summaryrefslogtreecommitdiffstats
path: root/libavformat
Commit message (Collapse)AuthorAgeFilesLines
* avformat/webmdashenc: fix on-demand profile stringJames Almer2022-04-081-1/+1
| | | | | | | Fixes ticket #9596 Signed-off-by: James Almer <[email protected]> (cherry picked from commit 487b49d8f2e1e81dce86230fc957ca2ee9de00ee)
* avformat/aqtitledec: Skip unrepresentable durationsMichael Niedermayer2022-04-061-1/+2
| | | | | | | | | | Fixes: signed integer overflow: -5 - 9223372036854775807 cannot be represented in type 'long' Fixes: 45665/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-475618463934054 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c2d1597a8a6470045a8da241d4f65c81f26c3107) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/cafdec: Do not store empty keys in read_info_chunk()Michael Niedermayer2022-04-061-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 45543/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5684953164152832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7ec28e1d4cef723485f50f7a08859752b79b570c) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mxfdec: Do not clear array in mxf_read_strong_ref_array() before ↵Michael Niedermayer2022-04-061-1/+1
| | | | | | | | writing Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7aebdb8bf1fc3e09263617a7f49101cba2d43804) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mxfdec: Check for avio_read() failure in mxf_read_strong_ref_array()Michael Niedermayer2022-04-061-1/+7
| | | | | | | | | Fixes: 42827/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4900528511909888 Reviewed-by: Tomas Härdin <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8d6f49cfc339825f3f3f8a910e4bb4c0f822db1f) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mxfdec: Check count in mxf_read_strong_ref_array()Michael Niedermayer2022-04-061-1/+7
| | | | | | | Reviewed-by: Tomas Härdin <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 3015c556f316d4ab364ed55e8bc97cc0f2cc57a3) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/hls: Check target_durationMichael Niedermayer2022-04-061-1/+7
| | | | | | | | | | | Fixes: signed integer overflow: 77777777777777 * 1000000 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Check pre_nsMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | | Fixes: division by 0 Fixes: 44615/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6681108677263360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 710e51677a6f3a5c2b37dc31a597957a22a5e531) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Use rounded down duration in get_cue_desc() checkMichael Niedermayer2022-04-061-1/+3
| | | | | | | | | | | | Floating point is evil, it would be better if duration was not a double Fixes: Infinite loop Fixes: 45123/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6725052291219456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit bd3a03db9aef72ee36a7cc964171e9f52967f4bc) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/avidec: Check heightMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: Ticket8486 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ec8ff659f57786c4cb089b07dfeab7e5cbab8d52) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/rmdec: Better duplicate tags checkMichael Niedermayer2022-04-061-4/+5
| | | | | | | | | | Fixes: memleaks Fixes: 44810/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5619494647627776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 15a646e5018078a0954918f510f819a5599f0445) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Disallow empty sidxMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | | | | It appears this is not allowed "Each Segment Index box documents how a (sub)segment is divided into one or more subsegments (which may themselves be further subdivided using Segment Index boxes)." Fixes: Null pointer dereference Fixes: Ticket9517 Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 4419433d77278cb742944c4514be5f72a04103c0) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Check durationMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | | | Fixes: -nan is outside the range of representable values of type 'long' Fixes: 44614/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6216204841254912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 36680078ca3302496d9b0b8a8d7168ce9eabb2bc) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Corner case encryption error cleanup in mov_read_senc()Michael Niedermayer2022-04-061-0/+2
| | | | | | | | | | Fixes: memleak Fixes: 42341/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4566632823914496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8ee0e4abcb8af36cae4eb24d4d6229461c1e3333) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Check desc_bytesMichael Niedermayer2022-04-061-4/+8
| | | | | | | | | | Fixes: Division by 0 Fixes: 44035/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4826721386364928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 5038933977d06d1048b41d71e0ada4d1ac536ddc) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()Michael Niedermayer2022-04-061-1/+1
| | | | | | | | | | Fixes: pointer index expression with base 0x000000000000 overflowed to 0xffffffffffffffff Fixes: 44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5670607746891776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 59328aabd2c789ae053e18a62a20a7addfd4d069) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Fix infinite loop with bz decompressionMichael Niedermayer2022-04-061-2/+2
| | | | | | | | | | | | | The same check is added to zlib too, it seems not needed there though Fixes: Infinite loop Fixes: 43932/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6175167573786624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9c3d2cbb510674226b0c8fa6b146bf891f83786c) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check size before subtractionMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | | Fixes: signed integer overflow: -9223372036854775808 - 8 cannot be represented in type 'long' Fixes: 43542/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5237670148702208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d8d9d506a3de976b647bcbb8f76c7b8d30eff576) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/flvdec: timestamps cannot use the full int64 rangeMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | | | We do not support this as we multiply by 1000 Fixes: signed integer overflow: -45318575073853696 * 1000 cannot be represented in type 'long' Fixes: 42804/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-4630325425209344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c217ca7718c8e24905d7ba9ede719ae040899476) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/4xm: Check for duplicate track idsMichael Niedermayer2022-04-061-0/+3
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit dd949124793c722ed55dead9da245574ace81968) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/4xm: Consider max_streams on reallocating tracks arrayMichael Niedermayer2022-04-061-1/+2
| | | | | | | | | | Fixes: OOM Fixes: 41595/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-6355979363549184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0dcd95ef8a2e16ed930296567ab1044e33602a34) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check next offset in mov_read_dref()Michael Niedermayer2022-04-061-2/+4
| | | | | | | | | | Fixes: signed integer overflow: 9223372036200463215 + 1109914409 cannot be represented in type 'long' Fixes: 41480/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6553086177443840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 562021e2fd4d74589905d9c566c686394d2b0526) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/vivo: Favor setting fps from explicit fractionsMichael Niedermayer2022-04-061-2/+5
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit bf1e93bdc9aaa4fd5c231030b5368aae0df018ee) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/vivo: Do not use the general expression evaluator for parsing a ↵Michael Niedermayer2022-04-061-3/+5
| | | | | | | | | | | | floating point value Fixes: Timeout Fixes: 41564/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVO_fuzzer-6309014024093696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7b24615565fd488e7e3a435102979a5ea85fe2fe) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mxfdec: Check for duplicate mxf_read_index_entry_array()Michael Niedermayer2022-04-061-0/+3
| | | | | | | | | | | Fixes: memleak Fixes: 41596/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6439060204290048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 4f44a218e53cd92e64ba10a935bc1e7583c3e218) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Disallow duplicate smdmMichael Niedermayer2022-04-061-0/+3
| | | | | | | | | | Fixes: memleak Fixes: 39879/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5327819907923968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b5ba74053c1ef9f38d9e7b3a036675f06d2b2714) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check for EOF in mov_read_glbl()Michael Niedermayer2022-04-061-0/+2
| | | | | | | | | | Fixes: Infinite loop Fixes: 41351/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5433895854669824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 59b4e7cbd87889c0bac710ac7f62782b637419a1) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check channels for mov_parse_stsd_audio()Michael Niedermayer2022-04-061-0/+4
| | | | | | | | | | Fixes: signed integer overflow: -776522110086937600 * 16 cannot be represented in type 'long' Fixes: 40563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644829447127040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 3a64a4c58255d45e05eff80c9464ad3bdc2d6463) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/avidec: Check read_odml_index() for failureMichael Niedermayer2022-04-061-2/+5
| | | | | | | | | | Fixes: Timeout Fixes: 40950/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6478873068437504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 57adb26d058490daf2c5d6ddd3cf0cf2d2212256) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/aiffdec: Use av_rescale() for bitrateMichael Niedermayer2022-04-061-2/+4
| | | | | | | | | | | Fixes: integer overflow Fixes: 40313/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4814761406103552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 905588df975071c03c00b2e923c311b4de65a8f4) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/aiffdec: sanity check block_alignMichael Niedermayer2022-04-061-1/+1
| | | | | | | Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 93f7776921ed8c5219732210067016c3457e864d) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/aiffdec: Check sample_rateMichael Niedermayer2022-04-061-0/+3
| | | | | | | Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 1b04836dff9958e8bfdbed2746b8c40b1e119ecc) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Reset state also on failure in matroska_reset_status()Michael Niedermayer2021-10-201-7/+12
| | | | | | | | | | | | | The calling code does not handle failures and will fail with assertion failures later. Seeking can always fail even when the position was previously read. Fixes: Assertion failure Fixes: 35253/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4693059982983168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d115eec97929e23fd1b06df2d95f48cf5000eb87) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/wavdec: Check smv_block_sizeMichael Niedermayer2021-10-201-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 39554/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-4915221701984256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 849138f476f4b08656681bfc3aec5beac47777fb) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/rmdec: Check for multiple audio_stream_infoMichael Niedermayer2021-10-201-0/+4
| | | | | | | | | | Fixes: memleak Fixes: 39166/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5153276690038784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8fe3566b8fdf4bcf5eed419c1aab6eb848287ff3) Signed-off-by: Michael Niedermayer <[email protected]>
* oavformat/avidec: Check offset in odmlMichael Niedermayer2021-10-201-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long' Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 255a7b423ed5e07536bdc72e993056daa4efe009) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mpegts: use actually read packet size in mpegts_resync special caseMichael Niedermayer2021-10-201-2/+2
| | | | | | | | | | | Fixes: infinite loop Fixes: 37986/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5292311517462528 - Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Marton Balint <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 83b2e4c8f15a00f037040131e26e20de83f0d842) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mvdec: Do not set invalid sample rateMichael Niedermayer2021-10-061-2/+3
| | | | | | | | | | | Fixes: signed integer overflow: -682581959642593728 * 16 cannot be represented in type 'long' Fixes: 37883/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5311691517198336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 737e6bf2162b89d396f4d477bfe8c99f1dd885de) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/sbgdec: Check for t0 overflow in expand_tseq()Michael Niedermayer2021-10-061-0/+3
| | | | | | | | | | | Fixes: signed integer overflow: 4611686025627387904 + 4611686025627387904 cannot be represented in type 'long' Fixes: 35489/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-4862678601433088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f624c92d4c6fa73dfa95959d886090af6790bc36) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/rmdec: Use 64bit for intermediate for DEINT_ID_INT4Michael Niedermayer2021-10-061-2/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 65312 * 65535 cannot be represented in type 'int' Fixes: 32832/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-4817710040088576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e2c2872393f25253aa40861a9707934c4b83a3af) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/sbgdec: Check opt_duration and start for overflowMichael Niedermayer2021-10-061-0/+3
| | | | | | | | | | Fixes: signed integer overflow: 2788626175500000000 + 7118941284000000000 cannot be represented in type 'long' Fixes: 35215/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6123272247836672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 2768928624793f66694f7f2b0824f052e69e3557) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check for duplicate clliMichael Niedermayer2021-10-061-0/+5
| | | | | | | | | | Fixes: memleak Fixes: 35261/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4869656287510528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9a222f140e2674ac936b2f41c480487bc666dd95) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/jacosubdec: Check for min in t overflow in get_shift()Michael Niedermayer2021-10-061-0/+3
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 34651/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5157941012463616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 989febfbd0c986e9e3e0f269a6b22778bf79147b) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mxfdec: check channel number in mxf_get_d10_aes3_packet()Michael Niedermayer2021-10-061-0/+4
| | | | | | | | | | | Fixes: Out of array access Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 3dd5a8a13510d08a4e25e8f138d718672a0fed4a) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check dts for overflow in mov_read_trun()Michael Niedermayer2021-10-061-0/+2
| | | | | | | | | | Fixes: signed integer overflow: 9223372034248226491 + 3275247799 cannot be represented in type 'long' Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-4538729166077952 Reported-by: Matt Wolenetz <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 4de4bc06fdfd0383f3d9012c6557a38408a09d28) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/avidec: Use 64bit for frame number in odml index parsingMichael Niedermayer2021-10-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int' Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a4c98c507ed3c729fc92d641b974385f8aa37b33) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/adtsenc: return value check for init_get_bits in adts_decode_extradatamaryam ebrahimzadeh2021-10-061-2/+4
| | | | | | | | | | As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. 'buf' is part of 'AVPacket pkt'. replace init_get_bits with init_get_bits8. Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/wtvdec: Check for EOF before seeking back in parse_media_type()Michael Niedermayer2021-10-061-0/+2
| | | | | | | | | | | Fixes: Infinite loop Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 89505d38de989bddd579ce3b841f1c011f1d7bf2) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mpc8: Check first keyframe position for overflowMichael Niedermayer2021-10-061-1/+7
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775791 + 18 cannot be represented in type 'long' Fixes: 36307/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-4917863877050368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 2bbef69b0ba938cce4f9d61bed46d3f3058e56c2) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/wavdec: Use 64bit in new_pos computationMichael Niedermayer2021-10-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9b57d2f0a967195dc1c72fda8f3a983a0132a243) Signed-off-by: Michael Niedermayer <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-23 08:21:44 +0000