Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libavformat
AgeCommit message (Collapse)Author
2022-10-09avformat/vividas: Check packet sizeMichael Niedermayer
Fixes: signed integer overflow: 119760682 - -2084600173 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6745781167587328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f44489cc5d4f3767f6ad2ad067ee6a3f78374bb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/spdifdec: Use 64bit to compute bit rateMichael Niedermayer
Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4075f0cec1830a7ac081b1a23bd3f5c4e266fe26) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/rpl: Use 64bit for duration computationMichael Niedermayer
Fixes: signed integer overflow: 24709512 * 88 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6737973728641024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 529f64b2eb98e0c3ae4944abd5d01fa7c1def047) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/xwma: Use av_rescale() for duration computationMichael Niedermayer
Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c789f753c3657be9041307f9c03749f5ba5a6bb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration ↵Michael Niedermayer
calculation Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa8eb1bed075931b0ce0a8bc9a8ff5882830044c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/rmdec: check tag_sizeMichael Niedermayer
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2cb7ee8a36bddd3425897135db514ca62fec6e44) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/nutdec: Check fieldsMichael Niedermayer
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c146406eac06f3d3cd3d981c29e7affd834cb4d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/flvdec: Use 64bit for sum_flv_tag_sizeMichael Niedermayer
Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7124f10c1d521096042ba3c9c519828147f78c46) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/dxa: avoid bpc overflowsMichael Niedermayer
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 93db0f0740cacd64ae07b5e8606b70021e48d364) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/cafdec: Check that nb_frasmes fits within 64bitMichael Niedermayer
Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/asfdec_o: Limit packet offsetMichael Niedermayer
avoids overflows with it Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136 Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 736e9e69d5dbbe1d81885dfef59917eb915d2f96) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/ape: Check frames sizeMichael Niedermayer
Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/icodec: Check nb_palMichael Niedermayer
Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit db73ae0dc114aa6fae08e69f977944f056a24995) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/aiffdec: Use 64bit for block_duration useMichael Niedermayer
Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9303ba272e988d87084880c57056b750cc5ffd08) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/aiffdec: Check block_durationMichael Niedermayer
Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1c2b6265c87417033f990fa4a14da9d4008320a4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/mxfdec: only probe max run inMichael Niedermayer
Suggested-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1182bbb2c3226260ed672920251e3410bde8c6c9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/mxfdec: Check run_in is within 65536Michael Niedermayer
Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7786097825d9e3f02b4574c1924c28818eb83340) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09libavformat/hls: Free keysMichael Niedermayer
Fixes: memleak Fixes: 50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu <lingjiujianke@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d32a9f3137c91de86547601a38fea0693c3497f1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/asfdec_o: limit recursion depth in asf_read_unknown()Michael Niedermayer
The threshold of 5 is arbitrary, both smaller and larger should work fine Fixes: Stack overflow Fixes: 50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1f1a368169ef9d945dc4b4764f5c60ba9bbc9134) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09libavformat/iff: Check for overflow in body_end calculationMichael Niedermayer
Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 cannot be represented in type 'long' Fixes: 50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bcb46903040e5a5199281f4ad0a1fdaf750ebc37) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/avidec: Prevent entity expansion attacksMichael Niedermayer
Fixes: Timeout Fixes no testcase, this is the same idea as similar attacks against XML parsers Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f3e823c2aa04d4f5571a5e04c27a244890704c8d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/flvdec: Check for EOF in index readingMichael Niedermayer
Fixes: Timeout Fixes: 47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ceff5d7b74cd9ae6055957979d27d289c70a9e1b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/nutdec: Check get_packetheader() in mainheaderMichael Niedermayer
Fixes; Timeout Fixes: 48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b5de084aa63b79586bc445e6a7fea837688b3941) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/asfdec_f: Use 64bit for packet start timeMichael Niedermayer
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 49014/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6314973315334144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8ed78486fcb065b5b459f14d4b1c3242f6d21ec7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/rtsp: break on unknown protocolsMichael Niedermayer
This function needs more cleanup and it lacks error handling Fixes: use of uninitialized memory Fixes: CID700776 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 73c0fd27c5c53c42e5060fb3a0c1fc5708b6f670) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/iff: simplify duration calculationMichael Niedermayer
Fixes: signed integer overflow: 315680096256 * 134215943 cannot be represented in type 'long long' Fixes: 48713/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5886272312311808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0740641e932551342cc1737d981e950ecffa3b63) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/sctp: close socket on errorsMichael Niedermayer
This is untested as i have no testcase Fixes: CID1302709 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c9a2996544187f67e533bc24f4cf773e50d2362b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/aiffdec: cleanup size handling for extreem casesMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c6f1e48b86471b1cc91c468e78a065075ed409bd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/aiffdec: avoid integer overflow in get_meta()Michael Niedermayer
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 45891/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6159183893889024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6a02de21278ec3bea1d2c62665f2629d5a62210f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/ape: more bits in size for less overflowsMichael Niedermayer
Fixes: signed integer overflow: 2147483647 + 3 cannot be represented in type 'int' Fixes: 46184/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-4678059519770624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e5f6707a7b91664491041526ef3cce7412258b89) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/bfi: Check offsets betterMichael Niedermayer
Fixes: signed integer overflow: -2145378272 - 538976288 cannot be represented in type 'int' Fixes: 45690/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5015496544616448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 35dc93ab44a57d78956414624c4e011414220e98) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/asfdec_f: Check packet_frag_timestampMichael Niedermayer
Fixes: signed integer overflow: -9223372036854775808 - 4607 cannot be represented in type 'long' Fixes: 45685/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5280102802391040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ffc877215056e8f0feb1ff23ba7dc4c19277b94b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/act: Check ff_get_wav_header() for failureMichael Niedermayer
Fixes: missing error check Fixes: CID717495 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5982da87e3464e7df529a169352748560d70ba80) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-10-09avformat/genh: Check sample rateMichael Niedermayer
Fixes: signed integer overflow: -2515507630940093440 * 4 cannot be represented in type 'long' Fixes: 46318/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5009637474172928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a3d790f1977ed6c326eb93bb61757297a7905dcc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-05-04avformat/nutenc: don't allocate a dynamic AVIOContext if no index is going ↵James Almer
to be written Fixes ticket #8295 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 1d479300cbe0522c233b7d51148aea2b29bd29ad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-27lavf/tls_mbedtls: add support for mbedtls version 3Timo Rothenpieler
- certs.h is gone. Only contains test data, and was not used at all. - config.h is renamed. Was seemingly not used, so can be removed. - MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE is gone, instead MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE will be thrown. - mbedtls_pk_parse_keyfile now needs to be passed a properly seeded RNG. Hence, move the call to after RNG seeding. Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2022-04-08avformat/webmdashenc: fix on-demand profile stringJames Almer
Fixes ticket #9596 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 487b49d8f2e1e81dce86230fc957ca2ee9de00ee)
2022-04-07avformat/aqtitledec: Skip unrepresentable durationsMichael Niedermayer
Fixes: signed integer overflow: -5 - 9223372036854775807 cannot be represented in type 'long' Fixes: 45665/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-475618463934054 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c2d1597a8a6470045a8da241d4f65c81f26c3107) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/cafdec: Do not store empty keys in read_info_chunk()Michael Niedermayer
Fixes: Timeout Fixes: 45543/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5684953164152832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7ec28e1d4cef723485f50f7a08859752b79b570c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/hls: Check target_durationMichael Niedermayer
Fixes: signed integer overflow: 77777777777777 * 1000000 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu <lingjiujianke@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/matroskadec: Check pre_nsMichael Niedermayer
Fixes: division by 0 Fixes: 44615/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6681108677263360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 710e51677a6f3a5c2b37dc31a597957a22a5e531) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/matroskadec: Use rounded down duration in get_cue_desc() checkMichael Niedermayer
Floating point is evil, it would be better if duration was not a double Fixes: Infinite loop Fixes: 45123/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6725052291219456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bd3a03db9aef72ee36a7cc964171e9f52967f4bc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/avidec: Check heightMichael Niedermayer
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: Ticket8486 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ec8ff659f57786c4cb089b07dfeab7e5cbab8d52) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/rmdec: Better duplicate tags checkMichael Niedermayer
Fixes: memleaks Fixes: 44810/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5619494647627776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 15a646e5018078a0954918f510f819a5599f0445) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/mov: Disallow empty sidxMichael Niedermayer
It appears this is not allowed "Each Segment Index box documents how a (sub)segment is divided into one or more subsegments (which may themselves be further subdivided using Segment Index boxes)." Fixes: Null pointer dereference Fixes: Ticket9517 Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4419433d77278cb742944c4514be5f72a04103c0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/matroskadec: Check durationMichael Niedermayer
Fixes: -nan is outside the range of representable values of type 'long' Fixes: 44614/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6216204841254912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 36680078ca3302496d9b0b8a8d7168ce9eabb2bc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/mov: Corner case encryption error cleanup in mov_read_senc()Michael Niedermayer
Fixes: memleak Fixes: 42341/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4566632823914496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8ee0e4abcb8af36cae4eb24d4d6229461c1e3333) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/matroskadec: Check desc_bytesMichael Niedermayer
Fixes: Division by 0 Fixes: 44035/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4826721386364928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5038933977d06d1048b41d71e0ada4d1ac536ddc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()Michael Niedermayer
Fixes: pointer index expression with base 0x000000000000 overflowed to 0xffffffffffffffff Fixes: 44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5670607746891776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 59328aabd2c789ae053e18a62a20a7addfd4d069) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-04-07avformat/matroskadec: Fix infinite loop with bz decompressionMichael Niedermayer
The same check is added to zlib too, it seems not needed there though Fixes: Infinite loop Fixes: 43932/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6175167573786624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9c3d2cbb510674226b0c8fa6b146bf891f83786c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-18 07:59:28 +0300