aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
Commit message (Collapse)AuthorAgeFilesLines
* avformat/utils: Check timebase before use in estimate_timings()Michael Niedermayer2019-11-141-0/+1
| | | | | | | | | | Fixes: division by 0 Fixes: 15480/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5746727434321920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f57e97dfd9539bc3f4f97a76ebc001f0b055cb88) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aviobuf: Delay buffer downsizing until asserts are metMichael Niedermayer2019-11-141-2/+1
| | | | | | | | | | | Fixes: Assertion failure Fixes: 15151/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5757079496687616 Fixes: 15205/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5767573242642432 May fix: Ticket7094 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0334632d5c02720f1829d59cd20c009584b5b163) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/vqf: Check header_sizeMichael Niedermayer2019-11-141-1/+4
| | | | | | | | | | Fixes: 15271/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5735262606327808 Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7c30ff38880570377168096417f714b21102b343) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Set fragment.found_tfhd only after TFHD has been parsedMichael Niedermayer2019-11-141-2/+1
| | | | | | | | | | | Fixes: Assertion failure Fixes: crbug971646.mp4 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 696312c487d9d8c49a087017a829d1cdcbd68651) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/icodec: Free ico->images on error pathsMichael Niedermayer2019-11-141-2/+8
| | | | | | | | | | Fixes: 15116/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5715173567889408 Fixes: memleak Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 54918b51161610a364de697b80acb9583eecf41b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wsddec: Fix undefined shiftMichael Niedermayer2019-11-141-1/+1
| | | | | | | | | | Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 15123/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5738039235575808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 112eb17a2bbf6d02f81fdf0743b353a6b010aedc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wtvdec: Avoid (32bit signed) sectorsMichael Niedermayer2019-11-141-2/+3
| | | | | | | | | | | Fixes: left shift of negative value -14614752 Fixes: 15174/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5670543606415360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dd357d76e5faf3ce6fc46ffb924cf30f1cb54af9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sbgdec: Fixes integer overflow in str_to_time() with hoursMichael Niedermayer2019-11-141-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 904444 * 3600 cannot be represented in type 'int' Fixes: 15113/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5764083346833408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2a0f23b9d647ad84e0351b43ca4b552add00c8dc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/vpk: Check offset for validityMichael Niedermayer2019-11-141-0/+3
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa003019ab9ec5ef7e7b3ff9d6262d3472b427eb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/vpk: Fix integer overflow in samples_per_block computationMichael Niedermayer2019-11-141-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 84026453 * 28 cannot be represented in type 'int' Fixes: 15111/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5675630072430592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c6c4129b4cc3b9e0b3a527a5a15c904ec6ae3b6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mp3enc: Avoid SEEK_END as it is unsupportedMichael Niedermayer2019-11-141-1/+2
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bf3ee6a13053d37a0c5022a324624e89f0bce8c5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/webm_chunk: Specify expected argument length of get_chunk_filename()Michael Niedermayer2019-11-141-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1a74b04737f08e2e11a02ada280407889f6cadb1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/webm_chunk: Check header filename lengthMichael Niedermayer2019-11-141-1/+6
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3b5b977c9f96e2c3803317ad75253801bc571791) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/webm_chunk: Respect buffer sizeAndreas Rheinhardt2019-11-141-1/+1
| | | | | | | | | | | The last argument of av_strlcpy is supposed to contain the size of the destination buffer, but it was filled with the size of the source string, effectively negating its very purpose. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 73ef1f47f59333328264a968c8fbbcfb0bf0643f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Skip stsd adjustment without chunksMichael Niedermayer2019-11-141-0/+2
| | | | | | | | | | | Fixes: Assertion failure Fixes: clusterfuzz-testcase-minimized-media_pipeline_integration_fuzzer-5683096400822272 Found-by: Clusterfuzz Reported-by: Dan Sanders <sandersd@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 18a567c369d74af5ef651b07c4c5615f5598616b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aadec: Check for scanf() failureMichael Niedermayer2019-11-141-1/+6
| | | | | | | | | | Fixes: use of uninitialized variables Fixes: blank.aa Found-by: Chamal De Silva <chamal.desilva@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ed188f6dcdf0935c939ed813cf8745d50742014b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/rawenc: Only accept the appropriate stream type for raw muxers.Carl Eugen Hoyos2019-09-061-0/+12
| | | | | | | | This does not affect the rawvideo muxer. Fixes ticket #7979. (cherry picked from commit aef24efb0c1e65097ab77a4bf9264189bdf3ace3)
* avformat/aacdec: resync to the next adts frame on invalid data instead of ↵James Almer2019-07-231-1/+5
| | | | | | | | | aborting Should fix ticket #6634 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 881e1f5a6227a6fbaf67083d4d4b6caf58ff9892)
* avformat/aacdec: factorize the adts frame resync codeJames Almer2019-07-231-12/+25
| | | | | Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit a38eab8b7501440f872ff1af8a0c5482b7b3e532)
* avformat/gdv: Check fpsMichael Niedermayer2019-03-241-0/+3
| | | | | | | | | | Fixes: Division by 0 Fixes: ffmpeg_zero_division.bin Found-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38381400fca45d1ae6e7604335b507b7dc70a903) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/webmdashenc: Check id in adaption_setsMichael Niedermayer2019-03-241-0/+6
| | | | | | | | | Fixes: out of array access Found-by: Wenxiang Qian Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b687b549aa0fb115861b1343208de8c2630803bf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/http: Fix Out-of-Bounds access in process_line()Wenxiang Qian2019-03-241-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 85f91ed760a517c0d5fcf692d40a5a9d7efa9476) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393Wenxiang Qian2019-03-241-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a142ffdcaec06fcbf7d4b00dbb0e5ddfb9e3344d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/matroskadec: Do not leak queued packets on sync errorsMichael Niedermayer2019-03-241-1/+1
| | | | | | | | | | | Fixes: memleak Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5649187601121280 Reported-by: Chris Cunningham <chcunningham@google.com> Tested-by: Chris Cunningham <chcunningham@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d1afa7284c3feba4debfebf1b9cf8ad67640e34a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Do not use reference stream in mov_read_sidx() if there is no ↵Michael Niedermayer2019-03-241-1/+1
| | | | | | | | | | | | reference stream Fixes: NULL pointer dereference Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5634316373721088 Reported-by: Chris Cunningham <chcunningham@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b0d8b7cb8e86367178ef0c35dcae359d820c3b27) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: validate chunk_count vs stsc_datachcunningham2019-03-241-2/+12
| | | | | | | | | | | | Bad content may contain stsc boxes with a first_chunk index that exceeds stco.entries (chunk_count). This ammends the existing check to include cases where chunk_count == 0. It also patches up the case when stsc refers to unknown chunks, but stts has no samples (so we can simply ignore stsc). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1c15449ca9a5bfa387868ac55628397273da761f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov.c: require tfhd to begin parsing trunchcunningham2019-03-242-0/+11
| | | | | | | | | | | | Detecting missing tfhd avoids re-using tfhd track info from the previous moof. For files with multiple tracks, this may make a mess of the avindex and fragindex, which can later trigger av_assert0 in mov_read_trun(). Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3ea87e5d9ea075d5b3c0f4f8c6c48e514b454cbe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rtsp: Check number of streams in sdp_parse_line()Michael Niedermayer2019-03-241-1/+4
| | | | | | | | | | Fixes: OOM Found-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 497c9b0cce559d43607bbbd679fe42f1d7e9040e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()Michael Niedermayer2019-03-241-1/+2
| | | | | | | | | | Fixes: Infinite loop Found-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0b50f27635f684ec0526e9975c9979f35bbf486b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wvdec: detect and error out on WavPack DSD filesDavid Bryant2019-03-241-0/+6
| | | | | | | Not currently supported. (cherry picked from commit db109373d87b1fa5fe9f3d027d1bb752f725b74a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpegts: Fix side data type for stream idMichael Niedermayer2019-03-241-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ab1319d82f0c77308792fa2d88cbfc73c3e47cb7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/id3v2: fail read_apic on EOF reading mimetypechcunningham2019-03-241-2/+4
| | | | | | | | | | avio_read may return EOF, leaving the mimetype array unitialized. fail early when this occurs to avoid using the array in an unitialized state. Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nutenc: Document trailer index assert betterMichael Niedermayer2019-03-241-1/+1
| | | | | | | Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3a95b73abc868995b08ca2b4d8bbf2cda43184f8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/mov: ensure only one tkhd per trakchcunningham2019-03-241-1/+6
| | | | | | | | | | | | Chromium fuzzing produced a whacky file with extra tkhds. This caused an AVStream that was already in use to be corrupted by assigning it a new id, which blows up later in mov_read_trun because the MOVFragmentStreamInfo.index_entry now points OOB. Reviewed-by: Baptiste Coudurier <baptiste.coudurier@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c9f7b6f7a9fdffa0ab8f3aa84a1f701cf5b3a6e9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Never store negative values in last_IP_durationMichael Niedermayer2018-10-281-2/+3
| | | | | | | | | | Fixes: integer overflow compute_pkt_fields() Fixes: compute_pkt_usan Reported-by: Thomas Guilbert <tguilbert@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 079d1a7175c4b881631a7e7f449c4c13b761cdeb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Fix integer overflow in discontinuity checkMichael Niedermayer2018-10-281-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 7738135736989908991 - -7954308516317364223 cannot be represented in type 'long' Fixes: find_stream_info_usan Reported-by: Thomas Guilbert <tguilbert@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4e19cfcfa3944fe4cf97bea758f72f104dcaebad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Error on too large stsd entry counts.Dale Curtis2018-10-281-1/+2
| | | | | | | | | | | | | | Entries are always at least 8 bytes per the parsing code, so if we see an impossible entry count avoid massive allocations. This is similar to an existing check in mov_read_stsc(). Since ff_mov_read_stsd_entries() does eof checks, an alternative approach could be to clamp the entry count to atom.size / 8. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 320b631a99a9f759fd1d5460fd4e285d184b8186) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nsvdec: Do not parse multiple NSVfMichael Niedermayer2018-10-281-0/+7
| | | | | | | | | | | | The specification states "NSV files may contain a single file header. " Fixes: out of array access Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421 Found-by: Paul Ch <paulcher@icloud.com> Tested-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 78d4b6bd43fc266a2ee926f0555c8782246f9445) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mlvdec: read_string() received unsigned size, make the argument ↵Michael Niedermayer2018-10-281-1/+1
| | | | | | | | | | | | | unsigned Fixes: infinite loop Fixes: mlv-timeout-e3b8cab9835edecad6823baa057e029671329d04 Found-by: Paul Ch <paulcher@icloud.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1e71cb2c8edcf3dad657c15a6fb8572862f2afb9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: Fix EOF check in the stream loop in ivr_read_header()Michael Niedermayer2018-10-281-0/+2
| | | | | | | | | | | Fixes: long running loop Fixes: ivr-timeout-42468cb797f52f025fb329394702f5d4d64322d6 Found-by: Paul Ch <paulcher@icloud.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c2eec1762d372663c35aaf3d6ee419bafb185057) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flvenc: Check audio packet sizeMichael Niedermayer2018-10-281-0/+5
| | | | | | | | | | Fixes: Assertion failure Fixes: assert_flvenc.c:941_1.swf Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: Write version 2 of audio atom if channels is not knownMichael Niedermayer2018-07-171-1/+1
| | | | | | | | | | | | | The version 1 needs the channel count and would divide by 0 Fixes: division by 0 Fixes: fpe_movenc.c_1108_1.ogg Fixes: fpe_movenc.c_1108_2.ogg Fixes: fpe_movenc.c_1108_3.wav Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: Check input sample countMichael Niedermayer2018-07-081-0/+5
| | | | | | | | | | | | | | | | Fixes: division by 0 Fixes: fpe_movenc.c_199_1.wav Fixes: fpe_movenc.c_199_2.wav Fixes: fpe_movenc.c_199_3.wav Fixes: fpe_movenc.c_199_4.wav Fixes: fpe_movenc.c_199_5.wav Fixes: fpe_movenc.c_199_6.wav Fixes: fpe_movenc.c_199_7.wav Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3a2d21bc5f97aa0161db3ae731fc2732be6108b8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: Check that frame_types other than ↵Michael Niedermayer2018-07-071-0/+5
| | | | | | | | | | | | EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id Fixes: out of array access Fixes: ffmpeg_bof_1.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ed22dc22216f74c75ee7901f82649e1ff725ba50) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mms: Add missing chunksize checkMichael Niedermayer2018-07-071-18/+26
| | | | | | | | | | | | Fixes: out of array read Fixes: mms-crash-01b6c5d85f9d9f40f4e879896103e9f5b222816a Found-by: Paul Ch <paulcher@icloud.com> 1st hunk by Paul Ch <paulcher@icloud.com> Tested-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cced03dd667a5df6df8fd40d8de0bff477ee02e8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/pva: Check for EOF before retrying in read_part_of_packet()Michael Niedermayer2018-07-071-0/+4
| | | | | | | | | | Fixes: Infinite loop Fixes: pva-4b1835dbc2027bf3c567005dcc78e85199240d06 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: Do not pass mime type in rm_read_multi() to ↵Michael Niedermayer2018-07-071-1/+1
| | | | | | | | | | | | ff_rm_read_mdpr_codecdata() Fixes: use after free() Fixes: rmdec-crash-ffe85b4cab1597d1cfea6955705e53f1f5c8a362 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a7e032a277452366771951e29fd0bf2bd5c029f0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_o: Check size_bmp more fullyMichael Niedermayer2018-07-071-1/+2
| | | | | | | | | | Fixes: integer overflow and out of array access Fixes: asfo-crash-46080c4341572a7137a162331af77f6ded45cbd7 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sampleMichael Niedermayer2018-07-071-1/+1
| | | | | | | | | | Fixes: out of array read Fixes: ffmpeg_crash_8.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 95556e27e2c1d56d9e18f5db34d6f756f3011148) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Only set pkt->duration to non negative valuesMichael Niedermayer2018-06-181-1/+3
| | | | | | | Reviewed-by: Sasi Inguva <isasi@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8176799f31b23849382623f0f9001acc5edf7c76) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 16:34:53 +0000