Tag: Branch: Tree: ed9b67a149

master

oldabi

release/0.10

release/0.11

release/0.5

release/0.6

release/0.7

release/0.8

release/0.9

release/1.0

release/1.1

release/1.2

release/2.0

release/2.1

release/2.2

release/2.3

release/2.4

release/2.5

release/2.6

release/2.7

release/2.8

release/3.0

release/3.1

release/3.2

release/3.3

release/3.4

release/4.0

release/4.1

release/4.2

release/4.3

release/4.4

release/5.0

release/5.1

release/6.0

release/6.1

release/7.0

release/7.1

N

ffmpeg-0.6.3

n0.10

n0.10.1

n0.10.10

n0.10.11

n0.10.12

n0.10.13

n0.10.14

n0.10.15

n0.10.16

n0.10.2

n0.10.3

n0.10.4

n0.10.5

n0.10.6

n0.10.7

n0.10.8

n0.10.9

n0.11

n0.11-dev

n0.11.1

n0.11.2

n0.11.3

n0.11.4

n0.11.5

n0.12-dev

n0.5.10

n0.5.11

n0.5.12

n0.5.13

n0.5.14

n0.5.15

n0.5.5

n0.5.6

n0.5.7

n0.5.8

n0.5.9

n0.6.4

n0.6.5

n0.6.6

n0.6.7

n0.7.1

n0.7.10

n0.7.11

n0.7.12

n0.7.13

n0.7.14

n0.7.15

n0.7.16

n0.7.17

n0.7.2

n0.7.3

n0.7.4

n0.7.5

n0.7.6

n0.7.7

n0.7.8

n0.7.9

n0.8

n0.8.1

n0.8.10

n0.8.11

n0.8.12

n0.8.13

n0.8.14

n0.8.15

n0.8.2

n0.8.3

n0.8.4

n0.8.5

n0.8.6

n0.8.7

n0.8.8

n0.8.9

n0.9

n0.9.1

n0.9.2

n0.9.3

n0.9.4

n1.0

n1.0.1

n1.0.10

n1.0.2

n1.0.3

n1.0.4

n1.0.5

n1.0.6

n1.0.7

n1.0.8

n1.0.9

n1.1

n1.1-dev

n1.1.1

n1.1.10

n1.1.11

n1.1.12

n1.1.13

n1.1.14

n1.1.15

n1.1.16

n1.1.2

n1.1.3

n1.1.4

n1.1.5

n1.1.6

n1.1.7

n1.1.8

n1.1.9

n1.2

n1.2-dev

n1.2.1

n1.2.10

n1.2.11

n1.2.12

n1.2.2

n1.2.3

n1.2.4

n1.2.5

n1.2.6

n1.2.7

n1.2.8

n1.2.9

n1.3-dev

n2.0

n2.0.1

n2.0.2

n2.0.3

n2.0.4

n2.0.5

n2.0.6

n2.0.7

n2.1

n2.1-dev

n2.1.1

n2.1.2

n2.1.3

n2.1.4

n2.1.5

n2.1.6

n2.1.7

n2.1.8

n2.2

n2.2-dev

n2.2-rc1

n2.2-rc2

n2.2.1

n2.2.10

n2.2.11

n2.2.12

n2.2.13

n2.2.14

n2.2.15

n2.2.16

n2.2.2

n2.2.3

n2.2.4

n2.2.5

n2.2.6

n2.2.7

n2.2.8

n2.2.9

n2.3

n2.3-dev

n2.3.1

n2.3.2

n2.3.3

n2.3.4

n2.3.5

n2.3.6

n2.4

n2.4-dev

n2.4.1

n2.4.10

n2.4.11

n2.4.12

n2.4.13

n2.4.14

n2.4.2

n2.4.3

n2.4.4

n2.4.5

n2.4.6

n2.4.7

n2.4.8

n2.4.9

n2.5

n2.5-dev

n2.5.1

n2.5.10

n2.5.11

n2.5.2

n2.5.3

n2.5.4

n2.5.5

n2.5.6

n2.5.7

n2.5.8

n2.5.9

n2.6

n2.6-dev

n2.6.1

n2.6.2

n2.6.3

n2.6.4

n2.6.5

n2.6.6

n2.6.7

n2.6.8

n2.6.9

n2.7

n2.7-dev

n2.7.1

n2.7.2

n2.7.3

n2.7.4

n2.7.5

n2.7.6

n2.7.7

n2.8

n2.8-dev

n2.8.1

n2.8.10

n2.8.11

n2.8.12

n2.8.13

n2.8.14

n2.8.15

n2.8.16

n2.8.17

n2.8.18

n2.8.19

n2.8.2

n2.8.20

n2.8.21

n2.8.22

n2.8.3

n2.8.4

n2.8.5

n2.8.6

n2.8.7

n2.8.8

n2.8.9

n2.9-dev

n3.0

n3.0.1

n3.0.10

n3.0.11

n3.0.12

n3.0.2

n3.0.3

n3.0.4

n3.0.5

n3.0.6

n3.0.7

n3.0.8

n3.0.9

n3.1

n3.1-dev

n3.1.1

n3.1.10

n3.1.11

n3.1.2

n3.1.3

n3.1.4

n3.1.5

n3.1.6

n3.1.7

n3.1.8

n3.1.9

n3.2

n3.2-dev

n3.2.1

n3.2.10

n3.2.11

n3.2.12

n3.2.13

n3.2.14

n3.2.15

n3.2.16

n3.2.17

n3.2.18

n3.2.19

n3.2.2

n3.2.3

n3.2.4

n3.2.5

n3.2.6

n3.2.7

n3.2.8

n3.2.9

n3.3

n3.3-dev

n3.3.1

n3.3.2

n3.3.3

n3.3.4

n3.3.5

n3.3.6

n3.3.7

n3.3.8

n3.3.9

n3.4

n3.4-dev

n3.4.1

n3.4.10

n3.4.11

n3.4.12

n3.4.13

n3.4.2

n3.4.3

n3.4.4

n3.4.5

n3.4.6

n3.4.7

n3.4.8

n3.4.9

n3.5-dev

n4.0

n4.0.1

n4.0.2

n4.0.3

n4.0.4

n4.0.5

n4.0.6

n4.1

n4.1-dev

n4.1.1

n4.1.10

n4.1.11

n4.1.2

n4.1.3

n4.1.4

n4.1.5

n4.1.6

n4.1.7

n4.1.8

n4.1.9

n4.2

n4.2-dev

n4.2.1

n4.2.10

n4.2.2

n4.2.3

n4.2.4

n4.2.5

n4.2.6

n4.2.7

n4.2.8

n4.2.9

n4.3

n4.3-dev

n4.3.1

n4.3.2

n4.3.3

n4.3.4

n4.3.5

n4.3.6

n4.3.7

n4.3.8

n4.4

n4.4-dev

n4.4.1

n4.4.2

n4.4.3

n4.4.4

n4.4.5

n4.5-dev

n5.0

n5.0.1

n5.0.2

n5.0.3

n5.1

n5.1-dev

n5.1.1

n5.1.2

n5.1.3

n5.1.4

n5.1.5

n5.1.6

n5.2-dev

n6.0

n6.0.1

n6.1

n6.1-dev

n6.1.1

n6.1.2

n6.2-dev

n7.0

n7.0.1

n7.0.2

n7.1

n7.1-dev

n7.2-dev

v0.5

v0.5.1

v0.5.2

v0.5.3

v0.6

v0.6.1

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'ed9b67a149'

${ noResults }

Commit Graph

25558 Commits (ed9b67a149b32b08bc5d8f6a3192c8329b3c2189)

Author	SHA1	Message	Date
Michael Niedermayer	2b8c96074b	avformat/mov: Use int64_t in intermediate for corrected_dts ... Fixes: CID1500312 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 034054b370) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	0df8b97e09	avformat/mov: Use 64bit in intermediate for current_dts ... Fixes: CID1500304 Unintentional integer overflow Fixes: CID1500318 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0c977d37aa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	d081214a70	avformat/matroskadec: Assert that num_levels is non negative ... Maybe Closes: CID1452496 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 019fce18bb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	bde8a67e92	avformat/libzmq: Check av_strstart() ... Fixes: CID1453457 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0263b6a48c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	d06f35f285	avformat/img2dec: Little JFIF / Exif cleanup ... This changes the behavior and makes it behave how it probably was intended. Either way this is unlikely to result in any user visible change Fixes: CID1494637 Missing break in switch Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5712f36dd0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	ba5343eefb	avformat/img2dec: Move DQT after unrelated if() ... Fixes: CID1494636 Missing break in switch Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7d04c6016b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	ae964c5851	avformat/imfdec: Simplify get_next_track_with_minimum_timestamp() ... This also makes the code more robust Fixes: CID1512414 Uninitialized pointer read Sponsored-by: Sovereign Tech Fund Reviewed-by: Pierre-Anthony Lemieux <pal@sandflow.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f10493f6fc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	6b4165643d	avformat/sdp: Check before appending "," ... Found by reviewing code related to CID1500301 String not null terminated Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5b82852519) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	5477c6dc66	avformat/fwse: Remove always false expression ... Fixes: CID1460758 Operands don't affect result Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 348c3a7ffe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	980d1e530e	avformat/asfdec_f: Use 64bit for preroll computation ... Fixes: CID1500342 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 70b4994762) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	c00fd50092	avformat/argo_asf: Use 64bit in offset intermediate ... Fixes: CID1467435 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d9d1f65308) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	d0092f4ef2	avformat/ape: Use 64bit for final frame size ... Fixes: CID1505963 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a2b8d03347) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	18193cfadb	avformat/ac4dec: Check remaining space in ac4_probe() ... Fixes: CID1538298 Untrusted loop bound Fixes: undefined behavior Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2f04cb673c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	6feea4ada8	avformat/demux: resurrect dead stores ... Fixes: CID1473512 Unused value Fixes: CID1529228 Unused value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 33da5f4e27) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 months ago
Michael Niedermayer	ff547f5fd4	avformat/concatdec: Check file ... Fixes: null pointer dereference Fixes: -stream_loop 1 -ss 00:00:05 -i zgclab/ffmpeg_crash/poc2 -codec:v copy -codec:a aac -y output.mp4 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a5d1497f33) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	19e6b871b6	avformat/mxfdec: Check body_offset ... Fixes: signed integer overflow: 538976288 - -9223372036315799520 cannot be represented in type 'long' Fixes: 68060/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5523457266745344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 20a6bfda0f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Michael Niedermayer	115853a821	avformat/kvag: Check sample_rate ... Fixes: Division by 0 Fixes: -copyts -start_at_zero -itsoffset 00:00:01 -itsscale 1 -ss 00:00:02 -i zgclab/ffmpeg_crash/poc1 output.mp4 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c26a762ea1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 months ago
Marton Balint	fcce528713	avformat/mp3dec: change bogus error message if read_header encounters EOF ... Because of ffio_ensure_seekback() a seek error normally should only happen if the end of file is reached during checking for the junk run-in. Also use proper error code. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 49e018d6fe)	8 months ago
Marton Balint	306ed3f301	avformat/mp3dec: simplify inner frame size check in mp3_read_header ... We are protecting the checked buffer with ffio_ensure_seekback(), so if the inner check fails with a seek error, that likely means the end of file was reached when checking for the next frame. This could also be the result of a wrongly guessed (larger than normal) frame size, so let's continue the loop instead of breaking out early. It will end sooner or later anyway. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit b75e604fe5)	8 months ago
Marton Balint	b4681bd6ec	avformat/mp3dec: only call ffio_ensure_seekback once ... Otherwise the subsequent ffio_ensure_seekback calls destroy the buffer of the earlier. The worst case ~66kB seekback is so small it is easier to request it entirely. Fixes ticket #10837, a regression since 0d17f5228f. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit b005317219)	8 months ago
Michael Niedermayer	eb480d1872	avformat/mxfdec: Check index_edit_rate ... Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62 Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ed49391961) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	7c8c94279c	avformat/isom: Uninit layout in ff_mp4_read_dec_config_descr() ... Fixes: memleak Fixes: 67442/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5068813261406208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit d157725cf7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	2da196b39a	avformat/mpegts: Reset local nb_prg on add_program() failure ... add_program() will deallocate the whole array on failure so we must clear nb_prgs Fixes: null pointer dereference Fixes: crash-35a3b39ddcc5babeeb005b7399a3a1217c8781bc Found-by: Catena cyber Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cb9752d897) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	93d6513bbe	avformat/aiffdec: Check for previously set channels ... Fixes: out of array access (av_channel_layout_copy()) Fixes: 67087/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4920720268263424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 23b29f72ee) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	27d48ddd8f	avformat/mxfdec: Make edit_unit_byte_count unsigned ... Suggested-by: Marton Balint <cus@passwd.hu> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f30fe5e8d0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	56999f9353	avformat/movenc: Check that cts fits in 32bit ... Fixes: Assertion av_rescale_rnd(start_dts, mov->movie_timescale, track->timescale, AV_ROUND_DOWN) <= 0 failed at libavformat/movenc.c:3694 Fixes: poc2 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d88c284c18) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	38261d8cbd	avformat/mxfdec: Check first case of offset_temp computation for overflow ... This is kind of ugly Fixes: signed integer overflow: 255 * 1157565362826411919 cannot be represented in type 'long' Fixes: 67313/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6250434245230592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d6ed6f6e8d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	243359fc78	avformat/westwood_vqa: Fix 2g packets ... Fixes: signed integer overflow: 2147483424 * 2 cannot be represented in type 'int' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4576211411795968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 86f73277bf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	41f9156856	avformat/matroskadec: Check timescale ... Fixes: 3.82046e+18 is outside the range of representable values of type 'unsigned int' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6381436594421760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e849eb2343) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	a42a5e692d	avformat/wavdec: satuarte next_tag_ofs, data_end ... Fixes: signed integer overflow: 5053074104798691550 + 5053074104259715104 cannot be represented in type 'long' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6515315309936640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 61dca9e150) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	6d92f9a85e	avformat/wavdec: sanity check channels and bps before using them for block_align ... Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-4704044498944000 Fixes: signed integer overflow: 520464 * 8224 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75317ec442) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	d492fc3e5e	avformat/sbgdec: Check for negative duration ... Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0bed22d597) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	4a618246cd	avformat/rpl: Use 64bit for total_audio_size and check it ... Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4677434693517312 Fixes: signed integer overflow: 5555555555555555556 * 8 cannot be represented in type 'long long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 878625812f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	db7a80c3ca	avformat/mov: use 64bit for intermediate for rounding ... Fixes: signed integer overflow: 1768972133 + 968491058 cannot be represented in type 'int' Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4802790784303104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f01a89c5a3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	6cc785c255	avformat/jacosubdec: Use 64bit for abs ... Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5401294942371840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 746203af31) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	0a64d77be9	avformat/concatdec: Check user_duration sum ... Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6434245599690752 Fixes: signed integer overflow: 9223372026773000000 + 22337000000 cannot be represented in type 'long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 007486058c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	435f172b5d	avformat/concatdec: clip outpoint - inpoint overflow in get_best_effort_duration() ... An alternative would be to limit all time/duration fields to below 64bit Fixes: signed integer overflow: -93000000 - 9223372036839000000 cannot be represented in type 'long long' Fixes: 64546/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5110813828186112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dd733b2be4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	f0c08506f5	avformat/jacosubdec: clarify code ... add comments, rename variables and indent things differently Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e83e8d443b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	356251d750	avformat/cafdec: Check that data chunk end fits within 64bit ... Fixes: signed integer overflow: 64 + 9223372036854775803 cannot be represented in type 'long long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464 Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b792e4d4c7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	9459a45036	avformat/iff: Saturate avio_tell() + 12 ... Fixes: signed integer overflow: 9223372036854775796 + 12 cannot be represented in type 'long long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4898373660704768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b8e754525c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	521347ee0b	avformat/dxa: Adjust order of operations around block align ... Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464 Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 50d8e4f273) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	d66b1af8df	avformat/cafdec: dont seek beyond 64bit ... Fixes: signed integer overflow: 64 + 9223372036854775807 cannot be represented in type 'long long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064 Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d973fcbcc2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	19ea7b0409	avformat/id3v2: read_uslt() check for the amount read ... Fixes: timeout Fixes: 66783/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5356884892647424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c0f4abe2aa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	b171edca3c	avformat/mov: Check sample_count and auxiliary_info_default_size to be 0 ... This combination causes 0 size arrays to be allocated and to leak later Fixes: memleak Fixes: 64342/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4520993686945792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3c43299e9e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	8464563b80	avformat/wady: Check >0 samplerate and channels 1 || 2. ... The WADY decoder only supports mono and stereo This fixes a probetest failure Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6f9e90ab0b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Michael Niedermayer	13f0a85c2c	avformat/concatdec: Check in and outpoints to be to produce a positive representable duration ... Fixes: signed integer overflow: -93000000 - 9223372036839000000 cannot be represented in type 'long' Fixes: 64546/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5110813828186112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b2d7cbc378) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Romain Beauxis	adfa69aaa9	libavformat/hlsenc.c: Populate OTI using AAC profile in write_codec_attr. ... This patch populates the third entry for HLS codec attribute using the AAC profile. The HLS specifications[1] require this value to be the Object Type ID as referred to in table 1.3 of ISO/IEC 14496-3:2009[2]. The numerical constants in the code refer to these OTIs minus one, as documented in commit 372597e[3], confirmed by comparing the values in the code with the values in the table mentioned above. Links: 1: https://datatracker.ietf.org/doc/html/rfc6381#section-3.3 2: https://csclub.uwaterloo.ca/~ehashman/ISO14496-3-2009.pdf 3: 372597e538 Changes in this version: - Default value set to "mp4a.40.2" when profile is unknown for backward compatibility. Signed-off-by: Steven Liu <liuqi05@kuaishou.com> (cherry picked from commit 797f0b27c1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	10 months ago
Eugene Zemtsov	5e45c27ba9	avformat/mov: Check if a key is longer than the atom containing it ... Stop reading keys and return AVERROR_INVALIDDATA if key_size is larger than the amount of space left in the atom. Bug: https://crbug.com/41496983 Signed-off-by: Eugene Zemtsov <eugene@chromium.org> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 8a23a145d8)	10 months ago
James Almer	f309408874	avformat/mov: don't abort on duplicate Mastering Display Metadata boxes ... The VP9 spec defines a SmDm box for this information, and the ISOBMFF spec defines a mdvc one. If both are present, just ignore one of them. This is in line with clli and CoLL boxes. Fixes ticket #10711. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 189c32f536)	10 months ago
Marton Balint	894bebeaf7	avformat/mpegts: detect synchronous metadata KLV more reliably ... The mpegts code historically tries to strip (the first) metadata access unit header from synchronous KLV metadata, but the detection for such streams was unreliable causing strips of asynchronous metadata or ID3 as well. MISB ST 1402 specifies required stream type, stream id and registration descriptor (which eventually maps to the codec ID) so let's use all of these for reliable detection. Fixes a regression caused by 468615f204. Fixes ticket #10828, #10883. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 0aaee4741c)	10 months ago