FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00

Author	SHA1	Message	Date
Matt Wolenetz	8be3724e55	lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr Core of patch is from paul@paulmehta.com Reference https://crbug.com/643950 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Check value reduced as the code does not support larger lengths (cherry picked from commit fd30e4d57fe5841385f845440688505b88c0f4a9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Michael Niedermayer	142c1737e3	avcodec/pictordec: Fix logic error Fixes: 559/clusterfuzz-testcase-6424225917173760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c2ea3030af7b40a3c4275696fb5c76cdb80950a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Michael Niedermayer	61b86ae8ce	avcodec/movtextdec: Fix decode_styl() cleanup Fixes: null pointer dereference Fixes: 555/clusterfuzz-testcase-5986646595993600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e248522d1b0d6dd8641f382cd5c4338d0ecd98e5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Chris Cunningham	b3ae6cfe11	lavf/matroskadec: fix is_keyframe for early Blocks Blocks are marked as key frames whenever the "reference" field is zero. This breaks for non-keyframe Blocks with a reference timestamp of zero. The likelihood of reference timestamp being zero is increased by a longstanding bug in muxing that encodes reference timestamp as the absolute time of the referenced frame (rather than relative to the current Block timestamp, as described in MKV spec). Now using INT64_MIN to denote "no reference". Reported to chromium at http://crbug.com/497889 (contains sample) (cherry picked from commit ac25840ee32888f0c13118edeb9404a123cd3a79) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
James Almer	d053b25b59	configure: bump year Happy new year! (cherry picked from commit d800d48fc67208819c2a4ae5eb214ca5e3ad7e82) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Michael Niedermayer	3aa8440baf	avcodec/pngdec: Check trns more completely Fixes out of array access Fixes: 546/clusterfuzz-testcase-4809433909559296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e477f09d0b3619f3d29173b2cd593e17e2d1978e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Michael Niedermayer	c9992efd84	avcodec/interplayvideo: Move parameter change check up Fixes out of array read Fixes: 544/clusterfuzz-testcase-5936536407244800.f8bd9b24_8ba77916_70c2c7be_3df6a2ea_96cd9f14 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b1e2192007d7026049237c9ab11e05ae71bf4f42) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Michael Niedermayer	87cc0b0474	avcodec/mjpegdec: Check for for the bitstream end in mjpeg_decode_scan_progressive_ac() Fixes timeout Fixes: 496/clusterfuzz-testcase-5805083497332736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3782656631fa8262528c07794acf7e9c2aab000d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Frank Liberato	d59582a567	avformat/flacdec: Check avio_read result when reading flac block header. Return AVERROR_INVALIDDATA if all four bytes aren't present. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 95bde49982a82bc10470c0adab5969ffe635d064) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Michael Niedermayer	17a9e90d1f	avcodec/utils: correct align value for interplay Fixes out of array access Fixes: 452/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_INTERPLAY_VIDEO_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2080bc33717955a0e4268e738acf8c1eeddbf8cb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Michael Niedermayer	3aca3f1257	avcodec/vp56: Check for the bitstream end, pass error codes on Fixes timeout Fixes: 446/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_VP6_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9e6a2427558a718be0c1fffacffd935f630a7a8d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Michael Niedermayer	9f2e4c26a0	avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan() Fixes timeout Fixes: 445/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer Fixes: 456/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_JPEGLS_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 755933cb5cd17decd1838d3d64e07d4157de5638) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Michael Niedermayer	1febd817b1	avcodec/pngdec: Fix off by 1 size in decode_zbuf() Fixes out of array access Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e371f031b942d73e02c090170975561fabd5c264) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Tobias Rapp	3f3ee3e62f	avformat/avidec: skip odml master index chunks in avi_sync Fixes pts gaps when reading AVI files > 256GiB generated by FFmpeg. Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6d579d7c1bdc4126955cae7f385208e455685986) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Michael Niedermayer	8be687a81f	avcodec/mjpegdec: Check for rgb before flipping Fixes assertion failure due to unsupported case Fixes: 356/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 25d9643f1172ae6a210c671195ba3135895abaf3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	1827fe0989	avutil/random_seed: Reduce the time needed on systems with very low precission clock() This should fix issues on BSD CLOCKS_PER_SEC is 128 on BSD while SUSv2 requires it to be a million Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c4152fc42e480c41efb7f761b1bbe5f0bc43d5bc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	02073b5ab1	avutil/random_seed: Improve get_generic_seed() with higher precission clock() Tested-by: Thomas Turner <thomastdt@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit da73d95bad4736c5e0a6b4b1a811f4dd4525bb4c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	1825f7670a	avformat/utils: Print verbose error message if stream count exceeds max_streams Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f0bdd538712d8ed34120ab2b7bd1409fcc99fb45) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	2647ca4581	avformat/options_table: Set the default maximum number of streams to 1000 Fixes CVE-2016-9561, Note the security relevance of this is disputed as running out of memory can happen with valid files Suggested-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 30581c51e72a7a7ea1572c1c6039f6e4c590a55c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	2e44b10418	avutil: Add av_image_check_size2() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f542b152aa2086b30d1089162d79f5c136905c0c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	c6fbff1358	avformat: Add max_streams option This allows user apps to stop OOM due to excessive number of streams Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1296f844955e513d19051c962656f829479d4fb9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	774461ea62	avcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be allocated We are checking during encoding if there is enough space as version 4 needs that check. Fixes Ticket6005 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38a7834bbb24ef62466b076715e0add60e1d6962) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	94a0a484b7	avcodec/mpeg4videodec: Fix undefined shifts in mpeg4_decode_sprite_trajectory() Fixes: part of 670190.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8258e363851434ad5662c19d036fddb3e3f27683) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	a127f51140	avformat/oggdec: Skip streams in duration correction that did not had their duration set. Fixes: part of 670190.ogg Fixes integer overflow Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ee2a6f5df8c6a151c3e3826872f1b0a07401c62a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	07ca8300a6	avcodec/ffv1enc: Fix size of first slice Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cff1c0edaa797eca96663d9b83e4b8c1b609ff19) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Andreas Cadhalpun	f7e18dea7a	pgssubdec: reset rle_data_len/rle_remaining_len on allocation error The code relies on their validity and otherwise can try to access a NULL object->rle pointer, causing segmentation faults. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 842e98b4d83d8cf297e2bc2761f1f47eb89e49e4) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2017-02-01 02:29:08 +01:00
Michael Niedermayer	16c0d8aa46	update for ffmpeg 2.8.10 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> n2.8.10	2016-12-06 03:50:50 +01:00
Michael Niedermayer	1ec9fd15b9	avformat/http: Match chunksize checks to master..3.0 Fixes warning about impossible condition Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 03:30:10 +01:00
Michael Niedermayer	4a947f4385	Changelog: fix typos Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 01:19:34 +01:00
Michael Niedermayer	e0cb113f9b	ffserver: Check chunk size Fixes out of array access Fixes: poc_ffserver.py Found-by: Paul Cher <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:59:22 +01:00
Michael Niedermayer	15abba737b	Avoid using the term "file" and prefer "url" in some docs and comments This should make it less ambigous that these are URLs Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a5f27a9c3aa973c543bd8bbf2a78363700bbc03e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:59:22 +01:00
Michael Niedermayer	5bfb0b02b6	avformat/rtmppkt: Check for packet size mismatches Fixes out of array access Found-by: Paul Cher <paulcher@icloud.com> Reviewed-by: Paul Cher <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7d57ca4d9a75562fa32e40766211de150f8b3ee7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:59:22 +01:00
Timothy Gu	c472c1b3e7	zmqsend: Initialize ret to 0 Fixes CID1396857. (cherry picked from commit d903b4e3ad4a81b3dd79f12c2f3b9cb16e511173) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:59:22 +01:00
James Almer	e8dfe3f34a	configure: check for strtoull on msvc Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit b52d3574d466e745834d1283b55570dee1e2d4cd)	2016-12-05 19:19:11 -03:00
Ronald S. Bultje	d3fc5c17de	http: move chunk handling from http_read_stream() to http_buf_read(). (cherry picked from commit 845bb401781ef04e342bd558df16a8dbf5f800f9)	2016-12-05 16:20:58 -05:00
Ronald S. Bultje	606b21353d	http: make length/offset-related variables unsigned. Fixes #5992, reported and found by Paul Cher <paulcher@icloud.com>. (cherry picked from commit 2a05c8f813de6f2278827734bf8102291e7484aa)	2016-12-05 16:20:40 -05:00
Michael Niedermayer	fb93771072	Changelog: update Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> n2.8.9	2016-12-04 01:42:53 +01:00
Michael Niedermayer	3f8bb78f3e	avcodec/flacdec: Fix undefined shift in decode_subframe() Fixes undefined behavior Fixes: 639961-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1f5630af51f24d79053b6bef5b8b3ba93d637306) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 01:05:02 +01:00
Michael Niedermayer	a5989651f0	avcodec/get_bits: Fix get_sbits_long(0) Fixes undefined behavior Fixes: 640889-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c72fa432349881d5a445cd110abf698cc94d490d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 01:03:53 +01:00
Michael Niedermayer	1e512388ee	avformat/ffmdec: Check media type for chunks Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e706e2e775730db5dfa9103628cd70704dd13cef) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-03 17:46:37 +01:00
Michael Niedermayer	31d46dc97d	avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed() Fixes undefined behavior Fixes: 640912-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 83a75bf6c31b3c0ce2ca7e1426d1f2e3df634239) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-03 17:32:54 +01:00
Michael Niedermayer	5790ce6273	avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c Fixes: left shift of negative value Fixes: 668346-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit acc163c6ab52d2235767852262c64c7f6b273d1c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-03 17:32:33 +01:00
Michael Niedermayer	f202fefdb0	avformat/oggparsespeex: Check frames_per_packet and packet_size The speex specification does not seem to restrict these values, thus the limits where choosen so as to avoid multiplicative overflow Fixes undefined behavior Fixes: 635422.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit afcf15b0dbb4b6429be5083e50b296cdca61875e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-03 04:10:31 +01:00
Michael Niedermayer	3af916db37	avformat/utils: Check start/end before computing duration in update_stream_timings() Fixes undefined behavior Fixes: 637428.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 90da187f1d334422477886a19eca3c1da29c59a7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-03 04:10:19 +01:00
Michael Niedermayer	518beeb72f	Changelog: Update Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-02 00:47:39 +01:00
Michael Niedermayer	46edc6d5ef	avcodec/flac_parser: Update nb_headers_buffered Fixes infinite loop Fixes: fuzz.flac Found-by: Frank Liberato <liberato@google.com> Reviewed-by: Frank Liberato <liberato@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2475858889cde6221677473b663df6f985add33d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-01 23:50:40 +01:00
Michael Niedermayer	046cc06f5a	avformat/idroqdec: Check chunk_size for being too large Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 744a0b5206634e5de04d5c31f08cc3640faf800d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-01 23:50:40 +01:00
Andreas Cadhalpun	970781f5f2	Update Changelog	2016-11-27 00:47:03 +01:00
Andreas Cadhalpun	d8ec9e97b9	filmstripdec: correctly check image dimensions This prevents a division by zero in read_packet. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 25012c56448a48487cdc9699465e640871dbcd60) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:36 +01:00
Andreas Cadhalpun	028c87be95	mss2: only use error correction for matching block counts This fixes a heap-buffer-overflow in ff_er_frame_end when decoding mss2 with coded_width/coded_height larger than width/height. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 2566ad98b01538ea589e5ee07b69fc566aadc348) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:36 +01:00

1 2 3 4 5 ...

75410 Commits