aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
Commit message (Collapse)AuthorAgeFilesLines
* avformat/spdifdec: Use 64bit to compute bit rateMichael Niedermayer2022-09-241-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4075f0cec1830a7ac081b1a23bd3f5c4e266fe26) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rpl: Use 64bit for duration computationMichael Niedermayer2022-09-241-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 24709512 * 88 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6737973728641024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 529f64b2eb98e0c3ae4944abd5d01fa7c1def047) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/xwma: Use av_rescale() for duration computationMichael Niedermayer2022-09-241-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c789f753c3657be9041307f9c03749f5ba5a6bb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration ↵Michael Niedermayer2022-09-241-1/+1
| | | | | | | | | | | | calculation Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa8eb1bed075931b0ce0a8bc9a8ff5882830044c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sbgdec: Check ts_int in genrate_intervalsMichael Niedermayer2022-09-241-0/+2
| | | | | | | | | | | | | There is probably a better place to check for this, but better here than nowhere Fixes: signed integer overflow: -9223372036824775808 - 86400000000 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6601162580688896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f529e9147a5c5c8ecf8d5ef0dd569194ce30eed) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sbgdec: clamp end_tsMichael Niedermayer2022-09-241-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 9223372036851135042 + 15666854 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6573717339111424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 981f5e46afa3673dfa43eb2bf5017680d5df25dd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: check tag_sizeMichael Niedermayer2022-09-241-0/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2cb7ee8a36bddd3425897135db514ca62fec6e44) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nutdec: Check fieldsMichael Niedermayer2022-09-241-0/+5
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c146406eac06f3d3cd3d981c29e7affd834cb4d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flvdec: Use 64bit for sum_flv_tag_sizeMichael Niedermayer2022-09-241-3/+3
| | | | | | | | | | Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7124f10c1d521096042ba3c9c519828147f78c46) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/jacosubdec: Fix overflow in get_shift()Michael Niedermayer2022-09-241-1/+1
| | | | | | | | | | Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-6722544461283328 Fixes: signed integer overflow: 48214448 * 60 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b1a68127bbcd3d638363fa0249982c494e87c9e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/genh: Check nb_channels for IMA ADPCMMichael Niedermayer2022-09-241-0/+2
| | | | | | | | | | | | The check could be made more strict Fixes: signed integer overflow: 36 * 538976288 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-6539389873815552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0345a885455dea52fcc570b97f5dc5c75372a39c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dxa: avoid bpc overflowsMichael Niedermayer2022-09-241-2/+5
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 93db0f0740cacd64ae07b5e8606b70021e48d364) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dhav: Use 64bit seek_backMichael Niedermayer2022-09-241-1/+1
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-6604736532447232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 10453f5192869b63b071aee3962ae2c712f9bfd3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/cafdec: Check that nb_frasmes fits within 64bitMichael Niedermayer2022-09-241-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_o: Limit packet offsetMichael Niedermayer2022-09-241-0/+2
| | | | | | | | | | | | | avoids overflows with it Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136 Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 736e9e69d5dbbe1d81885dfef59917eb915d2f96) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/apm: Use 64bit for bit_rate computationMichael Niedermayer2022-09-241-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -1155522528 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APM_fuzzer-6580670570299392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5b23cab5c769d6611a3fe111546d65809046a4d8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/ape: Check frames sizeMichael Niedermayer2022-09-241-0/+2
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/icodec: Check nb_palMichael Niedermayer2022-09-241-0/+3
| | | | | | | | | | | Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit db73ae0dc114aa6fae08e69f977944f056a24995) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aiffdec: Use 64bit for block_duration useMichael Niedermayer2022-09-241-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9303ba272e988d87084880c57056b750cc5ffd08) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aiffdec: Check block_durationMichael Niedermayer2022-09-241-0/+2
| | | | | | | | | | | Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1c2b6265c87417033f990fa4a14da9d4008320a4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mxfdec: only probe max run inMichael Niedermayer2022-09-241-1/+1
| | | | | | | Suggested-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1182bbb2c3226260ed672920251e3410bde8c6c9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mxfdec: Check run_in is within 65536Michael Niedermayer2022-09-241-1/+6
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7786097825d9e3f02b4574c1924c28818eb83340) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavformat/hls: Free keysMichael Niedermayer2022-09-241-0/+1
| | | | | | | | | | | Fixes: memleak Fixes: 50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu <lingjiujianke@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d32a9f3137c91de86547601a38fea0693c3497f1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/cafenc: derive Opus frame size from the relevant stream parametersJames Almer2022-09-241-5/+14
| | | | | | | | | | | | Use the stream duration as last resort, as an off-by-one result of the "st->duration / (caf->packets - 1)" calculation can break playback on some devices. Also, don't write the sample_rate value propagated by encoders like libopus. The sample rate of the audio fed to it is irrelevant after being encoded. Fixes ticket #9930. Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/dashdec: Fix crash on invalid input/ENOMEM, fix leakAndreas Rheinhardt2022-09-231-1/+6
| | | | | | | | | | | | | | | | | | | | | | | In case a SupplementalProperty node exists in an adaptationset, it is searched for a "schemeIdUri" property via xmlGetProp(). Whatever xmlGetProp() returns is then compared via av_strcasecmp() to a string literal. xmlGetProp() can return NULL, namely in case no "schemeIdUri" exists and (given that this string is allocated) presumably also on allocation failure. No check for NULL is done, so this may crash. Furthermore, the string returned by xmlGetProp() needs to be freed with xmlFree(), but this is not done either. This commit fixes both of these issues; they existed since this code has been added in 10d008f0fd9e713e290f626300d66382ad786c49. This has been found while investigating ticket #9697. The continuous leaks might very well be the reason behind the observed slowdown. Reviewed-by: Steven Liu <lingjiujianke@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit 14b3830b33075e92f8e2766c0c53e8b6bc570c6c)
* avformat/riffdec: don't unconditionally overwrite WAVEFORMATEXTENSIBLE layoutJames Almer2022-09-111-3/+8
| | | | | | | | | Do it only if the value conflicts with the previous channels value. Fixes ticket #9912 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 60d8c2019f59fcbeb597c900a56c8c4cd9ec8838)
* avformat/asfdec_o: limit recursion depth in asf_read_unknown()Michael Niedermayer2022-08-311-3/+7
| | | | | | | | | | | | The threshold of 5 is arbitrary, both smaller and larger should work fine Fixes: Stack overflow Fixes: 50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1f1a368169ef9d945dc4b4764f5c60ba9bbc9134) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Check count sums in build_open_gop_key_points()Michael Niedermayer2022-08-281-2/+10
| | | | | | | | | | | | | Fixes: ffmpeg.md Fixes: Out of array access Fixes: CVE-2022-2566 Found-by: Andy Nguyen <theflow@google.com> Found-by: 3pvd <3pvd@google.com> Reviewed-by: Andy Nguyen <theflow@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavformat/iff: Check for overflow in body_end calculationMichael Niedermayer2022-08-281-0/+3
| | | | | | | | | | Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 cannot be represented in type 'long' Fixes: 50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bcb46903040e5a5199281f4ad0a1fdaf750ebc37) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Prevent entity expansion attacksMichael Niedermayer2022-08-281-1/+11
| | | | | | | | | Fixes: Timeout Fixes no testcase, this is the same idea as similar attacks against XML parsers Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f3e823c2aa04d4f5571a5e04c27a244890704c8d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/subviewerdec: Make read_ts() more flexibleMichael Niedermayer2022-08-281-15/+21
| | | | | | | | | Fixes: signed integer overflow: -1948269928 * 10 cannot be represented in type 'int' Fixes: 49451/clusterfuzz-testcase-minimized-ffmpeg_dem_SUBVIEWER_fuzzer-6344614822412288 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg (cherry picked from commit 58a8e739ef93f8b42f8139e73227508256929d20) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* ipfsgateway: Remove default gatewayDerek Buitenhuis2022-08-151-7/+4
| | | | | | | | A gateway can see everything, and we should not be shipping a hardcoded default from a third party company; it's a security risk. Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> (cherry picked from commit 412922cc6fa790897ef6bb2be5d6f9a5f030754d)
* avformat/avisynth: use ch_layout.nb_channels for channel countStephen Hutchinson2022-08-071-1/+1
| | | | | | | Fixes deprecation warning Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit dc9843d82932ba93f616f5e2893fd5c2576468c3)
* avformat/flvdec: Check for EOF in index readingMichael Niedermayer2022-07-221-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ceff5d7b74cd9ae6055957979d27d289c70a9e1b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nutdec: Check get_packetheader() in mainheaderMichael Niedermayer2022-07-221-0/+2
| | | | | | | | | | Fixes; Timeout Fixes: 48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b5de084aa63b79586bc445e6a7fea837688b3941) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Check for EOF in mov_read_iloc()Michael Niedermayer2022-07-221-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 49216/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6563000529584128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 744ad45c44e69e354e924902c4daf0044dcd9955) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_f: Use 64bit for packet start timeMichael Niedermayer2022-07-221-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 49014/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6314973315334144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8ed78486fcb065b5b459f14d4b1c3242f6d21ec7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Bump Versions for 5.1 branchMichael Niedermayer2022-07-131-1/+1
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rtsp: break on unknown protocolsMichael Niedermayer2022-07-121-0/+2
| | | | | | | | | This function needs more cleanup and it lacks error handling Fixes: use of uninitialized memory Fixes: CID700776 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aaxdec: Check for empty segmentsMichael Niedermayer2022-07-121-0/+2
| | | | | | | | Fixes: Timeout Fixes: 48154/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5149094353436672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avienc: Check video dimensionsMichael Niedermayer2022-07-121-0/+4
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/iff: simplify duration calculationMichael Niedermayer2022-07-121-2/+3
| | | | | | | | Fixes: signed integer overflow: 315680096256 * 134215943 cannot be represented in type 'long long' Fixes: 48713/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5886272312311808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: fix possible crash in cenc_scheme_decryptShuangxiLi2022-07-121-27/+2
| | | | | | | | | Data does not have to be decrypted in 16-byte blocks for AES-CTR mode, so existing buggy code can be hugely simplified. Fixes ticket #9829. Signed-off-by: Marton Balint <cus@passwd.hu>
* avformat/flvenc: Add deinit functionAndreas Rheinhardt2022-07-091-14/+16
| | | | | | | | Fixes memleaks when the trailer is never written or when shift_data() fails when writing the trailer. Reviewed-by: Steven Liu <lingjiujianke@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* avformat/movenc: Ensure packet is writable before modifying itAndreas Rheinhardt2022-07-091-0/+3
| | | | | | | | Fixes e.g. ffmpeg -i fate-suite/h264/bbc2.sample.h264 -c:v rawvideo -map 0:v -frames:v 10 -pix_fmt gray8 -f tee "first.mov|second.mov" Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* av(format|device): Add const to muxer packet data pointersAndreas Rheinhardt2022-07-098-11/+11
| | | | | | | The packets given to muxers need not be writable, so it is best to access them via const uint8_t*. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* avformat/apngenc: Add const where possibleAndreas Rheinhardt2022-07-091-7/+8
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* avformat/apngenc: Don't modify input packetAndreas Rheinhardt2022-07-091-4/+13
| | | | | | It might not be writable at this point. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* avformat/apngenc: Check fcTL sizeAndreas Rheinhardt2022-07-091-0/+4
| | | | | | The remaining code relies on it having the value it should have. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* avformat/apngenc: Check for incomplete chunksAndreas Rheinhardt2022-07-091-1/+1
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 05:44:12 +0000