Tag: Branch: Tree: 25ba51aad7

master

oldabi

release/0.10

release/0.11

release/0.5

release/0.6

release/0.7

release/0.8

release/0.9

release/1.0

release/1.1

release/1.2

release/2.0

release/2.1

release/2.2

release/2.3

release/2.4

release/2.5

release/2.6

release/2.7

release/2.8

release/3.0

release/3.1

release/3.2

release/3.3

release/3.4

release/4.0

release/4.1

release/4.2

release/4.3

release/4.4

release/5.0

release/5.1

release/6.0

release/6.1

release/7.0

release/7.1

N

ffmpeg-0.6.3

n0.10

n0.10.1

n0.10.10

n0.10.11

n0.10.12

n0.10.13

n0.10.14

n0.10.15

n0.10.16

n0.10.2

n0.10.3

n0.10.4

n0.10.5

n0.10.6

n0.10.7

n0.10.8

n0.10.9

n0.11

n0.11-dev

n0.11.1

n0.11.2

n0.11.3

n0.11.4

n0.11.5

n0.12-dev

n0.5.10

n0.5.11

n0.5.12

n0.5.13

n0.5.14

n0.5.15

n0.5.5

n0.5.6

n0.5.7

n0.5.8

n0.5.9

n0.6.4

n0.6.5

n0.6.6

n0.6.7

n0.7.1

n0.7.10

n0.7.11

n0.7.12

n0.7.13

n0.7.14

n0.7.15

n0.7.16

n0.7.17

n0.7.2

n0.7.3

n0.7.4

n0.7.5

n0.7.6

n0.7.7

n0.7.8

n0.7.9

n0.8

n0.8.1

n0.8.10

n0.8.11

n0.8.12

n0.8.13

n0.8.14

n0.8.15

n0.8.2

n0.8.3

n0.8.4

n0.8.5

n0.8.6

n0.8.7

n0.8.8

n0.8.9

n0.9

n0.9.1

n0.9.2

n0.9.3

n0.9.4

n1.0

n1.0.1

n1.0.10

n1.0.2

n1.0.3

n1.0.4

n1.0.5

n1.0.6

n1.0.7

n1.0.8

n1.0.9

n1.1

n1.1-dev

n1.1.1

n1.1.10

n1.1.11

n1.1.12

n1.1.13

n1.1.14

n1.1.15

n1.1.16

n1.1.2

n1.1.3

n1.1.4

n1.1.5

n1.1.6

n1.1.7

n1.1.8

n1.1.9

n1.2

n1.2-dev

n1.2.1

n1.2.10

n1.2.11

n1.2.12

n1.2.2

n1.2.3

n1.2.4

n1.2.5

n1.2.6

n1.2.7

n1.2.8

n1.2.9

n1.3-dev

n2.0

n2.0.1

n2.0.2

n2.0.3

n2.0.4

n2.0.5

n2.0.6

n2.0.7

n2.1

n2.1-dev

n2.1.1

n2.1.2

n2.1.3

n2.1.4

n2.1.5

n2.1.6

n2.1.7

n2.1.8

n2.2

n2.2-dev

n2.2-rc1

n2.2-rc2

n2.2.1

n2.2.10

n2.2.11

n2.2.12

n2.2.13

n2.2.14

n2.2.15

n2.2.16

n2.2.2

n2.2.3

n2.2.4

n2.2.5

n2.2.6

n2.2.7

n2.2.8

n2.2.9

n2.3

n2.3-dev

n2.3.1

n2.3.2

n2.3.3

n2.3.4

n2.3.5

n2.3.6

n2.4

n2.4-dev

n2.4.1

n2.4.10

n2.4.11

n2.4.12

n2.4.13

n2.4.14

n2.4.2

n2.4.3

n2.4.4

n2.4.5

n2.4.6

n2.4.7

n2.4.8

n2.4.9

n2.5

n2.5-dev

n2.5.1

n2.5.10

n2.5.11

n2.5.2

n2.5.3

n2.5.4

n2.5.5

n2.5.6

n2.5.7

n2.5.8

n2.5.9

n2.6

n2.6-dev

n2.6.1

n2.6.2

n2.6.3

n2.6.4

n2.6.5

n2.6.6

n2.6.7

n2.6.8

n2.6.9

n2.7

n2.7-dev

n2.7.1

n2.7.2

n2.7.3

n2.7.4

n2.7.5

n2.7.6

n2.7.7

n2.8

n2.8-dev

n2.8.1

n2.8.10

n2.8.11

n2.8.12

n2.8.13

n2.8.14

n2.8.15

n2.8.16

n2.8.17

n2.8.18

n2.8.19

n2.8.2

n2.8.20

n2.8.21

n2.8.22

n2.8.3

n2.8.4

n2.8.5

n2.8.6

n2.8.7

n2.8.8

n2.8.9

n2.9-dev

n3.0

n3.0.1

n3.0.10

n3.0.11

n3.0.12

n3.0.2

n3.0.3

n3.0.4

n3.0.5

n3.0.6

n3.0.7

n3.0.8

n3.0.9

n3.1

n3.1-dev

n3.1.1

n3.1.10

n3.1.11

n3.1.2

n3.1.3

n3.1.4

n3.1.5

n3.1.6

n3.1.7

n3.1.8

n3.1.9

n3.2

n3.2-dev

n3.2.1

n3.2.10

n3.2.11

n3.2.12

n3.2.13

n3.2.14

n3.2.15

n3.2.16

n3.2.17

n3.2.18

n3.2.19

n3.2.2

n3.2.3

n3.2.4

n3.2.5

n3.2.6

n3.2.7

n3.2.8

n3.2.9

n3.3

n3.3-dev

n3.3.1

n3.3.2

n3.3.3

n3.3.4

n3.3.5

n3.3.6

n3.3.7

n3.3.8

n3.3.9

n3.4

n3.4-dev

n3.4.1

n3.4.10

n3.4.11

n3.4.12

n3.4.13

n3.4.2

n3.4.3

n3.4.4

n3.4.5

n3.4.6

n3.4.7

n3.4.8

n3.4.9

n3.5-dev

n4.0

n4.0.1

n4.0.2

n4.0.3

n4.0.4

n4.0.5

n4.0.6

n4.1

n4.1-dev

n4.1.1

n4.1.10

n4.1.11

n4.1.2

n4.1.3

n4.1.4

n4.1.5

n4.1.6

n4.1.7

n4.1.8

n4.1.9

n4.2

n4.2-dev

n4.2.1

n4.2.10

n4.2.2

n4.2.3

n4.2.4

n4.2.5

n4.2.6

n4.2.7

n4.2.8

n4.2.9

n4.3

n4.3-dev

n4.3.1

n4.3.2

n4.3.3

n4.3.4

n4.3.5

n4.3.6

n4.3.7

n4.3.8

n4.4

n4.4-dev

n4.4.1

n4.4.2

n4.4.3

n4.4.4

n4.4.5

n4.5-dev

n5.0

n5.0.1

n5.0.2

n5.0.3

n5.1

n5.1-dev

n5.1.1

n5.1.2

n5.1.3

n5.1.4

n5.1.5

n5.1.6

n5.2-dev

n6.0

n6.0.1

n6.1

n6.1-dev

n6.1.1

n6.1.2

n6.2-dev

n7.0

n7.0.1

n7.0.2

n7.1

n7.1-dev

n7.2-dev

v0.5

v0.5.1

v0.5.2

v0.5.3

v0.6

v0.6.1

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '25ba51aad7'

${ noResults }

Commit Graph

25565 Commits (25ba51aad7aad96239f27caafd213a7c8d681d17)

Author	SHA1	Message	Date
Michael Niedermayer	25ba51aad7	avformat/rtpenc_vc2hq: Check sizes ... Fixes: CID1452585 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7a9ddb7051) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	807b53c191	avformat/rdt: Check pkt_len ... Fixes: CID1473553 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0d0373de3b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	9c52069b83	avformat/mpeg: Check len in mpegps_probe() ... Fixes: CID1473590 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ca237a841e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	002c1b4ddb	avformat/mxfenc: resurrects the error print ... Fixes: CID1524681 Logically dead code Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a469e48b6d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	3e02fd22a3	avformat/img2dec: assert no pipe on ts_from_file ... Help coverity with CID1500302 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4824156fa0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	dad619078e	avformat/mov: Check edit list for overflow ... Fixes: 67492/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5778297231310848 Fixes: signed integer overflow: 2314885530818453536 + 7782220156096217088 cannot be represented in type 'long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2882d30e3a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	4c004c350c	avformat/mxfdec: Check container_ul->desc before use ... Fixes: CID1592939 Dereference after null check Sponsored-by: Sovereign Tech Fund Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4cab028bd0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	2b8c96074b	avformat/mov: Use int64_t in intermediate for corrected_dts ... Fixes: CID1500312 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 034054b370) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	0df8b97e09	avformat/mov: Use 64bit in intermediate for current_dts ... Fixes: CID1500304 Unintentional integer overflow Fixes: CID1500318 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0c977d37aa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	d081214a70	avformat/matroskadec: Assert that num_levels is non negative ... Maybe Closes: CID1452496 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 019fce18bb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	bde8a67e92	avformat/libzmq: Check av_strstart() ... Fixes: CID1453457 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0263b6a48c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	d06f35f285	avformat/img2dec: Little JFIF / Exif cleanup ... This changes the behavior and makes it behave how it probably was intended. Either way this is unlikely to result in any user visible change Fixes: CID1494637 Missing break in switch Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5712f36dd0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	ba5343eefb	avformat/img2dec: Move DQT after unrelated if() ... Fixes: CID1494636 Missing break in switch Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7d04c6016b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	ae964c5851	avformat/imfdec: Simplify get_next_track_with_minimum_timestamp() ... This also makes the code more robust Fixes: CID1512414 Uninitialized pointer read Sponsored-by: Sovereign Tech Fund Reviewed-by: Pierre-Anthony Lemieux <pal@sandflow.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f10493f6fc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	6b4165643d	avformat/sdp: Check before appending "," ... Found by reviewing code related to CID1500301 String not null terminated Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5b82852519) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	5477c6dc66	avformat/fwse: Remove always false expression ... Fixes: CID1460758 Operands don't affect result Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 348c3a7ffe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	980d1e530e	avformat/asfdec_f: Use 64bit for preroll computation ... Fixes: CID1500342 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 70b4994762) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	c00fd50092	avformat/argo_asf: Use 64bit in offset intermediate ... Fixes: CID1467435 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d9d1f65308) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	d0092f4ef2	avformat/ape: Use 64bit for final frame size ... Fixes: CID1505963 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a2b8d03347) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	18193cfadb	avformat/ac4dec: Check remaining space in ac4_probe() ... Fixes: CID1538298 Untrusted loop bound Fixes: undefined behavior Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2f04cb673c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	6feea4ada8	avformat/demux: resurrect dead stores ... Fixes: CID1473512 Unused value Fixes: CID1529228 Unused value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 33da5f4e27) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	ff547f5fd4	avformat/concatdec: Check file ... Fixes: null pointer dereference Fixes: -stream_loop 1 -ss 00:00:05 -i zgclab/ffmpeg_crash/poc2 -codec:v copy -codec:a aac -y output.mp4 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a5d1497f33) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	19e6b871b6	avformat/mxfdec: Check body_offset ... Fixes: signed integer overflow: 538976288 - -9223372036315799520 cannot be represented in type 'long' Fixes: 68060/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5523457266745344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 20a6bfda0f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	115853a821	avformat/kvag: Check sample_rate ... Fixes: Division by 0 Fixes: -copyts -start_at_zero -itsoffset 00:00:01 -itsscale 1 -ss 00:00:02 -i zgclab/ffmpeg_crash/poc1 output.mp4 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c26a762ea1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Marton Balint	fcce528713	avformat/mp3dec: change bogus error message if read_header encounters EOF ... Because of ffio_ensure_seekback() a seek error normally should only happen if the end of file is reached during checking for the junk run-in. Also use proper error code. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 49e018d6fe)	10 months ago
Marton Balint	306ed3f301	avformat/mp3dec: simplify inner frame size check in mp3_read_header ... We are protecting the checked buffer with ffio_ensure_seekback(), so if the inner check fails with a seek error, that likely means the end of file was reached when checking for the next frame. This could also be the result of a wrongly guessed (larger than normal) frame size, so let's continue the loop instead of breaking out early. It will end sooner or later anyway. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit b75e604fe5)	10 months ago
Marton Balint	b4681bd6ec	avformat/mp3dec: only call ffio_ensure_seekback once ... Otherwise the subsequent ffio_ensure_seekback calls destroy the buffer of the earlier. The worst case ~66kB seekback is so small it is easier to request it entirely. Fixes ticket #10837, a regression since 0d17f5228f. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit b005317219)	10 months ago
Michael Niedermayer	eb480d1872	avformat/mxfdec: Check index_edit_rate ... Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62 Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ed49391961) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	7c8c94279c	avformat/isom: Uninit layout in ff_mp4_read_dec_config_descr() ... Fixes: memleak Fixes: 67442/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5068813261406208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit d157725cf7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	2da196b39a	avformat/mpegts: Reset local nb_prg on add_program() failure ... add_program() will deallocate the whole array on failure so we must clear nb_prgs Fixes: null pointer dereference Fixes: crash-35a3b39ddcc5babeeb005b7399a3a1217c8781bc Found-by: Catena cyber Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cb9752d897) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	93d6513bbe	avformat/aiffdec: Check for previously set channels ... Fixes: out of array access (av_channel_layout_copy()) Fixes: 67087/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4920720268263424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 23b29f72ee) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	27d48ddd8f	avformat/mxfdec: Make edit_unit_byte_count unsigned ... Suggested-by: Marton Balint <cus@passwd.hu> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f30fe5e8d0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	56999f9353	avformat/movenc: Check that cts fits in 32bit ... Fixes: Assertion av_rescale_rnd(start_dts, mov->movie_timescale, track->timescale, AV_ROUND_DOWN) <= 0 failed at libavformat/movenc.c:3694 Fixes: poc2 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d88c284c18) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	38261d8cbd	avformat/mxfdec: Check first case of offset_temp computation for overflow ... This is kind of ugly Fixes: signed integer overflow: 255 * 1157565362826411919 cannot be represented in type 'long' Fixes: 67313/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6250434245230592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d6ed6f6e8d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	243359fc78	avformat/westwood_vqa: Fix 2g packets ... Fixes: signed integer overflow: 2147483424 * 2 cannot be represented in type 'int' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4576211411795968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 86f73277bf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	41f9156856	avformat/matroskadec: Check timescale ... Fixes: 3.82046e+18 is outside the range of representable values of type 'unsigned int' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6381436594421760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e849eb2343) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	a42a5e692d	avformat/wavdec: satuarte next_tag_ofs, data_end ... Fixes: signed integer overflow: 5053074104798691550 + 5053074104259715104 cannot be represented in type 'long' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6515315309936640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 61dca9e150) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	6d92f9a85e	avformat/wavdec: sanity check channels and bps before using them for block_align ... Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-4704044498944000 Fixes: signed integer overflow: 520464 * 8224 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75317ec442) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	d492fc3e5e	avformat/sbgdec: Check for negative duration ... Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0bed22d597) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	4a618246cd	avformat/rpl: Use 64bit for total_audio_size and check it ... Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4677434693517312 Fixes: signed integer overflow: 5555555555555555556 * 8 cannot be represented in type 'long long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 878625812f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	db7a80c3ca	avformat/mov: use 64bit for intermediate for rounding ... Fixes: signed integer overflow: 1768972133 + 968491058 cannot be represented in type 'int' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4802790784303104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f01a89c5a3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	6cc785c255	avformat/jacosubdec: Use 64bit for abs ... Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5401294942371840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 746203af31) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	0a64d77be9	avformat/concatdec: Check user_duration sum ... Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6434245599690752 Fixes: signed integer overflow: 9223372026773000000 + 22337000000 cannot be represented in type 'long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 007486058c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	435f172b5d	avformat/concatdec: clip outpoint - inpoint overflow in get_best_effort_duration() ... An alternative would be to limit all time/duration fields to below 64bit Fixes: signed integer overflow: -93000000 - 9223372036839000000 cannot be represented in type 'long long' Fixes: 64546/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5110813828186112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dd733b2be4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	f0c08506f5	avformat/jacosubdec: clarify code ... add comments, rename variables and indent things differently Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e83e8d443b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	356251d750	avformat/cafdec: Check that data chunk end fits within 64bit ... Fixes: signed integer overflow: 64 + 9223372036854775803 cannot be represented in type 'long long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464 Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b792e4d4c7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	9459a45036	avformat/iff: Saturate avio_tell() + 12 ... Fixes: signed integer overflow: 9223372036854775796 + 12 cannot be represented in type 'long long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4898373660704768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b8e754525c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	521347ee0b	avformat/dxa: Adjust order of operations around block align ... Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464 Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 50d8e4f273) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	d66b1af8df	avformat/cafdec: dont seek beyond 64bit ... Fixes: signed integer overflow: 64 + 9223372036854775807 cannot be represented in type 'long long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064 Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d973fcbcc2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago
Michael Niedermayer	19ea7b0409	avformat/id3v2: read_uslt() check for the amount read ... Fixes: timeout Fixes: 66783/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5356884892647424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c0f4abe2aa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	11 months ago