FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-08 13:22:53 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	886045ca87	avformat/img2dec: assert no pipe on ts_from_file Help coverity with CID1500302 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4824156fa0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:18 +02:00
Michael Niedermayer	8941956c32	avformat/mov: Check edit list for overflow Fixes: 67492/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5778297231310848 Fixes: signed integer overflow: 2314885530818453536 + 7782220156096217088 cannot be represented in type 'long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2882d30e3a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:16 +02:00
Michael Niedermayer	40cca1cf87	avformat/mxfdec: Check container_ul->desc before use Fixes: CID1592939 Dereference after null check Sponsored-by: Sovereign Tech Fund Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4cab028bd0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:12 +02:00
Michael Niedermayer	d44a75849c	avformat/mov: Use int64_t in intermediate for corrected_dts Fixes: CID1500312 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `034054b370`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:10 +02:00
Michael Niedermayer	488aa52371	avformat/mov: Use 64bit in intermediate for current_dts Fixes: CID1500304 Unintentional integer overflow Fixes: CID1500318 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0c977d37aa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:10 +02:00
Michael Niedermayer	9e6950dcb4	avformat/matroskadec: Assert that num_levels is non negative Maybe Closes: CID1452496 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `019fce18bb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:09 +02:00
Michael Niedermayer	871c89e0ba	avformat/libzmq: Check av_strstart() Fixes: CID1453457 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0263b6a48c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:09 +02:00
Michael Niedermayer	b8ee22e1dd	avformat/img2dec: Little JFIF / Exif cleanup This changes the behavior and makes it behave how it probably was intended. Either way this is unlikely to result in any user visible change Fixes: CID1494637 Missing break in switch Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5712f36dd0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:09 +02:00
Michael Niedermayer	2ea4dfd684	avformat/img2dec: Move DQT after unrelated if() Fixes: CID1494636 Missing break in switch Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7d04c6016b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:08 +02:00
Michael Niedermayer	54f57cb532	avformat/imfdec: Simplify get_next_track_with_minimum_timestamp() This also makes the code more robust Fixes: CID1512414 Uninitialized pointer read Sponsored-by: Sovereign Tech Fund Reviewed-by: Pierre-Anthony Lemieux <pal@sandflow.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f10493f6fc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:08 +02:00
Michael Niedermayer	b09cadf2ef	avformat/sdp: Check before appending "," Found by reviewing code related to CID1500301 String not null terminated Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5b82852519`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:07 +02:00
Michael Niedermayer	e292a764c0	avformat/fwse: Remove always false expression Fixes: CID1460758 Operands don't affect result Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `348c3a7ffe`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:02 +02:00
Michael Niedermayer	376e36d253	avformat/asfdec_f: Use 64bit for preroll computation Fixes: CID1500342 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `70b4994762`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:01 +02:00
Michael Niedermayer	c684c13ee4	avformat/argo_asf: Use 64bit in offset intermediate Fixes: CID1467435 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d9d1f65308`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:01 +02:00
Michael Niedermayer	bf5aba6b88	avformat/ape: Use 64bit for final frame size Fixes: CID1505963 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a2b8d03347`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:01 +02:00
Michael Niedermayer	78ad74a20a	avformat/ac4dec: Check remaining space in ac4_probe() Fixes: CID1538298 Untrusted loop bound Fixes: undefined behavior Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2f04cb673c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:34:00 +02:00
Michael Niedermayer	4b11e29881	avformat/demux: resurrect dead stores Fixes: CID1473512 Unused value Fixes: CID1529228 Unused value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `33da5f4e27`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-25 20:33:57 +02:00
James Almer	1ef18d0223	avformat/iamf_writer: disallow Opus extradata with mapping family other than 0 Clause 3.11.1 of IAMF[1] states the Opus ID Header should conform to ChannelMappingFamily == 0. [1]https://aomediacodec.github.io/iamf/#opus-specific Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `2aab4e4cc0`)	2024-07-19 21:08:08 -03:00
James Almer	fdd3e3504e	avformat/iamf_parse: sanitize audio_roll_distance values Ensure the values are spec complaint and that no integer overflow can happen. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `9ce065c90d`)	2024-07-19 21:08:08 -03:00
James Almer	db90c46fff	avformat/iamf: byteswap values in OpusHeader Clause 3.11.1 of IAMF[1] states the values are stored in big endian, in contrast to the Ogg Encapsulation for Opus[2] where they are in little endian. [1]https://aomediacodec.github.io/iamf/v1.0.0-errata.html#opus-specific [2]https://datatracker.ietf.org/doc/html/rfc7845#section-5.1 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `7dabad079b`)	2024-07-18 23:38:51 -03:00
James Almer	5fc5b33319	avformat/iamf: rename Codec Config seek_preroll to audio_roll_distance The semantics for the field are different than the one in AVCodecParameters, so use the name defined in the IAMF spec to prevent confusion. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `54b8d5e201`)	2024-07-18 23:38:04 -03:00
Felicia Lim	5e43483206	avformat/iamf_writer: fix coded audio_roll_distance values 'seek_preroll' corresponds to 'audio_roll_distance' in IAMF[1] [1]https://aomediacodec.github.io/iamf/v1.0.0-errata.html#audio_roll_distance Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `2094f40295`)	2024-07-18 23:38:04 -03:00
Felicia Lim	df2d21a47b	avformat/iamf_writer: fix PCM endian-ness flag The value was swapped from what's defined in clause 3.11.4 of IAMF[1] [1]https://aomediacodec.github.io/iamf/#lpcm-specific Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `709a5687ed`)	2024-07-18 23:38:04 -03:00
Felicia Lim	a3bc5cd841	avformat/movenc: fix channel count and samplerate fields for IAMF tracks Clause 6.2.3 of IAMF[1] states both of these shall be set to 0. [1]https://aomediacodec.github.io/iamf/v1.0.0-errata.html#iasampleentry-section Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `180c869faf`)	2024-07-18 23:38:04 -03:00
James Almer	507348799c	avformat/iamf_parse: keep substream count consistent Fixes: member access within null pointer of type 'IAMFSubStream' (aka 'struct IAMFSubStream') Fixes: 69795/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6216287009701888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b248dace92`)	2024-07-18 23:33:38 -03:00
James Almer	29d626ea85	avformat/iamf_parse: add missing padding to AAC extradata Fixes: out of array access Fixes: 68863/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-4833546039525376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `0ae157b360`)	2024-07-18 23:33:38 -03:00
Michael Niedermayer	3d4d2897e6	avformat/iamf_parse: 0 layers are not allowed Fixes: out of array access Fixes: 68302/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4665793796177920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7fab9b9761`)	2024-07-18 23:33:38 -03:00
Michael Niedermayer	ce939aa59a	avformat/iamf_parse: consider nb_substreams when accessing substreams array Fixes: out of array access Fixes: 68584/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6256656668229632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c69e6cccd7`)	2024-07-18 23:33:38 -03:00
Michael Niedermayer	fd789a087e	avformat/iamf_parse: Remove dead case Fixes: CID1559546 Logically dead code Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c21fb3624b`)	2024-07-18 23:33:37 -03:00
James Almer	28b1dbb4ee	avformat/mov: add more checks for infe atom size Signed-off-by: James Almer <jamrial@gmail.com>	2024-07-04 13:47:42 -03:00
James Almer	dc51d491cf	avformat/mov: check for EOF inside the infe list parsing loop Signed-off-by: James Almer <jamrial@gmail.com>	2024-07-04 13:47:42 -03:00
James Almer	fbe52bd65c	avformat/mov: check extent_offset calculation for overflow Signed-off-by: James Almer <jamrial@gmail.com>	2024-07-04 13:47:42 -03:00
James Almer	b44758d8e4	avformat/mov: check that iloc offset values fit on an int64_t Signed-off-by: James Almer <jamrial@gmail.com>	2024-07-04 13:47:42 -03:00
Andreas Rheinhardt	45765b7c2e	avformat/flacdec: Reorder allocations to avoid leak on error Fixes Coverity issue #1591795. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit `b50c5d0290`)	2024-05-25 01:46:13 +02:00
Andreas Rheinhardt	a08da68e0a	avformat/movenc: Check av_malloc() Fixes Coverity issue #1596735. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit `601873263e`)	2024-05-25 01:44:01 +02:00
James Almer	17674b150f	avformat/mov: store sample_sizes as unsigned ints As defined in Section 8.7.3.2.1 of ISO 14496-12. Any unsupported value will be rejected in mov_build_index() without outright aborting demuxing. Fixes ticket #11005. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `3146b77a7d`)	2024-05-24 20:10:11 -03:00
James Almer	85d4df3873	avformat/vvc: fix parsing sps_subpic_id The length of the sps_subpic_id[i] syntax element is sps_subpic_id_len_minus1 + 1 bits. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `2d84ee3745`)	2024-05-22 17:52:30 -03:00
James Almer	1a6995c6d6	avformat/vvc: initialize some ptl flags Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `3bd7e3a336`)	2024-05-22 17:52:27 -03:00
Michael Niedermayer	4eccabcc26	avformat/concatdec: Check file Fixes: null pointer dereference Fixes: -stream_loop 1 -ss 00:00:05 -i zgclab/ffmpeg_crash/poc2 -codec:v copy -codec:a aac -y output.mp4 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a5d1497f33`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-05-22 22:04:36 +02:00
Michael Niedermayer	0e44de3b9b	avformat/mxfdec: Check body_offset Fixes: signed integer overflow: 538976288 - -9223372036315799520 cannot be represented in type 'long' Fixes: 68060/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5523457266745344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `20a6bfda0f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-05-22 22:04:32 +02:00
Michael Niedermayer	dba4b859d8	avformat/kvag: Check sample_rate Fixes: Division by 0 Fixes: -copyts -start_at_zero -itsoffset 00:00:01 -itsscale 1 -ss 00:00:02 -i zgclab/ffmpeg_crash/poc1 output.mp4 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c26a762ea1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-05-22 22:04:32 +02:00
Marton Balint	52132f4d6e	avformat/mp3dec: change bogus error message if read_header encounters EOF Because of ffio_ensure_seekback() a seek error normally should only happen if the end of file is reached during checking for the junk run-in. Also use proper error code. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit `49e018d6fe`)	2024-05-21 08:43:07 +02:00
Marton Balint	89ea8af0b3	avformat/mp3dec: simplify inner frame size check in mp3_read_header We are protecting the checked buffer with ffio_ensure_seekback(), so if the inner check fails with a seek error, that likely means the end of file was reached when checking for the next frame. This could also be the result of a wrongly guessed (larger than normal) frame size, so let's continue the loop instead of breaking out early. It will end sooner or later anyway. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit `b75e604fe5`)	2024-05-21 08:42:59 +02:00
Marton Balint	07ee3648b7	avformat/mp3dec: only call ffio_ensure_seekback once Otherwise the subsequent ffio_ensure_seekback calls destroy the buffer of the earlier. The worst case ~66kB seekback is so small it is easier to request it entirely. Fixes ticket #10837, a regression since `0d17f5228f`. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit `b005317219`)	2024-05-21 08:41:49 +02:00
James Almer	a8b8b1042f	avformat/vvc: fix parsing some early VPS bitstream values vps_default_ptl_dpb_hrd_max_tid_flag needs to always be set, and vps_direct_ref_layer_flag needs to be read even when vps_max_tid_ref_present_flag is false. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `a48203d51a`)	2024-05-20 14:27:42 -03:00
James Almer	5f23eecfba	avformat/vvc: fix writing general_constraint_info bytes The existing implementation was completely broken. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `415dfa89e2`)	2024-05-20 14:27:42 -03:00
Michael Niedermayer	da8b2f9704	avformat/iamfdec: check nb_streams in header read Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:572 Fixes: 67890/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5166340789829632.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9f54c13bc4`)	2024-05-01 15:46:44 -03:00
James Almer	1e6382a6b7	avformat/mov: free the infe allocated item data on failure Fixes: memleak Fixes: 68212/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4963488540721152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Tested-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `e09164940e`)	2024-05-01 15:45:53 -03:00
James Almer	5683aa6318	avformat/iamf_writer: reject duplicated stream ids in a stream group Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `6b6a0fc53d`)	2024-05-01 15:45:53 -03:00
James Almer	fb8f0ea7b3	avformat/mov: don't read key_size bytes twice in the keys atom We only support mdta as type, yet we were not skipping other types, but rather reading key_size worth of bytes twice per entry. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `5a06d3810e`)	2024-04-29 09:46:18 -03:00

1 2 3 4 5 ...

25846 Commits