aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
Commit message (Collapse)AuthorAgeFilesLines
* aformat/movenc: add missing padding to output track extradataJames Almer2019-09-271-5/+10
| | | | | | | | Fixes ticket #8183. Tested-by: Thierry Foucu <tfoucu@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145)
* lavf/rawenc: Only accept the appropriate stream type for raw muxers.Carl Eugen Hoyos2019-09-061-0/+12
| | | | | | | | This does not affect the rawvideo muxer. Fixes ticket #7979. (cherry picked from commit aef24efb0c1e65097ab77a4bf9264189bdf3ace3)
* avformat/aacdec: resync to the next adts frame on invalid data instead of ↵James Almer2019-07-211-3/+3
| | | | | | | | | aborting Should fix ticket #6634 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 881e1f5a6227a6fbaf67083d4d4b6caf58ff9892)
* avformat/aacdec: factorize the adts frame resync codeJames Almer2019-07-211-12/+25
| | | | | Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit a38eab8b7501440f872ff1af8a0c5482b7b3e532)
* avformat/utils: Check timebase before use in estimate_timings()Michael Niedermayer2019-07-081-0/+1
| | | | | | | | | | Fixes: division by 0 Fixes: 15480/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5746727434321920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f57e97dfd9539bc3f4f97a76ebc001f0b055cb88) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aviobuf: Delay buffer downsizing until asserts are metMichael Niedermayer2019-06-301-2/+1
| | | | | | | | | | | Fixes: Assertion failure Fixes: 15151/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5757079496687616 Fixes: 15205/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5767573242642432 May fix: Ticket7094 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0334632d5c02720f1829d59cd20c009584b5b163) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/vqf: Check header_sizeMichael Niedermayer2019-06-291-1/+4
| | | | | | | | | | Fixes: 15271/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5735262606327808 Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7c30ff38880570377168096417f714b21102b343) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Set fragment.found_tfhd only after TFHD has been parsedMichael Niedermayer2019-06-271-2/+1
| | | | | | | | | | | Fixes: Assertion failure Fixes: crbug971646.mp4 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 696312c487d9d8c49a087017a829d1cdcbd68651) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/icodec: Free ico->images on error pathsMichael Niedermayer2019-06-271-2/+8
| | | | | | | | | | Fixes: 15116/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5715173567889408 Fixes: memleak Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 54918b51161610a364de697b80acb9583eecf41b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wsddec: Fix undefined shiftMichael Niedermayer2019-06-271-1/+1
| | | | | | | | | | Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 15123/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5738039235575808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 112eb17a2bbf6d02f81fdf0743b353a6b010aedc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wtvdec: Avoid (32bit signed) sectorsMichael Niedermayer2019-06-271-2/+3
| | | | | | | | | | | Fixes: left shift of negative value -14614752 Fixes: 15174/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5670543606415360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dd357d76e5faf3ce6fc46ffb924cf30f1cb54af9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sbgdec: Fixes integer overflow in str_to_time() with hoursMichael Niedermayer2019-06-271-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 904444 * 3600 cannot be represented in type 'int' Fixes: 15113/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5764083346833408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2a0f23b9d647ad84e0351b43ca4b552add00c8dc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/vpk: Check offset for validityMichael Niedermayer2019-06-271-0/+3
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa003019ab9ec5ef7e7b3ff9d6262d3472b427eb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/vpk: Fix integer overflow in samples_per_block computationMichael Niedermayer2019-06-271-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 84026453 * 28 cannot be represented in type 'int' Fixes: 15111/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5675630072430592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c6c4129b4cc3b9e0b3a527a5a15c904ec6ae3b6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mp3enc: Avoid SEEK_END as it is unsupportedMichael Niedermayer2019-06-271-1/+2
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bf3ee6a13053d37a0c5022a324624e89f0bce8c5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/webm_chunk: Specify expected argument length of get_chunk_filename()Michael Niedermayer2019-06-271-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1a74b04737f08e2e11a02ada280407889f6cadb1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/webm_chunk: Check header filename lengthMichael Niedermayer2019-06-271-1/+6
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3b5b977c9f96e2c3803317ad75253801bc571791) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/webm_chunk: Respect buffer sizeAndreas Rheinhardt2019-06-271-1/+1
| | | | | | | | | | | The last argument of av_strlcpy is supposed to contain the size of the destination buffer, but it was filled with the size of the source string, effectively negating its very purpose. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 73ef1f47f59333328264a968c8fbbcfb0bf0643f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Skip stsd adjustment without chunksMichael Niedermayer2019-06-271-0/+2
| | | | | | | | | | | Fixes: Assertion failure Fixes: clusterfuzz-testcase-minimized-media_pipeline_integration_fuzzer-5683096400822272 Found-by: Clusterfuzz Reported-by: Dan Sanders <sandersd@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 18a567c369d74af5ef651b07c4c5615f5598616b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aadec: Check for scanf() failureMichael Niedermayer2019-06-271-1/+6
| | | | | | | | | | Fixes: use of uninitialized variables Fixes: blank.aa Found-by: Chamal De Silva <chamal.desilva@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ed188f6dcdf0935c939ed813cf8745d50742014b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aacdec: fix demuxing of small framesJames Almer2019-05-061-13/+21
| | | | | | | | | | | 10 bytes (id3v2 header amount of bytes) were being read before any checks were made on the bitstream. The result was that we were overreading into the next frame if the current one was 8 or 9 bytes long. Fixes tickets #7271 and #7869. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit d88193c2196cf5342424aaa7a44b046c71c2527a)
* avformat/matroskaenc: fix leak on errorTristan Matthews2019-04-091-1/+3
| | | | | Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 1ec777dcdd03b43d3d694c3b4532dccea0b419f0)
* avformat/av1: Initialize padding in ff_isom_write_av1cJeremy Dorfman2019-04-091-0/+1
| | | | | | | | | Otherwise, AV1 encodes with FFmpeg trigger use-of-uninitialized-value warnings under MemorySanitizer, and the output buffer potentially changes from run to run. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit bb5efd1727eeecc9be8f1402810c7ab72344eed3)
* avformat/movenc: free eac3 private data only when closing the streamJames Almer2019-03-311-6/+6
| | | | | | | | | | This makes sure the data is available when writing the moov atom during the second pass triggered by the faststart movflag. Fixes ticket #7780 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 27c94c57dc84da8125225fda7d241be57d19b391)
* avformat/mov: Fix potential integer overflow in entry check in mov_read_trun()Michael Niedermayer2019-03-311-1/+1
| | | | | | | | No testcase Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ff13a92a6f8413402f5b3cacedda7c10d350b487) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/gdv: Check fpsMichael Niedermayer2019-03-141-0/+3
| | | | | | | | | | Fixes: Division by 0 Fixes: ffmpeg_zero_division.bin Found-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38381400fca45d1ae6e7604335b507b7dc70a903) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/webmdashenc: Check id in adaption_setsMichael Niedermayer2019-03-141-0/+6
| | | | | | | | | Fixes: out of array access Found-by: Wenxiang Qian Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b687b549aa0fb115861b1343208de8c2630803bf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/http: Fix Out-of-Bounds access in process_line()Wenxiang Qian2019-03-141-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 85f91ed760a517c0d5fcf692d40a5a9d7efa9476) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393Wenxiang Qian2019-03-141-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a142ffdcaec06fcbf7d4b00dbb0e5ddfb9e3344d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/matroskadec: Do not leak queued packets on sync errorsMichael Niedermayer2019-03-141-1/+1
| | | | | | | | | | | Fixes: memleak Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5649187601121280 Reported-by: Chris Cunningham <chcunningham@google.com> Tested-by: Chris Cunningham <chcunningham@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d1afa7284c3feba4debfebf1b9cf8ad67640e34a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Do not use reference stream in mov_read_sidx() if there is no ↵Michael Niedermayer2019-03-141-1/+1
| | | | | | | | | | | | reference stream Fixes: NULL pointer dereference Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5634316373721088 Reported-by: Chris Cunningham <chcunningham@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b0d8b7cb8e86367178ef0c35dcae359d820c3b27) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: fix hang while seek on a kind of fragmented mp4Charles Liu2019-02-111-9/+12
| | | | | | | | | | | | | | | | | | | | Binary searching would hang if the fragment items do NOT have timestamp for the specified stream. For example, a fmp4 consists of separated 'moof' boxes for each track, and separated 'sidx' for each segment, but no 'mfra' box. Then every fragment item only have the timestamp for one of its tracks. Example: ffmpeg -f lavfi -i testsrc -f lavfi -i sine -movflags dash+frag_keyframe+skip_trailer+separate_moof -t 1 out.mp4 ffmpeg -ss 0.5 -i out.mp4 -f null none Also fixes the hang in ticket #7572, but not the reason for having AV_NOPTS_VALUE timestamps there. Signed-off-by: Charles Liu <liuchh83@gmail.com> Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit aa25198f1b925a464bdfa83a98476f08d26c9209)
* avformat/async: fix assertion condition when draining bufferMarton Balint2019-02-111-1/+1
| | | | | | | | | Fixes some random assertion failures with ffprobe -show_packets async:samples/ffmpeg-bugs/trac/ticket6132/Samsung_HDR_-_Chasing_the_Light.ts > /dev/null Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 4b46d1ee463f6bb2d2be967d418d275a44fe2a9c)
* avformat/mov: validate chunk_count vs stsc_datachcunningham2019-02-081-2/+12
| | | | | | | | | | | | Bad content may contain stsc boxes with a first_chunk index that exceeds stco.entries (chunk_count). This ammends the existing check to include cases where chunk_count == 0. It also patches up the case when stsc refers to unknown chunks, but stts has no samples (so we can simply ignore stsc). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1c15449ca9a5bfa387868ac55628397273da761f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov.c: require tfhd to begin parsing trunchcunningham2019-02-082-0/+11
| | | | | | | | | | | | Detecting missing tfhd avoids re-using tfhd track info from the previous moof. For files with multiple tracks, this may make a mess of the avindex and fragindex, which can later trigger av_assert0 in mov_read_trun(). Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3ea87e5d9ea075d5b3c0f4f8c6c48e514b454cbe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rtsp: Check number of streams in sdp_parse_line()Michael Niedermayer2019-01-311-1/+4
| | | | | | | | | | Fixes: OOM Found-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 497c9b0cce559d43607bbbd679fe42f1d7e9040e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()Michael Niedermayer2019-01-311-1/+2
| | | | | | | | | | Fixes: Infinite loop Found-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0b50f27635f684ec0526e9975c9979f35bbf486b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/libopenmpt: Fix successfull typoMichael Niedermayer2019-01-211-1/+1
| | | | | | | Reviewed-by: Lou Logan <lou@lrcd.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 571af98a5959d72c65a6753eb8e82cde407f4cd0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wvdec: detect and error out on WavPack DSD filesDavid Bryant2019-01-211-0/+6
| | | | | | | Not currently supported. (cherry picked from commit db109373d87b1fa5fe9f3d027d1bb752f725b74a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavformat/mov: Fix NULL-dereference read for some encrypted content.Jacob Trimble2019-01-211-3/+3
| | | | | | | | | | | | | | When reading frames, we need to use the fragment for the correct stream. Sometimes the "current" fragment is not the same as the one the frame is for. Found by Chromium's ClusterFuzz: https://crbug.com/906392 and https://crbug.com/915524 Signed-off-by: Jacob Trimble <modmaker@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 555f332e7adbd492ca74fa7329c492819b52e2ed) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpegts: Fix side data type for stream idMichael Niedermayer2019-01-211-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ab1319d82f0c77308792fa2d88cbfc73c3e47cb7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/id3v2: fail read_apic on EOF reading mimetypechcunningham2019-01-211-2/+4
| | | | | | | | | | avio_read may return EOF, leaving the mimetype array unitialized. fail early when this occurs to avoid using the array in an unitialized state. Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nutenc: Document trailer index assert betterMichael Niedermayer2019-01-211-1/+1
| | | | | | | Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3a95b73abc868995b08ca2b4d8bbf2cda43184f8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/mov: ensure only one tkhd per trakchcunningham2019-01-211-1/+11
| | | | | | | | | | | | Chromium fuzzing produced a whacky file with extra tkhds. This caused an AVStream that was already in use to be corrupted by assigning it a new id, which blows up later in mov_read_trun because the MOVFragmentStreamInfo.index_entry now points OOB. Reviewed-by: Baptiste Coudurier <baptiste.coudurier@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c9f7b6f7a9fdffa0ab8f3aa84a1f701cf5b3a6e9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: get number of written bytes from bitstream writerPaul B Mahol2018-11-261-1/+1
| | | | | | Update fate test. (cherry picked from commit 97d1ee437bbf67d7e3897bc73df4f7d9771ac309)
* avformat/movenc: fix size calculation in mov_write_eac3_tag()Paul B Mahol2018-11-261-1/+1
| | | | | | Otherwise it would assert when flushing bits. (cherry picked from commit 027f032bbce9bdf7bbec40665b98590cade33416)
* avformat/ivfenc: use the av1_metadata bsf to insert Temporal Delimiter OBUs ↵James Almer2018-11-041-0/+2
| | | | | | | | if needed Reviewed-by: Mark Thompson <sw@jkqxz.net> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 2d2af23349cae0d84c8ed51c249bfc1e6f2e28a2)
* avformat/ftp: allow nonstandard 202 reply to OPTS UTF8Marton Balint2018-11-041-2/+3
| | | | | | | Fixes ticket #7481. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 8e5a2495a8dad262e0a00fbca09b7779b4ebf0bf)
* Bump minor versions for branching 4.1Michael Niedermayer2018-11-021-2/+2
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/ftp: return AVERROR_EOF for EOFMarton Balint2018-11-011-2/+2
| | | | | | Without this FTP just hangs on eof... Signed-off-by: Marton Balint <cus@passwd.hu>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 07:31:43 +0000