
index a01aab29c..0c84562ae 100644
--- a/vpx/src/vpx_image.c
+++ b/vpx/src/vpx_image.c
@@ -93,8 +93,8 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, vpx_img_fmt_t fmt,
w = d_w;
h = d_h;
s = (fmt & VPX_IMG_FMT_PLANAR) ? w : (uint64_t)bps * w / 8;
- s = (s + stride_align - 1) & ~((uint64_t)stride_align - 1);
s = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
+ s = (s + stride_align - 1) & ~((uint64_t)stride_align - 1);
if (s > INT_MAX) goto fail;
stride_in_bytes = (int)s;
--
2.45.2

View File

@ -1,33 +0,0 @@
From 93681819b22d3f42cf5fdfa85701f38e5bab10dd Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Wed, 25 Mar 2020 13:42:07 +0100
Subject: [PATCH 2/2] CVE-2019-9433: VP8: Fix use-after-free in postproc.
The pointer in vp8 postproc refers to show_frame_mi which is only
updated on show frame. However, when there is a no-show frame which also
changes the size (thus new frame buffers allocated), show_frame_mi is
not updated with new frame buffer memory.
Change the pointer in postproc to mi which is always updated.
Bug: 842265
---
vp8/common/postproc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/vp8/common/postproc.c b/vp8/common/postproc.c
index d67ee8a57..8c292d616 100644
--- a/vp8/common/postproc.c
+++ b/vp8/common/postproc.c
@@ -65,7 +65,7 @@ void vp8_deblock(VP8_COMMON *cm, YV12_BUFFER_CONFIG *source,
double level = 6.0e-05 * q * q * q - .0067 * q * q + .306 * q + .0065;
int ppl = (int)(level + .5);
- const MODE_INFO *mode_info_context = cm->show_frame_mi;
+ const MODE_INFO *mode_info_context = cm->mi;
int mbr, mbc;
/* The pixel thresholds are adjusted according to if or not the macroblock
--
2.25.1

View File

@ -1,755 +0,0 @@
From ca1647dda267762c03c8641d2c605a9853a8ac59 Mon Sep 17 00:00:00 2001
From: Johann <johannkoenig@google.com>
Date: Tue, 24 Apr 2018 15:22:28 -0700
Subject: [PATCH 3/4] CVE-2019-9371: update libwebm
update libwebm to libwebm-1.0.0.27-358-gdbf1d10
---
configure | 8 +-
third_party/libwebm/AUTHORS.TXT | 8 +-
third_party/libwebm/Android.mk | 2 +-
third_party/libwebm/README.libvpx | 14 +++-
third_party/libwebm/common/file_util.cc | 19 ++++-
third_party/libwebm/common/file_util.h | 5 +-
third_party/libwebm/common/hdr_util.cc | 8 +-
third_party/libwebm/common/hdr_util.h | 10 +--
third_party/libwebm/common/webmids.h | 1 +
third_party/libwebm/mkvmuxer/mkvmuxer.cc | 77 +++++++++++++-------
third_party/libwebm/mkvmuxer/mkvmuxer.h | 5 +-
third_party/libwebm/mkvmuxer/mkvmuxerutil.cc | 13 ++--
third_party/libwebm/mkvmuxer/mkvmuxerutil.h | 3 +
third_party/libwebm/mkvmuxer/mkvwriter.cc | 2 +
third_party/libwebm/mkvparser/mkvparser.cc | 64 +++++++++++-----
third_party/libwebm/mkvparser/mkvparser.h | 6 +-
third_party/libwebm/mkvparser/mkvreader.cc | 2 +
17 files changed, 165 insertions(+), 82 deletions(-)
diff --git a/configure b/configure
index e5a74c6f2..56d203e6b 100755
--- a/configure
+++ b/configure
@@ -703,9 +703,7 @@ process_toolchain() {
check_cxx "$@" <<EOF && soft_enable unit_tests
int z;
EOF
- check_cxx "$@" <<EOF && soft_enable webm_io
-int z;
-EOF
+ check_add_cxx_flags -std=c++11 && soft_enable webm_io
check_cxx "$@" <<EOF && soft_enable libyuv
int z;
EOF
@@ -714,9 +712,7 @@ EOF
enabled pthread_h && check_cxx "$@" <<EOF && soft_enable unit_tests
int z;
EOF
- check_cxx "$@" <<EOF && soft_enable webm_io
-int z;
-EOF
+ check_add_cxx_flags -std=c++11 && soft_enable webm_io
check_cxx "$@" <<EOF && soft_enable libyuv
int z;
EOF
diff --git a/third_party/libwebm/AUTHORS.TXT b/third_party/libwebm/AUTHORS.TXT
index 8ab6f794c..9686ac13e 100644
--- a/third_party/libwebm/AUTHORS.TXT
+++ b/third_party/libwebm/AUTHORS.TXT
@@ -1,4 +1,4 @@
-# Names should be added to this file like so:
-# Name or Organization <email address>
-
-Google Inc.
+# Names should be added to this file like so:
+# Name or Organization <email address>
+
+Google Inc.
diff --git a/third_party/libwebm/Android.mk b/third_party/libwebm/Android.mk
index 8149a083f..b46ba101d 100644
--- a/third_party/libwebm/Android.mk
+++ b/third_party/libwebm/Android.mk
@@ -3,7 +3,7 @@ LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE:= libwebm
LOCAL_CPPFLAGS:=-D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS
-LOCAL_CPPFLAGS+=-D__STDC_LIMIT_MACROS -Wno-extern-c-compat
+LOCAL_CPPFLAGS+=-D__STDC_LIMIT_MACROS -std=c++11
LOCAL_C_INCLUDES:= $(LOCAL_PATH)
LOCAL_EXPORT_C_INCLUDES:= $(LOCAL_PATH)
diff --git a/third_party/libwebm/README.libvpx b/third_party/libwebm/README.libvpx
index ebb5ff2f4..16f17513e 100644
--- a/third_party/libwebm/README.libvpx
+++ b/third_party/libwebm/README.libvpx
@@ -1,5 +1,5 @@
URL: https://chromium.googlesource.com/webm/libwebm
-Version: 0ae757087f5e6eb01dfea16cc09205b2425cfb74
+Version: dbf1d1089756e7cb5b1a04d6752310ef35912347
License: BSD
License File: LICENSE.txt
@@ -7,4 +7,14 @@ Description:
libwebm is used to handle WebM container I/O.
Local Changes:
-* <none>
+Only keep:
+ - Android.mk
+ - AUTHORS.TXT
+ - common/
+ file_util.cc/h
+ hdr_util.cc/h
+ webmids.h
+ - LICENSE.TXT
+ - mkvmuxer/
+ - mkvparser/
+ - PATENTS.TXT
diff --git a/third_party/libwebm/common/file_util.cc b/third_party/libwebm/common/file_util.cc
index 6dab146dd..6eb6428b9 100644
--- a/third_party/libwebm/common/file_util.cc
+++ b/third_party/libwebm/common/file_util.cc
@@ -17,14 +17,15 @@
#include <cstring>
#include <fstream>
#include <ios>
+#include <string>
namespace libwebm {
std::string GetTempFileName() {
#if !defined _MSC_VER && !defined __MINGW32__
std::string temp_file_name_template_str =
- std::string(std::getenv("TEST_TMPDIR") ? std::getenv("TEST_TMPDIR") :
- ".") +
+ std::string(std::getenv("TEST_TMPDIR") ? std::getenv("TEST_TMPDIR")
+ : ".") +
"/libwebm_temp.XXXXXX";
char* temp_file_name_template =
new char[temp_file_name_template_str.length() + 1];
@@ -41,7 +42,12 @@ std::string GetTempFileName() {
return temp_file_name;
#else
char tmp_file_name[_MAX_PATH];
+#if defined _MSC_VER || defined MINGW_HAS_SECURE_API
errno_t err = tmpnam_s(tmp_file_name);
+#else
+ char* fname_pointer = tmpnam(tmp_file_name);
+ int err = (fname_pointer == &tmp_file_name[0]) ? 0 : -1;
+#endif
if (err == 0) {
return std::string(tmp_file_name);
}
@@ -65,6 +71,15 @@ uint64_t GetFileSize(const std::string& file_name) {
return file_size;
}
+bool GetFileContents(const std::string& file_name, std::string* contents) {
+ std::ifstream file(file_name.c_str());
+ *contents = std::string(static_cast<size_t>(GetFileSize(file_name)), 0);
+ if (file.good() && contents->size()) {
+ file.read(&(*contents)[0], contents->size());
+ }
+ return !file.fail();
+}
+
TempFileDeleter::TempFileDeleter() { file_name_ = GetTempFileName(); }
TempFileDeleter::~TempFileDeleter() {
diff --git a/third_party/libwebm/common/file_util.h b/third_party/libwebm/common/file_util.h
index 0e71eac11..a87373464 100644
--- a/third_party/libwebm/common/file_util.h
+++ b/third_party/libwebm/common/file_util.h
@@ -22,6 +22,9 @@ std::string GetTempFileName();
// Returns size of file specified by |file_name|, or 0 upon failure.
uint64_t GetFileSize(const std::string& file_name);
+// Gets the contents file_name as a string. Returns false on error.
+bool GetFileContents(const std::string& file_name, std::string* contents);
+
// Manages life of temporary file specified at time of construction. Deletes
// file upon destruction.
class TempFileDeleter {
@@ -38,4 +41,4 @@ class TempFileDeleter {
} // namespace libwebm
-#endif // LIBWEBM_COMMON_FILE_UTIL_H_
\ No newline at end of file
+#endif // LIBWEBM_COMMON_FILE_UTIL_H_
diff --git a/third_party/libwebm/common/hdr_util.cc b/third_party/libwebm/common/hdr_util.cc
index e1618ce75..916f7170b 100644
--- a/third_party/libwebm/common/hdr_util.cc
+++ b/third_party/libwebm/common/hdr_util.cc
@@ -36,10 +36,10 @@ bool CopyMasteringMetadata(const mkvparser::MasteringMetadata& parser_mm,
if (MasteringMetadataValuePresent(parser_mm.luminance_min))
muxer_mm->set_luminance_min(parser_mm.luminance_min);
- PrimaryChromaticityPtr r_ptr(NULL);
- PrimaryChromaticityPtr g_ptr(NULL);
- PrimaryChromaticityPtr b_ptr(NULL);
- PrimaryChromaticityPtr wp_ptr(NULL);
+ PrimaryChromaticityPtr r_ptr(nullptr);
+ PrimaryChromaticityPtr g_ptr(nullptr);
+ PrimaryChromaticityPtr b_ptr(nullptr);
+ PrimaryChromaticityPtr wp_ptr(nullptr);
if (parser_mm.r) {
if (!CopyPrimaryChromaticity(*parser_mm.r, &r_ptr))
diff --git a/third_party/libwebm/common/hdr_util.h b/third_party/libwebm/common/hdr_util.h
index 3ef5388fd..78e2eeb70 100644
--- a/third_party/libwebm/common/hdr_util.h
+++ b/third_party/libwebm/common/hdr_util.h
@@ -47,15 +47,7 @@ struct Vp9CodecFeatures {
int chroma_subsampling;
};
-// disable deprecation warnings for auto_ptr
-#if defined(__GNUC__) && __GNUC__ >= 5
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-#endif
-typedef std::auto_ptr<mkvmuxer::PrimaryChromaticity> PrimaryChromaticityPtr;
-#if defined(__GNUC__) && __GNUC__ >= 5
-#pragma GCC diagnostic pop
-#endif
+typedef std::unique_ptr<mkvmuxer::PrimaryChromaticity> PrimaryChromaticityPtr;
bool CopyPrimaryChromaticity(const mkvparser::PrimaryChromaticity& parser_pc,
PrimaryChromaticityPtr* muxer_pc);
diff --git a/third_party/libwebm/common/webmids.h b/third_party/libwebm/common/webmids.h
index 89d722a71..fc0c20814 100644
--- a/third_party/libwebm/common/webmids.h
+++ b/third_party/libwebm/common/webmids.h
@@ -93,6 +93,7 @@ enum MkvId {
kMkvDisplayHeight = 0x54BA,
kMkvDisplayUnit = 0x54B2,
kMkvAspectRatioType = 0x54B3,
+ kMkvColourSpace = 0x2EB524,
kMkvFrameRate = 0x2383E3,
// end video
// colour
diff --git a/third_party/libwebm/mkvmuxer/mkvmuxer.cc b/third_party/libwebm/mkvmuxer/mkvmuxer.cc
index 15b9a908d..512031211 100644
--- a/third_party/libwebm/mkvmuxer/mkvmuxer.cc
+++ b/third_party/libwebm/mkvmuxer/mkvmuxer.cc
@@ -8,6 +8,8 @@
#include "mkvmuxer/mkvmuxer.h"
+#include <stdint.h>
+
#include <cfloat>
#include <climits>
#include <cstdio>
@@ -24,11 +26,6 @@
#include "mkvmuxer/mkvwriter.h"
#include "mkvparser/mkvparser.h"
-// disable deprecation warnings for auto_ptr
-#if defined(__GNUC__) && __GNUC__ >= 5
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-#endif
-
namespace mkvmuxer {
const float PrimaryChromaticity::kChromaticityMin = 0.0f;
@@ -72,7 +69,7 @@ bool StrCpy(const char* src, char** dst_ptr) {
return true;
}
-typedef std::auto_ptr<PrimaryChromaticity> PrimaryChromaticityPtr;
+typedef std::unique_ptr<PrimaryChromaticity> PrimaryChromaticityPtr;
bool CopyChromaticity(const PrimaryChromaticity* src,
PrimaryChromaticityPtr* dst) {
if (!dst)
@@ -776,6 +773,14 @@ bool Track::Write(IMkvWriter* writer) const {
if (!type_ || !codec_id_)
return false;
+ // AV1 tracks require a CodecPrivate. See
+ // https://github.com/Matroska-Org/matroska-specification/blob/av1-mappin/codec/av1.md
+ // TODO(tomfinegan): Update the above link to the AV1 Matroska mappings to
+ // point to a stable version once it is finalized, or our own WebM mappings
+ // page on webmproject.org should we decide to release them.
+ if (!strcmp(codec_id_, Tracks::kAv1CodecId) && !codec_private_)
+ return false;
+
// |size| may be bigger than what is written out in this function because
// derived classes may write out more data in the Track element.
const uint64_t payload_size = PayloadSize();
@@ -1030,19 +1035,16 @@ bool MasteringMetadata::Write(IMkvWriter* writer) const {
!WriteEbmlElement(writer, libwebm::kMkvLuminanceMin, luminance_min_)) {
return false;
}
- if (r_ &&
- !r_->Write(writer, libwebm::kMkvPrimaryRChromaticityX,
- libwebm::kMkvPrimaryRChromaticityY)) {
+ if (r_ && !r_->Write(writer, libwebm::kMkvPrimaryRChromaticityX,
+ libwebm::kMkvPrimaryRChromaticityY)) {
return false;
}
- if (g_ &&
- !g_->Write(writer, libwebm::kMkvPrimaryGChromaticityX,
- libwebm::kMkvPrimaryGChromaticityY)) {
+ if (g_ && !g_->Write(writer, libwebm::kMkvPrimaryGChromaticityX,
+ libwebm::kMkvPrimaryGChromaticityY)) {
return false;
}
- if (b_ &&
- !b_->Write(writer, libwebm::kMkvPrimaryBChromaticityX,
- libwebm::kMkvPrimaryBChromaticityY)) {
+ if (b_ && !b_->Write(writer, libwebm::kMkvPrimaryBChromaticityX,
+ libwebm::kMkvPrimaryBChromaticityY)) {
return false;
}
if (white_point_ &&
@@ -1057,22 +1059,22 @@ bool MasteringMetadata::Write(IMkvWriter* writer) const {
bool MasteringMetadata::SetChromaticity(
const PrimaryChromaticity* r, const PrimaryChromaticity* g,
const PrimaryChromaticity* b, const PrimaryChromaticity* white_point) {
- PrimaryChromaticityPtr r_ptr(NULL);
+ PrimaryChromaticityPtr r_ptr(nullptr);
if (r) {
if (!CopyChromaticity(r, &r_ptr))
return false;
}
- PrimaryChromaticityPtr g_ptr(NULL);
+ PrimaryChromaticityPtr g_ptr(nullptr);
if (g) {
if (!CopyChromaticity(g, &g_ptr))
return false;
}
- PrimaryChromaticityPtr b_ptr(NULL);
+ PrimaryChromaticityPtr b_ptr(nullptr);
if (b) {
if (!CopyChromaticity(b, &b_ptr))
return false;
}
- PrimaryChromaticityPtr wp_ptr(NULL);
+ PrimaryChromaticityPtr wp_ptr(nullptr);
if (white_point) {
if (!CopyChromaticity(white_point, &wp_ptr))
return false;
@@ -1238,7 +1240,7 @@ bool Colour::Write(IMkvWriter* writer) const {
}
bool Colour::SetMasteringMetadata(const MasteringMetadata& mastering_metadata) {
- std::auto_ptr<MasteringMetadata> mm_ptr(new MasteringMetadata());
+ std::unique_ptr<MasteringMetadata> mm_ptr(new MasteringMetadata());
if (!mm_ptr.get())
return false;
@@ -1424,6 +1426,7 @@ VideoTrack::VideoTrack(unsigned int* seed)
stereo_mode_(0),
alpha_mode_(0),
width_(0),
+ colour_space_(NULL),
colour_(NULL),
projection_(NULL) {}
@@ -1521,6 +1524,10 @@ bool VideoTrack::Write(IMkvWriter* writer) const {
static_cast<uint64>(alpha_mode_)))
return false;
}
+ if (colour_space_) {
+ if (!WriteEbmlElement(writer, libwebm::kMkvColourSpace, colour_space_))
+ return false;
+ }
if (frame_rate_ > 0.0) {
if (!WriteEbmlElement(writer, libwebm::kMkvFrameRate,
static_cast<float>(frame_rate_))) {
@@ -1545,8 +1552,24 @@ bool VideoTrack::Write(IMkvWriter* writer) const {
return true;
}
+void VideoTrack::set_colour_space(const char* colour_space) {
+ if (colour_space) {
+ delete[] colour_space_;
+
+ const size_t length = strlen(colour_space) + 1;
+ colour_space_ = new (std::nothrow) char[length]; // NOLINT
+ if (colour_space_) {
+#ifdef _MSC_VER
+ strcpy_s(colour_space_, length, colour_space);
+#else
+ strcpy(colour_space_, colour_space);
+#endif
+ }
+ }
+}
+
bool VideoTrack::SetColour(const Colour& colour) {
- std::auto_ptr<Colour> colour_ptr(new Colour());
+ std::unique_ptr<Colour> colour_ptr(new Colour());
if (!colour_ptr.get())
return false;
@@ -1574,7 +1597,7 @@ bool VideoTrack::SetColour(const Colour& colour) {
}
bool VideoTrack::SetProjection(const Projection& projection) {
- std::auto_ptr<Projection> projection_ptr(new Projection());
+ std::unique_ptr<Projection> projection_ptr(new Projection());
if (!projection_ptr.get())
return false;
@@ -1628,6 +1651,8 @@ uint64_t VideoTrack::VideoPayloadSize() const {
if (frame_rate_ > 0.0)
size += EbmlElementSize(libwebm::kMkvFrameRate,
static_cast<float>(frame_rate_));
+ if (colour_space_)
+ size += EbmlElementSize(libwebm::kMkvColourSpace, colour_space_);
if (colour_)
size += colour_->ColourSize();
if (projection_)
@@ -1705,9 +1730,9 @@ bool AudioTrack::Write(IMkvWriter* writer) const {
const char Tracks::kOpusCodecId[] = "A_OPUS";
const char Tracks::kVorbisCodecId[] = "A_VORBIS";
+const char Tracks::kAv1CodecId[] = "V_AV1";
const char Tracks::kVp8CodecId[] = "V_VP8";
const char Tracks::kVp9CodecId[] = "V_VP9";
-const char Tracks::kVp10CodecId[] = "V_VP10";
const char Tracks::kWebVttCaptionsId[] = "D_WEBVTT/CAPTIONS";
const char Tracks::kWebVttDescriptionsId[] = "D_WEBVTT/DESCRIPTIONS";
const char Tracks::kWebVttMetadataId[] = "D_WEBVTT/METADATA";
@@ -2666,7 +2691,7 @@ bool Cluster::QueueOrWriteFrame(const Frame* const frame) {
// and write it if it is okay to do so (i.e.) no other track has an held back
// frame with timestamp <= the timestamp of the frame in question.
std::vector<std::list<Frame*>::iterator> frames_to_erase;
- for (std::list<Frame *>::iterator
+ for (std::list<Frame*>::iterator
current_track_iterator = stored_frames_[track_number].begin(),
end = --stored_frames_[track_number].end();
current_track_iterator != end; ++current_track_iterator) {
@@ -4168,8 +4193,8 @@ bool Segment::DocTypeIsWebm() const {
// TODO(vigneshv): Tweak .clang-format.
const char* kWebmCodecIds[kNumCodecIds] = {
Tracks::kOpusCodecId, Tracks::kVorbisCodecId,
- Tracks::kVp8CodecId, Tracks::kVp9CodecId,
- Tracks::kVp10CodecId, Tracks::kWebVttCaptionsId,
+ Tracks::kAv1CodecId, Tracks::kVp8CodecId,
+ Tracks::kVp9CodecId, Tracks::kWebVttCaptionsId,
Tracks::kWebVttDescriptionsId, Tracks::kWebVttMetadataId,
Tracks::kWebVttSubtitlesId};
diff --git a/third_party/libwebm/mkvmuxer/mkvmuxer.h b/third_party/libwebm/mkvmuxer/mkvmuxer.h
index 46b0029dc..f2db37714 100644
--- a/third_party/libwebm/mkvmuxer/mkvmuxer.h
+++ b/third_party/libwebm/mkvmuxer/mkvmuxer.h
@@ -795,6 +795,8 @@ class VideoTrack : public Track {
uint64_t alpha_mode() { return alpha_mode_; }
void set_width(uint64_t width) { width_ = width; }
uint64_t width() const { return width_; }
+ void set_colour_space(const char* colour_space);
+ const char* colour_space() const { return colour_space_; }
Colour* colour() { return colour_; }
@@ -824,6 +826,7 @@ class VideoTrack : public Track {
uint64_t stereo_mode_;
uint64_t alpha_mode_;
uint64_t width_;
+ char* colour_space_;
Colour* colour_;
Projection* projection_;
@@ -871,9 +874,9 @@ class Tracks {
static const char kOpusCodecId[];
static const char kVorbisCodecId[];
+ static const char kAv1CodecId[];
static const char kVp8CodecId[];
static const char kVp9CodecId[];
- static const char kVp10CodecId[];
static const char kWebVttCaptionsId[];
static const char kWebVttDescriptionsId[];
static const char kWebVttMetadataId[];
diff --git a/third_party/libwebm/mkvmuxer/mkvmuxerutil.cc b/third_party/libwebm/mkvmuxer/mkvmuxerutil.cc
index 355d4e22b..7636a9f4e 100644
--- a/third_party/libwebm/mkvmuxer/mkvmuxerutil.cc
+++ b/third_party/libwebm/mkvmuxer/mkvmuxerutil.cc
@@ -136,9 +136,8 @@ uint64 WriteBlock(IMkvWriter* writer, const Frame* const frame, int64 timecode,
return false;
}
- if (!frame->is_key() &&
- !WriteEbmlElement(writer, libwebm::kMkvReferenceBlock,
- reference_block_timestamp)) {
+ if (!frame->is_key() && !WriteEbmlElement(writer, libwebm::kMkvReferenceBlock,
+ reference_block_timestamp)) {
return false;
}
@@ -563,10 +562,10 @@ uint64 WriteFrame(IMkvWriter* writer, const Frame* const frame,
if (relative_timecode < 0 || relative_timecode > kMaxBlockTimecode)
return 0;
- return frame->CanBeSimpleBlock() ?
- WriteSimpleBlock(writer, frame, relative_timecode) :
- WriteBlock(writer, frame, relative_timecode,
- cluster->timecode_scale());
+ return frame->CanBeSimpleBlock()
+ ? WriteSimpleBlock(writer, frame, relative_timecode)
+ : WriteBlock(writer, frame, relative_timecode,
+ cluster->timecode_scale());
}
uint64 WriteVoidElement(IMkvWriter* writer, uint64 size) {
diff --git a/third_party/libwebm/mkvmuxer/mkvmuxerutil.h b/third_party/libwebm/mkvmuxer/mkvmuxerutil.h
index 132388da5..3355428bd 100644
--- a/third_party/libwebm/mkvmuxer/mkvmuxerutil.h
+++ b/third_party/libwebm/mkvmuxer/mkvmuxerutil.h
@@ -31,6 +31,9 @@ const int64 kMaxBlockTimecode = 0x07FFFLL;
// Writes out |value| in Big Endian order. Returns 0 on success.
int32 SerializeInt(IMkvWriter* writer, int64 value, int32 size);
+// Writes out |f| in Big Endian order. Returns 0 on success.
+int32 SerializeFloat(IMkvWriter* writer, float f);
+
// Returns the size in bytes of the element.
int32 GetUIntSize(uint64 value);
int32 GetIntSize(int64 value);
diff --git a/third_party/libwebm/mkvmuxer/mkvwriter.cc b/third_party/libwebm/mkvmuxer/mkvwriter.cc
index 84655d802..d668384d8 100644
--- a/third_party/libwebm/mkvmuxer/mkvwriter.cc
+++ b/third_party/libwebm/mkvmuxer/mkvwriter.cc
@@ -78,6 +78,8 @@ int32 MkvWriter::Position(int64 position) {
#ifdef _MSC_VER
return _fseeki64(file_, position, SEEK_SET);
+#elif defined(_WIN32)
+ return fseeko64(file_, static_cast<off_t>(position), SEEK_SET);
#else
return fseeko(file_, static_cast<off_t>(position), SEEK_SET);
#endif
diff --git a/third_party/libwebm/mkvparser/mkvparser.cc b/third_party/libwebm/mkvparser/mkvparser.cc
index 37f230d0a..dcb969dcf 100644
--- a/third_party/libwebm/mkvparser/mkvparser.cc
+++ b/third_party/libwebm/mkvparser/mkvparser.cc
@@ -22,12 +22,8 @@
#include "common/webmids.h"
-// disable deprecation warnings for auto_ptr
-#if defined(__GNUC__) && __GNUC__ >= 5
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-#endif
-
namespace mkvparser {
+const long long kStringElementSizeLimit = 20 * 1000 * 1000;
const float MasteringMetadata::kValueNotPresent = FLT_MAX;
const long long Colour::kValueNotPresent = LLONG_MAX;
const float Projection::kValueNotPresent = FLT_MAX;
@@ -40,8 +36,6 @@ inline bool isnan(double val) { return std::isnan(val); }
inline bool isinf(double val) { return std::isinf(val); }
#endif // MSC_COMPAT
-IMkvReader::~IMkvReader() {}
-
template <typename Type>
Type* SafeArrayAlloc(unsigned long long num_elements,
unsigned long long element_size) {
@@ -330,7 +324,7 @@ long UnserializeString(IMkvReader* pReader, long long pos, long long size,
delete[] str;
str = NULL;
- if (size >= LONG_MAX || size < 0)
+ if (size >= LONG_MAX || size < 0 || size > kStringElementSizeLimit)
return E_FILE_FORMAT_INVALID;
// +1 for '\0' terminator
@@ -5015,7 +5009,7 @@ bool MasteringMetadata::Parse(IMkvReader* reader, long long mm_start,
if (!reader || *mm)
return false;
- std::auto_ptr<MasteringMetadata> mm_ptr(new MasteringMetadata());
+ std::unique_ptr<MasteringMetadata> mm_ptr(new MasteringMetadata());
if (!mm_ptr.get())
return false;
@@ -5035,6 +5029,10 @@ bool MasteringMetadata::Parse(IMkvReader* reader, long long mm_start,
double value = 0;
const long long value_parse_status =
UnserializeFloat(reader, read_pos, child_size, value);
+ if (value < -FLT_MAX || value > FLT_MAX ||
+ (value > 0.0 && value < FLT_MIN)) {
+ return false;
+ }
mm_ptr->luminance_max = static_cast<float>(value);
if (value_parse_status < 0 || mm_ptr->luminance_max < 0.0 ||
mm_ptr->luminance_max > 9999.99) {
@@ -5044,6 +5042,10 @@ bool MasteringMetadata::Parse(IMkvReader* reader, long long mm_start,
double value = 0;
const long long value_parse_status =
UnserializeFloat(reader, read_pos, child_size, value);
+ if (value < -FLT_MAX || value > FLT_MAX ||
+ (value > 0.0 && value < FLT_MIN)) {
+ return false;
+ }
mm_ptr->luminance_min = static_cast<float>(value);
if (value_parse_status < 0 || mm_ptr->luminance_min < 0.0 ||
mm_ptr->luminance_min > 999.9999) {
@@ -5096,7 +5098,7 @@ bool Colour::Parse(IMkvReader* reader, long long colour_start,
if (!reader || *colour)
return false;
- std::auto_ptr<Colour> colour_ptr(new Colour());
+ std::unique_ptr<Colour> colour_ptr(new Colour());
if (!colour_ptr.get())
return false;
@@ -5194,7 +5196,7 @@ bool Projection::Parse(IMkvReader* reader, long long start, long long size,
if (!reader || *projection)
return false;
- std::auto_ptr<Projection> projection_ptr(new Projection());
+ std::unique_ptr<Projection> projection_ptr(new Projection());
if (!projection_ptr.get())
return false;
@@ -5270,6 +5272,7 @@ bool Projection::Parse(IMkvReader* reader, long long start, long long size,
VideoTrack::VideoTrack(Segment* pSegment, long long element_start,
long long element_size)
: Track(pSegment, element_start, element_size),
+ m_colour_space(NULL),
m_colour(NULL),
m_projection(NULL) {}
@@ -5295,6 +5298,7 @@ long VideoTrack::Parse(Segment* pSegment, const Info& info,
long long stereo_mode = 0;
double rate = 0.0;
+ char* colour_space = NULL;
IMkvReader* const pReader = pSegment->m_pReader;
@@ -5307,8 +5311,8 @@ long VideoTrack::Parse(Segment* pSegment, const Info& info,
const long long stop = pos + s.size;
- Colour* colour = NULL;
- Projection* projection = NULL;
+ std::unique_ptr<Colour> colour_ptr;
+ std::unique_ptr<Projection> projection_ptr;
while (pos < stop) {
long long id, size;
@@ -5357,11 +5361,23 @@ long VideoTrack::Parse(Segment* pSegment, const Info& info,
if (rate <= 0)
return E_FILE_FORMAT_INVALID;
} else if (id == libwebm::kMkvColour) {
- if (!Colour::Parse(pReader, pos, size, &colour))
+ Colour* colour = NULL;
+ if (!Colour::Parse(pReader, pos, size, &colour)) {
return E_FILE_FORMAT_INVALID;
+ } else {
+ colour_ptr.reset(colour);
+ }
} else if (id == libwebm::kMkvProjection) {
- if (!Projection::Parse(pReader, pos, size, &projection))
+ Projection* projection = NULL;
+ if (!Projection::Parse(pReader, pos, size, &projection)) {
return E_FILE_FORMAT_INVALID;
+ } else {
+ projection_ptr.reset(projection);
+ }
+ } else if (id == libwebm::kMkvColourSpace) {
+ const long status = UnserializeString(pReader, pos, size, colour_space);
+ if (status < 0)
+ return status;
}
pos += size; // consume payload
@@ -5392,8 +5408,9 @@ long VideoTrack::Parse(Segment* pSegment, const Info& info,
pTrack->m_display_unit = display_unit;
pTrack->m_stereo_mode = stereo_mode;
pTrack->m_rate = rate;
- pTrack->m_colour = colour;
- pTrack->m_projection = projection;
+ pTrack->m_colour = colour_ptr.release();
+ pTrack->m_colour_space = colour_space;
+ pTrack->m_projection = projection_ptr.release();
pResult = pTrack;
return 0; // success
@@ -7903,6 +7920,10 @@ long Block::Parse(const Cluster* pCluster) {
return E_FILE_FORMAT_INVALID;
curr.len = static_cast<long>(frame_size);
+ // Check if size + curr.len could overflow.
+ if (size > LLONG_MAX - curr.len) {
+ return E_FILE_FORMAT_INVALID;
+ }
size += curr.len; // contribution of this frame
--frame_count;
@@ -7964,6 +7985,11 @@ long long Block::GetTimeCode(const Cluster* pCluster) const {
const long long tc0 = pCluster->GetTimeCode();
assert(tc0 >= 0);
+ // Check if tc0 + m_timecode would overflow.
+ if (tc0 < 0 || LLONG_MAX - tc0 < m_timecode) {
+ return -1;
+ }
+
const long long tc = tc0 + m_timecode;
return tc; // unscaled timecode units
@@ -7981,6 +8007,10 @@ long long Block::GetTime(const Cluster* pCluster) const {
const long long scale = pInfo->GetTimeCodeScale();
assert(scale >= 1);
+ // Check if tc * scale could overflow.
+ if (tc != 0 && scale > LLONG_MAX / tc) {
+ return -1;
+ }
const long long ns = tc * scale;
return ns;
diff --git a/third_party/libwebm/mkvparser/mkvparser.h b/third_party/libwebm/mkvparser/mkvparser.h
index 26c2b7e5e..848d01f03 100644
--- a/third_party/libwebm/mkvparser/mkvparser.h
+++ b/third_party/libwebm/mkvparser/mkvparser.h
@@ -22,7 +22,7 @@ class IMkvReader {
virtual int Length(long long* total, long long* available) = 0;
protected:
- virtual ~IMkvReader();
+ virtual ~IMkvReader() {}
};
template <typename Type>
@@ -527,6 +527,8 @@ class VideoTrack : public Track {
Projection* GetProjection() const;
+ const char* GetColourSpace() const { return m_colour_space; }
+
private:
long long m_width;
long long m_height;
@@ -534,7 +536,7 @@ class VideoTrack : public Track {
long long m_display_height;
long long m_display_unit;
long long m_stereo_mode;
-
+ char* m_colour_space;
double m_rate;
Colour* m_colour;
diff --git a/third_party/libwebm/mkvparser/mkvreader.cc b/third_party/libwebm/mkvparser/mkvreader.cc
index 23d68f508..9d19c1be5 100644
--- a/third_party/libwebm/mkvparser/mkvreader.cc
+++ b/third_party/libwebm/mkvparser/mkvreader.cc
@@ -118,6 +118,8 @@ int MkvReader::Read(long long offset, long len, unsigned char* buffer) {
if (status)
return -1; // error
+#elif defined(_WIN32)
+ fseeko64(m_file, static_cast<off_t>(offset), SEEK_SET);
#else
fseeko(m_file, static_cast<off_t>(offset), SEEK_SET);
#endif
--
2.25.1

View File

@ -1,46 +0,0 @@
From 0a68a93729ab879251ad63f833a327d20dbbbc23 Mon Sep 17 00:00:00 2001
From: Wan-Teh Chang <wtc@google.com>
Date: Fri, 12 Apr 2024 15:48:04 -0700
Subject: [PATCH 3/3] Fix a bug in alloc_size for high bit depths
I introduced this bug in commit 2e32276:
https://chromium-review.googlesource.com/c/webm/libvpx/+/5446333
I changed the line
stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
to three lines:
s = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
if (s > INT_MAX) goto fail;
stride_in_bytes = (int)s;
But I didn't realize that `s` is used later in the calculation of
alloc_size.
As a quick fix, undo the effect of s * 2 for high bit depths after `s`
has been assigned to stride_in_bytes.
Bug: chromium:332382766
Change-Id: I53fbf405555645ab1d7254d31aadabe4f426be8c
(cherry picked from commit 74c70af01667733483dc69298b8921779f5f6ff3)
---
vpx/src/vpx_image.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/vpx/src/vpx_image.c b/vpx/src/vpx_image.c
index 0c84562ae..38d4c1ce3 100644
--- a/vpx/src/vpx_image.c
+++ b/vpx/src/vpx_image.c
@@ -97,6 +97,7 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, vpx_img_fmt_t fmt,
s = (s + stride_align - 1) & ~((uint64_t)stride_align - 1);
if (s > INT_MAX) goto fail;
stride_in_bytes = (int)s;
+ s = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s / 2 : s;
/* Allocate the new image */
if (!img) {
--
2.45.2

View File

@ -1,71 +0,0 @@
From d06fa15d1c113edea0d6760ea19af8e8d0af0d94 Mon Sep 17 00:00:00 2001
From: James Zern <jzern@google.com>
Date: Fri, 7 Jun 2019 15:06:29 -0700
Subject: [PATCH 4/4] CVE-2019-2126: update libwebm to
libwebm-1.0.0.27-361-g81de00c
81de00c Check there is only one settings per ContentCompression
5623013 Fixes a double free in ContentEncoding
93b2ba0 mkvparser: quiet static analysis warnings
Change-Id: Ieaa562ef2f10075381bd856388e6b29f97ca2746
---
third_party/libwebm/README.libvpx | 2 +-
third_party/libwebm/mkvparser/mkvparser.cc | 9 +++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/third_party/libwebm/README.libvpx b/third_party/libwebm/README.libvpx
index 16f17513e..714f5d0eb 100644
--- a/third_party/libwebm/README.libvpx
+++ b/third_party/libwebm/README.libvpx
@@ -1,5 +1,5 @@
URL: https://chromium.googlesource.com/webm/libwebm
-Version: dbf1d1089756e7cb5b1a04d6752310ef35912347
+Version: 81de00c43ea3c087b48a8c20337db7531b9f7612
License: BSD
License File: LICENSE.txt
diff --git a/third_party/libwebm/mkvparser/mkvparser.cc b/third_party/libwebm/mkvparser/mkvparser.cc
index dcb969dcf..ace65bd59 100644
--- a/third_party/libwebm/mkvparser/mkvparser.cc
+++ b/third_party/libwebm/mkvparser/mkvparser.cc
@@ -4230,6 +4230,7 @@ long ContentEncoding::ParseContentEncodingEntry(long long start, long long size,
new (std::nothrow) ContentEncryption*[encryption_count];
if (!encryption_entries_) {
delete[] compression_entries_;
+ compression_entries_ = NULL;
return -1;
}
encryption_entries_end_ = encryption_entries_;
@@ -4261,6 +4262,7 @@ long ContentEncoding::ParseContentEncodingEntry(long long start, long long size,
delete compression;
return status;
}
+ assert(compression_count > 0);
*compression_entries_end_++ = compression;
} else if (id == libwebm::kMkvContentEncryption) {
ContentEncryption* const encryption =
@@ -4273,6 +4275,7 @@ long ContentEncoding::ParseContentEncodingEntry(long long start, long long size,
delete encryption;
return status;
}
+ assert(encryption_count > 0);
*encryption_entries_end_++ = encryption;
}
@@ -4325,6 +4328,12 @@ long ContentEncoding::ParseCompressionEntry(long long start, long long size,
return status;
}
+ // There should be only one settings element per content compression.
+ if (compression->settings != NULL) {
+ delete[] buf;
+ return E_FILE_FORMAT_INVALID;
+ }
+
compression->settings = buf;
compression->settings_len = buflen;
}
--
2.25.1

View File

@ -1,11 +0,0 @@
diff -ru libvpx-1.7.0/vpx/src/vpx_image.c libvpx-1.7.0.new/vpx/src/vpx_image.c
--- libvpx-1.7.0/vpx/src/vpx_image.c 2018-01-24 23:25:44.000000000 +0100
+++ libvpx-1.7.0.new/vpx/src/vpx_image.c 2024-08-27 15:22:25.886886526 +0200
@@ -10,6 +10,7 @@
#include <stdlib.h>
#include <string.h>
+#include <limits.h>
#include "vpx/vpx_image.h"
#include "vpx/vpx_integer.h"

View File

@ -1,36 +1,28 @@
%global somajor 5
%global somajor 6
%global sominor 0
%global sotiny 0
%global soversion %{somajor}.%{sominor}.%{sotiny}
Name: libvpx
Summary: VP8/VP9 Video Codec SDK
Version: 1.7.0
Release: 11%{?dist}
Version: 1.9.0
Release: 5%{?dist}
License: BSD
Group: System Environment/Libraries
#Source0: http://downloads.webmproject.org/releases/webm/%{name}-%{version}.tar.bz2
Source0: https://github.com/webmproject/libvpx/archive/v%{version}.tar.gz
Source1: vpx_config.h
# Thanks to debian.
Source2: libvpx.ver
URL: http://www.webmproject.org/code/
BuildRequires: make
BuildRequires: gcc
BuildRequires: gcc-c++
%ifarch %{ix86} x86_64
BuildRequires: yasm
%endif
BuildRequires: doxygen, perl(Getopt::Long)
BuildRequires: doxygen, php-cli, perl(Getopt::Long)
# Do not disable FORTIFY_SOURCE=2
Patch0: libvpx-1.7.0-leave-fortify-source-on.patch
Patch1: 0001-CVE-2019-9232-Fix-OOB-memory-access-on-fuzzed-data.patch
Patch2: 0002-CVE-2019-9433-VP8-Fix-use-after-free-in-postproc.patch
Patch3: 0003-CVE-2019-9371-update-libwebm.patch
Patch4: 0004-CVE-2019-2126-update-libwebm-to-libwebm-1.0.0.27-361.patch
Patch5: 0001-Fix-bug-with-smaller-width-bigger-size.patch
Patch6: 0001-VP8-disallow-thread-count-changes.patch
Patch7: 0001-Fix-integer-overflows-in-calc-of-stride_in_bytes.patch
Patch8: 0002-Apply-stride_align-to-byte-count-not-pixel-count.patch
Patch9: 0003-Fix-a-bug-in-alloc_size-for-high-bit-depths.patch
Patch10: include-limits.patch
%description
libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications
@ -39,7 +31,6 @@ deployed on millions of computers and devices worldwide.
%package devel
Summary: Development files for libvpx
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
@ -48,7 +39,6 @@ libvpx.
%package utils
Summary: VP8 utilities and tools
Group: Development/Tools
Requires: %{name}%{?_isa} = %{version}-%{release}
%description utils
@ -58,18 +48,9 @@ and decoder.
%prep
%setup -q -n libvpx-%{version}
%patch0 -p1 -b .leave-fs-on
%patch1 -p1 -b .0001
%patch2 -p1 -b .0002
%patch3 -p1 -b .0003
%patch4 -p1 -b .0004
%patch5 -p1 -b .0005
%patch6 -p1 -b .0006
%patch7 -p1 -b .0007
%patch8 -p1 -b .0008
%patch9 -p1 -b .0009
%patch10 -p1 -b .0010
%build
%ifarch %{ix86}
%global vpxtarget x86-linux-gcc
%else
@ -112,19 +93,14 @@ CROSS=armv7hl-redhat-linux-gnueabi- CHOST=armv7hl-redhat-linux-gnueabi-hardfloat
%endif
--enable-pic --disable-install-srcs \
--enable-vp9-decoder --enable-vp9-encoder \
--enable-experimental --enable-spatial-svc \
--enable-vp9-highbitdepth --enable-webm-io \
--enable-experimental \
--enable-vp9-highbitdepth \
%if ! %{generic_target}
--enable-shared \
%endif
--enable-install-srcs \
--prefix=%{_prefix} --libdir=%{_libdir} --size-limit=16384x16384
# Hack our optflags in.
sed -i "s|-O3|%{optflags}|g" libs-%{vpxtarget}.mk
sed -i "s|-O3|%{optflags}|g" examples-%{vpxtarget}.mk
sed -i "s|-O3|%{optflags}|g" docs-%{vpxtarget}.mk
%ifarch armv7hl
#hackety hack hack
sed -i "s|AR=armv7hl-redhat-linux-gnueabi-ar|AR=ar|g" libs-%{vpxtarget}.mk
@ -140,7 +116,7 @@ sed -i "s|NM=armv7hl-redhat-linux-gnueabi-nm|NM=nm|g" examples-%{vpxtarget}.mk
sed -i "s|NM=armv7hl-redhat-linux-gnueabi-nm|NM=nm|g" docs-%{vpxtarget}.mk
%endif
make %{?_smp_mflags} verbose=true
%make_build verbose=true
# Manual shared library creation
# We should never need to do this anymore, and if we do, we need to fix the version-script.
@ -160,8 +136,8 @@ rm -rf tmp
# We need to do this so the examples can link against it.
# ln -sf libvpx.so.%{soversion} libvpx.so
# make %{?_smp_mflags} verbose=true target=examples CONFIG_SHARED=1
# make %{?_smp_mflags} verbose=true target=docs
# %make_build verbose=true target=examples CONFIG_SHARED=1
# %make_build verbose=true target=docs
# Put them back so the install doesn't fail
# mv libNOTvpx.a libvpx.a
@ -175,8 +151,8 @@ export CHOST=armv7hl-redhat-linux-gnueabi-hardfloat
make DIST_DIR=%{buildroot}%{_prefix} dist
# Simpler to label the dir as %%doc.
if [ -d %{buildroot}/usr/docs ]; then
mv %{buildroot}/usr/docs doc/
if [ -d %{buildroot}%{_prefix}/docs ]; then
mv %{buildroot}%{_prefix}/docs doc/
fi
# Again, we should never need to do this anymore.
@ -191,18 +167,18 @@ popd
pushd %{buildroot}
# Stuff we don't need.
rm -rf usr/build/ usr/md5sums.txt usr/lib*/*.a usr/CHANGELOG usr/README
rm -rf .%{_prefix}/build/ .%{_prefix}/md5sums.txt .%{_libdir}*/*.a .%{_prefix}/CHANGELOG .%{_prefix}/README
# No, bad google. No treat.
mv usr/bin/examples/* usr/bin/
rm -rf usr/bin/examples
mv .%{_bindir}/examples/* .%{_bindir}
rm -rf .%{_bindir}/examples
# Rename a few examples
mv usr/bin/postproc usr/bin/vp8_postproc
mv usr/bin/simple_decoder usr/bin/vp8_simple_decoder
mv usr/bin/simple_encoder usr/bin/vp8_simple_encoder
mv usr/bin/twopass_encoder usr/bin/vp8_twopass_encoder
mv .%{_bindir}/postproc .%{_bindir}/vp8_postproc
mv .%{_bindir}/simple_decoder .%{_bindir}/vp8_simple_decoder
mv .%{_bindir}/simple_encoder .%{_bindir}/vp8_simple_encoder
mv .%{_bindir}/twopass_encoder .%{_bindir}/vp8_twopass_encoder
# Fix the binary permissions
chmod 755 usr/bin/*
chmod 755 .%{_bindir}/*
popd
# Get the vpx_config.h file
@ -240,7 +216,7 @@ rm -rf %{buildroot}%{_prefix}/src
%files
%license LICENSE
%doc AUTHORS CHANGELOG README
%{_libdir}/libvpx.so.*
%{_libdir}/libvpx.so.%{somajor}*
%files devel
# These are SDK docs, not really useful to an end-user.
@ -257,31 +233,71 @@ rm -rf %{buildroot}%{_prefix}/src
%{_bindir}/*
%changelog
* Fri Jul 5 2024 Wim Taymans <wtaymans@redhat.com> - 1.7.0-11
- Add patch to fix integer overflows.
- Fix compilation by including limits.h
- Resolves: RHEL-40650
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.0-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Oct 5 2023 Wim Taymans <wtaymans@redhat.com> - 1.7.0-10
- Add patch for CVE-2023-5217
- Resolves: RHEL-10612
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.0-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Oct 3 2023 Wim Taymans <wtaymans@redhat.com> - 1.7.0-9
- Add patch for CVE-2023-44488
- Resolves: RHEL-11615
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Apr 1 2020 Wim Taymans <wtaymans@redhat.com> - 1.7.0-8
- Resolves: rhbz#1796086, rhbz#1796100, rhbz#1796448, rhbz#1796454
- Enable webm-io explicitly
* Sat Oct 10 2020 Jeff Law <law@redhat.com> - 1.9.0-2
- Re-enable LTO
* Wed Mar 25 2020 Wim Taymans <wtaymans@redhat.com> - 1.7.0-7
- Fix for CVE-2019-9232, CVE-2019-9433, CVE-2019-9371, CVE-2019-2126
- Resolves: rhbz#1796086, rhbz#1796100, rhbz#1796448, rhbz#1796454
- Remove php-cli BR
* Thu Aug 13 2020 Tom Callaway <spot@fedoraproject.org> - 1.9.0-1
- update to 1.9.0
* Tue Oct 09 2018 Wim Taymans <wtaymans@redhat.com> - 1.7.0-6
- Set build flags in all cases
- Resolves: #1630588
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.2-6
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.8.2-4
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Wed Jul 01 2020 Jeff Law <law@redhat.com> - 1.8.2-3
- Disable LTO
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Dec 20 2019 Tom Callaway <spot@fedoraproject.org> - 1.8.2-1
- update to 1.8.2
* Wed Jul 31 2019 Tom Callaway <spot@fedoraproject.org> - 1.8.1-1
- update to 1.8.1
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Feb 05 2019 Pete Walter <pwalter@fedoraproject.org> - 1.8.0-4
- Avoid setting optflags twice
* Tue Feb 05 2019 Pete Walter <pwalter@fedoraproject.org> - 1.8.0-3
- Tighten soname glob to avoid accidental soname bumps
* Tue Feb 05 2019 Björn Esser <besser82@fedoraproject.org> - 1.8.0-2
- rebuilt (libvpx)
* Tue Feb 05 2019 Pete Walter <pwalter@fedoraproject.org> - 1.8.0-1
- Update to 1.8.0
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Sep 18 2018 Owen Taylor <otaylor@redhat.com> - 1.7.0-8
- Avoid hardcoding prefix=/usr
* Fri Jul 20 2018 Wim Taymans <wtaymans@redhat.com> - 1.7.0-7
- Add compilers as buildrequires
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Feb 12 2018 Tom Callaway <spot@fedoraproject.org> - 1.7.0-5
- properly set build flags in rawhide (bz1543819)