aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
Commit message (Collapse)AuthorAgeFilesLines
* avformat/xmv: Discard remainder of packet on errorMichael Niedermayer2015-12-061-1/+4
| | | | | | | | | | | Fixes infinite loop Fixes: 9c48ae2680c5f23bca3d20ff0f325fd8/asan_generic_4c254d_1374_993f1e5967dd6f844b8d72f978ce2a6c.pss Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 79c4a338e4b2bf0bc6f81c9f455994f673a92f78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/xmv: factor return check out of if/elseMichael Niedermayer2015-12-061-5/+3
| | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9b6fac11da470274d4b93d46ef66527aa1824179) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/httpauth: Add space after commas in HTTP/RTSP auth headerAndrey Utkin2015-12-061-9/+9
| | | | | | | | | | | | | | | This fixes access to Grandstream cameras, which return 401 to ffmpeg otherwise. VLC sends Authorization: header with spaces between parameters, and it is known to work with Grandstream devices and broad range of other HTTP and RTSP servers, so author considers switching to such behaviour safe. Just for record - RFC 2617 (HTTP Auth) does not specify the need in spaces, so this is not a bug of FFmpeg. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fdb32838723effb4560a345013387ea37b85ff20) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream.Simon Thelen2015-12-061-0/+6
| | | | | | | | | | | Not requiring this can end up producing hilariously broken files together with -c:s copy (e.g. a webvtt file containing binary subtitle data). Signed-off-by: Simon Thelen <ffmpeg-dev@c-14.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b84232694ef0c6897e82b52326c9ea4027c69ec4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Fix integer overflow in FFABSMichael Niedermayer2015-12-061-1/+1
| | | | | | | | | | Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 053e80f6eaf8d87521fe58ea96886b6ee0bbe59d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dump: Fix integer overflow in aspect ratio calculationMichael Niedermayer2015-12-061-2/+2
| | | | | | | | | | Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d1bdaf3fb2c45020f72a378bb64eab1bf136581c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* jvdec: avoid unsigned overflow in comparisonAndreas Cadhalpun2015-11-261-1/+1
| | | | | | | | | | | The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size is 3, the right side overflows leading to a wrong result of the comparison and subsequently a heap buffer overflow. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit db374790c75fa4ef947abcb5019fcf21d0b2de85) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* riffdec: prevent negative bit rateAndreas Cadhalpun2015-11-261-0/+8
| | | | | | | Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 189420cb561929e05f5cc4224cdca83740a24a32) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* Merge commit 'd80811c94e068085aab797f9ba35790529126f85'Michael Niedermayer2015-11-2612-14/+15
| | | | | | | | | | | | | | | | | | | | | * commit 'd80811c94e068085aab797f9ba35790529126f85': riff: Use the correct logging context Conflicts: libavformat/asfdec_o.c libavformat/avidec.c libavformat/dxa.c libavformat/matroskadec.c libavformat/mov.c libavformat/riff.h libavformat/riffdec.c libavformat/wavdec.c libavformat/wtvdec.c libavformat/xwma.c Merged-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ba77fb61f741d9ab3bd12935527556055b2ffb2e) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* nutdec: check maxpos in read_sm_data before returning successAndreas Cadhalpun2015-11-261-0/+3
| | | | | | | | | | Otherwise sm_size can be larger than size, which results in a negative packet size. Reviewed-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 6b9fdf7f4f07926557048070cc2af3cfd0e3fe50) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* avidec: check for valid bit_rate rangeAndreas Cadhalpun2015-11-261-1/+5
| | | | | | | | | | | | If bit_rate is negative, it can trigger an av_assert2 in av_rescale_rnd. Since av_rescale returns int64_t, but st->codec_bit_rate is int, it can also overflow into a negative value. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0eec40b713eee84e2aec8af35ccce059817cad2a) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* avformat/oggenc: Check segments_count for headers tooMichael Niedermayer2015-10-091-4/+7
| | | | | | | | Fixes infinite loop and segfault in ogg_buffer_data() Fixes Ticket4806 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 81a8701eb52d2b6469ae16ef442ce425388141b7)
* avformat/avidec: Workaround broken initial frameMichael Niedermayer2015-10-091-1/+2
| | | | | | | Fixes Ticket4851 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3e2ef00394b8079e93835d47c993868229f07502)
* lavf/img2dec: Fix memory leakPrzemysław Sobala2015-10-091-9/+23
| | | | | | | Fixes #4886 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 01dd7e025c246d9001f1a30f4a5d8fa2936d1a5e)
* avformat/hevc: Check num_long_term_ref_pics_sps to avoid potentially long loopsMichael Niedermayer2015-08-241-0/+2
| | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ee155c18a2c50b339ba5f6f223fbb6dc343fd471) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/hevc: Fix parsing errorsArthur Grant2015-08-241-2/+4
| | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 781efd07415cdf6f676cca5b22147e5d6be0a4c4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mux: Update sidedata in ff_write_chained()Michael Niedermayer2015-08-201-0/+2
| | | | | | | | | Fixes Ticket4777 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit db91e0edb63afc682ae709f73e3732a4c832944d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* rawdec: fix mjpeg probing buffer size checkwm42015-08-201-1/+1
| | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4c6beaed9210f01290e5a5a4e377f93f145172cc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* rawdec: fix mjpeg probingwm42015-08-201-1/+1
| | | | | | | | | | | There can be other headers than "Content-Type:" (in this case, a "Content-Length:" header was following), so checking for a trailing newline is wrong. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bf51fcd304d5594a4d8eed2bedf0ef0f68fa65f8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Fix deallocation when MOVStreamContext failed to allocateMichael Niedermayer2015-08-201-0/+3
| | | | | | | | | | Fixes: 260813283176b57b3c9974fe284eebc3_signal_sigsegv_7ffff713351a_991_xtrem_e2_m64q15_a32sxx.3gp with memlimit of 262144 Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 15629129dde771446a005282ee33c4ea1199e696) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* oggparsedirac: check return value of init_get_bitsChris Watkins2015-08-201-3/+8
| | | | | | | | | | If init_get_bits fails the GetBitContext is invalid and must not be used. Check the return value in dirac_header and propogate the error. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4f5c2e651a95b950f6a3fb36f2342cbc32515f17) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* matroskadec: check audio sample rateAndreas Cadhalpun2015-08-201-0/+8
| | | | | | | | | | | | And default to 8000 if it is invalid. An invalid sample rate can trigger av_assert2 in av_rescale_rnd. Reviewed-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 5b76c82fd7a5f4f36bb901b8c43d7f7319599599) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* matroskadec: validate audio channels and bitdepthAndreas Cadhalpun2015-08-201-0/+12
| | | | | | | | | | | | In the TTA extradata re-construction the values are written with avio_wl16 and if they don't fit into uint16_t, this triggers an av_assert2 in avio_w8. Reviewed-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 92e79a2f7bf2f8bb0cb2d1a3e4d76737557071c4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avio: fix potential crashes when combining ffio_ensure_seekback + crcwm42015-08-201-0/+3
| | | | | | | | | | | | | | | Calling ffio_ensure_seekback() if ffio_init_checksum() has been called on the same context can lead to out of bounds memory accesses and crashes. The reason is that ffio_ensure_seekback() does not update checksum_ptr after reallocating the buffer, resulting in a dangling pointer. This effectively fixes potential crashes when opening mp3 files. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit dc87758775e2ce8be84e4fe598e12416e83d2845) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* mov: abort on EOF in ff_mov_read_chanAndreas Cadhalpun2015-08-201-0/+5
| | | | | | | | | Otherwise the loop can take a lot of time if num_descr is very large. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit a5718863da99b54b6c853d45c84871c4a96a57c0) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat: Fix bug in parse_rps for HEVC.Deliang Fu2015-08-201-1/+1
| | | | | | | | | Make the logic in libavformat/hevc.c parse_rps align with libavcodec/hevc_ps.c ff_hevc_decode_short_term_rps Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6e1f8780c833ef55815111d4771b95ff78567cdb) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/ffmdec: Check ffio_set_buf_size() return valueMichael Niedermayer2015-08-201-1/+3
| | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit dc55477a64cefebf8dcc611f026be71382814ae2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* Revert "avformat/rtpenc: check av_packet_get_side_data() return, fix null ↵Michael Niedermayer2015-08-201-4/+0
| | | | | | | | | | | | ptr dereference" This was simply wrong Found-by: Martin Storsjö This reverts commit 5d8e4f6da03c0342157e6ac7fab1a8ac3a87a8b0. (cherry picked from commit 3e34b7498f14c04baadde1700a6f73a7e9e86fa6) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/mxfenc: Accept MXF D-10 with 49.999840 Mbit/secMichael Niedermayer2015-08-201-3/+4
| | | | | | | | | | This is the maximum rate possible based on the frame size limit of MXF D-10 Previous version reviewed by tim nicholson <nichot20@yahoo.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d7a762553c6f6c422adb6632354bcc4ff577b701) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/swfdec: Do not error out on pixel format changesMichael Niedermayer2015-07-081-4/+2
| | | | | | | | | Instead print an error and continue Fixes Ticket4702 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6a1204a1a46674084b1e6b92562f81aaab7aac69)
* avformat/mov: Mark avio context of decompressed atoms as seekableMichael Niedermayer2015-06-191-0/+1
| | | | | | | Fixes Ticket4329 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8ce564ea280b61d21eebf8a2fd741f792ce81638)
* avformat/matroskadec: Use tracks[k]->stream instead of s->streams[k]Michael Niedermayer2015-06-011-2/+2
| | | | | | | | | The later is not correct Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5d309d309108684f742bbf5fc2393f1c519cda72) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* matroskadec: check s->streams[k] before using itAndreas Cadhalpun2015-06-011-1/+1
| | | | | | | | | | This fixes a segmentation fault. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e54540655f229d06667dc7fa7005f2a20e101e80) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* matroskadec: use uint64_t instead of int for index_scaleAndreas Cadhalpun2015-06-011-1/+1
| | | | | | | | | | | | | | index_scale is set to matroska->time_scale of type uint64_t. When index_scale is int, the assignment can overflow and e.g. result in index_scale = 0. This causes a floating point exception due to the division by index_scale. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit eb9fb508b0e09d85d234fe694333b2005e1d7a7e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* nutdec: fix illegal count check in decode_main_headerAndreas Cadhalpun2015-06-011-1/+1
| | | | | | | | | | | | | | | The existing check has two problems: 1) i + count can overflow, so that the check '< 256' returns true. 2) In the (i == 'N') case occurs a j-- so that the loop runs once more. This can trigger the assertion 'nut->header_len[0] == 0' or cause segmentation faults or infinite hangs. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7c24ca1bda2d4df1dc9b2b982941be532d60da21) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* nutdec: check for negative frame rate in decode_info_headerAndreas Cadhalpun2015-06-011-1/+2
| | | | | | | | | | A negative frame rate triggers an av_assert2 in av_rescale_rnd. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6621105877ce0d65724a8ab60b3a50160adbe65d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/mov: Fix parsing short lociMichael Niedermayer2015-06-011-1/+1
| | | | | | | | | Fixes Ticket4557 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 50393bce31a5618f5125aaaf97bb69886fc4261d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/mov: Print reason of loci parsing failureMichael Niedermayer2015-06-011-3/+9
| | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9e4f0cfc8ff4ab635ea12bdbd8d85d8bb1ba25f9) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/hevc: Check num_negative_pics and num_positive_picsMichael Niedermayer2015-06-011-0/+3
| | | | | | | | | Fixes CID1238994 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b62b3292d8e25d3240e462c1b1cd8ac69195c46b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/hevc: Check cpb_cnt_minus1Michael Niedermayer2015-06-011-2/+7
| | | | | | | | | Fixes CID1239014 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2cddc0b19a20dd061dbf199bf88005b37c540d2f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/matroskadec: Cleanup error handling for bz2 & zlibMichael Niedermayer2015-06-011-8/+4
| | | | | | | | | Fixes CID703652 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 171af59d58fc67d82dce8ff7ed11fa671108baa5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/nutdec: Fix use of uinitialized valueMichael Niedermayer2015-06-011-0/+2
| | | | | | | | | Fixes CID1041175 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 56abf35151c635caa3eb04bbb90454bae5463a09) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/rtpenc_jpeg: Check remaining buffer size for SOSMichael Niedermayer2015-06-011-0/+5
| | | | | | | | | Fixes CID1238818 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 81198a68370e88f7d02f16de58db36713c2a50b6) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/rtpdec_xiph: Check upper bound on len in xiph_handle_packet()Michael Niedermayer2015-06-011-1/+1
| | | | | | | | | Larger packets are not supported and would cause problems later Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit aa5169935e160551fb1c290d1397da2f04325817) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/matroskaenc: Check ff_vorbiscomment_length in put_flac_codecpriv()Michael Niedermayer2015-06-011-1/+4
| | | | | | | | | Its currently guaranteed to be smaller but its safer to check anyway Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 66f26b3e8ec075298e7ba329a55893d085bafe96) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/oggenc: Check ff_vorbiscomment_length in ogg_write_vorbiscomment()Michael Niedermayer2015-06-011-2/+4
| | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0db5b2b9f8a96298eeba7988d43c4eb44220fab3) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/flacenc: Check length in flac_write_block_comment()Michael Niedermayer2015-06-011-1/+3
| | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 40a7700b82aec0036622f8673ce64e070a520891) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/subtitles: Use size_t for lenMichael Niedermayer2015-06-012-3/+3
| | | | | | | | | | string length could theoretically be larger than int Reviewed-by: Clément Bœsch <u@pkh.me> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a633928d47057426a9c328da594407d1c7da8a5c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/url: Use size_t for len from strlen()Michael Niedermayer2015-06-011-1/+1
| | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 95efc651294b3cf3e5ec4b3ed36e79d7261545ff) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/vorbiscomment: Check entry length in ff_vorbiscomment_write()Michael Niedermayer2015-06-011-2/+4
| | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit eca38864a6ce5053e463b8d3fc22b22bc9a49578) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 11:52:24 +0000