aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
Commit message (Collapse)AuthorAgeFilesLines
* avformat/oggparsecelt: Do not re-allocate os->privateMichael Niedermayer2017-08-231-2/+7
| | | | | | | | | | | Fixes: double free Fixes: clusterfuzz-testcase-minimized-5080550145785856 Found-by: ClusterFuzz Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7140761481e4296723a592019a0244ebe6c1a8cf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/hls: Check local file extensionsMichael Niedermayer2017-08-231-4/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reduces the attack surface of local file-system information leaking. It prevents the existing exploit leading to an information leak. As well as similar hypothetical attacks. Leaks of information from files and symlinks ending in common multimedia extensions are still possible. But files with sensitive information like private keys and passwords generally do not use common multimedia filename extensions. It does not stop leaks via remote addresses in the LAN. The existing exploit depends on a specific decoder as well. It does appear though that the exploit should be possible with any decoder. The problem is that as long as sensitive information gets into the decoder, the output of the decoder becomes sensitive as well. The only obvious solution is to prevent access to sensitive information. Or to disable hls or possibly some of its feature. More complex solutions like checking the path to limit access to only subdirectories of the hls path may work as an alternative. But such solutions are fragile and tricky to implement portably and would not stop every possible attack nor would they work with all valid hls files. Developers have expressed their dislike / objected to disabling hls by default as well as disabling hls with local files. There also where objections against restricting remote url file extensions. This here is a less robust but also lower inconvenience solution. It can be applied stand alone or together with other solutions. limiting the check to local files was suggested by nevcairiel This recommits the security fix without the author name joke which was originally requested by Nicolas. Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 189ff4219644532bdfa7bab28dfedaee4d6d4021) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Limit formats in gab2 to srt and ass/ssaMichael Niedermayer2017-08-231-0/+3
| | | | | | | | | | | This prevents part of one exploit leading to an information leak Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a5d849b149ca67ced2d271dc84db0bc95a548abb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wavdec: Check chunk_size李赞2017-08-231-0/+2
| | | | | | | | Fixes integer overflow and out of array access Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3d232196372f309a75ed074c4cef30578eec1782) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/webmdashenc: Validate the 'streams' adaptation sets parameterDerek Buitenhuis2017-08-231-1/+5
| | | | | | | | | It should not be a value larger than the number of streams we have, or it will cause invalid reads and/or SIGSEGV. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ec07efa70012845e8642df67a4a773f510a17088) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/webmdashenc: Require the 'adaptation_sets' option to be setDerek Buitenhuis2017-08-231-0/+4
| | | | | | | | | This seems to be non-optional, and if the muxer is run without it, strlen() is run on NULL, causing a segfault. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cbd3a68f3e1c2d1679370301eb5e1a32a2df64fe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/http: Check for truncated buffers in http_connect()Michael Niedermayer2017-08-231-1/+10
| | | | | | | | Reported-by: SleepProgger <security@gnutp.com> Reviewed-by: Steven Liu <lingjiujianke@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8fa18e042ad2c078f759692f1db5629d16d70595) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/mov.c: Avoid heap allocation wrap in mov_read_uuidMatt Wolenetz2017-08-231-1/+1
| | | | | | | | | | | | Core of patch is from paul@paulmehta.com Reference https://crbug.com/643951 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Check value reduced as the code does not support values beyond INT_MAX Also the check is moved to a more common place and before integer truncation (cherry picked from commit 2d453188c2303da641dafb048dc1806790526dfd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlrMatt Wolenetz2017-08-231-0/+2
| | | | | | | | | | | Core of patch is from paul@paulmehta.com Reference https://crbug.com/643950 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Check value reduced as the code does not support larger lengths (cherry picked from commit fd30e4d57fe5841385f845440688505b88c0f4a9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/matroskadec: fix is_keyframe for early BlocksChris Cunningham2017-08-231-3/+7
| | | | | | | | | | | | | | | | | | Blocks are marked as key frames whenever the "reference" field is zero. This breaks for non-keyframe Blocks with a reference timestamp of zero. The likelihood of reference timestamp being zero is increased by a longstanding bug in muxing that encodes reference timestamp as the absolute time of the referenced frame (rather than relative to the current Block timestamp, as described in MKV spec). Now using INT64_MIN to denote "no reference". Reported to chromium at http://crbug.com/497889 (contains sample) (cherry picked from commit ac25840ee32888f0c13118edeb9404a123cd3a79) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flacdec: Check avio_read result when reading flac block header.Frank Liberato2017-08-231-1/+2
| | | | | | | | Return AVERROR_INVALIDDATA if all four bytes aren't present. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 95bde49982a82bc10470c0adab5969ffe635d064) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/oggdec: Skip streams in duration correction that did not had their ↵Michael Niedermayer2017-08-231-0/+2
| | | | | | | | | | | | duration set. Fixes: part of 670190.ogg Fixes integer overflow Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ee2a6f5df8c6a151c3e3826872f1b0a07401c62a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rtmppkt: Check for packet size mismatchesMichael Niedermayer2017-08-231-0/+8
| | | | | | | | | | Fixes out of array access Found-by: Paul Cher <paulcher@icloud.com> Reviewed-by: Paul Cher <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7d57ca4d9a75562fa32e40766211de150f8b3ee7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/oggparsespeex: Check frames_per_packet and packet_sizeMichael Niedermayer2017-08-231-0/+7
| | | | | | | | | | | | | The speex specification does not seem to restrict these values, thus the limits where choosen so as to avoid multiplicative overflow Fixes undefined behavior Fixes: 635422.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit afcf15b0dbb4b6429be5083e50b296cdca61875e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Check start/end before computing duration in ↵Michael Niedermayer2017-08-231-2/+5
| | | | | | | | | | | | update_stream_timings() Fixes undefined behavior Fixes: 637428.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 90da187f1d334422477886a19eca3c1da29c59a7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/idroqdec: Check chunk_size for being too largeMichael Niedermayer2017-08-231-0/+3
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 744a0b5206634e5de04d5c31f08cc3640faf800d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpeg: Adjust vid probe threshold to correct mis-detectionMichael Niedermayer2017-08-231-1/+1
| | | | | | | | Fixes: _ij.mp3 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4e5049a2303ae7fe74216a83206239e4de42c965) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Check nb_streams in read_gab2_sub()Michael Niedermayer2017-08-231-0/+2
| | | | | | | | | | Fixes null pointer dereference Fixes: 1/null_point.avi Found-by: 连一汉 <lianyihan@360.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2679ad4773aa356e7c3da5c68bc81f02a194617f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Remove ancient assertMichael Niedermayer2017-08-231-1/+0
| | | | | | | | | | | | | This assert can with crafted files fail, a warning is already printed for this case. Fixes assertion failure Fixes:1/assert.avi Found-by: 连一汉 <lianyihan@360.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 14bac7e00d72eac687612d9b125e585011a56d4f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: fix timebase error in avformat_seek_file()Xinzheng Zhang2017-08-231-0/+1
| | | | | | | | | | When there is only one stream and stream_index has not specified, The ts has been transferd by the timebase of stream0 without modifying the stream_index In this condation it cause seek failure. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ecc04b4f2f29ac676e6c1d1ebf20ec45f5385f1e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Fix infinite loop in avi_read_nikon()Michael Niedermayer2017-08-231-2/+2
| | | | | | | | | Fixes: 360/test.poc Found-by: 连一汉 <lianyihan@360.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e4e4a9cad7f21593d4bcb1f2404ea0d373c36c43) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/swfdec: Fix inflate() error code checkMichael Niedermayer2017-08-231-2/+2
| | | | | | | | | | Fixes infinite loop Fixes endless.poc Found-by: 连一汉 <lianyihan@360.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a453bbb68f3eec202673728988bba3bc76071761) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/oggdec: Fix integer overflow with invalid ptsMichael Niedermayer2017-08-231-0/+5
| | | | | | | | | | | If negative pts are possible for some codecs in ogg then the code needs to be changed to use signed values. Found-by: Thomas Guilbert <tguilbert@google.com> Fixes: clusterfuzz_usan-2016-08-02 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c5cc3b08e56fc95665977544486bd9f06e4b7a72) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavformat/rtpdec_asf: zero initialize the AVIOContext structKacper Michajłow2017-08-231-1/+1
| | | | | | | | | | This fixes crash in avformat_open_input() when accessing protocol_whitelist field. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e947b75b1c76ef6793209c2c445b8c224a28717a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Check sample sizeMichael Niedermayer2017-08-231-1/+10
| | | | | | | | | | | Fixes integer overflow Fixes: poc.mp4 Found-by: ajax secure <ajax4sec@hotmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8a3221cc67a516dfc1700bdae3566ec52c7ee823) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/format: Fix registering a format more than once and related racesMichael Niedermayer2017-08-231-6/+10
| | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4cc896ea5f06f8b1ebcde6d876d9c5b59ef9a016) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpegts: Do not trust BSSD descriptor, it is sometimes not an S302M ↵Michael Niedermayer2017-08-231-1/+4
| | | | | | | | | | | stream Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a5eb70ad9569c62158b4b2d18f2143db791f7d27) Conflicts: libavformat/mpegts.c
* avformat/allformats: Making av_register_all() thread-safe.Vivekanand2017-08-231-1/+2
| | | | | | | | | | | | | | | When multiple threads tries to call av_register_all(), the first thread sets initialized to 1 and do the register process. At the same time, other thread might also call av_register_all(), which returns immediately because initialized is set to 1 (even when it has not completed registering codecs). We can avoid this problem if we set initialised to 1 while exiting from function. Github: Closes #196 (cherry picked from commit b092ee701f4d0ef2b8a4171cd38101d1ee9a1034) Conflicts: libavformat/allformats.c
* avformat/oggparseopus: Fix Undefined behavior in oggparseopus.c and ↵Thomas Guilbert2017-08-231-1/+1
| | | | | | | | | | | | libavformat/utils.c Fixes: usan_granule_overflow constant type fix by commiter Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1a82d2cf8fb6a7e854e7548dfcf73c3d046b34ac) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Check negative bps before shifting in ff_get_pcm_codec_id()Chris Cunningham2017-08-231-1/+1
| | | | | | | | | Fixes: undefined shift. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2875745d354ab0ebc4af1ebaca5c5a8d26ccdc03) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Do not compute the bitrate from duration == 0Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | Fixes division by 0 in fate-acodec-ra144 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 635b2ec5f20d6cdef1adf4907ca28f8f09abcecc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavformat/oggdec: Free stream private when header parsing fails.Chris Cunningham2017-08-231-0/+1
| | | | | | | | | | | | | | Leaking this private structure opens up the possibility that it may be re-used when parsing later packets in the stream. This is problematic if the later packets are not the same codec type (e.g. private allocated during Vorbis parsing, but later packets are Opus and the private is assumed to be the oggopus_private type in opus_header()). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 542f725964e52201000ec34e2f23229cf534ad3a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Check bps before using it in a shift in ff_get_pcm_codec_id()Michael Niedermayer2017-08-231-0/+3
| | | | | | | | | | | Fixes undefined shift Fixes: usan_shift Found-by: Thomas Guilbert <tguilbert@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ea791c080dd5494b3bee0c618a3f52e371b5f320) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/oggparseopus: Check that granule pos is within the supported rangeMichael Niedermayer2017-08-231-0/+4
| | | | | | | | | | | | | | Larger values would imply file durations of astronomic proportions and cause overflows Fixes integer overflow Fixes: usan_int64_overflow Found-by: Thomas Guilbert <tguilbert@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8efaee3710baa87af40556a622bf2d96a27c6425) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/options_table: Add missing identifier for very strict complianceMichael Niedermayer2017-08-231-0/+1
| | | | | | | | | Fixes Ticket5443 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 11db7eee9b001d6992c34b65ee7b0d64f6f5c758) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rtpdec_jpeg: fix low contrast image on low quality settingIco Doornekamp2017-08-231-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Original mail and my own followup on ffmpeg-user earlier today: I have a device sending out a MJPEG/RTP stream on a low quality setting. Decoding and displaying the video with libavformat results in a washed out, low contrast, greyish image. Playing the same stream with VLC results in proper color representation. Screenshots for comparison: http://zevv.nl/div/libav/shot-ffplay.jpg http://zevv.nl/div/libav/shot-vlc.jpg A pcap capture of a few seconds of video and SDP file for playing the stream are available at http://zevv.nl/div/libav/mjpeg.pcap http://zevv.nl/div/libav/mjpeg.sdp I believe the problem might be in the calculation of the quantization tables in the function create_default_qtables(), the attached patch solves the issue for me. The problem is that the argument 'q' is of the type uint8_t. According to the JPEG standard, if 1 <= q <= 50, the scale factor 'S' should be 5000 / Q. Because the create_default_qtables() reuses the variable 'q' to store the result of this calculation, for small values of q < 19, q wil subsequently overflow and give wrong results in the calculated quantization tables. The patch below uses a new variable 'S' (same name as in RFC2435) with the proper range to store the result of the division. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e3e6a2cff4af9542455d416faec4584d5e823d5d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/concatdec: set safe mode to enabled instead of autoMichael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | | | | This is safer, as a selected demuxer could still mean that it was auto-detected by a user application Reviewed-previously-by: Nicolas George <george@nsup.org> Reviewed-previously-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 689211d5727231c3fe92762d224dbadebdbf4e30) Conflicts: libavformat/concatdec.c
* avformat/rtpenc: Fix integer overflow in NTP_TO_RTP_FORMATBoris Nagels2017-08-231-1/+2
| | | | | | | | | | | | | | | | | RTCP synchronization packet was broken since commit in ffmpeg version > 2.8.3 (commit: e04b039b1528f4c7df5c2b93865651bfea168a19) Since this commit (2e814d0329aded98c811d0502839618f08642685) "rtpenc: Simplify code by introducing a macro for rescaling NTP timestamps", NTP_TO_RTP_FORMAT uses av_rescale_rnd() function to add the data to the packet. This causes an overflow in the av_rescale_rnd() function and it will return INT64_MIN. Causing the NTP stamp in the RTCP packet to have an invalid value. Github: Closes #182 Reverting commit '2e814d0329aded98c811d0502839618f08642685' solves the problem. (cherry picked from commit 1109ed7973c7fd1e7001898adc4976590d862122) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* mov: Add an option to toggle dref openingDerek Buitenhuis2016-02-012-5/+20
| | | | | | | | | | | | | | | | | | This feature is mostly only used by NLE software, and is both of dubious value being enabled by default, and a possible security risk. Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 712d962a6a29b1099cd872cfb07867175a93ac4c) Conflicts: libavformat/isom.h libavformat/mov.c libavformat/version.h Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat: Document urls a bitMichael Niedermayer2016-02-011-0/+12
| | | | | | | | Spell-checked-by: Moritz Barsnick <barsnick@gmx.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3130556c0eb09f3da3c9de6473a97937a4648d62) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/concat: Check protocol prefixMichael Niedermayer2016-02-011-1/+4
| | | | | | | | Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8e32d014322eada1812af268d7ea9d53169d279c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avformat: Replace some references to filenames by urlsMichael Niedermayer2016-02-011-7/+7
| | | | | | | | Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 41e07390e04cf369d84f0cc7ff5858c273290770) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avio: Limit url option parsing to the documented casesMichael Niedermayer2016-02-011-2/+9
| | | | | | | | | | | | This feature is not know much or used much AFAIK, and it might be helpfull in exploits. No specific case is known where it can be used in an exploit though subsequent commits depend on this commit though Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 984d58a3440d513f66344b5332f6b589c0a6bbc6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/hls: Even stricter URL checksMichael Niedermayer2016-01-311-1/+5
| | | | | | | | | | | This fixes a null pointer dereference at least Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cfda1bea4c18ec1edbc11ecc465f788b02851488) Conflicts: libavformat/hls.c
* avformat/hls: More strict url checksMichael Niedermayer2016-01-311-8/+19
| | | | | | | | | | | | | | | | | No case is known where these are needed Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ba42b6482c725a59eb468391544dc0c75b8c6f0) Conflicts: libavformat/hls.c Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Conflicts: libavformat/hls.c
* avformat/hls: forbid all protocols except http(s) & fileMaxim Andreev2016-01-311-0/+11
| | | | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7145e80b4f78cff5ed5fee04d4c4d53daaa0e077) Conflicts: libavformat/hls.c
* avformat/aviobuf: Fix end check in put_str16()Michael Niedermayer2016-01-311-0/+2
| | | | | | | | | | | Fixes out of array read Fixes: 03c406ec9530e594a074ce2979f8a1f0/asan_heap-oob_7dec26_4664_37c52495b2870a2eaac65f53958e76c1.flac Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 115fb6d03ef6310732b42258d8c3cd1839cfb74b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfenc: Check ptsMichael Niedermayer2016-01-311-0/+5
| | | | | | | | | | | Fixes integer overflow Fixes: 0063df8be3aaa30dd6d76f59c8f818c8/signal_sigsegv_7b7b59_3634_bf418b6822bbfa68734411d96b667be3.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7c0b84d89911b2035161f5ef51aafbfcc84aa9e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat: Add integer fps from 31 to 60 to get_std_framerate()Michael Niedermayer2016-01-312-4/+8
| | | | | | | | | Fixes Ticket 5106 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2039b3e7511ef183dae206575114e15b6d99c134) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mxfenc: Do not crash if there is no packet in the first streamMichael Niedermayer2016-01-311-0/+4
| | | | | | | | | Fixes: Ticket4914 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b51e7554e74cbf007a1cab83c7bed3ad9fa2793a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-16 02:53:53 +0000