virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-09-16 08:36:51 +02:00
Code Issues Releases Activity
93,561 Commits 38 Branches 411 Tags
a8a8fda5cfeaa544a03050a5e2fc66fe9601604f
Commit Graph

93561 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
a8a8fda5cf avformat/matroskadec: Use rounded down duration in get_cue_desc() check 
Floating point is evil, it would be better if duration was not a double

Fixes: Infinite loop
Fixes: 45123/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6725052291219456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bd3a03db9a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:41 +02:00
Michael Niedermayer
362f55733b avformat/avidec: Check height 
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: Ticket8486

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec8ff659f5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
7f094e829e avformat/rmdec: Better duplicate tags check 
Fixes: memleaks
Fixes: 44810/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5619494647627776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15a646e501)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
5a67ee5797 avformat/mov: Disallow empty sidx 
It appears this is not allowed "Each Segment Index box documents how a (sub)segment is divided into one or more subsegments
(which may themselves be further subdivided using Segment Index boxes)."
Fixes: Null pointer dereference
Fixes: Ticket9517

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4419433d77)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
34b6731e78 avformat/matroskadec: Check duration 
Fixes: -nan is outside the range of representable values of type 'long'
Fixes: 44614/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6216204841254912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 36680078ca)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
b7a305ab6b avformat/mov: Corner case encryption error cleanup in mov_read_senc() 
Fixes: memleak
Fixes: 42341/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4566632823914496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8ee0e4abcb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
76e56f0006 avcodec/jpeglsdec: Fix if( code style 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f306b8e80a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
b6061e3d8e avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error 
Fixes: Timeout
Fixes: Invalid shift
Fixes: 44548/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-556487680891289
Fixes: 44569/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-6302543246917632
Fixes: 44570/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-4550196556595200
Fixes: 44592/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5651610385121280
Fixes: 44571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5094698987945984
Fixes: 44607/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5341352013987840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 151f83584e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
87297d5021 avcodec/motion_est: fix indention of ff_get_best_fcode() 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce43e1c581)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
2262e53f96 avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode() 
This codepath seems untested, no testcases change

Found-by: <mkver>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 634312a70f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
c7c714719e avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned 
Fixes: left shift of 32768 by 16 places cannot be represented in type 'int'
Fixes: Timeout
Fixes: 44219/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-4679455379947520
Fixes: 44088/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-4885976600674304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ee283d7d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
7eebf00ff0 avformat/matroskadec: Check desc_bytes 
Fixes: Division by 0
Fixes: 44035/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4826721386364928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5038933977)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
2edb753825 avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value() 
Fixes: pointer index expression with base 0x000000000000 overflowed to 0xffffffffffffffff
Fixes: 44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5670607746891776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 59328aabd2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
893c4f1151 avformat/matroskadec: Fix infinite loop with bz decompression 
The same check is added to zlib too, it seems not needed there though

Fixes: Infinite loop
Fixes: 43932/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6175167573786624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c3d2cbb51)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
423a3b685f avformat/mov: Check size before subtraction 
Fixes: signed integer overflow: -9223372036854775808 - 8 cannot be represented in type 'long'
Fixes: 43542/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5237670148702208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d8d9d506a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
210b4b9871 avcodec/apedec: Fix integer overflows in predictor_update_3930() 
Fixes: signed integer overflow: 1074134419 - -1075212485 cannot be represented in type 'int'
Fixes: 43273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-4706880883130368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c9c9bbd01)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
254ebed4d5 avcodec/apedec: fix integer overflow in 8bit samples 
Fixes: signed integer overflow: 2147483542 + 128 cannot be represented in type 'int'
Fixes: 42812/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6344057861832704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7cee3b3718)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
a5b213a89e avformat/flvdec: timestamps cannot use the full int64 range 
We do not support this as we multiply by 1000
Fixes: signed integer overflow: -45318575073853696 * 1000 cannot be represented in type 'long'
Fixes: 42804/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-4630325425209344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c217ca7718)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
7caa166ac3 avcodec/vqavideo: reset accounting on error 
Fixes: Timeout (same growing chunk is decoded to failure repeatedly)
Fixes: 42582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-6531195591065600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d8ea7a67ba)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
e546e9c5b4 avcodec/alacdsp: fix integer overflow in decorrelate_stereo() 
Fixes: signed integer overflow: -16777216 * 131 cannot be represented in type 'int'
Fixes: 23835/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5669943160078336
Fixes: 41101/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-4636330705944576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 68457c1e85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
0e6f3166ce avformat/4xm: Check for duplicate track ids 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd94912479)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
ea318a1fcd avformat/4xm: Consider max_streams on reallocating tracks array 
Fixes: OOM
Fixes: 41595/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-6355979363549184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0dcd95ef8a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
f80d5425ae avformat/mov: Check next offset in mov_read_dref() 
Fixes: signed integer overflow: 9223372036200463215 + 1109914409 cannot be represented in type 'long'
Fixes: 41480/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6553086177443840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 562021e2fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
f433faed1e avformat/mxfdec: Check for duplicate mxf_read_index_entry_array() 
Fixes: memleak
Fixes: 41596/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6439060204290048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f44a218e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
531eeb81ce avcodec/apedec: Change avg to uint32_t 
Fixes: Integer overflow
Fixes: 40973/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6739312704618496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ec75723a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
b4392d045e avformat/mov: Disallow duplicate smdm 
Fixes: memleak
Fixes: 39879/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5327819907923968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5ba74053c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
0d8300a960 avformat/mov: Check for EOF in mov_read_glbl() 
Fixes: Infinite loop
Fixes: 41351/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5433895854669824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 59b4e7cbd8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
12d125e787 avformat/mov: Check channels for mov_parse_stsd_audio() 
Fixes: signed integer overflow: -776522110086937600 * 16 cannot be represented in type 'long'
Fixes: 40563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644829447127040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a64a4c582)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
0afc4fb2e9 avformat/avidec: Check read_odml_index() for failure 
Fixes: Timeout
Fixes: 40950/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6478873068437504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 57adb26d05)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
9a44dc209b avformat/aiffdec: Use av_rescale() for bitrate 
Fixes: integer overflow
Fixes: 40313/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4814761406103552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 905588df97)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
8876c70ee8 avformat/aiffdec: sanity check block_align 
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93f7776921)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
078bbcde0e avformat/aiffdec: Check sample_rate 
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b04836dff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Paul B Mahol
d5cb859665 avfilter/vf_gblur: fix heap-buffer overflow 
Fixes #8282

(cherry picked from commit 64a805883d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Paul B Mahol
439645004b avfilter/vf_lenscorrection: fix division by zero 
Fixes #8265

(cherry picked from commit 19587c9332)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
James Almer
6fe33489be avformat/latmenc: abort if no extradata is available 
Fixes ticket #8273.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit dd01947397)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
d38c8064d4 avcodec/g729dec: Avoid computing invalid temporary pointers for ff_acelp_weighted_vector_sum() 
Fixes: Ticket8176

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c78a76cb0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Paul B Mahol
97ee4a451b avformat/tty: add probe function 
(cherry picked from commit 3bce9e9b3e)
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
422cec5088 avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE 
Fixes: out if array read
Fixes: 40109/clusterfuzz-testcase-minimized-ffmpeg_dem_FLAC_fuzzer-4805686811295744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Mattias Wadman <mattias.wadman@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
f3f575e395 avcodec/ttadsp: Fix integer overflows in tta_filter_process_c() 
Fixes: signed integer overflow: 822841647 + 1647055738 cannot be represented in type 'int'
Fixes: 39935/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-4592657142251520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f24028c798)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
fbdeea9102 avutil/mathematics: Document av_rescale_rnd() behavior on non int64 results 
Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e154353fdb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
James Almer
746f3fc165 fate: update reference files after the recent dash manifest muxer changes 
Missed in 487b49d8f2.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit aa0829d834)
 2022-04-08 16:12:03 -03:00
James Almer
ad26796f4e avformat/webmdashenc: fix on-demand profile string 
Fixes ticket #9596

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 487b49d8f2)
 2022-04-08 00:16:08 -03:00
Andreas Rheinhardt
aa3b2c3883 configure: Add missing libshine->mpegaudioheader dependency 
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit e228d7b0db)
 2022-01-06 08:49:01 +01:00
Andreas Rheinhardt
010281ed23 avformat/mpegenc: Ensure packet queue stays valid 
The MPEG-PS muxer uses a custom queue of custom packets. To keep track
of it, it has a pointer (named predecode_packet) to the head of the
queue and a pointer to where the next packet is to be added (it points
to the next-pointer of the last element of the queue); furthermore,
there is also a pointer that points into the queue (called premux_packet).

The exact behaviour was as follows: If premux_packet was NULL when a
packet is received, it is taken to mean that the old queue is empty and
a new queue is started. premux_packet will point to the head of said
queue and the next_packet-pointer points to its next pointer. If
predecode_packet is NULL, it will also made to point to the newly
allocated element.

But if premux_packet is NULL and predecode_packet is not, then there
will be two queues with head elements premux_packet and
predecode_packet. Yet only elements reachable from predecode_packet are
ever freed, so the premux_packet queue leaks.
Worse yet, when the predecode_packet queue will be eventually exhausted,
predecode_packet will be made to point into the other queue and when
predecode_packet will be freed, the next pointer of the preceding
element of the queue will still point to the element just freed. This
element might very well be still reachable from premux_packet which
leads to use-after-frees lateron. This happened in the tickets mentioned
below.

Fix this by never creating two queues in the first place by checking for
predecode_packet to know whether the queue is empty. If premux_packet is
NULL, then it is set to the newly allocated element of the queue.

Fixes tickets #6887, #8188 and #8266.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit cfce16449c)
 2021-10-19 19:05:16 -03:00
Andreas Rheinhardt
f7c9b1ed56 avformat/movenc: Fix segfault when remuxing rtp hint stream 
When remuxing an rtp hint stream (or any stream with the tag "rtp "),
the mov muxer treats this as one of the rtp hint tracks it creates
internally when ordered to do so; yet this track lacks the
AVFormatContext for the hinting rtp muxer, leading to segfaults in
mov_write_udta_sdp() if a "trak" atom is written for this stream; if not,
the stream's codecpar is freed by mov_free() as if the mov muxer owned
it (it does for the internally created "rtp " tracks), but without
resetting st->codecpar, leading to double-frees lateron. This commit
therefore ignores said tag which makes rtp hint streams unremuxable.

This fixes tickets #8181 and #8186.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 22c3cd1760)
 2021-10-19 19:03:19 -03:00
Baptiste Coudurier
3c4e1a56e3 avformat/mxfenc: fix index byte count in partition header 2021-10-19 19:01:36 -03:00
Michael Niedermayer
a5d2008e2a Changelog: update 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
n4.1.8 		2021-10-17 19:42:14 +02:00
Lynne
d7bd4f73a7 configure: update copyright year 
(cherry picked from commit 63505fc60a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-16 21:19:24 +02:00
Michael Niedermayer
9d8945bd49 avformat/wavdec: Check smv_block_size 
Fixes: Timeout
Fixes: 39554/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-4915221701984256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 849138f476)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-16 21:19:24 +02:00
Michael Niedermayer
770b4de8d1 avformat/rmdec: Check for multiple audio_stream_info 
Fixes: memleak
Fixes: 39166/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5153276690038784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8fe3566b8f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-16 21:19:24 +02:00