summaryrefslogtreecommitdiffstats
path: root/libavformat
Commit message (Collapse)AuthorAgeFilesLines
* avformat/nutenc: don't allocate a dynamic AVIOContext if no index is going ↵James Almer2022-05-041-1/+4
| | | | | | | | | | to be written Fixes ticket #8295 Signed-off-by: James Almer <[email protected]> (cherry picked from commit 1d479300cbe0522c233b7d51148aea2b29bd29ad) Signed-off-by: Michael Niedermayer <[email protected]>
* lavf/tls_mbedtls: add support for mbedtls version 3Timo Rothenpieler2022-04-271-12/+22
| | | | | | | | | | | - certs.h is gone. Only contains test data, and was not used at all. - config.h is renamed. Was seemingly not used, so can be removed. - MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE is gone, instead MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE will be thrown. - mbedtls_pk_parse_keyfile now needs to be passed a properly seeded RNG. Hence, move the call to after RNG seeding. Signed-off-by: Timo Rothenpieler <[email protected]>
* avformat/webmdashenc: fix on-demand profile stringJames Almer2022-04-081-1/+1
| | | | | | | Fixes ticket #9596 Signed-off-by: James Almer <[email protected]> (cherry picked from commit 487b49d8f2e1e81dce86230fc957ca2ee9de00ee)
* avformat/aqtitledec: Skip unrepresentable durationsMichael Niedermayer2022-04-071-1/+2
| | | | | | | | | | Fixes: signed integer overflow: -5 - 9223372036854775807 cannot be represented in type 'long' Fixes: 45665/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-475618463934054 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c2d1597a8a6470045a8da241d4f65c81f26c3107) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/cafdec: Do not store empty keys in read_info_chunk()Michael Niedermayer2022-04-071-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 45543/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5684953164152832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7ec28e1d4cef723485f50f7a08859752b79b570c) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/hls: Check target_durationMichael Niedermayer2022-04-071-1/+7
| | | | | | | | | | | Fixes: signed integer overflow: 77777777777777 * 1000000 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Check pre_nsMichael Niedermayer2022-04-071-0/+2
| | | | | | | | | | Fixes: division by 0 Fixes: 44615/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6681108677263360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 710e51677a6f3a5c2b37dc31a597957a22a5e531) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Use rounded down duration in get_cue_desc() checkMichael Niedermayer2022-04-071-1/+3
| | | | | | | | | | | | Floating point is evil, it would be better if duration was not a double Fixes: Infinite loop Fixes: 45123/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6725052291219456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit bd3a03db9aef72ee36a7cc964171e9f52967f4bc) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/avidec: Check heightMichael Niedermayer2022-04-071-0/+2
| | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: Ticket8486 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ec8ff659f57786c4cb089b07dfeab7e5cbab8d52) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/rmdec: Better duplicate tags checkMichael Niedermayer2022-04-071-4/+5
| | | | | | | | | | Fixes: memleaks Fixes: 44810/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5619494647627776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 15a646e5018078a0954918f510f819a5599f0445) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Disallow empty sidxMichael Niedermayer2022-04-071-0/+2
| | | | | | | | | | | | It appears this is not allowed "Each Segment Index box documents how a (sub)segment is divided into one or more subsegments (which may themselves be further subdivided using Segment Index boxes)." Fixes: Null pointer dereference Fixes: Ticket9517 Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 4419433d77278cb742944c4514be5f72a04103c0) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Check durationMichael Niedermayer2022-04-071-0/+2
| | | | | | | | | | | Fixes: -nan is outside the range of representable values of type 'long' Fixes: 44614/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6216204841254912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 36680078ca3302496d9b0b8a8d7168ce9eabb2bc) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Corner case encryption error cleanup in mov_read_senc()Michael Niedermayer2022-04-071-0/+2
| | | | | | | | | | Fixes: memleak Fixes: 42341/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4566632823914496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8ee0e4abcb8af36cae4eb24d4d6229461c1e3333) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Check desc_bytesMichael Niedermayer2022-04-071-4/+8
| | | | | | | | | | Fixes: Division by 0 Fixes: 44035/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4826721386364928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 5038933977d06d1048b41d71e0ada4d1ac536ddc) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()Michael Niedermayer2022-04-071-1/+1
| | | | | | | | | | Fixes: pointer index expression with base 0x000000000000 overflowed to 0xffffffffffffffff Fixes: 44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5670607746891776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 59328aabd2c789ae053e18a62a20a7addfd4d069) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Fix infinite loop with bz decompressionMichael Niedermayer2022-04-071-2/+2
| | | | | | | | | | | | | The same check is added to zlib too, it seems not needed there though Fixes: Infinite loop Fixes: 43932/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6175167573786624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9c3d2cbb510674226b0c8fa6b146bf891f83786c) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check size before subtractionMichael Niedermayer2022-04-071-0/+2
| | | | | | | | | | Fixes: signed integer overflow: -9223372036854775808 - 8 cannot be represented in type 'long' Fixes: 43542/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5237670148702208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d8d9d506a3de976b647bcbb8f76c7b8d30eff576) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/flvdec: timestamps cannot use the full int64 rangeMichael Niedermayer2022-04-071-0/+2
| | | | | | | | | | | We do not support this as we multiply by 1000 Fixes: signed integer overflow: -45318575073853696 * 1000 cannot be represented in type 'long' Fixes: 42804/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-4630325425209344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c217ca7718c8e24905d7ba9ede719ae040899476) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/4xm: Check for duplicate track idsMichael Niedermayer2022-04-071-0/+3
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit dd949124793c722ed55dead9da245574ace81968) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/4xm: Consider max_streams on reallocating tracks arrayMichael Niedermayer2022-04-071-1/+2
| | | | | | | | | | Fixes: OOM Fixes: 41595/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-6355979363549184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0dcd95ef8a2e16ed930296567ab1044e33602a34) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check next offset in mov_read_dref()Michael Niedermayer2022-04-071-2/+4
| | | | | | | | | | Fixes: signed integer overflow: 9223372036200463215 + 1109914409 cannot be represented in type 'long' Fixes: 41480/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6553086177443840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 562021e2fd4d74589905d9c566c686394d2b0526) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/vivo: Favor setting fps from explicit fractionsMichael Niedermayer2022-04-071-2/+5
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit bf1e93bdc9aaa4fd5c231030b5368aae0df018ee) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/vivo: Do not use the general expression evaluator for parsing a ↵Michael Niedermayer2022-04-071-3/+5
| | | | | | | | | | | | floating point value Fixes: Timeout Fixes: 41564/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVO_fuzzer-6309014024093696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7b24615565fd488e7e3a435102979a5ea85fe2fe) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mxfdec: Check for duplicate mxf_read_index_entry_array()Michael Niedermayer2022-04-071-0/+3
| | | | | | | | | | | Fixes: memleak Fixes: 41596/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6439060204290048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 4f44a218e53cd92e64ba10a935bc1e7583c3e218) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Disallow duplicate smdmMichael Niedermayer2022-04-071-0/+3
| | | | | | | | | | Fixes: memleak Fixes: 39879/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5327819907923968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b5ba74053c1ef9f38d9e7b3a036675f06d2b2714) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check for EOF in mov_read_glbl()Michael Niedermayer2022-04-071-0/+2
| | | | | | | | | | Fixes: Infinite loop Fixes: 41351/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5433895854669824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 59b4e7cbd87889c0bac710ac7f62782b637419a1) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check channels for mov_parse_stsd_audio()Michael Niedermayer2022-04-071-0/+4
| | | | | | | | | | Fixes: signed integer overflow: -776522110086937600 * 16 cannot be represented in type 'long' Fixes: 40563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644829447127040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 3a64a4c58255d45e05eff80c9464ad3bdc2d6463) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/avidec: Check read_odml_index() for failureMichael Niedermayer2022-04-071-2/+5
| | | | | | | | | | Fixes: Timeout Fixes: 40950/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6478873068437504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 57adb26d058490daf2c5d6ddd3cf0cf2d2212256) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/aiffdec: Use av_rescale() for bitrateMichael Niedermayer2022-04-071-2/+4
| | | | | | | | | | | Fixes: integer overflow Fixes: 40313/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4814761406103552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 905588df975071c03c00b2e923c311b4de65a8f4) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/aiffdec: sanity check block_alignMichael Niedermayer2022-04-071-1/+1
| | | | | | | Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 93f7776921ed8c5219732210067016c3457e864d) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/aiffdec: Check sample_rateMichael Niedermayer2022-04-071-0/+3
| | | | | | | Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 1b04836dff9958e8bfdbed2746b8c40b1e119ecc) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/latmenc: abort if no extradata is availableJames Almer2022-04-071-1/+2
| | | | | | | | | Fixes ticket #8273. Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: James Almer <[email protected]> (cherry picked from commit dd01947397b98e94c3f2a79d5820aaf4594f4d3b) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/movenc: Fix segfault when remuxing rtp hint streamAndreas Rheinhardt2022-04-071-0/+4
| | | | | | | | | | | | | | | | | When remuxing an rtp hint stream (or any stream with the tag "rtp "), the mov muxer treats this as one of the rtp hint tracks it creates internally when ordered to do so; yet this track lacks the AVFormatContext for the hinting rtp muxer, leading to segfaults in mov_write_udta_sdp() if a "trak" atom is written for this stream; if not, the stream's codecpar is freed by mov_free() as if the mov muxer owned it (it does for the internally created "rtp " tracks), but without resetting st->codecpar, leading to double-frees lateron. This commit therefore ignores said tag which makes rtp hint streams unremuxable. This fixes tickets #8181 and #8186. Signed-off-by: Andreas Rheinhardt <[email protected]> (cherry picked from commit 22c3cd176079dd104ec7610ead697235b04396f1)
* avformat/tty: add probe functionPaul B Mahol2022-04-071-1/+20
| | | | (cherry picked from commit 3bce9e9b3ea35c54bacccc793d7da99ea5157532)
* avformat/matroskadec: Reset state also on failure in matroska_reset_status()Michael Niedermayer2021-10-121-7/+12
| | | | | | | | | | | | | The calling code does not handle failures and will fail with assertion failures later. Seeking can always fail even when the position was previously read. Fixes: Assertion failure Fixes: 35253/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4693059982983168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d115eec97929e23fd1b06df2d95f48cf5000eb87) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/wavdec: Check smv_block_sizeMichael Niedermayer2021-10-121-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 39554/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-4915221701984256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 849138f476f4b08656681bfc3aec5beac47777fb) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/rmdec: Check for multiple audio_stream_infoMichael Niedermayer2021-10-121-0/+4
| | | | | | | | | | Fixes: memleak Fixes: 39166/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5153276690038784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8fe3566b8fdf4bcf5eed419c1aab6eb848287ff3) Signed-off-by: Michael Niedermayer <[email protected]>
* oavformat/avidec: Check offset in odmlMichael Niedermayer2021-10-121-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long' Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 255a7b423ed5e07536bdc72e993056daa4efe009) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mpegts: use actually read packet size in mpegts_resync special caseMichael Niedermayer2021-10-121-2/+2
| | | | | | | | | | | Fixes: infinite loop Fixes: 37986/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5292311517462528 - Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Marton Balint <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 83b2e4c8f15a00f037040131e26e20de83f0d842) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mvdec: Do not set invalid sample rateMichael Niedermayer2021-10-061-2/+3
| | | | | | | | | | | Fixes: signed integer overflow: -682581959642593728 * 16 cannot be represented in type 'long' Fixes: 37883/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5311691517198336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 737e6bf2162b89d396f4d477bfe8c99f1dd885de) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/rmdec: Use 64bit for intermediate for DEINT_ID_INT4Michael Niedermayer2021-10-061-2/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 65312 * 65535 cannot be represented in type 'int' Fixes: 32832/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-4817710040088576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e2c2872393f25253aa40861a9707934c4b83a3af) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check for duplicate clliMichael Niedermayer2021-10-061-0/+5
| | | | | | | | | | Fixes: memleak Fixes: 35261/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4869656287510528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9a222f140e2674ac936b2f41c480487bc666dd95) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/jacosubdec: Check for min in t overflow in get_shift()Michael Niedermayer2021-10-061-0/+3
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 34651/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5157941012463616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 989febfbd0c986e9e3e0f269a6b22778bf79147b) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mxfdec: check channel number in mxf_get_d10_aes3_packet()Michael Niedermayer2021-10-061-0/+4
| | | | | | | | | | | Fixes: Out of array access Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 3dd5a8a13510d08a4e25e8f138d718672a0fed4a) Signed-off-by: Michael Niedermayer <[email protected]>
* network: Define ENOTCONN as WSAENOTCONN if not definedMartin Storsjö2021-10-061-0/+3
| | | | | | | | | This fixes compilation with old mingw.org toolchains, which has got much fewer errno.h entries. Signed-off-by: Martin Storsjö <[email protected]> (cherry picked from commit 6569e9505c781468092c15fa84d034c9e37d26ca) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/avidec: Use 64bit for frame number in odml index parsingMichael Niedermayer2021-10-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int' Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a4c98c507ed3c729fc92d641b974385f8aa37b33) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/adtsenc: return value check for init_get_bits in adts_decode_extradatamaryam ebrahimzadeh2021-10-061-2/+4
| | | | | | | | | | As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. 'buf' is part of 'AVPacket pkt'. replace init_get_bits with init_get_bits8. Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/wtvdec: Check for EOF before seeking back in parse_media_type()Michael Niedermayer2021-10-061-0/+2
| | | | | | | | | | | Fixes: Infinite loop Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 89505d38de989bddd579ce3b841f1c011f1d7bf2) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/wavdec: Use 64bit in new_pos computationMichael Niedermayer2021-10-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9b57d2f0a967195dc1c72fda8f3a983a0132a243) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/sbgdec: Check for overflow in timestamp preparationMichael Niedermayer2021-10-061-0/+4
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9dbed908403b0d97ae70881fab68020f148b6b11) Signed-off-by: Michael Niedermayer <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-23 09:46:38 +0000