aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
Commit message (Collapse)AuthorAgeFilesLines
* oggparseogm: check timing variablesAnton Khirnov2014-02-011-0/+5
| | | | | | | | | Fixes a potential divide by zero. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 75647dea6f7db79b409bad66a119f5c73da730f3) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* mov: Free an earlier allocated array if allocating a new oneMartin Storsjö2014-02-011-0/+1
| | | | | | | | | | | | | It could probably also be considered an error if the pointer isn't null at this point, but then we might risk rejecting some slightly broken files that we might have handled so far. Sample-Id: 00000496-google Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 2620df13104ddaa136158eb6bb1195adbf9d7692) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* mov: Free intermediate arrays in the normal cleanup functionMartin Storsjö2014-02-011-0/+8
| | | | | | | | | | | | | | | These arrays are normally freed at the end of mov_read_trak, but make sure they're freed in case mov_read_trak returned early (due to errors) or in case the atoms that allocate arrays are encountered at some other point than within a trak (which we don't have checks against). Sample-Id: 00000496-google Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit d51f09962d5b4bc999fb70c040f330dd1873212e) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* segafilm: fix leaks if reading the header failsAnton Khirnov2014-02-011-15/+20
| | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 6892d145a0c80249bd61ee7dd31ec851c5076bcd) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* avi: DV in AVI must be considered single streamLuca Barbato2014-02-011-3/+7
| | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
* lavf: make av_probe_input_buffer more robustAnton Khirnov2014-01-131-2/+1
| | | | | | | | | | | | | | Always use the actually read size as the offset instead of making possibly invalid assumptions. Addresses: CVE-2012-6618 (cherry picked from commit 2115a3597457231a6e5c0527fe0ff8550f64b733) Conflicts: libavformat/utils.c Signed-off-by: Anton Khirnov <anton@khirnov.net>
* lavf: use a fixed width typeAnton Khirnov2014-01-131-1/+1
| | | | | | | | It's shorter and more consistent with the rest of the code. (cherry picked from commit 8b76362836f3c373c3aadc544522edcbef16dd5f) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* lavf: simplify handling of offset in av_probe_input_buffer()Anton Khirnov2014-01-131-6/+4
| | | | | | (cherry picked from commit c1868e7ee7b07b40a0fe15f50df89fe499a01a50) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* nut: Fix unchecked allocationsDerek Buitenhuis2014-01-064-4/+16
| | | | | | | CC: libav-stable@libav.org (cherry picked from commit b1fcdc08ceb5df69fac34aa0d57c56905d32b8b4) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
* avi: directly resync on DV in AVI read failureLuca Barbato2014-01-051-0/+2
| | | | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit ceec6e792e4b5baaa23b220f4fd33417631f5288) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* mov: Don't allocate arrays with av_malloc that will be reallocedMartin Storsjö2014-01-051-1/+1
| | | | | | | CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit b698542ad83284fbb8c22404e3cafeb2dd739d38) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* avi: properly fail if the dv demuxer is missingLuca Barbato2014-01-051-1/+2
| | | | | | CC: libav-stable@libav.org (cherry picked from commit 1cac9accbd1f9b8596122d0735e37b97a844c514) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* matroskadec: pad EBML_BIN data.Anton Khirnov2014-01-051-1/+3
| | | | | | | | | | | It might be passed to code requiring padding, such as lzo decompression. Fixes invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 30be1ea33e5525266ad871bed60b1893a53caeaf) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* avidec: fix a memleak in the dv init code.Anton Khirnov2014-01-051-0/+1
| | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit ce9bba5340a5fb6f38974a19af019dd6aa2da035) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* omadec: Fix wrong number of array elementsMichael Niedermayer2014-01-051-1/+1
| | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: David Goldwich <david.goldwich@gmail.com> CC:libav-stable@libav.org Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 97f50e92b5cf3b47a76f75d76ed4340e822030db) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* omadec: check GEOB sizes against buffer sizeMichael Niedermayer2014-01-051-0/+5
| | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: David Goldwich <david.goldwich@gmail.com> CC:libav-stable@libav.org Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 1c736bedd9891501960ebac0f7c05eb60225e947) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* avio: Use AVERROR_PROTOCOL_NOT_FOUNDLuca Barbato2014-01-051-1/+1
| | | | | | | | | | When the protocol is missing ffurl_alloc() should return AVERROR_PROTOCOL_NOT_FOUND instead of AVERROR(ENOENT). Bug-Id: 577 CC: libav-stable@libav.org (cherry picked from commit ea71aafd6881d7ce5cffec56feb45488e3ac5221) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* pmpdec: check that there is at least one audio packet.Anton Khirnov2014-01-051-0/+5
| | | | | | | | | | The code cannot handle there being none, but that should not happen for valid files. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 1b5d065ca722eb8028c7a08e054b6da3419faf5d) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* sdp: Check that fmt->oformat is non-null before accessing itMartin Storsjö2014-01-051-1/+1
| | | | | | | | | | | | This avoids crashes when avserver tries to create an SDP, since d77f4af. Addresses: CVE-2012-6617 CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 82b9799bb211ecd117171115e4a8b832c4942314) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* matroskadec: use correct compression parameters for current track CodecPrivateAurelien Jacobs2014-01-051-1/+1
| | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 8b516f154a0a08655cec2d13d12aadc58cae0b1c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* r3d: Add more input value validationMartin Storsjö2013-10-041-1/+5
| | | | | | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> Conflicts: libavformat/r3d.c
* rmdec: Validate the fps valueMartin Storsjö2013-10-041-2/+7
| | | | | | | | | | | | | Abort if it is invalid if strict error checking has been requested. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 0f310a6f333b016d336674d086045e8473fdf918) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> Conflicts: libavformat/rmdec.c
* asfdec: Check the return value of asf_read_stream_propertiesMartin Storsjö2013-10-041-1/+3
| | | | | | | | | | | | This makes sure errors in setting stream parameters are passed on to the caller. This avoids successfully opening files while some parameters aren't filled in properly. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit cc41167aede4c101ad17eeffa8f39bb6c23d3dad) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* mxfdec: set audio timebase to 1/samplerateAnton Khirnov2013-10-041-1/+9
| | | | | | | | | | Fixes sync in some samples (e.g. bugs 7581 and 8374 in VLC). Based on a commit by Matthieu Bouron <matthieu.bouron@gmail.com> Reported-by: Jean-Baptiste Kempf <jb@videolan.org> CC: libav-stable@libav.org (cherry picked from commit 93370d12164236d59645314871a1d6808b2a8ddb) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* mov: Make sure the read sample count is nonnegativeMartin Storsjö2013-10-041-0/+4
| | | | | | | | | | | This avoids setting a negative number of frames, ending up with a negative average frame rate. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit c231987662194d009dd91bfc57c678e0e70ca161) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* bfi: Add some very basic sanity checks for input packet sizesMartin Storsjö2013-10-041-0/+4
| | | | | | | CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 640a2427aafa774b83316b7a8c5c2bdc28bfd269) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* bfi: Avoid divisions by zeroMartin Storsjö2013-10-041-3/+4
| | | | | | | | | | | If a zero-length video packet is to be returned, just return AVERROR(EAGAIN) and switch back to the audio stream. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 9fc7184d1a9af8d97b3fc5c2ef9d0a647d6617ea) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* electronicarts: Add more sanity checking for the number of channelsMartin Storsjö2013-10-041-2/+3
| | | | | | | | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit a9221e39600a31ee13e736e9e47743cde23f0280) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> Conflicts: libavformat/electronicarts.c
* riffdec: Add sanity checks for the sample rateMartin Storsjö2013-10-041-0/+5
| | | | | | | | | | This avoids a division by zero for G726. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit d07aa3f02b73ab1371c13ac7898338380ca0932b) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* mvi: Add sanity checking for the audio frame sizeMartin Storsjö2013-10-041-0/+6
| | | | | | | | | | This avoids a division by zero. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 28ff439efd2362fb21e1a78610737f2e26a72d8f) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* xwma: Avoid division by zeroMartin Storsjö2013-10-041-0/+8
| | | | | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit adc09136a4a63b152630abeacb22c56541eacf60) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* avidec: Make sure a packet is large enough before reading its dataMartin Storsjö2013-10-041-2/+4
| | | | | | | | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 8d07258bb6063d0780ce2d39443d6dc6d8eedc5a) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> Conflicts: libavformat/avidec.c
* vqf: Make sure the bitrate is in the valid rangeMartin Storsjö2013-10-041-0/+7
| | | | | | | | | | Even if the sample rate is valid, an invalid bitrate could pass the mode combination test below. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 68ff9981283a56c731f00c2ee7901103665092fc) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* vqf: Make sure sample_rate is set to a valid valueMartin Storsjö2013-10-041-0/+4
| | | | | | | | | | | | This avoids divisions by zero later (and possibly assertions in time base scaling), since an invalid rate_flag combined with an invalid bitrate below could pass the mode combination test. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 9277050e2918e0a0df9689721a188a604d886616) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* electronicarts: Check packet sizes before readingMartin Storsjö2013-10-041-3/+9
| | | | | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit f7e616959aff8706edccdae763c24c897c449f6f) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* lavf: Avoid setting avg_frame_rate if delta_dts is negativeMartin Storsjö2013-10-041-1/+2
| | | | | | | | | | | This avoids setting avg_frame_rate to invalid (negative) values. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit ce67f442be0f6c4a8794272873852e256b5b8ee4) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* rl2: Avoid a division by zeroMartin Storsjö2013-10-041-0/+4
| | | | | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 3ca14aa5964ea5d11f7a15f9fff17924d6096d44) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* wtv: Add more sanity checks for a length read from the fileMartin Storsjö2013-10-041-1/+6
| | | | | | | | | | Also make sure the existing length check can't overflow. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 83c285f88016b087c2f0f4b9ef356ad8ef12d947) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* segafilm: Validate the number of audio channelsMartin Storsjö2013-10-041-0/+5
| | | | | | | | | | This avoids divisions by zero later. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 82e266c6d3fbf3cc74e515b883e66543381a0f2c) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* idroqdec: Make sure a video stream has been allocated before returning packetsMartin Storsjö2013-10-041-0/+7
| | | | | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit bcbe4f3ceb6ee0210d3a401963518906c8b9b230) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* xmv: Add more sanity checks for parameters read from the bitstreamMartin Storsjö2013-10-041-2/+5
| | | | | | | | | | | | | Since the number of channels is multiplied by 36 and assigned to to a uint16_t, make sure this calculation didn't overflow. (In certain cases the calculation could overflow leaving the truncated block_align at 0, leading to divisions by zero later.) Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit d4c2a3740fb95f952a87ba320d2bf31f126bdf68) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* mov: Don't use a negative duration for setting other fieldsMartin Storsjö2013-10-041-2/+2
| | | | | | | | | | | | Some files have the duration set to -1 in the mdhd atom, more or less legitimately. (We produce such files ourselves, for the initial duration in fragmented mp4 files.) Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 7f8d41eb097e8d4223c9caf97dd332a2fdb29d52) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* oggparseogm: Convert to use bytestream2Martin Storsjö2013-10-041-25/+27
| | | | | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 19b9659f3174599e8685d329c4330b1ea8c4c6db) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* matroskadec: Verify realaudio codec parametersMartin Storsjö2013-10-041-0/+4
| | | | | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 569d18aa9dc989c37bb4d4b968026fe5afa6fff9) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* vocdec: Don't update codec parameters mid-streamMartin Storsjö2013-10-031-5/+5
| | | | | | | | | | | | | | | | | | | | If we really want to support parameter changes, they need to be signalled along with the AVPackets as parameter change side data, not just changing the AVCodecContext parameters when a packet is demuxed (since there may be other earlier packets yet undecoded). Something similar was already done for the sample rate in 0883109b2, but some parameters were left changeable. This avoids having to recheck the channel count for validity for each decoded frame in (ad)pcm decoders, unless the decoders explicitly say that they accept parameter changes. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 5bbfe193a0a41bd2adb648c8c3f6901a575734a2) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* sierravmd: Do sanity checking of frame sizesMartin Storsjö2013-10-031-7/+15
| | | | | | | | | | | | | Limit the size to INT_MAX/2 (for simplicity) to be sure that size + BYTES_PER_FRAME_RECORD won't overflow. Also factorize other existing error return paths. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 0ef1660a6365ce60ead8858936b6f3f8ea862826) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* omadec: Properly check lengths before incrementing the positionMartin Storsjö2013-10-031-1/+5
| | | | | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 342c43d154e586bc022c86b168fe8d36f69da9d3) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* mpc8: Make sure the first stream exists before parsing the seek tableMartin Storsjö2013-10-031-0/+5
| | | | | | | | Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 17d57848fc14e82f76a65ffb25c90f2f011dc4a0) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* mpc8: Check the seek table size parsed from the bitstreamMartin Storsjö2013-10-031-0/+4
| | | | | | | | | | | Limit the size to INT_MAX/2 (for simplicity) to be sure that size + FF_INPUT_BUFFER_PADDING_SIZE won't overflow. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 459f2b393a3f89ed08d10fbceb4738d1429f268e) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* ape: Don't allow the seektable to be omittedMartin Storsjö2013-10-031-1/+1
| | | | | | | | | | | The seektable is required for filling in ape->frames[i].pos further down. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 183b9d843a9533774fabd3984a52f3987001acbc) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 16:25:54 +0000