1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Commit Graph

112882 Commits

Author SHA1 Message Date
Michael Niedermayer
c543847ddd
avcodec/golomb: Assert that k is in the supported range for get_ur/sr_golomb()
Found by code review related to CID1604563 Overflowed return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b2aaeb81f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:41 +02:00
Michael Niedermayer
d4d971efbb
avcodec/golomb: Document return for get_ur_golomb_jpegls() and get_sr_golomb_flac()
Found while reviewing code related to CID1604409 Overflowed return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7cf5b83f6f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:41 +02:00
Michael Niedermayer
6b20dadc81
avcodec/dxv: Fix type in get_opcodes()
Found by code review related to CID1604386 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e5af1c6e91)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:40 +02:00
Michael Niedermayer
0a22787423
avcodec/cri: Check length
Fixes: CID1604394 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 69dcd123f1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:40 +02:00
Michael Niedermayer
343a76e123
avcodec/xsubdec: Check parse_timecode()
Fixes: CID1604490 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 96fd9417e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:40 +02:00
Michael Niedermayer
f99867ef79
avutil/imgutils: av_image_check_size2() ensure width and height fit in 32bit
width and height > 32bit is not supported and its easier to check in a central place

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba63e32957)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:39 +02:00
Michael Niedermayer
05e38d8362
doc/examples/mux: remove nop
Found through code review related to CID1604493 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e6c0c5731e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:39 +02:00
Michael Niedermayer
ba0c1fc015
avcodec/proresenc_kostya: use unsigned alpha for rotation
Fixes: left shift of negative value -208
Fixes: 69073/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_KS_fuzzer-4745020002336768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93e0265e27)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:39 +02:00
Michael Niedermayer
b92c0e54fc
avformat/rtpenc_rfc4175: Use 64bit in computation if copy_offset
Found while reviewing: CID1494441 Untrusted value as argument

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f13ae63259)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:38 +02:00
Michael Niedermayer
f6b059008f
avformat/rtmppkt: Simplify and deobfuscate amf_tag_skip() slightly
Found while reviewing: CID1530313 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cedbef0394)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:38 +02:00
Michael Niedermayer
5af1fe5693
avformat/rmdec: use 64bit for audio_framesize checks
It is not entirely clear what would prevent such overflow so even if it is
not possible, it is better to use 64bit

Fixes: CID1491898 Unintentional integer overflow

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 665be4fa2f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:38 +02:00
Michael Niedermayer
c872336df5
avutil/wchar_filename: Correct sizeof
Fixes: CID1591930 Wrong sizeof argument

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Steve Lhomme <robux4@ycbcr.xyz>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e9e8bea2e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:37 +02:00
Michael Niedermayer
ffb0a4c647
avutil/hwcontext_d3d11va: correct sizeof IDirect3DSurface9
Fixes: CID1591944 Wrong sizeof argument

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Steve Lhomme <robux4@ycbcr.xyz>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 628ba061c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:37 +02:00
Michael Niedermayer
00c45302e7
avutil/hwcontext_d3d11va: Free AVD3D11FrameDescriptor on error
Fixes: CID1598558 Resource leak

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Steve Lhomme <robux4@ycbcr.xyz>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf22f944d5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:37 +02:00
Michael Niedermayer
b220f7dc94
avutil/hwcontext_d3d11va: correct sizeof AVD3D11FrameDescriptor
Fixes: CID1591909 Wrong sizeof argument

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Steve Lhomme <robux4@ycbcr.xyz>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 698ed0d5a5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:36 +02:00
Michael Niedermayer
e0a079be2a
doc/examples/vaapi_encode: Try to check fwrite() for failure
Fixes: CID1604548 Unused value

Sponsored-by: Sovereign Tech Fund
Reviewed-by: "Xiang, Haihao" <haihao.xiang-at-intel.com@ffmpeg.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e4bfff211)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:36 +02:00
Michael Niedermayer
6c9b507841
avformat/usmdec: Initialize value
Fixes: CID1551685 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0619138639)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:36 +02:00
Michael Niedermayer
1164095eca
avformat/tls_schannel: Initialize ret
Fixes: CID1591881 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f022afea77)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:35 +02:00
Michael Niedermayer
49d34302a6
avformat/subfile: Assert that whence is a known case
This may help CID1452449 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 426d8c84c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:35 +02:00
Michael Niedermayer
dfed9fc7bd
avformat/subfile: Merge if into switch()
Found while reviewing CID1452449 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a0a7d964b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:35 +02:00
Michael Niedermayer
aa1bcef3cc
avformat/rtsp: Check that lower transport is handled in one of the if()
Fixes: CID1473554 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8200d3825)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:34 +02:00
Michael Niedermayer
1b0a93466c
avformat/rtsp: initialize reply1
It seems reply1 is initialized by ff_rtsp_send_cmd() in most cases but there
are code paths like "continue" which look like they could skip it but even if not
writing this so a complex loop after several layers of calls initialized a local
variable through a pointer is just bad design.
This patch simply initialized the variable.

Fixes: CID1473532 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 498ce4e8b8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:34 +02:00
Michael Niedermayer
a0c4d98072
avformat/rtsp: use < 0 for error check
Found while reviewing CID1473532 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9bb38ba2b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:33 +02:00
Michael Niedermayer
25ba51aad7
avformat/rtpenc_vc2hq: Check sizes
Fixes: CID1452585 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7a9ddb7051)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:33 +02:00
Michael Niedermayer
f504e2e9f5
avfilter/af_aderivative: Free out on error
Fixes: CID1197065 Resource leak

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 382e9e79f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:33 +02:00
Michael Niedermayer
405723c4cd
swscale/swscale: Use ptrdiff_t for linesize computations
This is unlikely to make a difference

Fixes: CID1591896 Unintentional integer overflow
Fixes: CID1591901 Unintentional integer overflow

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66b60bae68)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:32 +02:00
Michael Niedermayer
ac8ac10e33
avfilter/af_afir: Assert format
Maybe helps: CID1516805 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5c815f937)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:32 +02:00
Michael Niedermayer
40b801870d
avfilter/af_afftdn: Assert format
Maybe helps: CID1515514 Uninitialized scalar variable
Maybe helps: CID1515517 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8f9a6c4ea8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:32 +02:00
Michael Niedermayer
c773ce8435
avfilter/af_pan: check nb_output_channels before use
Fixes: CID1500281 Out-of-bounds write
Fixes: CID1500331 Out-of-bounds write

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5fe8bf4aa5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:31 +02:00
Mark Thompson
a1b6a6907b
cbs_av1: Reject thirty-two zero bits in uvlc code
The spec allows at least thirty-two zero bits followed by a one to mean
2^32-1, with no constraint on the number of zeroes.  The libaom
reference decoder does not match this, instead reading thirty-two zeroes
but not the following one to mean 2^32-1.  These two interpretations are
incompatible and other implementations may follow one or the other.
Therefore reject thirty-two zeroes because the intended behaviour is not
clear.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7110a36ba0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:31 +02:00
Michael Niedermayer
bdd1a93e4b
avfilter/af_mcompand: compute half frequency in double
Fixes: CID1422217 Result is not floating-point

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d0d502ff1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:31 +02:00
Michael Niedermayer
4d7d183ccb
avfilter/af_channelsplit: Assert that av_channel_layout_channel_from_index() succeeds
Maybe Helps: CID1503077 Bad bit shift operation

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cef720ab42)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:30 +02:00
Michael Niedermayer
bea691ffc1
avfilter/af_aresample: Cleanup on av_channel_layout_copy() failure
Fixes: CID1503078 Resource leak

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7a0ea15c7a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:30 +02:00
Michael Niedermayer
252464c49b
tools/coverity: Phase 1 study of anti-halicogenic for coverity av_rescale()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 380a8213b1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:30 +02:00
Michael Niedermayer
3666a36472
avfilter/vf_avgblur: Check plane instead of AVFrame
Fixes: CID1551694 Use after free (false positive based on assuming that out == in and one is freed and one used)

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c296d4fdec)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:29 +02:00
Michael Niedermayer
371c42dd81
avfilter/drawutils: Fix depthb computation
Fixes: CID1496940 Logically dead code

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 34f821e448)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:29 +02:00
Michael Niedermayer
96a63346ee
avfilter/avf_showcwt: Check av_parse_video_rate() for failure
Fixes: CID1539147 Unused value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aab0c344c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:29 +02:00
Michael Niedermayer
807b53c191
avformat/rdt: Check pkt_len
Fixes: CID1473553 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0d0373de3b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:28 +02:00
Michael Niedermayer
9c52069b83
avformat/mpeg: Check len in mpegps_probe()
Fixes: CID1473590 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca237a841e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:28 +02:00
Michael Niedermayer
002c1b4ddb
avformat/mxfenc: resurrects the error print
Fixes: CID1524681 Logically dead code

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a469e48b6d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:28 +02:00
Michael Niedermayer
b736844c5f
avdevice/dshow: Check ICaptureGraphBuilder2_SetFiltergraph() for failure
Fixes: CID1591939 Logically dead code

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c285bb278)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:27 +02:00
Michael Niedermayer
adc6730d51
avcodec/mfenc: check IMFSample_ConvertToContiguousBuffer() for failure
Fixes: CID1591911 Logically dead code

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 86cd7c68bc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:27 +02:00
Michael Niedermayer
74bacfc00b
avcodec/vc1_loopfilter: Factor duplicate code in vc1_b_h_intfi_loop_filter()
Fixes: CID1435168

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 63ecce9ba8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:27 +02:00
Michael Niedermayer
3e02fd22a3
avformat/img2dec: assert no pipe on ts_from_file
Help coverity with CID1500302 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4824156fa0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:26 +02:00
Michael Niedermayer
29852104f5
avcodec/cbs_jpeg: Try to move the read entity to one side in a test
The checked entity should be alone on one side of the check, this avoids
complex considerations of overflows.
This fixes a issue of bad style in our code and a coverity issue.

Fixes: CID1439654 Untrusted pointer read

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 385784a148)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:26 +02:00
Michael Niedermayer
b4d190ca32
fftools/ffmpeg_enc: Initialize fd
Fixes: CID1520677 Uninitialized pointer read

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 462bd44b03)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:26 +02:00
Michael Niedermayer
2334e8e2d2
fftools/ffmpeg_enc: simplify opaque_ref check
Found-while-revieweing: CID1520670 Dereference after null check

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 97b2ab15de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:25 +02:00
Michael Niedermayer
dad619078e
avformat/mov: Check edit list for overflow
Fixes: 67492/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5778297231310848
Fixes: signed integer overflow: 2314885530818453536 + 7782220156096217088 cannot be represented in type 'long'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2882d30e3a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:25 +02:00
Michael Niedermayer
a9c838f6f7
fftools/ffmpeg: Check read() for failure
Fixes: CID1591932 Ignoring number of bytes read

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 34fd247c3b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:25 +02:00
Michael Niedermayer
de3331843c
MAINTAINERS: Add Timo Rothenpieler to server admins
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca4ff242d8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-24 16:52:24 +02:00