Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libavformat
AgeCommit message (Collapse)Author
2022-04-07avformat/mov: Check size before subtractionMichael Niedermayer
Fixes: signed integer overflow: -9223372036854775808 - 8 cannot be represented in type 'long' Fixes: 43542/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5237670148702208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d8d9d506a3de976b647bcbb8f76c7b8d30eff576) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/flvdec: timestamps cannot use the full int64 rangeMichael Niedermayer
We do not support this as we multiply by 1000 Fixes: signed integer overflow: -45318575073853696 * 1000 cannot be represented in type 'long' Fixes: 42804/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-4630325425209344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c217ca7718c8e24905d7ba9ede719ae040899476) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/4xm: Check for duplicate track idsMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dd949124793c722ed55dead9da245574ace81968) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/4xm: Consider max_streams on reallocating tracks arrayMichael Niedermayer
Fixes: OOM Fixes: 41595/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-6355979363549184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0dcd95ef8a2e16ed930296567ab1044e33602a34) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/mov: Check next offset in mov_read_dref()Michael Niedermayer
Fixes: signed integer overflow: 9223372036200463215 + 1109914409 cannot be represented in type 'long' Fixes: 41480/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6553086177443840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 562021e2fd4d74589905d9c566c686394d2b0526) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/vivo: Favor setting fps from explicit fractionsMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bf1e93bdc9aaa4fd5c231030b5368aae0df018ee) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/vivo: Do not use the general expression evaluator for parsing a ↵Michael Niedermayer
floating point value Fixes: Timeout Fixes: 41564/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVO_fuzzer-6309014024093696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7b24615565fd488e7e3a435102979a5ea85fe2fe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/mxfdec: Check for duplicate mxf_read_index_entry_array()Michael Niedermayer
Fixes: memleak Fixes: 41596/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6439060204290048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f44a218e53cd92e64ba10a935bc1e7583c3e218) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/mov: Disallow duplicate smdmMichael Niedermayer
Fixes: memleak Fixes: 39879/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5327819907923968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b5ba74053c1ef9f38d9e7b3a036675f06d2b2714) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/mov: Check for EOF in mov_read_glbl()Michael Niedermayer
Fixes: Infinite loop Fixes: 41351/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5433895854669824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 59b4e7cbd87889c0bac710ac7f62782b637419a1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/mov: Check channels for mov_parse_stsd_audio()Michael Niedermayer
Fixes: signed integer overflow: -776522110086937600 * 16 cannot be represented in type 'long' Fixes: 40563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644829447127040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3a64a4c58255d45e05eff80c9464ad3bdc2d6463) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/avidec: Check read_odml_index() for failureMichael Niedermayer
Fixes: Timeout Fixes: 40950/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6478873068437504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 57adb26d058490daf2c5d6ddd3cf0cf2d2212256) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/aiffdec: Use av_rescale() for bitrateMichael Niedermayer
Fixes: integer overflow Fixes: 40313/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4814761406103552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 905588df975071c03c00b2e923c311b4de65a8f4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/aiffdec: sanity check block_alignMichael Niedermayer
Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 93f7776921ed8c5219732210067016c3457e864d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/aiffdec: Check sample_rateMichael Niedermayer
Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1b04836dff9958e8bfdbed2746b8c40b1e119ecc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/latmenc: abort if no extradata is availableJames Almer
Fixes ticket #8273. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit dd01947397b98e94c3f2a79d5820aaf4594f4d3b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/movenc: Fix segfault when remuxing rtp hint streamAndreas Rheinhardt
When remuxing an rtp hint stream (or any stream with the tag "rtp "), the mov muxer treats this as one of the rtp hint tracks it creates internally when ordered to do so; yet this track lacks the AVFormatContext for the hinting rtp muxer, leading to segfaults in mov_write_udta_sdp() if a "trak" atom is written for this stream; if not, the stream's codecpar is freed by mov_free() as if the mov muxer owned it (it does for the internally created "rtp " tracks), but without resetting st->codecpar, leading to double-frees lateron. This commit therefore ignores said tag which makes rtp hint streams unremuxable. This fixes tickets #8181 and #8186. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 22c3cd176079dd104ec7610ead697235b04396f1)
2022-04-07avformat/tty: add probe functionPaul B Mahol
(cherry picked from commit 3bce9e9b3ea35c54bacccc793d7da99ea5157532)
2021-10-12avformat/matroskadec: Reset state also on failure in matroska_reset_status()Michael Niedermayer
The calling code does not handle failures and will fail with assertion failures later. Seeking can always fail even when the position was previously read. Fixes: Assertion failure Fixes: 35253/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4693059982983168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d115eec97929e23fd1b06df2d95f48cf5000eb87) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-12avformat/wavdec: Check smv_block_sizeMichael Niedermayer
Fixes: Timeout Fixes: 39554/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-4915221701984256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 849138f476f4b08656681bfc3aec5beac47777fb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-12avformat/rmdec: Check for multiple audio_stream_infoMichael Niedermayer
Fixes: memleak Fixes: 39166/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5153276690038784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8fe3566b8fdf4bcf5eed419c1aab6eb848287ff3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-12oavformat/avidec: Check offset in odmlMichael Niedermayer
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long' Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 255a7b423ed5e07536bdc72e993056daa4efe009) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-12avformat/mpegts: use actually read packet size in mpegts_resync special caseMichael Niedermayer
Fixes: infinite loop Fixes: 37986/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5292311517462528 - Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Marton Balint <cus@passwd.hu> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 83b2e4c8f15a00f037040131e26e20de83f0d842) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/mvdec: Do not set invalid sample rateMichael Niedermayer
Fixes: signed integer overflow: -682581959642593728 * 16 cannot be represented in type 'long' Fixes: 37883/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5311691517198336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 737e6bf2162b89d396f4d477bfe8c99f1dd885de) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/rmdec: Use 64bit for intermediate for DEINT_ID_INT4Michael Niedermayer
Fixes: runtime error: signed integer overflow: 65312 * 65535 cannot be represented in type 'int' Fixes: 32832/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-4817710040088576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e2c2872393f25253aa40861a9707934c4b83a3af) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/mov: Check for duplicate clliMichael Niedermayer
Fixes: memleak Fixes: 35261/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4869656287510528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9a222f140e2674ac936b2f41c480487bc666dd95) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/jacosubdec: Check for min in t overflow in get_shift()Michael Niedermayer
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 34651/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5157941012463616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 989febfbd0c986e9e3e0f269a6b22778bf79147b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/mxfdec: check channel number in mxf_get_d10_aes3_packet()Michael Niedermayer
Fixes: Out of array access Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3dd5a8a13510d08a4e25e8f138d718672a0fed4a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06network: Define ENOTCONN as WSAENOTCONN if not definedMartin Storsjö
This fixes compilation with old mingw.org toolchains, which has got much fewer errno.h entries. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 6569e9505c781468092c15fa84d034c9e37d26ca) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/avidec: Use 64bit for frame number in odml index parsingMichael Niedermayer
Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int' Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a4c98c507ed3c729fc92d641b974385f8aa37b33) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/adtsenc: return value check for init_get_bits in adts_decode_extradatamaryam ebrahimzadeh
As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. 'buf' is part of 'AVPacket pkt'. replace init_get_bits with init_get_bits8. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/wtvdec: Check for EOF before seeking back in parse_media_type()Michael Niedermayer
Fixes: Infinite loop Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 89505d38de989bddd579ce3b841f1c011f1d7bf2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/wavdec: Use 64bit in new_pos computationMichael Niedermayer
Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9b57d2f0a967195dc1c72fda8f3a983a0132a243) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/sbgdec: Check for overflow in timestamp preparationMichael Niedermayer
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9dbed908403b0d97ae70881fab68020f148b6b11) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/dsicin: Check packet size for overflowMichael Niedermayer
Fixes: signed integer overflow: 24672 + 2147483424 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSICIN_fuzzer-6731325979623424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9d1c47ec033d038e04578eaf0767c8983250d03d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/bfi: check nframesMichael Niedermayer
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6737028768202752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b4e77dfca1c2970446f79277034d8e60c3fe3f4e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/avidec: fix position overflow in avi_load_index()Michael Niedermayer
Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 527821a2dd6f19d9a4d2abe05833346ae86c66c6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/asfdec_f: Check sizeX against paddingMichael Niedermayer
Fixes: signed integer overflow: 2147483607 + 64 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6753897878257664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f034c2e36acb7d0c11dc1849ddf8a67bde44eff4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/aiffdec: Check for size overflow in header parsingMichael Niedermayer
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bae2e1977744f42d56b85193d4910811de829714) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/mov: do not ignore errors in mov_metadata_hmmt()Michael Niedermayer
Fixes: Timeout Fixes: 35637/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6311060272447488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c52c99a18f6e40973e52d99d4bb29e34a66c695a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/mxfdec: Check size for shrinkingMichael Niedermayer
av_shrink_packet() takes int size, so size must fit in int Fixes: out of array access Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65b862ab59c4bfaae98be596b84a072f52444398) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/matroskadec: Fix handling of huge default durationsMichael Niedermayer
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 343d950a4a8a8c32f5f7d9d4ac1fbe317cb9cc80) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/ftp: Check for av_strtok() failureMichael Niedermayer
Fixes: CID1396258 Dereference null return value Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9d40782088cf969fbadc881e4a97ec22b8ae0177) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/rmdec: Check old_format len for overflowMichael Niedermayer
Maybe such large values could be disallowed earlier and closer to where they are set. Fixes: signed integer overflow: 538976288 * 8224 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6704350354341888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 06d174e289eb185f03a34a738965f0042f39c038) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/realtextdec: Check the pts difference before using it for the ↵Michael Niedermayer
duration computation Fixes: signed integer overflow: 5404200000 - -9223372031709351616 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-6737340551790592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe12aa689003db9b07a6e1b837031dcc57a71435) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/qcp: Avoid negative nb_ratesMichael Niedermayer
Fixes: signed integer overflow: 2 * -1725947872 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_QCP_fuzzer-6726807632084992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1b865cc703d29cb307e1fa628aa02940d54eb42a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/nutdec: Check tmp_sizeMichael Niedermayer
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6739990530883584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1ca00b5e44f21840b608e238fa135a1aab6e576b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/msf: Check that channels doesnt overflow during extradata constructionMichael Niedermayer
Fixes: signed integer overflow: 2048 * 1122336 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6726959600107520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1a277926b49dad60d9e78c6c7a8c6b5d0d6d7c9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/mpc8: Check for position overflow in mpc8_handle_chunk()Michael Niedermayer
Fixes: signed integer overflow: 15 + 9223372036854775796 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6723520756318208 Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6739833034768384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8ef25d118246bf443900033fb3588dba628d11b0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/iff: Use 64bit in duration computationMichael Niedermayer
Fixes: signed integer overflow: 588 * 16719904 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6748331936186368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 93d964689c3b2bae26e6e3f502c1ffc4c2e46989) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-30 11:55:14 +0300