FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-03-17 20:17:55 +02:00

Author	SHA1	Message	Date
Matt Wolenetz	b5c13002d1	lavf/mov.c: Avoid OOB in mov_read_udta_string() Core of patch is from paul@paulmehta.com Reference https://crbug.com/643952 (udta_string portion) Signed-off-by: Matt Wolenetz <wolenetz@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9bbdf5d921ef57e1698f64981e4ea04db7c56fb5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-10 12:14:40 +01:00
Michael Niedermayer	a5dabd4013	Update for 3.0.7 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:16:57 +01:00
Michael Niedermayer	3295d22f3a	avcodec/h264_slice: Clear ref_counts on redundant slices Fixes reading freed memory Fixes: 568/clusterfuzz-testcase-6107186067406848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c03029a835949fc0e68b4c6558ebcdc3ae137087) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 20:08:22 +01:00
Matt Wolenetz	dc1e099bf2	lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid Core of patch is from paul@paulmehta.com Reference https://crbug.com/643951 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Check value reduced as the code does not support values beyond INT_MAX Also the check is moved to a more common place and before integer truncation (cherry picked from commit 2d453188c2303da641dafb048dc1806790526dfd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 11:05:51 +01:00
Matt Wolenetz	4f7064c9da	lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr Core of patch is from paul@paulmehta.com Reference https://crbug.com/643950 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Check value reduced as the code does not support larger lengths (cherry picked from commit fd30e4d57fe5841385f845440688505b88c0f4a9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 04:08:26 +01:00
Michael Niedermayer	bb504aa5eb	avcodec/pictordec: Fix logic error Fixes: 559/clusterfuzz-testcase-6424225917173760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c2ea3030af7b40a3c4275696fb5c76cdb80950a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-07 21:33:21 +01:00
Michael Niedermayer	4730d0d385	avcodec/movtextdec: Fix decode_styl() cleanup Fixes: null pointer dereference Fixes: 555/clusterfuzz-testcase-5986646595993600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e248522d1b0d6dd8641f382cd5c4338d0ecd98e5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-06 12:11:39 +01:00
Chris Cunningham	be0e26d107	lavf/matroskadec: fix is_keyframe for early Blocks Blocks are marked as key frames whenever the "reference" field is zero. This breaks for non-keyframe Blocks with a reference timestamp of zero. The likelihood of reference timestamp being zero is increased by a longstanding bug in muxing that encodes reference timestamp as the absolute time of the referenced frame (rather than relative to the current Block timestamp, as described in MKV spec). Now using INT64_MIN to denote "no reference". Reported to chromium at http://crbug.com/497889 (contains sample) (cherry picked from commit ac25840ee32888f0c13118edeb9404a123cd3a79) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-06 11:00:26 +01:00
James Almer	e8b94e5ce4	configure: bump year Happy new year! (cherry picked from commit d800d48fc67208819c2a4ae5eb214ca5e3ad7e82) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> n3.0.6	2017-02-05 01:53:31 +01:00
Michael Niedermayer	c595b1da4f	Changelog: Update Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-05 01:05:58 +01:00
Michael Niedermayer	f9a96bac28	avcodec/pngdec: Check trns more completely Fixes out of array access Fixes: 546/clusterfuzz-testcase-4809433909559296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e477f09d0b3619f3d29173b2cd593e17e2d1978e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-04 13:23:30 +01:00
Michael Niedermayer	9797929749	avcodec/interplayvideo: Move parameter change check up Fixes out of array read Fixes: 544/clusterfuzz-testcase-5936536407244800.f8bd9b24_8ba77916_70c2c7be_3df6a2ea_96cd9f14 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b1e2192007d7026049237c9ab11e05ae71bf4f42) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-04 03:05:08 +01:00
Michael Niedermayer	dfca37f0e5	Update for 3.0.6 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 17:30:51 +01:00
Michael Niedermayer	a71d22d84d	avcodec/mjpegdec: Check for for the bitstream end in mjpeg_decode_scan_progressive_ac() Fixes timeout Fixes: 496/clusterfuzz-testcase-5805083497332736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3782656631fa8262528c07794acf7e9c2aab000d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 15:59:14 +01:00
Frank Liberato	44eaff5e6d	avformat/flacdec: Check avio_read result when reading flac block header. Return AVERROR_INVALIDDATA if all four bytes aren't present. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 95bde49982a82bc10470c0adab5969ffe635d064) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 15:59:14 +01:00
Michael Niedermayer	cfbab85809	avcodec/utils: correct align value for interplay Fixes out of array access Fixes: 452/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_INTERPLAY_VIDEO_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2080bc33717955a0e4268e738acf8c1eeddbf8cb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 15:59:14 +01:00
Michael Niedermayer	3e03d12c83	avcodec/vp56: Check for the bitstream end, pass error codes on Fixes timeout Fixes: 446/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_VP6_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9e6a2427558a718be0c1fffacffd935f630a7a8d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 15:59:14 +01:00
Michael Niedermayer	02323b1d02	avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan() Fixes timeout Fixes: 445/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer Fixes: 456/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_JPEGLS_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 755933cb5cd17decd1838d3d64e07d4157de5638) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 15:59:14 +01:00
Michael Niedermayer	99c78466ff	avcodec/pngdec: Fix off by 1 size in decode_zbuf() Fixes out of array access Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e371f031b942d73e02c090170975561fabd5c264) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 15:59:14 +01:00
Tobias Rapp	a6639334df	avformat/avidec: skip odml master index chunks in avi_sync Fixes pts gaps when reading AVI files > 256GiB generated by FFmpeg. Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6d579d7c1bdc4126955cae7f385208e455685986) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 15:59:14 +01:00
Michael Niedermayer	72d5addc0b	avcodec/mjpegdec: Check for rgb before flipping Fixes assertion failure due to unsupported case Fixes: 356/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 25d9643f1172ae6a210c671195ba3135895abaf3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 15:59:14 +01:00
Michael Niedermayer	a0b7a3c8aa	avutil/random_seed: Reduce the time needed on systems with very low precission clock() This should fix issues on BSD CLOCKS_PER_SEC is 128 on BSD while SUSv2 requires it to be a million Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c4152fc42e480c41efb7f761b1bbe5f0bc43d5bc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 15:59:14 +01:00
Michael Niedermayer	c4b36ccd02	avutil/random_seed: Improve get_generic_seed() with higher precission clock() Tested-by: Thomas Turner <thomastdt@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit da73d95bad4736c5e0a6b4b1a811f4dd4525bb4c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 15:59:14 +01:00
Michael Niedermayer	198c8924c6	avformat/utils: Print verbose error message if stream count exceeds max_streams Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f0bdd538712d8ed34120ab2b7bd1409fcc99fb45) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 15:59:14 +01:00
Michael Niedermayer	4535861ef8	avformat/options_table: Set the default maximum number of streams to 1000 Fixes CVE-2016-9561, Note the security relevance of this is disputed as running out of memory can happen with valid files Suggested-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 30581c51e72a7a7ea1572c1c6039f6e4c590a55c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-03 15:59:14 +01:00
Andreas Cadhalpun	1a168061da	pgssubdec: reset rle_data_len/rle_remaining_len on allocation error The code relies on their validity and otherwise can try to access a NULL object->rle pointer, causing segmentation faults. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 842e98b4d83d8cf297e2bc2761f1f47eb89e49e4) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2017-02-01 02:28:56 +01:00
Michael Niedermayer	76961f4f42	avutil: Add av_image_check_size2() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f542b152aa2086b30d1089162d79f5c136905c0c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-10 23:12:20 +01:00
Michael Niedermayer	7dd1cc6076	avformat: Add max_streams option This allows user apps to stop OOM due to excessive number of streams Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1296f844955e513d19051c962656f829479d4fb9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-10 22:42:03 +01:00
Michael Niedermayer	667c9ed1f1	avcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be allocated We are checking during encoding if there is enough space as version 4 needs that check. Fixes Ticket6005 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38a7834bbb24ef62466b076715e0add60e1d6962) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-09 21:39:14 +01:00
Michael Niedermayer	efa164aa68	avcodec/mpeg4videodec: Fix undefined shifts in mpeg4_decode_sprite_trajectory() Fixes: part of 670190.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8258e363851434ad5662c19d036fddb3e3f27683) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-09 17:46:31 +01:00
Michael Niedermayer	7c68d5e701	avformat/oggdec: Skip streams in duration correction that did not had their duration set. Fixes: part of 670190.ogg Fixes integer overflow Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ee2a6f5df8c6a151c3e3826872f1b0a07401c62a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-09 17:46:10 +01:00
Michael Niedermayer	0bcc7ea5dc	avcodec/ffv1enc: Fix size of first slice Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cff1c0edaa797eca96663d9b83e4b8c1b609ff19) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-09 02:04:58 +01:00
Michael Niedermayer	b408dba231	Chagelog: update Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> n3.0.5	2016-12-05 23:32:35 +01:00
James Almer	c1435f9dfb	configure: check for strtoull on msvc Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit b52d3574d466e745834d1283b55570dee1e2d4cd)	2016-12-05 19:19:58 -03:00
Ronald S. Bultje	726faff0aa	http: move chunk handling from http_read_stream() to http_buf_read(). (cherry picked from commit 845bb401781ef04e342bd558df16a8dbf5f800f9)	2016-12-05 16:50:51 -05:00
Ronald S. Bultje	2e3f0a1c6f	http: make length/offset-related variables unsigned. Fixes #5992, reported and found by Paul Cher <paulcher@icloud.com>. (cherry picked from commit 2a05c8f813de6f2278827734bf8102291e7484aa)	2016-12-05 16:50:50 -05:00
Michael Niedermayer	1768e02a04	ffserver: Check chunk size Fixes out of array access Fixes: poc_ffserver.py Found-by: Paul Cher <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-05 22:05:37 +01:00
Michael Niedermayer	e0d1db72da	Avoid using the term "file" and prefer "url" in some docs and comments This should make it less ambigous that these are URLs Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a5f27a9c3aa973c543bd8bbf2a78363700bbc03e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-05 22:05:37 +01:00
Michael Niedermayer	a5513ae7bc	avformat/rtmppkt: Check for packet size mismatches Fixes out of array access Found-by: Paul Cher <paulcher@icloud.com> Reviewed-by: Paul Cher <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7d57ca4d9a75562fa32e40766211de150f8b3ee7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-05 22:05:37 +01:00
Timothy Gu	9c0b2b9d5b	zmqsend: Initialize ret to 0 Fixes CID1396857. (cherry picked from commit d903b4e3ad4a81b3dd79f12c2f3b9cb16e511173) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-05 22:05:37 +01:00
James Almer	d111c9ce13	avcodec/rawdec: check for side data before checking its size Fixes valgrind warnings about usage of uninitialized values. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 51e329918dc1826de7451541cb15bef3b9bfe138)	2016-12-04 17:27:07 -03:00
Michael Niedermayer	6e1bc747df	Update for version 3.0.5 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 21:15:15 +01:00
Michael Niedermayer	2c6792b0c6	avcodec/flacdec: Fix undefined shift in decode_subframe() Fixes undefined behavior Fixes: 639961-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1f5630af51f24d79053b6bef5b8b3ba93d637306) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 20:25:15 +01:00
Michael Niedermayer	66bf84e2c4	avcodec/get_bits: Fix get_sbits_long(0) Fixes undefined behavior Fixes: 640889-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c72fa432349881d5a445cd110abf698cc94d490d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 20:25:15 +01:00
Michael Niedermayer	9f7eb718e9	avformat/ffmdec: Check media type for chunks Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e706e2e775730db5dfa9103628cd70704dd13cef) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 20:25:15 +01:00
Michael Niedermayer	2d66fbc853	avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed() Fixes undefined behavior Fixes: 640912-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 83a75bf6c31b3c0ce2ca7e1426d1f2e3df634239) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 20:25:15 +01:00
Michael Niedermayer	2f26f3de78	avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c Fixes: left shift of negative value Fixes: 668346-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit acc163c6ab52d2235767852262c64c7f6b273d1c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 20:25:15 +01:00
Michael Niedermayer	e9003828dd	avformat/oggparsespeex: Check frames_per_packet and packet_size The speex specification does not seem to restrict these values, thus the limits where choosen so as to avoid multiplicative overflow Fixes undefined behavior Fixes: 635422.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit afcf15b0dbb4b6429be5083e50b296cdca61875e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 20:25:15 +01:00
Michael Niedermayer	66e8f87ebc	avformat/utils: Check start/end before computing duration in update_stream_timings() Fixes undefined behavior Fixes: 637428.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 90da187f1d334422477886a19eca3c1da29c59a7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 20:25:15 +01:00
Michael Niedermayer	6bee6ef0c2	avcodec/flac_parser: Update nb_headers_buffered Fixes infinite loop Fixes: fuzz.flac Found-by: Frank Liberato <liberato@google.com> Reviewed-by: Frank Liberato <liberato@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2475858889cde6221677473b663df6f985add33d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 20:25:15 +01:00

1 2 3 4 5 ...

78761 Commits