virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-07-16 22:42:38 +02:00
Code Issues Releases Activity
112,814 Commits 37 Branches 405 Tags
d06f35f2854fe6bab5ef1cf3bded674e39c0424c
Commit Graph

112814 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paul B Mahol
1606aab99b avfilter/avfilter: fix OOM case for default activate 
Fixes OOM when caller keeps adding frames into filtergraph
that reached EOF by other means, for example EOF is signalled
by other filter in filtergraph or by buffersink.

(cherry picked from commit d9e41ead82)
 2024-05-01 15:32:40 -03:00
Paul B Mahol
670c823406 avfilter/buffersrc: switch to activate 
Fixes OOM when caller keeps adding frames into filtergraph
that reached EOF by other means, for example EOF is signalled
by other filter in filtergraph or by buffersink.

(cherry picked from commit 84e400ae37)
 2024-05-01 15:32:40 -03:00
Zhao Zhili
f914c18de5 avcodec/mediacodecenc: set quality in cq mode 
From AOSP doc, these values are device and codec specific, but lower
values generally result in more efficient (smaller-sized) encoding.

For example, global_quality 50 on Pixel 6 results a 1080P 30 FPS
HEVC with 3744 kb/s, while global_quality 80 results 28178 kb/s.

Fix #10689

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
(cherry picked from commit 287e22f745)
 2024-04-24 12:31:57 +08:00
Michael Niedermayer
9593b727e2 Update for 6.1.2 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-15 01:02:08 +02:00
Andreas Rheinhardt
fce9391532 fate/subtitles: Ignore line endings for sub-scc test 
Since 7bf1b9b357,
the test produces ordinary \n, yet this is not what the reference
file used for the most time, leading to test failures.

Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 99d33cc661)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-14 03:24:04 +02:00
Michael Niedermayer
eb480d1872 avformat/mxfdec: Check index_edit_rate 
Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62
Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed49391961)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-04 21:10:39 +02:00
Michael Niedermayer
610da8475f swscale/utils: Fix xInc overflow 
Fixes: signed integer overflow: 2 * 1073741824 cannot be represented in type 'int'
Fixes: 67802/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6249515855183872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1a9eda65d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-04 21:09:43 +02:00
Michael Niedermayer
b94d2dd59a avcodec/wavarc: fix signed integer overflow in block type 6/19 
Fixes: signed integer overflow: -2088796289 + -91276551 cannot be represented in type 'int'
Fixes: 67772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6533568953122816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 28c7094b25)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-04 21:04:36 +02:00
Michael Niedermayer
b38902646c doc/developer: (security) researchers should be credited 
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a5422196d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-04 20:58:21 +02:00
Michael Niedermayer
7c8c94279c avformat/isom: Uninit layout in ff_mp4_read_dec_config_descr() 
Fixes: memleak
Fixes: 67442/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5068813261406208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d157725cf7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-04 20:55:26 +02:00
Michael Niedermayer
58475c6988 avcodec/exr: Dont use 64bits to hold 6bits 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3984de6ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:09:58 +02:00
Michael Niedermayer
e85ea8baaa avcodec/exr: Check for remaining bits in huf_unpack_enc_table() 
Fixes: Timeout
Fixes: 67645/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6308760977997824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 589fa8a027)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:09:04 +02:00
Michael Niedermayer
72b27f4f70 avcodec/apedec: Use NABS to avoid undefined negation 
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 67738/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5444313212321792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1887ff250c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:07:40 +02:00
Michael Niedermayer
2da196b39a avformat/mpegts: Reset local nb_prg on add_program() failure 
add_program() will deallocate the whole array on failure so
we must clear nb_prgs

Fixes: null pointer dereference
Fixes: crash-35a3b39ddcc5babeeb005b7399a3a1217c8781bc

Found-by: Catena cyber
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cb9752d897)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:04:00 +02:00
Michael Niedermayer
93d6513bbe avformat/aiffdec: Check for previously set channels 
Fixes: out of array access (av_channel_layout_copy())
Fixes: 67087/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4920720268263424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 23b29f72ee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:59 +02:00
Michael Niedermayer
27d48ddd8f avformat/mxfdec: Make edit_unit_byte_count unsigned 
Suggested-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f30fe5e8d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:59 +02:00
Michael Niedermayer
56999f9353 avformat/movenc: Check that cts fits in 32bit 
Fixes: Assertion av_rescale_rnd(start_dts, mov->movie_timescale, track->timescale, AV_ROUND_DOWN) <= 0 failed at libavformat/movenc.c:3694
Fixes: poc2

Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d88c284c18)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:59 +02:00
Michael Niedermayer
38261d8cbd avformat/mxfdec: Check first case of offset_temp computation for overflow 
This is kind of ugly
Fixes: signed integer overflow: 255 * 1157565362826411919 cannot be represented in type 'long'
Fixes: 67313/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6250434245230592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6ed6f6e8d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:58 +02:00
Michael Niedermayer
ab84c37d63 avcodec/jpeg2000htdec: warn about non zero roi shift 
Suggested-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b7eea8e63)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:58 +02:00
Michael Niedermayer
78e54e1361 avcodec/jpeg2000htdec: Check magp before using it in a shift 
Fixes: shift exponent -1 is negative
Fixes: 65378/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5457678193197056

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 19ad05e9e0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:58 +02:00
Michael Niedermayer
5bb9d8affe avfilter/vf_signature: Dont crash on no frames 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d5f03bbc8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:57 +02:00
Michael Niedermayer
243359fc78 avformat/westwood_vqa: Fix 2g packets 
Fixes: signed integer overflow: 2147483424 * 2 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4576211411795968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 86f73277bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:57 +02:00
Michael Niedermayer
41f9156856 avformat/matroskadec: Check timescale 
Fixes: 3.82046e+18 is outside the range of representable values of type 'unsigned int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6381436594421760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e849eb2343)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:57 +02:00
Michael Niedermayer
a42a5e692d avformat/wavdec: satuarte next_tag_ofs, data_end 
Fixes: signed integer overflow: 5053074104798691550 + 5053074104259715104 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6515315309936640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 61dca9e150)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:56 +02:00
Michael Niedermayer
6d92f9a85e avformat/wavdec: sanity check channels and bps before using them for block_align 
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-4704044498944000
Fixes: signed integer overflow: 520464 * 8224 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 75317ec442)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:56 +02:00
Michael Niedermayer
d492fc3e5e avformat/sbgdec: Check for negative duration 
Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0bed22d597)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:56 +02:00
Michael Niedermayer
4a618246cd avformat/rpl: Use 64bit for total_audio_size and check it 
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4677434693517312
Fixes: signed integer overflow: 5555555555555555556 * 8 cannot be represented in type 'long long'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 878625812f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:55 +02:00
Michael Niedermayer
7af16852cb avformat/timecode: use 64bit for intermediate for rounding in fps_from_frame_rate() 
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4802790784303104
Fixes: signed integer overflow: 1768972133 + 968491058 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d8d778a68)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:55 +02:00
Michael Niedermayer
db7a80c3ca avformat/mov: use 64bit for intermediate for rounding 
Fixes: signed integer overflow: 1768972133 + 968491058 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4802790784303104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f01a89c5a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:55 +02:00
Michael Niedermayer
6cc785c255 avformat/jacosubdec: Use 64bit for abs 
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5401294942371840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 746203af31)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:54 +02:00
Michael Niedermayer
0a64d77be9 avformat/concatdec: Check user_duration sum 
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6434245599690752
Fixes: signed integer overflow: 9223372026773000000 + 22337000000 cannot be represented in type 'long'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 007486058c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:54 +02:00
Michael Niedermayer
e709315488 avcodec/wavarc: avoid signed integer overflow in AC code 
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-659847401740697
Fixes: signed integer overflow: 65312 * 34078 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1eb8cbd09c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:54 +02:00
Michael Niedermayer
9062d89849 avcodec/wavarc: Avoid signed integer overflow in sample 
Fixes: signed integer overflow: -2147483648 + -25122315 cannot be represented in type 'int'
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6199806972198912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6009dd07bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:53 +02:00
Michael Niedermayer
4cbc9bb2c9 avcodec/truemotion1: Height not being a multiple of 4 is unsupported 
mb_change_bits is given space based on height >> 2, while more data is read

Fixes: out of array access
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION1_fuzzer-5201925062590464.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ebdcf98499)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:53 +02:00
Michael Niedermayer
9a5f191bfb avcodec/rtv1: fix undefined FFALIGN 
Fixes: signed integer overflow: 2147483647 + 4 cannot be represented in type 'int'
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RTV1_fuzzer-6324303861514240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d188a86730)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:53 +02:00
Michael Niedermayer
aa4cf7a584 avcodec/hcadec: do not allow code to continue after failed init 
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-6247136417087488
Fixes: out of array write

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 48eeb198a5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:52 +02:00
Michael Niedermayer
30fe9d3511 avcodec/hcadec: do not set hfr_group_count to invalid values 
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-6247136417087488
Fixes: out of array write

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit addb85ea39)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:52 +02:00
Michael Niedermayer
435f172b5d avformat/concatdec: clip outpoint - inpoint overflow in get_best_effort_duration() 
An alternative would be to limit all time/duration fields to below 64bit

Fixes: signed integer overflow: -93000000 - 9223372036839000000 cannot be represented in type 'long long'
Fixes: 64546/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5110813828186112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd733b2be4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:52 +02:00
Michael Niedermayer
21ff582aec avcodec/osq: avoid several signed integer overflows 
Fixes: signed integer overflow: 178459578 + 2009763270 cannot be represented in type 'int'
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-5013423686287360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b54c9a9c8f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:51 +02:00
Michael Niedermayer
f0c08506f5 avformat/jacosubdec: clarify code 
add comments, rename variables and indent things differently

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e83e8d443b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:51 +02:00
Michael Niedermayer
356251d750 avformat/cafdec: Check that data chunk end fits within 64bit 
Fixes: signed integer overflow: 64 + 9223372036854775803 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b792e4d4c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:51 +02:00
Michael Niedermayer
9459a45036 avformat/iff: Saturate avio_tell() + 12 
Fixes: signed integer overflow: 9223372036854775796 + 12 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4898373660704768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b8e754525c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:50 +02:00
Michael Niedermayer
521347ee0b avformat/dxa: Adjust order of operations around block align 
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464
Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 50d8e4f273)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:50 +02:00
Michael Niedermayer
d66b1af8df avformat/cafdec: dont seek beyond 64bit 
Fixes: signed integer overflow: 64 + 9223372036854775807 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d973fcbcc2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:50 +02:00
Michael Niedermayer
19ea7b0409 avformat/id3v2: read_uslt() check for the amount read 
Fixes: timeout
Fixes: 66783/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5356884892647424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0f4abe2aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:49 +02:00
Michael Niedermayer
e2a58916b1 avcodec/vmixdec: Check shift before use 
Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int'
Fixes: 65909/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMIX_fuzzer-519459745831321

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 70b26b693e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:49 +02:00
Michael Niedermayer
b171edca3c avformat/mov: Check sample_count and auxiliary_info_default_size to be 0 
This combination causes 0 size arrays to be allocated and to leak later

Fixes: memleak
Fixes: 64342/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4520993686945792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3c43299e9e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:49 +02:00
Michael Niedermayer
8464563b80 avformat/wady: Check >0 samplerate and channels 1 || 2. 
The WADY decoder only supports mono and stereo

This fixes a probetest failure

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f9e90ab0b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:48 +02:00
Michael Niedermayer
a2ceca5cf6 avcodec/cbs_h266_syntax_template: Check tile_y 
Fixes: out of array access
Fixes: 67021/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4883576579489792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 57f252b2d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:48 +02:00
Michael Niedermayer
24367ad563 avcodec/proresenc_kostya: Remove bug similarity text 
According to kostya, it is not based on Wassermans encoder

CC: Kostya Shishkov <kostya.shishkov@gmail.com>
CC: Anatoliy Wasserman <anatoliy.wasserman@yandex.ru>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e0e30e07a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 02:03:48 +02:00