FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-29 22:00:58 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	9468749249	avformat/mov: do not set sign bit for chunk_offsets Fixes: signed integer overflow: 2314885530818453536 - -7412889664301817824 cannot be represented in type 'long' Fixes: 64296/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6304027146846208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cfc0a68d4d3192779e356a852e71b8218e7a00ab) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:04:35 +02:00
Michael Niedermayer	7207d398ff	avformat/mov: Ignore duplicate ftyp Fixes: switch_1080p_720p.mp4 Found-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4cdf2c7f768015c74078544d153f243b6d9b9ac5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:04:33 +02:00
Dale Curtis	8f209d2c90	avformat/mov: Fix integer overflow in mov_read_packet(). Fixes https://crbug.com/1499669: runtime error: signed integer overflow: 9223372036853334272 + 1375731456 cannot be represented in type 'int64_t' (aka 'long') Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2182173a6933c02b0853751034bd5e0bf829b5f7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:04:33 +02:00
Eugene Zemtsov	36cf037fb8	avformat/mov: Check if a key is longer than the atom containing it Stop reading keys and return AVERROR_INVALIDDATA if key_size is larger than the amount of space left in the atom. Bug: https://crbug.com/41496983 Signed-off-by: Eugene Zemtsov <eugene@chromium.org> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 8a23a145d85964950123952d897b89c2c2b1b8c5)	2024-04-02 09:16:03 -03:00
James Almer	4ee74fc46d	avformat/mov: don't abort on duplicate Mastering Display Metadata boxes The VP9 spec defines a SmDm box for this information, and the ISOBMFF spec defines a mdvc one. If both are present, just ignore one of them. This is in line with clli and CoLL boxes. Fixes ticket #10711. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 189c32f53659b8f9dc402765905fc12a321ab1ac)	2024-03-27 13:54:41 -03:00
Marton Balint	25c1d8cbcf	avformat/mxfdec: remove resolve_strong_ref usage with AnyType UUIDs do not have to be unique if their type sets them apart, so avoid using AnyType, since we are only interested in specific types. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit aa299faa9ad2b01010acc4641b1f215d60a1336b)	2024-03-19 20:58:41 +01:00
Marton Balint	995e7f43a7	avformat/libsrt: use SRT_EPOLL_IN for waiting for an incoming connection This is the proper poll mode for waiting for an incoming connection according to the SRT API docs. Fixes ticket #9142. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 87677c2195e86b126c3438439a05d0a46ae5bb50)	2024-02-28 00:01:29 +01:00
Marton Balint	68f0e9645d	avformat/mxfdec: do not use AnyType when resolving Descriptors and MultipleDescriptors By using AnyType for resolving a strong reference we searched among all types, not just the ones which can be the target of the reference, which in some cases caused to find the wrong type, if the metadata set UUIDs were not unique. UUIDs do not have to be unique if their type sets them apart, SMPTE 377M says: > StrongRef: 'One to One’ relationship between sets and implemented in MXF > with UUIDs. Strong References are typed which means that the definition > identifies the kind of set which is the target of the reference. Fixes ticket #10865. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 68f2b32ef2b29aa95488531b007adde92ca82165)	2024-02-20 21:57:26 +01:00
Marton Balint	b0c647d1d9	avformat/mxfdec: move resolving Descriptors to the multi descriptor resolve function Also remove unused descriptor member from MXFPackage. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 41672f558673151e77798f8a184fc1d3e60b16b9)	2024-02-20 21:57:26 +01:00
Marton Balint	352fe0d4bf	avformat/mov_chan: never override number of channels based on chan atom The channel designation metadata should not override the number of channels. Let's warn the user if it is inconsistent, and keep the channel layout unspecified. Before the conversion to the channel layout API the code only set the mask, but never overridden the channel count, so this restores the old behaviour. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit dc9d64f7941f5b071283e16fa56e3af86e5c84d6)	2024-02-11 23:20:37 +01:00
Marton Balint	f471851169	avformat/mov_chan: do not assume channels are in native order Existing code could have caused wrong channel order signalling or reduced channel count if a channel designation appeared multiple times. This is actually an old bug, but the conversion to the new channel layout API made it visible, because now the code overrides the proper channel count with the one calculated from the mask. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 3d3cad7483785191b99557c78d5a4a551088c549)	2024-02-11 23:20:35 +01:00
Michael Niedermayer	b49de8dfe6	avformat/mov: Disallow FTYP after streams Fixes: Assertion !c->fc->nb_streams failed at libavformat/mov.c:7799 Fixes: 63875/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5479178702815232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 19fcf4313148e86aa47d81a8d5d5e8d056f1f906) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-11-10 00:24:19 +01:00
Michael Niedermayer	1435f50283	avformat/mov: Check that is_still_picture_avif has no trak based streams Fixes: Assertion failure in mov_read_iloc( in mov_read_iloc()) Fixes: 62866/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5282997370486784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 98c2711b58ce65eae02cb2ece3a664e1119fd8fe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-11-03 22:24:54 +01:00
Andreas Rheinhardt	7739dabb89	avformat/matroskadec: Fix declaration-after-statement warnings Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit 37b5f4a1f6a9c7c8f3620c6b1f7f2b0bb997e5d7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:15 +01:00
Michael Niedermayer	5e71da4ef9	avformat/rtsp: Use rtsp_st->stream_index Fixes: out of array access Fixes: rtpdec_h264.c149/poc Found-by: Hardik Shah of Vehere Reviewed-by: Martin Storsjö <martin@martin.st> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e4d5ac8d7d2a08658b3db7dd821246fe6b35381f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:15 +01:00
Michael Niedermayer	905819d18a	avformat/mxfdec: Check klv offset Fixes: Assertion klv_offset >= mxf->run_in failed at libavformat/mxfdec.c:736 Fixes: 62936/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5778404366221312.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 70f5fa63258f548cd8d067d479658bae61711ff4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:14 +01:00
Michael Niedermayer	d7f64a78e0	avformat/tmv: Check video chunk size This check matches the audio chunk check Fixes: Timeout Fixes: 62681/clusterfuzz-testcase-minimized-ffmpeg_dem_TMV_fuzzer-5299107876700160 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b79fc7059600b28dce392fc20e5c8bd554c2fc95) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:13 +01:00
Michael Niedermayer	a563efcfda	avformat/asfdec_f: Saturate presentation time in marker Fixes: signed integer overflow: -9223372036315799520 - 3873890816 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5009302746431488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cedb4736f568a9cc693f81b1f7c33ea2499715ab) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:12 +01:00
Michael Niedermayer	29788ba10e	avformat/xwma: sanity check bits_per_coded_sample Fixes: signed integer overflow: 65312 * 524296 cannot be represented in type 'int' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_XWMA_fuzzer-6595971445555200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe6ce28d118d6030984e1ee5c2d92e98514fe3d1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:12 +01:00
Michael Niedermayer	f15a1d7928	avformat/matroskadec: Check prebuffered_ns for overflow Fixes: signed integer overflow: 9223372036630775808 + 1000000000 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-5406131992526848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2d6df3719dd4f75b40cdf25a02f3f075b76ed045) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:12 +01:00
Michael Niedermayer	1718baf61c	avformat/wavdec: Check left avio_tell for overflow Fixes: signed integer overflow: 155 + 9223372036854775655 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5364032278495232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 929ddef3f40102d6a84cfa17ed7c7ffebcf8236e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:11 +01:00
Michael Niedermayer	c01d304a6b	avformat/tta: Better totalframes check Fixes: signed integer overflow: 4 * 740491135 cannot be represented in type 'int' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-6298893367508992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f0d00464a50994de0993e045e09313ca8d7cc8f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:11 +01:00
Michael Niedermayer	0c1babaa61	avformat/rpl: Check for number_of_chunks overflow Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int32_t' (aka 'int') Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6086131095830528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b3c973acbecb879d4949fecdadd2fdfc08dea42b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:11 +01:00
Michael Niedermayer	1e239a8b88	avformat/mov: compute absolute dts difference without overflow in mov_find_next_sample() Fixes: signed integer overflow: -9223372036854775808 - 9222726413022000000 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5959420033761280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3508b496e195440d0af0203e2822937b8c6f5598) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:10 +01:00
Michael Niedermayer	283baa7336	avformat/jacosubdec: Check timeres Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 51f0ab8b127282415822959ccad7db95ad749b5d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:10 +01:00
Michael Niedermayer	441d5eca4b	avformat/jacosubdec: avoid signed integer overflows in get_shift() Fixes: signed integer overflow: 22014562800 * 934633746 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5189603246866432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 32447b149fb61eb48436eddbbb1adf91b70ec5e4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:10 +01:00
Michael Niedermayer	d35579c12b	avformat/jacosubdec: Factorize code in get_shift() a bit Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6490b9aed63c06f20bbc46e0bc801e612d07e81e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:09 +01:00
Michael Niedermayer	30b3f2712d	avformat/sbgdec: Check for negative duration or un-representable end pts Fixes: signed integer overflow: 9230955872951340 - -9223372036854775808 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6330481893572608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9b00b5734d9868971cb6e6cda0f3b8eeed93be9e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:09 +01:00
Michael Niedermayer	3817209b6d	avformat/avs: Check if return code is representable Fixes: leak Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-6738814988320768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 52d666edec73c834c60811e330f86a7cf1d916da) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:08 +01:00
Michael Niedermayer	87f556a10c	avformat/westwood_vqa: Check chunk size the type is also changed to int as it is interpreted as int in av_get_packet() Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-6593408795279360 Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4613908817903616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5c0df3da0b7288a43a3b783117064cfcbc8037a5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:07 +01:00
Michael Niedermayer	f43562c38a	avformat/sbgdec: Check for period overflow Fixes: signed integer overflow: 4481246996173000000 - -4778576820000000000 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5063670588899328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a9137110eda130ba07a2a43bdedff2421efbb7a9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:07 +01:00
Michael Niedermayer	d491053334	avformat/concatdec: Check in/outpoint for overflow Fixes: signed integer overflow: 91542414454000000 - -9154241494546000000 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-4739147999084544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dedc78b4b5bdab869f3038798334639d617d2309) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:07 +01:00
Michael Niedermayer	b358b080a1	avformat/mxfdec: Remove this_partition Suggested-by: Tomas Härdin <git@haerdin.se> Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5130394286817280 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 442d9412d21590c7a816118032c92070e00a1cc1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:06 +01:00
Michael Niedermayer	6c176df7e9	avformat/hls: reduce default max reload to 3 The 1000 did result in the appearance of a never ending reload loop The RFC mandates that "If the client reloads a Playlist file and finds that it has not changed, then it MUST wait for a period of one-half the target duration before retrying." and if it has changed "the client MUST wait for at least the target duration before attempting to reload the Playlist file again" Trying to reload 3 times seems a better default than 1000 given these durations Issue found by: Сергей Колесников Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f810435c2a6d985fabd9e6c025e0da0c99c39a9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:05 +01:00
Michael Niedermayer	ee90868c67	avformat/format: Stop reading data at EOF during probing Issue found by: Сергей Колесников Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 80f6e0378beae69d31f24b036a1365405dea61d1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:05 +01:00
Michael Niedermayer	cfa3ae4181	avformat/avr: Check sample rate Fixes: 54979/clusterfuzz-testcase-minimized-ffmpeg_dem_AVR_fuzzer-6681035461230592 Fixes: Timeout Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 32556fa62b1d0615f621fd8f71bdfe3b72e43896) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:01 +01:00
Michael Niedermayer	9b5a8aa16d	avformat/imf_cpl: Replace NULL content_title_utf8 by "" Suggested-by: Pierre-Anthony Lemieux <pal@sandflow.com> Reviewed-by: Pierre-Anthony Lemieux <pal@sandflow.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ac3e6b74bdd6959ce4411e78161b2f06d0926c43) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:00 +01:00
Michael Niedermayer	c09250be43	avformat/imf_cpl: xmlNodeListGetString() can return NULL Fixes: NULL pointer dereference Fixes: 60166/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5998301577871360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Pierre-Anthony Lemieux <pal@sandflow.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 509ce40f188734ec74078ebdd8d71f80116d9eaf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:00 +01:00
Michael Niedermayer	537600e785	avformat/jpegxl_probe: Forward error codes Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 09621fd7d93a12974e9664b2aebb8237e5c46f03) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:57 +01:00
Michael Niedermayer	55de397fe0	avformat/jpegxl_probe: check length instead of blindly reading Enable the checked bitreader to avoid overread. Also add a few checks in loops and between blocks so we exit instead of continued execution. Alternatively we could add manual checks so that no overread can happen. This would be slightly faster but a bit more work and a bit more fragile Fixes: Out of array accesses Fixes: 59640/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-6584117345779712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1ec4553e355039ce69abf8e49389fa43f1f55fc5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:56 +01:00
Michael Niedermayer	4e68048151	avformat/jpegxl_probe: Remove intermediate macro obfuscation around get_bits*() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 25c937c0e03895866d9f5bcc659ad6afc53e20f9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:56 +01:00
Michael Niedermayer	1892181787	avformat/oggparsetheora: clip duration within 64bit Fixes: signed integer overflow: 9079256848778919936 - -288230376151711746 cannot be represented in type 'long' Fixes: 58248/clusterfuzz-testcase-minimized-ffmpeg_dem_OGG_fuzzer-6326851353313280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b1c3d81e71f78e4b3b2c2901ac4649cb74aec272) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:55 +01:00
Michael Niedermayer	50e2f8ef33	avformat/wavdec: Check that smv block fits in available space Fixes: OOM Fixes: 56271/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5290810045497344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a76efafdb9be966ae3ad52b32370dc644dd582bf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:55 +01:00
Pierre-Anthony Lemieux	c2d4ab2552	avformat/imf: fix invalid resource handling (cherry picked from commit 23d968d55a6e00dfc46799cfd0eb2ed02379037d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:50 +01:00
Will Cassella	566aa38d98	libavformat/riffec: Zero-initialize channels in ff_get_wav_header Clang's static analyzer complains that leaving the variable uninitialized could lead to a code path where the uninitialized value is written to at the end of this function. This patch simply zero-initializes that variable to avoid that. Signed-off-by: Will Cassella <cassew@google.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit e601ec3c1991ee09ff45db3be4d894e5774f6f2b)	2023-08-12 13:25:36 -03:00
James Almer	796daf929a	avformat/concatf: check if any nodes were allocated Fixes ticket #10304 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 19c2dc677f81c940aebe63ed09dacf5c725f0b35)	2023-04-16 11:39:13 -03:00
Michael Niedermayer	fa22608c46	avformat/mov: Check samplesize and offset to avoid integer overflow Fixes: signed integer overflow: 9223372036854775584 + 536870912 cannot be represented in type 'long' Fixes: 55844/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-510613920664780 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 53c1f5c2e28e54ea8174b196d5cf4a158907395a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-03-16 14:48:36 +01:00
Michael Niedermayer	87e6221d53	avformat/mxfdec: Use 64bit in remainder Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int' Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 64a04fc165d453fe49906b228ac16385eda28564) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-22 00:03:43 +01:00
Michael Niedermayer	3aee1b1ec3	avformat/id3v2: Check taglen in read_uslt() Fixes: Timeout (read mostly the same data repeatly) Fixes: 52457/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-6610706313379840 Fixes: 53098/clusterfuzz-testcase-minimized-ffmpeg_dem_SOL_fuzzer-6481382981632000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a798af91d7d1fc31cfc1ae09cc6ab3907304f44f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 23:37:11 +01:00
Michael Niedermayer	71b40b2645	avformat/replaygain: avoid undefined / negative abs Fixes: signed integer overflow: -2147483648 * 100000 cannot be represented in type 'int' Fixes: 52060/clusterfuzz-testcase-minimized-ffmpeg_dem_MP3_fuzzer-5131616708329472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2532b20b17ec557f1b925bfc41c00e7d4e17356c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:30:35 +01:00

1 2 3 4 5 ...

25003 Commits