aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
Commit message (Collapse)AuthorAgeFilesLines
* avformat/flvdec: Check double before cast in parse_keyframes_index()Michael Niedermayer2021-09-091-1/+5
| | | | | | | | | | Fixes: -2.21166e+304 is outside the range of representable values of type 'long' Fixes: 29169/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5725452796821504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 09e5e406c7b9d7c1ee97ebae1476a2f68e6a90d1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/paf: Check for EOF before allocation in read_header()Michael Niedermayer2021-09-091-0/+4
| | | | | | | | | | Fixes: OOM Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bcb1e9d3b9b97359e01e5978067c8ee558efa8b4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/lxfdec: Fix multiple integer overflows related to track_sizeMichael Niedermayer2021-09-091-1/+3
| | | | | | | | | | Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_LXF_fuzzer-6634030636335104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7819412f4468514a2bab924291d79806a569388c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aiffdec: Check that SSND is at least 8 bytesMichael Niedermayer2021-09-091-0/+2
| | | | | | | | | | | Fixes: Infinite loop Fixes: 30874/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5933710488764416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 460d3dc41f57a6dcefbd72db6e2e368fee05340b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dcstr: Check sample rateMichael Niedermayer2021-09-091-0/+2
| | | | | | | | | | | Fixes: signed integer overflow: -1300248894420254720 * 16 cannot be represented in type 'long' Fixes: 30879/clusterfuzz-testcase-minimized-ffmpeg_dem_DCSTR_fuzzer-5094464215449600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fdcb966f4a3c6f872891b8dd554e3652b9e02d4f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Extend data_size check in mov_read_udta_string()Michael Niedermayer2021-09-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -2147483634 - 16 cannot be represented in type 'int' Fixes: 28322/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5711888402612224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 74c4c539538e36d8df02de2484b045010d292f2c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aadec: Check for EOF while reading chaptersMichael Niedermayer2021-09-091-1/+2
| | | | | | | | | | Fixes: timeout Fixes: 28199/clusterfuzz-testcase-minimized-ffmpeg_dem_AA_fuzzer-4896162657861632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bcc7d14453ea2bafa6569a07002943808f2a396a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/voc_packet: Add a basic check on max_sizeMichael Niedermayer2021-09-091-0/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 4 cannot be represented in type 'int' Fixes: 28127/clusterfuzz-testcase-minimized-ffmpeg_dem_VOC_fuzzer-4880586455646208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 52f75181bfada2b4b127e744674591c7753c4b7d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/microdvddec: use 64bit for durationsMichael Niedermayer2021-09-091-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 7 - -2147483647 cannot be represented in type 'int' Fixes: 28036/clusterfuzz-testcase-minimized-ffmpeg_dem_MICRODVD_fuzzer-5171698751766528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f569ac4ce0514bf4e0dd768c5ed007c82548d326) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: Check codec_length without overflowMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int' Fixes: 30333/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5175286983426048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d558c9f2375fd2136d20422cb1119cfbf872abeb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Check element count in mov_metadata_hmmt()Michael Niedermayer2021-09-091-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 30325/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6048395703746560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1d277b92fa4c149d589e6828d4e18ad578406f1f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nutdec: Check timebase count against main header lengthMichael Niedermayer2021-09-091-4/+4
| | | | | | | | | | | Fixes: Timeout (long -> 3ms) Fixes: 28514/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6078669009321984 Fixes: 30095/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-5074433016463360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c425198558826795d94af45eeb9d94e4436c9a0f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/electronicarts: Clear partial_packet on errorMichael Niedermayer2021-09-091-0/+1
| | | | | | | | | | | Fixes: Infinite loop Fixes: 30165/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6224642371092480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 59bb9dc2a670cbe5d659585392b6d79f7bb6d40f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/r3d: Check samples before computing durationMichael Niedermayer2021-09-091-1/+2
| | | | | | | | | | | Fixes: signed integer overflow: -4611686024827895807 + -4611686016279904256 cannot be represented in type 'long' Fixes: 30161/clusterfuzz-testcase-minimized-ffmpeg_dem_R3D_fuzzer-5694406713802752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7a2aa5dc2af6c4fc66aaedd341b0886fbc746f0d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wavdec: Consider AV_INPUT_BUFFER_PADDING_SIZE in set_spdif()Michael Niedermayer2021-09-091-1/+1
| | | | | | | | | | | The buffer is read by using the bit reader Fixes: out of array read Fixes: 27539/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5650565572591616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0a7c648e2d85a59975cc88079975cf9f3306ed0a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: Check remaining space in debug av_log() loopMichael Niedermayer2021-09-091-1/+4
| | | | | | | | | | | Fixes: Timeout (long -> 2 ms) Fixes: 26709/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5665833403285504 Fixes: 27522/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-6321071221112832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a8fe78decd700afec461f06df4ce0d36f3e9cc4b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flvdec: Treat high ts byte as unsignedMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | Fixes: left shift of 255 by 24 places cannot be represented in type 'int' Fixes: 27516/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5152854660349952 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f514113cfa9fc44d80086bb2a2b783e8026dc3a9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/samidec: Sanity check ptsMichael Niedermayer2021-09-091-0/+5
| | | | | | | | | | Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long' Fixes: 29743/clusterfuzz-testcase-minimized-ffmpeg_dem_SAMI_fuzzer-5499256859394048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2014b0135293c41d261757bfa1aaba51653bab8e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Use 64bit in get_duration()Michael Niedermayer2021-09-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483424 + 8224 cannot be represented in type 'int' Fixes: 29619/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5191424373030912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a0ceb0cdd41b56241697cd8f83e22cdb4822d2d9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Check for duplicate st3dMichael Niedermayer2021-09-091-0/+4
| | | | | | | | | | Fixes: memleak Fixes: 29585/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6594188688490496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 658f0606cba0f866714cbe09af30ec40c4168930) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mvdec: Check for EOF in read_index()Michael Niedermayer2021-09-091-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 29550/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5094307193290752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6c64351bb1f4dc148069a37754b746fcd4c784cf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/id3v2: Check the return from avio_get_str()Michael Niedermayer2021-09-091-1/+4
| | | | | | | | | | Fixes: out of array access Fixes: 29446/clusterfuzz-testcase-minimized-ffmpeg_dem_AAC_fuzzer-5096222622875648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 25f240fcb398eb499ca4b70c026a8bb9f2a32731) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wtvdec: Check len in parse_chunks() to avoid overflowMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int' Fixes: 30084/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6192261941559296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5552ceaf568915e668679f9581e07eb5507cafc4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_f: Add an additional check for the extradata sizeMichael Niedermayer2021-09-091-0/+2
| | | | | | | | | | | Fixes: OOM Fixes: 30066/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6182309126602752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c8cd4490a6ab2742e6ad1ce059b4f4957b39500) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/3dostr: Check sample_rateMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: -1268324762623155200 * 8 cannot be represented in type 'long' Fixes: 30123/clusterfuzz-testcase-minimized-ffmpeg_dem_THREEDOSTR_fuzzer-6710765123928064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7e5034f97e41d3f8112c1f8da3b5274ab99ef6f8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/4xm: Make audio_frame_count 64bitMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2099257366 * 2 cannot be represented in type 'int' Fixes: 27486/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-5112179134824448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 842c268c6436c9e90e689402be138c2e539f7059) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Use av_mul_q() to avoid integer overflowsMichael Niedermayer2021-09-091-4/+2
| | | | | | | | | | Fixes: signed integer overflow: 538976288 * 538976288 cannot be represented in type 'int' Fixes: 27473/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5758978289827840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f70e1ec0cfa8ae24b224faf522c1d6ca95a42f6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: Reorder operations to avoid overflowMichael Niedermayer2021-09-091-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 14 cannot be represented in type 'int' Fixes: 27659/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5697250168406016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b12e713b8061cc6a71ec69da946552bc593d5fa7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mvdec: Sanity check SAMPLE_WIDTHMichael Niedermayer2021-09-091-1/+4
| | | | | | | | | | | Fixes: signed integer overflow: 999999999 * 8 cannot be represented in type 'int' Fixes: 30048/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5864289917337600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ab82c105787fa81d1e35b9209f3d53e98be936a4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: Fix codecdata_length overflow checkMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int' Fixes: 28509/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-6310969680723968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3c41d0bfd6041890b394a3e6eb2f8da92b83416b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/tta: Use 64bit intermediate for indexMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 42032 * 51092 cannot be represented in type 'int' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-6679539648430080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fd61b42b4c8709a7888fa5c9cce0c19d754e39fc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/soxdec: Check channels to be positiveMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 32 * -1795162112 cannot be represented in type 'int' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SOX_fuzzer-6724151473340416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b0588b73daeb0e6a0741f39b33943c67eac71619) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wavdec: Check avio_get_str16le() for failureMichael Niedermayer2021-09-091-0/+4
| | | | | | | | | | | Fixes: out of array access Fixes: 29195/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5037853281222656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d7594ee751e621f6c7ef4d4977c4a3ce169ae0af) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flvdec: Check for EOF in amf_skip_tag()Michael Niedermayer2021-09-091-0/+3
| | | | | | | | | | Fixes: Timeout Fixes: 29070/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5650106766458880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9725d07a1770fbfafe5f7b3f7d95a2a513308538) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aiffdec: Check size before subtraction in get_aiff_header()Michael Niedermayer2021-09-091-0/+2
| | | | | | | | | | Fixes: Infinite loop Fixes: 27235/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5761398380167168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8af299acde9601e64740b75430960503615873b4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/electronicarts: More chunk_size checksMichael Niedermayer2021-09-091-0/+6
| | | | | | | | | | Fixes: Timeout Fixes: 26909/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6489496553783296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d03f0ec9a1ce9903ae533059d30758bede238e40) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/tedcaptionsdec: Check for overflow in parse_int()Michael Niedermayer2021-09-091-0/+2
| | | | | | | | | | Fixes: signed integer overflow: 1111111111111111111 * 10 cannot be represented in type 'long' Fixes: 26892/clusterfuzz-testcase-minimized-ffmpeg_dem_TEDCAPTIONS_fuzzer-5756045055754240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b0f8586ca9853ab3d324ccd3c42bad4375000b0a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nuv: Check channelsMichael Niedermayer2021-09-091-0/+4
| | | | | | | | | | Fixes: signed integer overflow: -3468545475927866368 * 4 cannot be represented in type 'long' Fixes: 28879/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-6303367307591680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fc45d924d7ff6be80e90870540ba35efc290e428) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpc8: Check size before implicitly converting to intMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | | Fixes: Timeout Fixes: 28551/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6229183210586112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 78d6d8ddb571ecca54616517defbf894a45ea9c3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nutdec: Fix integer overflow in count computationMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | | | | Note, the value is checked a few lines later already Fixes: signed integer overflow: -440402016 - 1879048064 cannot be represented in type 'int' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6603876618469376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0014249fd92132515b3ff0ce034dd65e745cb400) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mvi: Use 64bit for testing dimensionsMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-6649291124899840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 48fb752767086a48e599f9e86d87096f66cc7590) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Check dts in update_initial_timestamps() moreMichael Niedermayer2021-09-091-0/+1
| | | | | | | | | | Fixes: signed integer overflow: -9223372036853488158 - 90000000 cannot be represented in type 'long long' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MPSUB_fuzzer-6696625298866176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 29851cb840c176d514573914799ca6c95f3f4e8e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flvdec: Check for avio_read() failure in amf_get_string()Michael Niedermayer2021-09-091-1/+6
| | | | | | | Suggested-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cb316676112c01e8d66420908b6b3d06b3b498e3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flvdec: Check for nesting depth in amf_skip_tag()Michael Niedermayer2021-09-091-3/+6
| | | | | | | | | | Fixes: out of array access Fixes: 29440/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5985279812960256.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2ef522c918d48b9f101548b2cadce02003cb3510) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flvdec: Check for nesting depth in amf_parse_object()Michael Niedermayer2021-09-091-0/+5
| | | | | | | | | | Fixes: out of array access Fixes: 29202/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5112845840809984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 074e204b42acdacc0a055671481e00914524af93) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_o: Check for EOF in asf_read_marker()Michael Niedermayer2021-09-091-0/+3
| | | | | | | | | | Fixes: Timeout Fixes: 26460/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5710884393189376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9e3d09f435f83f9653056b2fecc4d03ac45f3ffd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Check dts - (1<<pts_wrap_bits) overflowMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -9223372036842389247 - 2147483648 cannot be represented in type 'long long' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-4845007531671552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d82ee907d6caafbc1212c4b63ecac2dcd30f23b0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/bfi: Check chunk_headerMichael Niedermayer2021-09-091-0/+3
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 3 cannot be represented in type 'int' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6665764123836416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 638a151a877c27a46c15643db26c9ba726feecde) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/ads: Check sizeMichael Niedermayer2021-09-091-2/+3
| | | | | | | | | | Fixes: signed integer overflow: -2147483616 - 64 cannot be represented in type 'int' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_ADS_fuzzer-6617769344892928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c78b2b138ce222de2f4cecac8fd4361f05ee9428) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/iff: Check block align also for ID_MAUDMichael Niedermayer2021-09-091-1/+1
| | | | | | | | | | | Fixes: Timeout & OOM Fixes: 28701/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5185094964871168 Fixes: 29116/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4874284795297792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b17ffe8f8f30ba03901bcf7caa6c523e874e8fde) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-17 03:22:04 +0000