Return AVERROR_INVALIDDATA if all four bytes aren't present.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 95bde49982a82bc10470c0adab5969ffe635d064)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: 452/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_INTERPLAY_VIDEO_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2080bc33717955a0e4268e738acf8c1eeddbf8cb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e371f031b942d73e02c090170975561fabd5c264)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes pts gaps when reading AVI files > 256GiB generated by FFmpeg.
Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6d579d7c1bdc4126955cae7f385208e455685986)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes assertion failure due to unsupported case
Fixes: 356/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 25d9643f1172ae6a210c671195ba3135895abaf3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This should fix issues on BSD
CLOCKS_PER_SEC is 128 on BSD while SUSv2 requires it to be a million
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4152fc42e480c41efb7f761b1bbe5f0bc43d5bc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Tested-by: Thomas Turner <thomastdt@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit da73d95bad4736c5e0a6b4b1a811f4dd4525bb4c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f0bdd538712d8ed34120ab2b7bd1409fcc99fb45)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes CVE-2016-9561, Note the security relevance of this is disputed as
running out of memory can happen with valid files
Suggested-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 30581c51e72a7a7ea1572c1c6039f6e4c590a55c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The code relies on their validity and otherwise can try to access a NULL
object->rle pointer, causing segmentation faults.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 842e98b4d83d8cf297e2bc2761f1f47eb89e49e4)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f542b152aa2086b30d1089162d79f5c136905c0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This allows user apps to stop OOM due to excessive number of streams
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1296f844955e513d19051c962656f829479d4fb9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
We are checking during encoding if there is enough space as version 4 needs that
check.
Fixes Ticket6005
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38a7834bbb24ef62466b076715e0add60e1d6962)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: part of 670190.ogg
Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8258e363851434ad5662c19d036fddb3e3f27683)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: part of 670190.ogg
Fixes integer overflow
Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ee2a6f5df8c6a151c3e3826872f1b0a07401c62a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cff1c0edaa797eca96663d9b83e4b8c1b609ff19)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit b52d3574d466e745834d1283b55570dee1e2d4cd)
Fixes out of array access
Fixes: poc_ffserver.py
Found-by: Paul Cher <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This should make it less ambigous that these are URLs
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5f27a9c3aa973c543bd8bbf2a78363700bbc03e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Found-by: Paul Cher <paulcher@icloud.com>
Reviewed-by: Paul Cher <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7d57ca4d9a75562fa32e40766211de150f8b3ee7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes valgrind warnings about usage of uninitialized values.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 51e329918dc1826de7451541cb15bef3b9bfe138)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e706e2e775730db5dfa9103628cd70704dd13cef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value
Fixes: 668346-media
Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit acc163c6ab52d2235767852262c64c7f6b273d1c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The speex specification does not seem to restrict these values, thus
the limits where choosen so as to avoid multiplicative overflow
Fixes undefined behavior
Fixes: 635422.ogg
Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit afcf15b0dbb4b6429be5083e50b296cdca61875e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 744a0b5206634e5de04d5c31f08cc3640faf800d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: _ij.mp3
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4e5049a2303ae7fe74216a83206239e4de42c965)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 177/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_FLV1_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2baf36caed98cfdc7f6a2086fbf26f1a172f16cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0eb319800567b79ca6b4cf0d90904318641b9e50)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 173/fuzz-3-ffmpeg_SUBTITLE_AV_CODEC_ID_MOV_TEXT_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a609905723c01e356d35146425c3d45c090aae7b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ea27157682200e5f78cadcabdb009eccd9dd9b1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: poc.dat
Found-by: Bingchang, Liu @VARAS of IIE
Tested-by: bc L <l.bing.chang.bc@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 37138338ff602803d174b13fecd363a083bc2f9a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 979bca513424879ed0c653cb1b55fc4156a89576)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f0bc0215a0f7099a2bcba5dced2e045e70fee61)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 161ccdaa06d1d109e8f77d2535bda11ce02720f5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 16793504dfba44e738655807db3274301b9bc690)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
