FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-02-09 14:14:39 +02:00

Author	SHA1	Message	Date
Wenxiang Qian	e62abf9398	avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a142ffdcaec06fcbf7d4b00dbb0e5ddfb9e3344d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-03-24 10:38:51 +01:00
Michael Niedermayer	f906710870	avformat/matroskadec: Do not leak queued packets on sync errors Fixes: memleak Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5649187601121280 Reported-by: Chris Cunningham <chcunningham@google.com> Tested-by: Chris Cunningham <chcunningham@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d1afa7284c3feba4debfebf1b9cf8ad67640e34a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-03-24 10:38:51 +01:00
Michael Niedermayer	3ae6063f5a	avformat/mov: Do not use reference stream in mov_read_sidx() if there is no reference stream Fixes: NULL pointer dereference Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5634316373721088 Reported-by: Chris Cunningham <chcunningham@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b0d8b7cb8e86367178ef0c35dcae359d820c3b27) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-03-24 10:38:51 +01:00
chcunningham	08b159fd0d	avformat/mov: validate chunk_count vs stsc_data Bad content may contain stsc boxes with a first_chunk index that exceeds stco.entries (chunk_count). This ammends the existing check to include cases where chunk_count == 0. It also patches up the case when stsc refers to unknown chunks, but stts has no samples (so we can simply ignore stsc). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1c15449ca9a5bfa387868ac55628397273da761f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-03-24 10:38:51 +01:00
chcunningham	0063964f84	avformat/mov.c: require tfhd to begin parsing trun Detecting missing tfhd avoids re-using tfhd track info from the previous moof. For files with multiple tracks, this may make a mess of the avindex and fragindex, which can later trigger av_assert0 in mov_read_trun(). Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3ea87e5d9ea075d5b3c0f4f8c6c48e514b454cbe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-03-24 10:38:51 +01:00
Michael Niedermayer	136ec39a2f	avformat/rtsp: Check number of streams in sdp_parse_line() Fixes: OOM Found-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 497c9b0cce559d43607bbbd679fe42f1d7e9040e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-03-24 10:38:51 +01:00
Michael Niedermayer	d3aab63320	avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect() Fixes: Infinite loop Found-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0b50f27635f684ec0526e9975c9979f35bbf486b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-03-24 10:38:51 +01:00
David Bryant	24438427ef	avformat/wvdec: detect and error out on WavPack DSD files Not currently supported. (cherry picked from commit db109373d87b1fa5fe9f3d027d1bb752f725b74a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-03-24 10:38:51 +01:00
Michael Niedermayer	f51a271f20	avformat/mpegts: Fix side data type for stream id Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ab1319d82f0c77308792fa2d88cbfc73c3e47cb7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-03-24 10:38:51 +01:00
chcunningham	96062eb3cc	lavf/id3v2: fail read_apic on EOF reading mimetype avio_read may return EOF, leaving the mimetype array unitialized. fail early when this occurs to avoid using the array in an unitialized state. Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-03-24 10:38:51 +01:00
Michael Niedermayer	f9b7c87145	avformat/nutenc: Document trailer index assert better Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3a95b73abc868995b08ca2b4d8bbf2cda43184f8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-03-24 10:38:51 +01:00
chcunningham	cb901e1836	lavf/mov: ensure only one tkhd per trak Chromium fuzzing produced a whacky file with extra tkhds. This caused an AVStream that was already in use to be corrupted by assigning it a new id, which blows up later in mov_read_trun because the MOVFragmentStreamInfo.index_entry now points OOB. Reviewed-by: Baptiste Coudurier <baptiste.coudurier@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c9f7b6f7a9fdffa0ab8f3aa84a1f701cf5b3a6e9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-03-24 10:38:51 +01:00
Michael Niedermayer	d17d08035c	avformat/utils: Never store negative values in last_IP_duration Fixes: integer overflow compute_pkt_fields() Fixes: compute_pkt_usan Reported-by: Thomas Guilbert <tguilbert@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 079d1a7175c4b881631a7e7f449c4c13b761cdeb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-10-28 02:22:42 +02:00
Michael Niedermayer	e9975d1b51	avformat/utils: Fix integer overflow in discontinuity check Fixes: signed integer overflow: 7738135736989908991 - -7954308516317364223 cannot be represented in type 'long' Fixes: find_stream_info_usan Reported-by: Thomas Guilbert <tguilbert@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4e19cfcfa3944fe4cf97bea758f72f104dcaebad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-10-28 02:22:42 +02:00
Dale Curtis	eab5f6e419	avformat/mov: Error on too large stsd entry counts. Entries are always at least 8 bytes per the parsing code, so if we see an impossible entry count avoid massive allocations. This is similar to an existing check in mov_read_stsc(). Since ff_mov_read_stsd_entries() does eof checks, an alternative approach could be to clamp the entry count to atom.size / 8. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 320b631a99a9f759fd1d5460fd4e285d184b8186) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-10-28 02:22:42 +02:00
Michael Niedermayer	0ef49c0818	avformat/nsvdec: Do not parse multiple NSVf The specification states "NSV files may contain a single file header. " Fixes: out of array access Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421 Found-by: Paul Ch <paulcher@icloud.com> Tested-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 78d4b6bd43fc266a2ee926f0555c8782246f9445) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-10-28 02:22:42 +02:00
Michael Niedermayer	ff5196a98a	avformat/mlvdec: read_string() received unsigned size, make the argument unsigned Fixes: infinite loop Fixes: mlv-timeout-e3b8cab9835edecad6823baa057e029671329d04 Found-by: Paul Ch <paulcher@icloud.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1e71cb2c8edcf3dad657c15a6fb8572862f2afb9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-10-28 02:22:42 +02:00
Michael Niedermayer	17c0347977	avformat/rmdec: Fix EOF check in the stream loop in ivr_read_header() Fixes: long running loop Fixes: ivr-timeout-42468cb797f52f025fb329394702f5d4d64322d6 Found-by: Paul Ch <paulcher@icloud.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c2eec1762d372663c35aaf3d6ee419bafb185057) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-10-28 02:22:42 +02:00
Michael Niedermayer	44e878d086	avformat/flvenc: Check audio packet size Fixes: Assertion failure Fixes: assert_flvenc.c:941_1.swf Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-10-28 02:22:42 +02:00
Michael Niedermayer	2b8d4f6f01	avformat/movenc: Write version 2 of audio atom if channels is not known The version 1 needs the channel count and would divide by 0 Fixes: division by 0 Fixes: fpe_movenc.c_1108_1.ogg Fixes: fpe_movenc.c_1108_2.ogg Fixes: fpe_movenc.c_1108_3.wav Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-17 11:46:33 +02:00
Michael Niedermayer	20ad61ffb7	avformat/movenc: Check input sample count Fixes: division by 0 Fixes: fpe_movenc.c_199_1.wav Fixes: fpe_movenc.c_199_2.wav Fixes: fpe_movenc.c_199_3.wav Fixes: fpe_movenc.c_199_4.wav Fixes: fpe_movenc.c_199_5.wav Fixes: fpe_movenc.c_199_6.wav Fixes: fpe_movenc.c_199_7.wav Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3a2d21bc5f97aa0161db3ae731fc2732be6108b8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 01:37:54 +02:00
Michael Niedermayer	36c779bffe	avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id Fixes: out of array access Fixes: ffmpeg_bof_1.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ed22dc22216f74c75ee7901f82649e1ff725ba50) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-07 12:27:14 +02:00
Michael Niedermayer	5da77e7e9e	avformat/mms: Add missing chunksize check Fixes: out of array read Fixes: mms-crash-01b6c5d85f9d9f40f4e879896103e9f5b222816a Found-by: Paul Ch <paulcher@icloud.com> 1st hunk by Paul Ch <paulcher@icloud.com> Tested-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cced03dd667a5df6df8fd40d8de0bff477ee02e8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-07 12:27:00 +02:00
Michael Niedermayer	717ece29fd	avformat/pva: Check for EOF before retrying in read_part_of_packet() Fixes: Infinite loop Fixes: pva-4b1835dbc2027bf3c567005dcc78e85199240d06 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-07 12:27:00 +02:00
Michael Niedermayer	09401d0a0a	avformat/rmdec: Do not pass mime type in rm_read_multi() to ff_rm_read_mdpr_codecdata() Fixes: use after free() Fixes: rmdec-crash-ffe85b4cab1597d1cfea6955705e53f1f5c8a362 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a7e032a277452366771951e29fd0bf2bd5c029f0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-07 12:27:00 +02:00
Michael Niedermayer	9dea41eac7	avformat/asfdec_o: Check size_bmp more fully Fixes: integer overflow and out of array access Fixes: asfo-crash-46080c4341572a7137a162331af77f6ded45cbd7 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-07 12:27:00 +02:00
Michael Niedermayer	3a04f518ac	avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sample Fixes: out of array read Fixes: ffmpeg_crash_8.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 95556e27e2c1d56d9e18f5db34d6f756f3011148) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-07 12:27:00 +02:00
Michael Niedermayer	532ba2e4ae	avformat/mov: Only set pkt->duration to non negative values Reviewed-by: Sasi Inguva <isasi@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8176799f31b23849382623f0f9001acc5edf7c76) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:04 +02:00
Michael Niedermayer	adea365be9	avformat/mov: replace a value error by clipping into valid range in mov_read_stsc() Fixes: #7165 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe84f70819d6f5aab3c4823290e0d32b99d6de78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:04 +02:00
Michael Niedermayer	ce7be9cdc5	avformat/mov: Break out early if chunk_count is 0 in mov_build_index() Without this some operations might overflow (undefined behavior) even though the index adding loop would never execute No testcase known Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 56e76bd0579cc7f7b28860885d9e569a39daf41b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:04 +02:00
Michael Niedermayer	3712d4da1e	avformat/mov: Only fail for STCO/STSC contradictions if both exist Fixes regression with playback of GF9720Repeal20the20Eighth20with20Helen20Linehan.m4a See: crbug 822666 Found-by: "Mattias Wadman <mattias.wadman@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c2d689c56646cce64d02a3b75f61c12c5589260) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:04 +02:00
Stephan Holljes	1d5694ba11	lavf/http.c: Free allocated client URLContext in case of error. Signed-off-by: Stephan Holljes <klaxa1337@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7b6b8c92652d6683d97515352e4a9a4147b7da7c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	0b5a2c9a52	avformat/utils: Check cur_dts in update_initial_timestamps() more Fixes: runtime error: signed integer overflow: 18133149658382192 - -9223090561878065151 cannot be represented in type 'long long' Fixes: crbug 831552 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 37d46dc21d708192b12aa13617ebe6a117b07363) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	ca119e9456	avformat/utils: Fix integer overflow in end time calculation in update_stream_timings() Fixes: crbug 829153 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c48ceff786bdc96fdc64417118c457d03bd19871) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	0f868badcf	avformat/mov: Fix extradata memleak Fixes: crbug 822705 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0a8133119ca5d087c7c7140d100406ff84c477ee) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	9b2ce61155	avformat/mov: Move +1 in check to avoid hypothetical overflow in add_ctts_entry() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit eb60b9d3aaaa42265fb1960be6fff6383cfdbf37) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	e26ae6e6ce	avformat/mov: Check STSC and remove invalid entries Fixes assertion failure Fixes: crbug 822547, crbug 822666 and crbug 823009 Affects: aark15sd_9A62E2FA.mp4 Found-by: ClusterFuzz Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9e67447a4ffacf28af8bace33faf3ea432ddc43e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	8280448784	avformat/mov: Fix integer overflows related to sample_duration Fixes: runtime error: signed integer overflow: -9166684017437101870 + -2495066639299164439 cannot be represented in type Fixes: Chromium bug 791349 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2f37082827a405430c40408ee2db19ea2866ce64) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	3fa6e594a0	avformat/img2dec: fix infinite loop Fixes: kira-poc Found-by: Kira <kira_cxy@foxmail.com> Change suggested by Kira Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a6cba062051f345e8ebfdff34aba071ed73d923f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	24c627a900	avformat/oggparsedaala: Do not adjust AV_NOPTS_VALUE Fixes: potential signed integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f655ddfb47e8484b205b14c7f871c643ad24d701) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	0cdc3e05cb	avformat/oggparseogm: Check lb against psize No testcase, this was found during code review Found-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3e7c847aaf5a298b62afae12b4ecfb8e12385998) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	a376fcaa39	avformat/oggparseogm: Fix undefined shift in ogm_packet() Fixes: shift exponent 48 is too large for 32-bit type 'int' Fixes: Chromium bug 786793 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 010b7b30b721b90993e05e9ee6338e88bb8debb3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	79efbd547e	avformat/avidec: Fix integer overflow in cum_len check Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long' Fixes: Chromium bug 791237 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 06e092e7819b9437da32925200e7c369f93d82e7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	60f6767126	avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE Fixes: Chromium bug 795653 Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long' Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 02ecda4aba69670ca744ccc640391b7621f01fb0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	fea47f6941	avformat/utils: Fix integer overflow of fps_first/last_dts Fixes: runtime error: signed integer overflow: 7738135736989908991 - -7898362169240453118 cannot be represented in type 'long' Fixes: Chromium bug 796778 Reported-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1b1362e408cd6acb63fef126b814b0d16562aa8e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	cd7a2954ae	avformat/oggdec: Fix metadata memleak on multiple headers Fixes: Chromium bug 800123 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit da069e9c68ec1a54e618940dcb9ebae9bf179a32) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	a05d577068	libavformat/oggparsevorbis: Fix memleak on multiple headers Fixes: Chromium bug 800123 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3934aa495d786845d9f541c84ee405c096938f76) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
Michael Niedermayer	7a713cea22	avformat/mov: Fix integer overflow in mov_get_stsc_samples() Fixes: runtime error: signed integer overflow: 5 * -2147483647 cannot be represented in type 'int' Fixes: Chromium bug 817338 Reviewed-by: Matt Wolenetz <wolenetz@google.com> Reported-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 367929bed9def1ccdd9a0f4ac5b7b98d1993782d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-18 01:16:03 +02:00
James Almer	e4b95f710b	avformat/hvcc: zero initialize the nal buffers past the last written byte Prevents use of uninitialized values. Fixes ticket #7038. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 9482ec1b203e4cf51d7f60c85d261cc13f9a9d2f)	2018-02-24 00:38:15 -03:00
James Almer	3fdff40a32	avformat/matroskadec: ignore CodecPrivate if the stream is VP9 Defined in a recent revision of https://www.webmproject.org/docs/container/ This prevents storing the contents of CodecPrivate into extradata for a codec that doesn't need nor expect any. It will among other things prevent matroska specific binary data from being dumped onto other formats during remuxing. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit acdea9e7c56b74b05c56b4733acc855b959ba073)	2018-02-19 22:16:58 -03:00

1 2 3 4 5 ...

20367 Commits