FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	c6eb3f1d9b	avformat/rtmppkt: Simplify and deobfuscate amf_tag_skip() slightly Found while reviewing: CID1530313 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cedbef0394`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 21:41:43 +02:00
Michael Niedermayer	cb7f4c6e8a	avformat/rmdec: use 64bit for audio_framesize checks It is not entirely clear what would prevent such overflow so even if it is not possible, it is better to use 64bit Fixes: CID1491898 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `665be4fa2f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 21:40:54 +02:00
Michael Niedermayer	c97f60a193	avformat/tls_schannel: Initialize ret Fixes: CID1591881 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f022afea77`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 21:36:44 +02:00
Michael Niedermayer	96d595b129	avformat/subfile: Assert that whence is a known case This may help CID1452449 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `426d8c84c3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 21:35:14 +02:00
Michael Niedermayer	82c53d27aa	avformat/subfile: Merge if into switch() Found while reviewing CID1452449 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2a0a7d964b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 21:34:44 +02:00
Michael Niedermayer	13c4320a86	avformat/rtsp: Check that lower transport is handled in one of the if() Fixes: CID1473554 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c8200d3825`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 21:12:32 +02:00
Michael Niedermayer	653d70292f	avformat/rtsp: initialize reply1 It seems reply1 is initialized by ff_rtsp_send_cmd() in most cases but there are code paths like "continue" which look like they could skip it but even if not writing this so a complex loop after several layers of calls initialized a local variable through a pointer is just bad design. This patch simply initialized the variable. Fixes: CID1473532 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `498ce4e8b8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 21:11:47 +02:00
Michael Niedermayer	395df0a974	avformat/rtsp: use < 0 for error check Found while reviewing CID1473532 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9bb38ba2b7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 21:11:02 +02:00
Michael Niedermayer	fa05a9367d	avformat/rtpenc_vc2hq: Check sizes Fixes: CID1452585 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7a9ddb7051`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 21:10:35 +02:00
Michael Niedermayer	3942768ffa	avformat/rdt: Check pkt_len Fixes: CID1473553 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0d0373de3b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 19:59:19 +02:00
Michael Niedermayer	ef7577db54	avformat/mpeg: Check len in mpegps_probe() Fixes: CID1473590 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ca237a841e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 19:58:36 +02:00
Michael Niedermayer	4322bba921	avformat/img2dec: assert no pipe on ts_from_file Help coverity with CID1500302 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4824156fa0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 19:55:41 +02:00
Michael Niedermayer	3b67a2f883	avformat/mov: Check edit list for overflow Fixes: 67492/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5778297231310848 Fixes: signed integer overflow: 2314885530818453536 + 7782220156096217088 cannot be represented in type 'long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2882d30e3a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 18:56:10 +02:00
Michael Niedermayer	30461fcd2c	avformat/mxfdec: Check container_ul->desc before use Fixes: CID1592939 Dereference after null check Sponsored-by: Sovereign Tech Fund Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4cab028bd0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-07-21 17:22:25 +02:00
Michael Niedermayer	c3894f1418	avformat/matroskadec: Assert that num_levels is non negative Maybe Closes: CID1452496 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `019fce18bb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-06-15 23:33:00 +02:00
Michael Niedermayer	17fc13a9f1	avformat/libzmq: Check av_strstart() Fixes: CID1453457 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0263b6a48c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-06-15 23:32:59 +02:00
Michael Niedermayer	766fa1c485	avformat/img2dec: Move DQT after unrelated if() Fixes: CID1494636 Missing break in switch Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7d04c6016b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-06-15 23:32:59 +02:00
Michael Niedermayer	b28d8acc7c	avformat/sdp: Check before appending "," Found by reviewing code related to CID1500301 String not null terminated Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5b82852519`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-06-15 23:32:58 +02:00
Michael Niedermayer	0e6fb091b8	avformat/fwse: Remove always false expression Fixes: CID1460758 Operands don't affect result Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `348c3a7ffe`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-06-15 23:32:54 +02:00
Michael Niedermayer	f4b38485df	avformat/asfdec_f: Use 64bit for preroll computation Fixes: CID1500342 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `70b4994762`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-06-15 23:32:54 +02:00
Michael Niedermayer	23c45d4421	avformat/argo_asf: Use 64bit in offset intermediate Fixes: CID1467435 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d9d1f65308`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-06-15 23:32:53 +02:00
Michael Niedermayer	254b17eb13	avformat/ape: Use 64bit for final frame size Fixes: CID1505963 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a2b8d03347`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-06-15 23:32:53 +02:00
Michael Niedermayer	2ec04a11a0	avformat/mxfdec: Check body_offset Fixes: signed integer overflow: 538976288 - -9223372036315799520 cannot be represented in type 'long' Fixes: 68060/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5523457266745344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `20a6bfda0f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-06-15 23:32:44 +02:00
Michael Niedermayer	71f332ce82	avformat/kvag: Check sample_rate Fixes: Division by 0 Fixes: -copyts -start_at_zero -itsoffset 00:00:01 -itsscale 1 -ss 00:00:02 -i zgclab/ffmpeg_crash/poc1 output.mp4 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c26a762ea1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-06-15 23:32:44 +02:00
Michael Niedermayer	a0c6c0379b	avformat/mxfdec: Check index_edit_rate Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62 Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ed49391961`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-04 21:10:44 +02:00
Michael Niedermayer	b27584ed60	avformat/mpegts: Reset local nb_prg on add_program() failure add_program() will deallocate the whole array on failure so we must clear nb_prgs Fixes: null pointer dereference Fixes: crash-35a3b39ddcc5babeeb005b7399a3a1217c8781bc Found-by: Catena cyber Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cb9752d897`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:09 +02:00
Michael Niedermayer	604df69cf9	avformat/mxfdec: Make edit_unit_byte_count unsigned Suggested-by: Marton Balint <cus@passwd.hu> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f30fe5e8d0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:09 +02:00
Michael Niedermayer	45d14d2f77	avformat/movenc: Check that cts fits in 32bit Fixes: Assertion av_rescale_rnd(start_dts, mov->movie_timescale, track->timescale, AV_ROUND_DOWN) <= 0 failed at libavformat/movenc.c:3694 Fixes: poc2 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d88c284c18`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:08 +02:00
Michael Niedermayer	4daec105a1	avformat/mxfdec: Check first case of offset_temp computation for overflow This is kind of ugly Fixes: signed integer overflow: 255 * 1157565362826411919 cannot be represented in type 'long' Fixes: 67313/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6250434245230592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d6ed6f6e8d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:08 +02:00
Michael Niedermayer	71a3188978	avformat/westwood_vqa: Fix 2g packets Fixes: signed integer overflow: 2147483424 * 2 cannot be represented in type 'int' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4576211411795968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `86f73277bf`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:07 +02:00
Michael Niedermayer	03e781da07	avformat/matroskadec: Check timescale Fixes: 3.82046e+18 is outside the range of representable values of type 'unsigned int' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6381436594421760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e849eb2343`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:07 +02:00
Michael Niedermayer	08dd17f9d1	avformat/wavdec: satuarte next_tag_ofs, data_end Fixes: signed integer overflow: 5053074104798691550 + 5053074104259715104 cannot be represented in type 'long' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6515315309936640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `61dca9e150`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:07 +02:00
Michael Niedermayer	62f87b7dd2	avformat/sbgdec: Check for negative duration Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0bed22d597`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:06 +02:00
Michael Niedermayer	a5e39d0a27	avformat/rpl: Use 64bit for total_audio_size and check it Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4677434693517312 Fixes: signed integer overflow: 5555555555555555556 * 8 cannot be represented in type 'long long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `878625812f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:06 +02:00
Michael Niedermayer	1556d35c1a	avformat/jacosubdec: Use 64bit for abs Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5401294942371840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `746203af31`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:05 +02:00
Michael Niedermayer	05430187c9	avformat/concatdec: Check user_duration sum Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6434245599690752 Fixes: signed integer overflow: 9223372026773000000 + 22337000000 cannot be represented in type 'long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `007486058c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:05 +02:00
Michael Niedermayer	d1bce5ba12	avformat/concatdec: clip outpoint - inpoint overflow in get_best_effort_duration() An alternative would be to limit all time/duration fields to below 64bit Fixes: signed integer overflow: -93000000 - 9223372036839000000 cannot be represented in type 'long long' Fixes: 64546/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5110813828186112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dd733b2be4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:04 +02:00
Michael Niedermayer	24f1cb1608	avformat/jacosubdec: clarify code add comments, rename variables and indent things differently Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e83e8d443b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:04 +02:00
Michael Niedermayer	d2faf163bb	avformat/cafdec: Check that data chunk end fits within 64bit Fixes: signed integer overflow: 64 + 9223372036854775803 cannot be represented in type 'long long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464 Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b792e4d4c7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:03 +02:00
Michael Niedermayer	c8ceee4ba3	avformat/iff: Saturate avio_tell() + 12 Fixes: signed integer overflow: 9223372036854775796 + 12 cannot be represented in type 'long long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4898373660704768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b8e754525c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:03 +02:00
Michael Niedermayer	f966c25d25	avformat/dxa: Adjust order of operations around block align Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464 Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `50d8e4f273`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:03 +02:00
Michael Niedermayer	625ca605f5	avformat/cafdec: dont seek beyond 64bit Fixes: signed integer overflow: 64 + 9223372036854775807 cannot be represented in type 'long long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064 Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d973fcbcc2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:02 +02:00
Michael Niedermayer	3fc4d5d1d8	avformat/id3v2: read_uslt() check for the amount read Fixes: timeout Fixes: 66783/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5356884892647424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c0f4abe2aa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:06:02 +02:00
Romain Beauxis	a43d719c50	libavformat/hlsenc.c: Populate OTI using AAC profile in write_codec_attr. This patch populates the third entry for HLS codec attribute using the AAC profile. The HLS specifications[1] require this value to be the Object Type ID as referred to in table 1.3 of ISO/IEC 14496-3:2009[2]. The numerical constants in the code refer to these OTIs minus one, as documented in commit 372597e[3], confirmed by comparing the values in the code with the values in the table mentioned above. Links: 1: https://datatracker.ietf.org/doc/html/rfc6381#section-3.3 2: https://csclub.uwaterloo.ca/~ehashman/ISO14496-3-2009.pdf 3: `372597e538` Changes in this version: - Default value set to "mp4a.40.2" when profile is unknown for backward compatibility. Signed-off-by: Steven Liu <liuqi05@kuaishou.com> (cherry picked from commit `797f0b27c1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:05:58 +02:00
Michael Niedermayer	7aef2d8264	avformat/flacdec: Avoid double AVERRORS Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `029294ff54`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:05:57 +02:00
Michael Niedermayer	136ba93884	avformat/mov: do not set sign bit for chunk_offsets Fixes: signed integer overflow: 2314885530818453536 - -7412889664301817824 cannot be represented in type 'long' Fixes: 64296/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6304027146846208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cfc0a68d4d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 02:05:54 +02:00
Eugene Zemtsov	b6fa0f9d08	avformat/mov: Check if a key is longer than the atom containing it Stop reading keys and return AVERROR_INVALIDDATA if key_size is larger than the amount of space left in the atom. Bug: https://crbug.com/41496983 Signed-off-by: Eugene Zemtsov <eugene@chromium.org> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `8a23a145d8`)	2024-04-02 09:19:27 -03:00
James Almer	c2f678c307	avformat/mov: don't abort on duplicate Mastering Display Metadata boxes The VP9 spec defines a SmDm box for this information, and the ISOBMFF spec defines a mdvc one. If both are present, just ignore one of them. This is in line with clli and CoLL boxes. Fixes ticket #10711. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `189c32f536`)	2024-03-27 13:56:36 -03:00
Michael Niedermayer	6017705b36	avformat/mov: Ignore duplicate ftyp Fixes: switch_1080p_720p.mp4 Found-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4cdf2c7f76`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-12-21 22:44:02 +01:00
Dale Curtis	207e003758	avformat/mov: Fix integer overflow in mov_read_packet(). Fixes https://crbug.com/1499669: runtime error: signed integer overflow: 9223372036853334272 + 1375731456 cannot be represented in type 'int64_t' (aka 'long') Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2182173a69`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-12-21 22:44:02 +01:00

1 2 3 4 5 ...

23861 Commits