virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Code Issues Releases Activity
93,203 Commits 37 Branches 400 Tags 473 MiB
13de14d44d
Commit Graph

21408 Commits

Author SHA1 Message Date
Michael Niedermayer
13de14d44d avformat/flvdec: Check for EOF in amf_parse_object() 
Fixes: Timeout (too long -> 1ms)
Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 33624f4f2e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:21 +02:00
Michael Niedermayer
d7fd7eb297 avformat/icodec: Change order of operations to avoid NULL dereference 
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3300f5c133)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:21 +02:00
Michael Niedermayer
db94bff826 avformat/subviewerdec: fail on AV_NOPTS_VALUE 
Such values are not supported by ff_subtitles_queue*

Fixes: signed integer overflow: 10 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 24193/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5714901855895552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b7f51428b1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:21 +02:00
Michael Niedermayer
6bbc565af8 avformat/asfdec_f: Change order or operations slightly 
Fixes: signed integer overflow: 20 * 5184056935931942919 cannot be represented in type 'long'
Fixes: 25466/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4798660247552000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 686f015190)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
5a86c28a73 avformat/dxa: Use av_rescale() for duration computation 
Fixes: signed integer overflow: 8224000000 * 1629552639 cannot be represented in type 'long'
Fixes: 24908/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4658478506049536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c313089fbe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
c242e3efe0 avformat/iff: Check data_size not overflowing int64 
Fixes: Infinite loop
Fixes: 25844/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5660803318153216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 24352ca792)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
b81d1379c2 avformat/wvdec: Check rate for overflow 
Fixes: signed integer overflow: 6000 * -2147483648 cannot be represented in type 'int'
Fixes: 25700/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6578316302352384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 688c1175ba)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
124a433d15 avformat/wc3movie: Move wc3_read_close() up 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c635f2ce6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
b9c0480f17 avformat/cdg: Fix integer overflow in duration computation 
Fixes: signed integer overflow: 8398407 * 300 cannot be represented in type 'int'
Fixes: 23914/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4702539290509312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa8935b395)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
ca56067055 avformat/electronicarts: Check if there are any streams 
Fixes: Assertion failure (invalid stream index)
Fixes: 25120/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6565251898933248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 39a98623ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
ca689b0002 avformat/avidec: Fix io_fsize overflow 
Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long'
Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf0c700b0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
2e9d90680d avformat/siff: Reject audio packets without audio stream 
Fixes: Assertion failure
Fixes: 24612/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6600899842277376.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8931c55789)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
f13fb1cfb8 avformat/mpeg: Check avio_read() return value in get_pts() 
Found-by: Thierry Foucu <tfoucu@gmail.com>
Fixes: Use-of-uninitialized-value
Reviewed-by: Thierry Foucu <tfoucu@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e8a88a16f7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
301801bfd2 avformat/mov: Check comp_brand_size 
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 24457/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5760093644390400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ffa6072fc7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Andreas Rheinhardt
4646f94b9c avformat/mm: Check for existence of audio stream 
No audio stream is created unconditionally and if none has been created,
no packet with stream_index 1 may be returned. This fixes an assert in
ff_read_packet() in libavformat/utils reported in ticket #8782.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit ec59dc73f0)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
 2021-09-09 13:37:20 +02:00
Zhao Zhili
02fd603a18 avformat/mov: Fix unaligned read of uint32_t and endian-dependance in mov_read_default 
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 806a4d5187)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
32815740f7 avformat/smjpegdec: Check the existence of referred streams 
Fixes: Assertion failure
Fixes: 23758/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5160954605338624.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 321ea59dac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Błażej Szczygieł
3dd24b0f70 lavf/tls_gnutls: check for interrupt inside handshake loop 
fixes #8080

Signed-off-by: Błażej Szczygieł <spaz16@wp.pl>
(cherry picked from commit 561ba15c97)
 2020-09-04 22:06:02 +03:00
Remita Amine
082dfc8bd5 lavf/tls_gnutls: retry gnutls_handshake on non fatal errors 
fixes #7801

Signed-off-by: Remita Amine <remitamine@gmail.com>
(cherry picked from commit bc1749c6e4)
 2020-09-04 22:06:01 +03:00
Jan Ekström
dce15293da avformat/tls_schannel: immediately return decrypted data if available 
Until now, we would have only attempted to utilize already decrypted
data if it was enough to fill the size of buffer requested, that could
very well be up to 32 kilobytes.

With keep-alive connections this would just lead to recv blocking
until rw_timeout had been reached, as the connection would not be
officially closed after each transfer. This would also lead to a
loop, as such timed out I/O request would just be attempted again.

By just returning the available decrypted data, keep-alive based
connectivity such as HLS playback is fixed with schannel.

(cherry picked from commit 6f8826e4aa)
 2020-09-04 19:26:16 +03:00
Jan Ekström
0adddc08c6 avformat/tls_schannel: always decrypt all received data 
The dec_buf seems to be properly managed between read calls,
and we have no logic to decrypt before attempting socket I/O.
Thus - until now - such data would not be decrypted in case of
connections such as HTTP keep-alive, as the recv call would
always get executed first, block until rw_timeout, and then get
retried by retry_transfer_wrapper.

Thus - if data is received - decrypt all of it right away. This way
it is available for the following requests in case they can be
satisfied with it.

(cherry picked from commit 39977fff20)
 2020-09-04 19:26:16 +03:00
Michael Niedermayer
7b3b3119d5 avformat/utils: reorder duration computation to avoid overflow 
Fixes: signed integer overflow: 8 * 9223372036854774783 cannot be represented in type 'long'
Fixes: 23381/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4818340509122560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 10cc82c35b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
7dc5dfad31 avformat/hls: Pass a copy of the URL for probing 
The segments / url can be modified by the io read when reloading

This may be an alternative or additional fix for Ticket8673
as a further alternative the reload stuff could be disabled during
probing

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5e39880fb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Steven Liu
c229e5e80f avformat/hls: check segment duration value of EXTINF 
fix ticket: 8673
set the default EXTINF duration to 1ms if duration is smaller than 1ms

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
(cherry picked from commit 9dfb19baeb)
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
2f0a00fb3d avformat/mvdec: Fix integer overflow with billions of channels 
Fixes: signed integer overflow: 1394614304 * 2 cannot be represented in type 'int'
Fixes: 23491/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5697377020411904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b6fbbe08c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
f62bbddde2 avformat/microdvddec: skip malformed lines without frame number. 
Fixes: signed integer overflow: 1 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 23490/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5133490093031424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8fb7612a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
1f7af6a946 avformat/mxfdec: free duplicated utf16 strings 
Fixes: memleak
Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744

Suggested-by: Marton Balint <cus@passwd.hu>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0aa2768cb2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
0b124172d8 avformat/4xm: Check that a video stream was created before returning packets for it 
Fixes: assertion failure
Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c517c3f474)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
d31345a880 avformat/thp: Check fps 
Fixes: division by zero
Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0e15b01b4e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
38af60a454 avformat/mpl2dec: Fix integer overflow with duration 
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9a42a67c5c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Dale Curtis
f377de6413 avformat/mov: Check if DTS is AV_NOPTS_VALUE in mov_find_next_sample(). 
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf446711bc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
a621600f66 avformat/4xm: Cleanup on GET_LIST_HEADER() failure 
Fixes: memleak
Fixes: 23142/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5932860820422656

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5313ce654)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
e01d07c781 avformat/mlvdec: fail reading a packet with 0 streams 
Fixes: NULL pointer dereference
Fixes: 22604/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5667739074297856.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5bd5c31087)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
be9e89efcd avformat/thp: Check compcount 
Fixes: out of array access
Fixes: 22520/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5100297658826752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1ba8484559)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
083e0314b5 avformat/oggparsevorbis: Error out on double init of vp 
Fixes: memleak
Fixes: 19949/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5743636058210304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a3bbc0086)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
60b78cd99d avformat/mpegenc: Fix integer overflow with AV_NOPTS_VALUE 
Fixes: signed integer overflow: -9223372036854775808 - 45000 cannot be represented in type 'long'
Fixes: ticket8187

Found-by: Suhwan
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9874815b1a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
6ffdc413d6 avformat/swfenc: Fix integer overflow in frame rate handling 
Fixes: signed integer overflow: 30000299 * 256 cannot be represented in type 'int'
Fixes: ticket8184

Found-by: Suhwan
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 31f956acad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
862801c68c avformat/aadec: Check toc_size to contain the minimum to demuxer uses 
Fixes: out of array access
Fixes: stack-buffer-overflow-READ-0x0831fff1

Found-by: GalyCannon <galycannon@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit daa2482871)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Dale Curtis
b2116b438e avformat/mov: Don't allow negative sample sizes. 
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d8d554f15)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
71fefa15c0 avformat/mpegts: Shuffle avio_seek 
This avoids accessing an old, no longer valid buffer.
Fixes: out of array access
Fixes: crash_audio-2020

Found-by: le wu <shoulewoba@gmail.com>
Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cd74af1416)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
5cdbb2a977 avformat/thp: Require a video stream 
The demuxer code assumes the existence of a video stream

Fixes: assertion failure
Fixes: 21512/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5699660783288320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 97c78caf3e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
e81e27ffd0 avformat/mpeg: Decrease score by 1 for files with very little valid data 
Fixes: 8233/PPY6574574605_cut.mp3

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 20f7b4dfc9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
a99bcee917 avformat/oggdec: Check for EOF after page header 
Fixes: Infinite loop
Fixes: Ticket8594

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f1589be9fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
John Rummell
a09b223cd2 libavformat/amr.c: Check return value from avio_read() 
If the buffer doesn't contain enough bytes when reading a stream,
fail rather than continuing on with initialized data. Caught by
Chromium fuzzeras (crbug.com/1065731).

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5b967f56b6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
John Rummell
7f8e9d9b77 libavformat/mov.c: Free aes_decrypt to avoid leaking memory 
Found by Chromium fuzzers (crbug.com/1057205).

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad91cf1f2f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
John Rummell
cd655e4c0d libavformat/oggdec.c: Check return value from avio_read() 
If the buffer doesn't contain enough bytes when reading a stream,
fail rather than continuing on with unitialized data. Caught by
Chromium fuzzers (crbug.com/1054229).

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b7c67b1ae3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
12a53bf673 avformat/asfdec_f: Fix overflow check in get_tag() 
Fixes: signed integer overflow: 2 * 1210064928 cannot be represented in type 'int'
Fixes: 20873/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5761116909338624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8140fe732)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
dee744a8c4 avformat/nsvdec: Fix memleaks on errors while reading the header 
Fixes: memleaks
Fixes: 21084/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5655975492321280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 96c0469455)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
1170ec748b libavformat/avienc: Check bits per sample for PAL8 
Fixes: assertion failure
Fixes: Ticket 8172

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3595878281)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
6faa32dd6c avformat/mpegts: Improve the position determination for avpriv_mpegts_parse_packet() 
Fixes: assertion failure
Fixes: Ticket 8005

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e5bb48ae59)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00