1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00

89358 Commits

Author SHA1 Message Date
Michael Niedermayer
70c1aaf5ee
avformat/mov: do not set sign bit for chunk_offsets
Fixes: signed integer overflow: 2314885530818453536 - -7412889664301817824 cannot be represented in type 'long'
Fixes: 64296/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6304027146846208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cfc0a68d4d3192779e356a852e71b8218e7a00ab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-12-29 02:29:39 +01:00
Michael Niedermayer
996d282430
avcodec/jpeglsdec: Check Jpeg-LS LSE
Fixes: signed integer overflow: 2147478526 + 33924 cannot be represented in type 'int'
Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int'
Fixes: 64243/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5195717848989696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c72a20f01a6122e1832f73801ea5f54b188abea3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-12-29 02:26:28 +01:00
Brad Smith
13342df7af
configure: Enable section_data_rel_ro for FreeBSD and NetBSD aarch64 / arm
Fixes the build. It's a requirement when utilizing PIE.

Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6066c430e33b4cbf5dc8ff8b3a6d149f51d20300)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-12-26 00:18:49 +01:00
Michael Niedermayer
a823657ee0
avformat/mov: Ignore duplicate ftyp
Fixes: switch_1080p_720p.mp4
Found-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4cdf2c7f768015c74078544d153f243b6d9b9ac5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-12-15 00:21:32 +01:00
Martin Storsjö
01a8c87e15
seek: Fix crashes in ff_seek_frame_binary if built with latest Clang 14
Passing an uninitialized variable as argument to a function is
undefined behaviour (UB). The compiler can assume that UB does not
happen.

Hence, the compiler can assume that the variables are never
uninitialized when passed as argument, which means that the codepaths
that initializes them must be taken.

In ff_seek_frame_binary, this means that the compiler can assume
that the codepaths that initialize pos_min and pos_max are taken,
which means that the conditions "if (sti->index_entries)" and
"if (index >= 0)" can be optimized out.

Current Clang git versions (upcoming Clang 14) enabled an optimization
that does this, which broke the current version of this function
(which intentionally left the variables uninitialized, but silencing
warnings about being uninitialized). See [1] for discussion on
the matter.

[1] https://reviews.llvm.org/D105169#3069555

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit ab792634197e364ca1bb194f9abe36836e42f12d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-11-16 23:52:27 +01:00
Michael Niedermayer
cbc25c8cc8
avcodec/4xm: Check for cfrm exhaustion
Fixes: index -1 out of bounds for type 'CFrameBuffer [100]'
Fixes: 63877/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5854263397711872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bb0a684d93f793457f7bff3940a1398eb9e91703)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-11-10 00:25:46 +01:00
Michael Niedermayer
26e74a7fa0
avformat/mov: Disallow FTYP after streams
Fixes: Assertion !c->fc->nb_streams failed at libavformat/mov.c:7799
Fixes: 63875/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5479178702815232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 19fcf4313148e86aa47d81a8d5d5e8d056f1f906)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-11-10 00:24:26 +01:00
Frank Plowman
aaea9be22e
doc/html: fix styling issue with Texinfo 7.0
Texinfo 7.0 produces quite different HTML to Texinfo 6.8. Without
this change, enumerated option flags (i.e. Possible values of x
are...) render as white text on a white background with Texinfo 7.0
and are unreadable. This change removes a style for the selector
`.table .table` which causes the background to turn white for these
elements. As far as I can tell, it is not actually used anywhere in
files generated by Texinfo 6.8.

Signed-off-by: Frank Plowman <post@frankplowman.com>
(cherry picked from commit f16900bda23414caf9ec3f9dc50db7d4caf59a8b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-11-09 00:22:42 +01:00
Frank Plowman
4f52743f3a
doc/html: support texinfo 7.0
Resolves trac ticket #10636 (http://trac.ffmpeg.org/ticket/10636).

Texinfo 7.0, released in November 2022, changed the names of various
functions. Compiling docs with Texinfo 7.0 resulted in warnings and
improperly formatted documentation. More old names appear to have
been removed in Texinfo 7.1, released October 2023, which causes docs
compilation to fail.

This commit addresses the issue by adding logic to switch between the old
and new function names depending on the Texinfo version. Texinfo 6.8
produces identical documentation before and after the patch.

CC
https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1938238.html
https://bugs.gentoo.org/916104

Signed-off-by: Frank Plowman <post@frankplowman.com>
(cherry picked from commit f01fdedb69e4accb1d1555106d8f682ff1f1ddc7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-11-09 00:21:23 +01:00
Matthew White
fef23b8c23
doc/t2h.pm: fix missing TOC with texinfo 6.8 and above
Since texinfo 6.8, there's no longer an INLINE_CONTENTS variable.

makeinfo: warning: set_from_init_file: unknown variable INLINE_CONTENTS

texinfo commit 62a6adfb33b006e187483779974bbd45f0f782b1 replaced
INLINE_CONTENTS with OUTPUT_CONTENTS_LOCATION.

texinfo commit 41f8ed4eb42bf6daa7df7007afd946875597452d replaced
OUTPUT_CONTENTS_LOCATION with CONTENTS_OUTPUT_LOCATION.

With texinfo 6.8 and above, the same as INLINE_CONTENTS=1 could be
achieved by CONTENTS_OUTPUT_LOCATION=inline.
https://www.gnu.org/software/texinfo/manual/texinfo/html_node/HTML-Customization-Variables.html

(cherry picked from commit bfbd5954e50e407693932b3900ca77c3daee26d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-11-09 00:21:22 +01:00
Matthew White
9cc9301da7
doc/t2h.pm: fix missing CSS with texinfo 6.8 and above
Since texinfo commit 6a5ceab6a48a4f052baad9f3474d741428409fd7, the
formatting functions, in particular begin_file, program_string and
end_file, are prefixed with format_, i.e. format_begin_file, etc.

This patch fixes building the documentation when texinfo 6.8, or
above, is used:

Unknown formatting type begin_file
 at /usr/bin/makeinfo line 415.
Unknown formatting type program_string
 at /usr/bin/makeinfo line 415.
Unknown formatting type end_file
 at /usr/bin/makeinfo line 415.

(cherry picked from commit c980dd7a976635426f129417836251740e19b54b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-11-09 00:21:22 +01:00
Andreas Rheinhardt
a65faea34e
avformat/matroskadec: Fix declaration-after-statement warnings
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 37b5f4a1f6a9c7c8f3620c6b1f7f2b0bb997e5d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-29 01:24:31 +02:00
Michael Niedermayer
7b3534186a
avformat/rtsp: Use rtsp_st->stream_index
Fixes: out of array access
Fixes: rtpdec_h264.c149/poc

Found-by: Hardik Shah of Vehere
Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e4d5ac8d7d2a08658b3db7dd821246fe6b35381f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
af0b7d9a1a
avcodec/jpeg2000dec: Check image offset
Fixes: left shift of negative value -538967841
Fixes: 62447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6427134337613824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 88453250dbe952e85899d04867914ef95785530e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
a31de889ea
avcodec/h2645_parse: Avoid EAGAIN
EAGAIN causes an assertion failure when it is returned from the decoder

Fixes: Assertion consumed != (-(11)) failed at libavcodec/decode.c:462
Fixes: assertion_IOT_instruction_decode_c_462/poc

Found-by: Hardik Shah of Vehere (Dawn Treaders team)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5ddab49d48343385eadb3a435a5491c476b66ecc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
355d7cd130
avcodec/xvididct: Make c* unsigned to avoid undefined overflows
Fixes: signed integer overflow: 1496950099 + 728014168 cannot be represented in type 'int'
Fixes: 62667/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-6511785170305024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f7e5537dc1ff2f45a6e4c98091f15e60c3647cfc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
1de06f992e
avformat/tmv: Check video chunk size
This check matches the audio chunk check

Fixes: Timeout
Fixes: 62681/clusterfuzz-testcase-minimized-ffmpeg_dem_TMV_fuzzer-5299107876700160

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b79fc7059600b28dce392fc20e5c8bd554c2fc95)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
283e077dc6
avformat/xwma: sanity check bits_per_coded_sample
Fixes: signed integer overflow: 65312 * 524296 cannot be represented in type 'int'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_XWMA_fuzzer-6595971445555200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fe6ce28d118d6030984e1ee5c2d92e98514fe3d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
d74868664f
avformat/matroskadec: Check prebuffered_ns for overflow
Fixes: signed integer overflow: 9223372036630775808 + 1000000000 cannot be represented in type 'long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-5406131992526848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d6df3719dd4f75b40cdf25a02f3f075b76ed045)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
1f5bc3b37b
avformat/wavdec: Check left avio_tell for overflow
Fixes: signed integer overflow: 155 + 9223372036854775655 cannot be represented in type 'long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5364032278495232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 929ddef3f40102d6a84cfa17ed7c7ffebcf8236e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
9ee8383f8e
avformat/tta: Better totalframes check
Fixes: signed integer overflow: 4 * 740491135 cannot be represented in type 'int'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-6298893367508992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f0d00464a50994de0993e045e09313ca8d7cc8f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
1fb0738053
avformat/rpl: Check for number_of_chunks overflow
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int32_t' (aka 'int')
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6086131095830528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b3c973acbecb879d4949fecdadd2fdfc08dea42b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
9d73eb002f
avformat/mov: compute absolute dts difference without overflow in mov_find_next_sample()
Fixes: signed integer overflow: -9223372036854775808 - 9222726413022000000 cannot be represented in type 'long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5959420033761280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3508b496e195440d0af0203e2822937b8c6f5598)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
effb46dfb0
avformat/jacosubdec: Check timeres
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 51f0ab8b127282415822959ccad7db95ad749b5d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
9dccc34ce2
avcodec/escape124: Do not return random numbers
Fixes: out of array access
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-6035022714634240
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-6422176201572352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fe6d46490f5ea9155fe0601b6246960ae17317fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
557617b129
avformat/avs: Check if return code is representable
Fixes: leak
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-6738814988320768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 52d666edec73c834c60811e330f86a7cf1d916da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-28 20:19:03 +02:00
Michael Niedermayer
ee9ff31dc6
avcodec/lcldec: Make PNG filter addressing match the code afterwards
Also update check accordingly

Fixes: tickets/10237/mszh_306_306_yuv422_nocompress.avi
Fixes: tickets/10237/mszh_306_306_yuv411_nocompress.avi

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d11b8bd0c610c212d2a28767f94dc07a8ec473cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-19 12:16:49 +02:00
Michael Niedermayer
56b0ad3ad1
avformat/westwood_vqa: Check chunk size
the type is also changed to int as it is interpreted as int in av_get_packet()

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-6593408795279360
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4613908817903616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5c0df3da0b7288a43a3b783117064cfcbc8037a5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-19 12:15:03 +02:00
Michael Niedermayer
48c506ddb4
avformat/sbgdec: Check for period overflow
Fixes: signed integer overflow: 4481246996173000000 - -4778576820000000000 cannot be represented in type 'long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5063670588899328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a9137110eda130ba07a2a43bdedff2421efbb7a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-19 12:10:18 +02:00
Michael Niedermayer
523a7ddc9f
avcodec/xvididct: Fix integer overflow in idct_row()
Fixes: signed integer overflow: 1871429831 + 343006811 cannot be represented in type 'int'
Fixes: 61784/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5372151001120768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b12444fe72173ab52b6479708cfd12cb889ca300)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 18:52:31 +02:00
Michael Niedermayer
60e4708729
avcodec/celp_math: avoid overflow in shift
by making gain unsigned we have 1 bit more available
alternatively we can clip twice as in the g729 reference

Fixes: left shift of 23404 by 17 places cannot be represented in type 'int'
Fixes: 61728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-6280412547383296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6580a7b2b27973947118482235a2eb1214d968a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 18:51:40 +02:00
Michael Niedermayer
aef6e2a7ca
avformat/format: Stop reading data at EOF during probing
Issue found by: Сергей Колесников
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 80f6e0378beae69d31f24b036a1365405dea61d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 18:44:08 +02:00
Michael Niedermayer
ebea366ea9
avcodec/huffyuvdec: avoid undefined behavior with get_vlc2() failure
Fixes: left shift of negative value -1
Fixes: 59889/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HUFFYUV_fuzzer-5472742275940352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 90647a9249aee8c0ef6c0bced3558ada9643f5b6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 18:40:47 +02:00
Michael Niedermayer
83a6af7f1a
avcodec/hevcdec: Fix undefined memcpy()
There is likely a better way to fix this, this is mainly to show the problem

Fixes: MC within same frame resulting in overlapping memcpy()
Fixes: 60189/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4992746590175232
Fixes: 61753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5022150806077440
Fixes: 58062/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4717458841010176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 94bd1796ff45b396021cd260e9b037bc61815933)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 18:35:32 +02:00
Michael Niedermayer
1c9ae4ada6
avcodec/mpeg4videodec: more unsigned in amv computation
Fixes: signed integer overflow: -2147483648 + -1048576 cannot be represented in type 'int'
Fixes: 59365/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-642654923954585

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0adaa90d89114dc86dbc5704ce31ded5b6750d13)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 18:34:33 +02:00
Michael Niedermayer
5e57f3c8de
avcodec/tta: fix signed overflow in decorrelate
Fixes: signed integer overflow: 2079654542 - -139267653 cannot be represented in type 'int'
Fixes: 60811/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5915858409750528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 283bf5c35bc5ac92e061f27c3a680318175a1600)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 18:33:15 +02:00
Michael Niedermayer
c123a4dd0c
avcodec/xvididct: Fix integer overflow in idct_row()
Fixes: signed integer overflow: -1403461578 + -843974775 cannot be represented in type 'int'
Fixes: 60868/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-4599793035378688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ce322a51eae87fd3a0eb96f2280175554ef30c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 18:25:41 +02:00
Michael Niedermayer
717b15de1d
avformat/avr: Check sample rate
Fixes: 54979/clusterfuzz-testcase-minimized-ffmpeg_dem_AVR_fuzzer-6681035461230592
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 32556fa62b1d0615f621fd8f71bdfe3b72e43896)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 18:23:49 +02:00
Michael Niedermayer
f2937fde73
avcodec/jpeg2000dec: Check for reduction factor and image offset
This combination is not working (it writes out of array)

Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b6d191a66a8d9b3064efecc79a9f44fb14d7875)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 11:32:27 +02:00
Michael Niedermayer
d4fcb508d1
avutil/softfloat: Basic documentation for av_sincos_sf()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4aa1a42a91438b7107d2d77db1fc5ca95c27740c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 11:31:35 +02:00
Michael Niedermayer
f7f742a519
avutil/softfloat: fix av_sincos_sf()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d84677abd8ffb8ca8ad94eced6d9e03928f35d79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 11:30:45 +02:00
Michael Niedermayer
9c7334b053
avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()
Fixes: signed integer overflow: 256 * 668003712 cannot be represented in type 'int'
Fixes: 59819/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4674636538052608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a4bf559683a999c8faa408fdd8f29bd28a6a47ea)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 11:28:13 +02:00
Michael Niedermayer
781fdc6964
avcodec/hevcdec: Avoid null pointer dereferences in MC
Fixes: runtime error: pointer index expression with base 0x000000000000 overflowed to 0xfffffffffffffff8
Fixes: 58440/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5956015530311680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a0f4d4e65093a4cb627f05d09b19c922e88cfac1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 11:22:54 +02:00
Michael Niedermayer
4e6b5097f2
avcodec/takdsp: Fix integer overflows
Fixes: avcodec/takdsp.c:44:23: runtime error: signed integer overflow: -2097158 - 2147012608 cannot be represented in type 'int'
Fixes: 58417/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5268919664640000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ff8a496d41422b694f66684ada97dcf49e167782)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 11:21:58 +02:00
Michael Niedermayer
7167952f0e
avcodec: Ignoring errors is only possible before the input end
Fixes: out of array read
Fixes: Ticket 10308

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fead656a7bf523d448fe8bd39c1f2ea36be98fb9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-18 11:08:00 +02:00
Michael Niedermayer
c721020755
Changelog: update n3.4.13 2023-06-10 22:49:06 +02:00
Michael Niedermayer
7b4662fae5
avcodec/noise_bsf: Check for wrapped frames
Wrapped frames contain pointers so they need specific code to
noise them, the generic code would lead to segfaults

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0889ebc577749ee6abc620bc9030d2002487935f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-06-07 01:35:38 +02:00
Michael Niedermayer
5a797e7c23
Update for 3.4.13
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-06-04 20:26:33 +02:00
Michael Niedermayer
30cdacf8c2
avcodec/pngdec: Do not pass AVFrame into global header decode
The global header should not contain a frame, and decoding it
would result in leaks

Fixes: memleak
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-6603443149340672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d31d4f32283f765c79d6e127d31ee2c37a0acef7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-06-04 20:24:48 +02:00
Michael Niedermayer
b79b50a308
avformat/wavdec: Check that smv block fits in available space
Fixes: OOM
Fixes: 56271/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5290810045497344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a76efafdb9be966ae3ad52b32370dc644dd582bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-06-04 20:24:43 +02:00