1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Commit Graph

13 Commits

Author SHA1 Message Date
Michael Niedermayer
db31b3ea86 avformat/aaxdec: Check for empty segments
Fixes: Timeout
Fixes: 48154/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5149094353436672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-12 21:55:22 +02:00
Michael Niedermayer
c16a0ed242 avformat/aaxdec: Check for overlaping segments
Fixes: Timeout
Fixes: 45875/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-6121689903136768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-06-17 01:54:05 +02:00
Andreas Rheinhardt
a085cfa654 avformat/utils: Move ff_get_extradata to demux_utils.c
It is only used by demuxers (although it is hypothetically
possible that some day e.g. a protocol might need it, but
that is unlikely given that they don't deal with AVCodecParameters).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-05-10 07:45:58 +02:00
James Almer
bca70e7912 aax: convert to new channel layout API
Signed-off-by: James Almer <jamrial@gmail.com>
2022-03-15 09:42:29 -03:00
Andreas Rheinhardt
d1ac645636 avformat: Use ffio_read_size where appropriate
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-08-06 22:47:22 +02:00
Andreas Rheinhardt
2934a4b9a5 Remove unnecessary avassert.h inclusions
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-07-22 15:02:30 +02:00
Andreas Rheinhardt
822be43849 avformat/aaxdec: Simplify cleanup after read_header failure
by setting the FF_FMT_INIT_CLEANUP flag.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-07-07 21:15:33 +02:00
Michael Niedermayer
602bbf71f6 avformat/aaxdec: Check avio_seek() in header reading
Fixes: Timeout
Fixes: 32450/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-4875522262827008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-20 17:43:47 +02:00
Andreas Rheinhardt
bc70684e74 avformat: Constify all muxer/demuxers
This is possible now that the next-API is gone.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2021-04-27 11:48:06 -03:00
Michael Niedermayer
4e7dbca74c avformat/aaxdec: Check that segments table has been initialized
Fixes: Timeout
Fixes: 29766/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5635887566290944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-13 21:02:31 +01:00
Michael Niedermayer
fcc263caa9 avformat/aaxdec: Check string before strcmp()
Fixes: NULL ptr dereference
Fixes: 26508/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5694725249826816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-11 23:15:04 +01:00
Andreas Rheinhardt
5b33f523d7 avformat/aaxdec: Fix potential integer overflow
The AAX demuxer reads a 32bit number containing the amount of entries
of an array and stores it in an uint32_t. Yet when iterating over this
array, a loop counter of type int is used. This leads to undefined
behaviour if the amount of entries is not in the range of int; to avoid
this, it is generally good to use the same type for the loop counter as
for the variable it is compared to. This is done in one of the two loops
affected by this.

In the other loop, the undefined behaviour can begin even earlier: Here
the loop counter is multiplied by an uint16_t which can overflow as soon
as the loop counter is > 2^15. Using an unsigned type would avoid the
undefined behaviour, but truncation would still be possible, so use an
uint64_t.

Also use an uint32_t for a variable containing an index in said array.

This fixes Coverity issue #1466767.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-20 20:06:55 +02:00
Paul B Mahol
92396cee60 avformat: add CRI AAX demuxer 2020-09-18 11:34:11 +02:00