d59582a567
avformat/flacdec: Check avio_read result when reading flac block header.
...
Return AVERROR_INVALIDDATA if all four bytes aren't present.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 95bde49982michael@niedermayer.cc >
2017-02-08 21:17:51 +01:00
17a9e90d1f
avcodec/utils: correct align value for interplay
...
Fixes out of array access
Fixes: 452/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_INTERPLAY_VIDEO_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2080bc3371michael@niedermayer.cc >
2017-02-08 21:17:51 +01:00
3aca3f1257
avcodec/vp56: Check for the bitstream end, pass error codes on
...
Fixes timeout
Fixes: 446/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_VP6_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9e6a242755michael@niedermayer.cc >
2017-02-08 21:17:51 +01:00
9f2e4c26a0
avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan()
...
Fixes timeout
Fixes: 445/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer
Fixes: 456/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_JPEGLS_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 755933cb5cmichael@niedermayer.cc >
2017-02-08 21:17:51 +01:00
1febd817b1
avcodec/pngdec: Fix off by 1 size in decode_zbuf()
...
Fixes out of array access
Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e371f031b9michael@niedermayer.cc >
2017-02-08 21:17:51 +01:00
3f3ee3e62f
avformat/avidec: skip odml master index chunks in avi_sync
...
Fixes pts gaps when reading AVI files > 256GiB generated by FFmpeg.
Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6d579d7c1bmichael@niedermayer.cc >
2017-02-08 21:17:51 +01:00
8be687a81f
avcodec/mjpegdec: Check for rgb before flipping
...
Fixes assertion failure due to unsupported case
Fixes: 356/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 25d9643f11michael@niedermayer.cc >
2017-02-08 21:17:50 +01:00
1827fe0989
avutil/random_seed: Reduce the time needed on systems with very low precission clock()
...
This should fix issues on BSD
CLOCKS_PER_SEC is 128 on BSD while SUSv2 requires it to be a million
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c4152fc42emichael@niedermayer.cc >
2017-02-08 21:17:50 +01:00
02073b5ab1
avutil/random_seed: Improve get_generic_seed() with higher precission clock()
...
Tested-by: Thomas Turner <thomastdt@googlemail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit da73d95badmichael@niedermayer.cc >
2017-02-08 21:17:50 +01:00
1825f7670a
avformat/utils: Print verbose error message if stream count exceeds max_streams
...
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f0bdd53871michael@niedermayer.cc >
2017-02-08 21:17:50 +01:00
2647ca4581
avformat/options_table: Set the default maximum number of streams to 1000
...
Fixes CVE-2016-9561, Note the security relevance of this is disputed as
running out of memory can happen with valid files
Suggested-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com >
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 30581c51e7michael@niedermayer.cc >
2017-02-08 21:17:50 +01:00
2e44b10418
avutil: Add av_image_check_size2()
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f542b152aamichael@niedermayer.cc >
2017-02-08 21:17:50 +01:00
c6fbff1358
avformat: Add max_streams option
...
This allows user apps to stop OOM due to excessive number of streams
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1296f84495michael@niedermayer.cc >
2017-02-08 21:17:50 +01:00
774461ea62
avcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be allocated
...
We are checking during encoding if there is enough space as version 4 needs that
check.
Fixes Ticket6005
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 38a7834bbbmichael@niedermayer.cc >
2017-02-08 21:17:50 +01:00
94a0a484b7
avcodec/mpeg4videodec: Fix undefined shifts in mpeg4_decode_sprite_trajectory()
...
Fixes: part of 670190.ogg
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8258e36385michael@niedermayer.cc >
2017-02-08 21:17:50 +01:00
a127f51140
avformat/oggdec: Skip streams in duration correction that did not had their duration set.
...
Fixes: part of 670190.ogg
Fixes integer overflow
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ee2a6f5df8michael@niedermayer.cc >
2017-02-08 21:17:50 +01:00
07ca8300a6
avcodec/ffv1enc: Fix size of first slice
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cff1c0edaamichael@niedermayer.cc >
2017-02-08 21:17:50 +01:00
f7e18dea7a
pgssubdec: reset rle_data_len/rle_remaining_len on allocation error
...
The code relies on their validity and otherwise can try to access a NULL
object->rle pointer, causing segmentation faults.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 842e98b4d8Andreas.Cadhalpun@googlemail.com >
2017-02-01 02:29:08 +01:00
16c0d8aa46
update for ffmpeg 2.8.10
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2016-12-06 03:50:50 +01:00
1ec9fd15b9
avformat/http: Match chunksize checks to master..3.0
...
Fixes warning about impossible condition
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2016-12-06 03:30:10 +01:00
4a947f4385
Changelog: fix typos
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2016-12-06 01:19:34 +01:00
e0cb113f9b
ffserver: Check chunk size
...
Fixes out of array access
Fixes: poc_ffserver.py
Found-by: Paul Cher <paulcher@icloud.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5d25faa3fmichael@niedermayer.cc >
2016-12-06 00:59:22 +01:00
15abba737b
Avoid using the term "file" and prefer "url" in some docs and comments
...
This should make it less ambigous that these are URLs
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5f27a9c3amichael@niedermayer.cc >
2016-12-06 00:59:22 +01:00
5bfb0b02b6
avformat/rtmppkt: Check for packet size mismatches
...
Fixes out of array access
Found-by: Paul Cher <paulcher@icloud.com >
Reviewed-by: Paul Cher <paulcher@icloud.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7d57ca4d9amichael@niedermayer.cc >
2016-12-06 00:59:22 +01:00
c472c1b3e7
zmqsend: Initialize ret to 0
...
Fixes CID1396857.
(cherry picked from commit d903b4e3admichael@niedermayer.cc >
2016-12-06 00:59:22 +01:00
e8dfe3f34a
configure: check for strtoull on msvc
...
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit b52d3574d4
2016-12-05 19:19:11 -03:00
d3fc5c17de
http: move chunk handling from http_read_stream() to http_buf_read().
...
(cherry picked from commit 845bb40178
2016-12-05 16:20:58 -05:00
606b21353d
http: make length/offset-related variables unsigned.
...
Fixes #5992 , reported and found by Paul Cher <paulcher@icloud.com >.
(cherry picked from commit 2a05c8f813
2016-12-05 16:20:40 -05:00
fb93771072
Changelog: update
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2016-12-04 01:42:53 +01:00
3f8bb78f3e
avcodec/flacdec: Fix undefined shift in decode_subframe()
...
Fixes undefined behavior
Fixes: 639961-media
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1f5630af51michael@niedermayer.cc >
2016-12-04 01:05:02 +01:00
a5989651f0
avcodec/get_bits: Fix get_sbits_long(0)
...
Fixes undefined behavior
Fixes: 640889-media
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c72fa43234michael@niedermayer.cc >
2016-12-04 01:03:53 +01:00
1e512388ee
avformat/ffmdec: Check media type for chunks
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e706e2e775michael@niedermayer.cc >
2016-12-03 17:46:37 +01:00
31d46dc97d
avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()
...
Fixes undefined behavior
Fixes: 640912-media
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 83a75bf6c3michael@niedermayer.cc >
2016-12-03 17:32:54 +01:00
5790ce6273
avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c
...
Fixes: left shift of negative value
Fixes: 668346-media
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit acc163c6abmichael@niedermayer.cc >
2016-12-03 17:32:33 +01:00
f202fefdb0
avformat/oggparsespeex: Check frames_per_packet and packet_size
...
The speex specification does not seem to restrict these values, thus
the limits where choosen so as to avoid multiplicative overflow
Fixes undefined behavior
Fixes: 635422.ogg
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit afcf15b0dbmichael@niedermayer.cc >
2016-12-03 04:10:31 +01:00
3af916db37
avformat/utils: Check start/end before computing duration in update_stream_timings()
...
Fixes undefined behavior
Fixes: 637428.ogg
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 90da187f1dmichael@niedermayer.cc >
2016-12-03 04:10:19 +01:00
518beeb72f
Changelog: Update
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2016-12-02 00:47:39 +01:00
46edc6d5ef
avcodec/flac_parser: Update nb_headers_buffered
...
Fixes infinite loop
Fixes: fuzz.flac
Found-by: Frank Liberato <liberato@google.com >
Reviewed-by: Frank Liberato <liberato@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2475858889michael@niedermayer.cc >
2016-12-01 23:50:40 +01:00
046cc06f5a
avformat/idroqdec: Check chunk_size for being too large
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 744a0b5206michael@niedermayer.cc >
2016-12-01 23:50:40 +01:00
970781f5f2
Update Changelog
2016-11-27 00:47:03 +01:00
d8ec9e97b9
filmstripdec: correctly check image dimensions
...
This prevents a division by zero in read_packet.
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 25012c5644Andreas.Cadhalpun@googlemail.com >
2016-11-27 00:46:36 +01:00
028c87be95
mss2: only use error correction for matching block counts
...
This fixes a heap-buffer-overflow in ff_er_frame_end when decoding mss2
with coded_width/coded_height larger than width/height.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 2566ad98b0Andreas.Cadhalpun@googlemail.com >
2016-11-27 00:46:36 +01:00
b45e112bbd
softfloat: decrease MIN_EXP to cover full float range
...
floats are not necessarily normalized, so a normalized softfloat needs
MIN_EXP lowered by 23 to cover that range.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 2d6f46d801Andreas.Cadhalpun@googlemail.com >
2016-11-27 00:46:35 +01:00
56b120630f
libopusdec: default to stereo for invalid number of channels
...
This fixes an out-of-bounds read if avc->channels is 0.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 8c8f543b81Andreas.Cadhalpun@googlemail.com >
2016-11-27 00:46:35 +01:00
22cd4aa221
sbgdec: prevent NULL pointer access
...
Reviewed-by: Josh de Kock <josh@itanimul.li >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit dbefbb61b7Andreas.Cadhalpun@googlemail.com >
2016-11-27 00:46:35 +01:00
8a7b2fbf6f
smacker: limit recursion depth of smacker_decode_bigtree
...
This fixes segmentation faults due to stack-overflow caused by too deep
recursion.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 946ecd19eaAndreas.Cadhalpun@googlemail.com >
2016-11-27 00:46:35 +01:00
8f27508f1c
mxfdec: fix NULL pointer dereference in mxf_read_packet_old
...
Metadata streams have priv_data set to NULL.
Reviewed-by: Josh de Kock <josh@itanimul.li >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit fdb8c455b6Andreas.Cadhalpun@googlemail.com >
2016-11-27 00:46:35 +01:00
7552f6fc1b
libschroedingerdec: fix leaking of framewithpts
...
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 3c0328d58dAndreas.Cadhalpun@googlemail.com >
2016-11-27 00:46:35 +01:00
70ca4ce17a
libschroedingerdec: don't produce empty frames
...
They are not valid and can cause problems/crashes for API users.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit a86ebbf7f6Andreas.Cadhalpun@googlemail.com >
2016-11-27 00:46:35 +01:00
ccda73a711
softfloat: handle -INT_MAX correctly
...
This is similar to commit 9ac61e73d0michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 0edd569466Andreas.Cadhalpun@googlemail.com >
2016-11-27 00:46:35 +01:00
Frank Liberato
Michael Niedermayer
Tobias Rapp
Andreas Cadhalpun
Timothy Gu
James Almer
Ronald S. Bultje