eessppeelllloo/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-01-10 08:05:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
107,595 Commits 38 Branches 415 Tags
ac015347a8034b61353c633dbfeaa5c8ac79de2c
Commit Graph

24960 Commits

Author SHA1 Message Date
Pierre-Anthony Lemieux
c2d4ab2552 avformat/imf: fix invalid resource handling 
(cherry picked from commit 23d968d55a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-10-30 00:38:50 +01:00
Will Cassella
566aa38d98 libavformat/riffec: Zero-initialize channels in ff_get_wav_header 
Clang's static analyzer complains that leaving the  variable
uninitialized could lead to a code path where the uninitialized value is
written to  at the end of this function.
This patch simply zero-initializes that variable to avoid that.

Signed-off-by: Will Cassella <cassew@google.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e601ec3c19)
 2023-08-12 13:25:36 -03:00
James Almer
796daf929a avformat/concatf: check if any nodes were allocated 
Fixes ticket #10304

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 19c2dc677f)
 2023-04-16 11:39:13 -03:00
Michael Niedermayer
fa22608c46 avformat/mov: Check samplesize and offset to avoid integer overflow 
Fixes: signed integer overflow: 9223372036854775584 + 536870912 cannot be represented in type 'long'
Fixes: 55844/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-510613920664780

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 53c1f5c2e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-03-16 14:48:36 +01:00
Michael Niedermayer
87e6221d53 avformat/mxfdec: Use 64bit in remainder 
Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int'
Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 64a04fc165)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-02-22 00:03:43 +01:00
Michael Niedermayer
3aee1b1ec3 avformat/id3v2: Check taglen in read_uslt() 
Fixes: Timeout (read mostly the same data repeatly)
Fixes: 52457/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-6610706313379840
Fixes: 53098/clusterfuzz-testcase-minimized-ffmpeg_dem_SOL_fuzzer-6481382981632000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a798af91d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-02-21 23:37:11 +01:00
Michael Niedermayer
71b40b2645 avformat/replaygain: avoid undefined / negative abs 
Fixes: signed integer overflow: -2147483648 * 100000 cannot be represented in type 'int'
Fixes: 52060/clusterfuzz-testcase-minimized-ffmpeg_dem_MP3_fuzzer-5131616708329472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2532b20b17)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-02-21 00:30:35 +01:00
Michael Niedermayer
11d07808bc avformat/vividas: Check packet size 
Fixes: signed integer overflow: 119760682 - -2084600173 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6745781167587328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f44489cc5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-02-11 11:51:11 +01:00
Guangyu Sun
e7dd643419 lavf/async: Fix ring_write return value 
This fixes a regression from commit 36117968ad.

wrapped_url_read() used to be able to return positive number from
ffurl_read(). It relies on the result to check if EOF is reached in
async_buffer_task().

But FIFO callbacks must return 0 on success. This should be handled
in ring_write() instead.

Test case:
  ffmpeg -f lavfi -i testsrc -t 1 test.mp4
  ffmpeg -i async:test.mp4

Signed-off-by: Guangyu Sun <gsun@roblox.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit fc6f7e2a3b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
 2022-10-14 12:24:21 +02:00
Michael Niedermayer
9658d1da59 avformat/spdifdec: Use 64bit to compute bit rate 
Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4075f0cec1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:24 +02:00
Michael Niedermayer
67648acb76 avformat/rpl: Use 64bit for duration computation 
Fixes: signed integer overflow: 24709512 * 88 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6737973728641024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 529f64b2eb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:23 +02:00
Michael Niedermayer
c54161e199 avformat/xwma: Use av_rescale() for duration computation 
Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c789f753c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:23 +02:00
Michael Niedermayer
e443e2e210 avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation 
Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa8eb1bed0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:23 +02:00
Michael Niedermayer
ad56da7634 avformat/sbgdec: Check ts_int in genrate_intervals 
There is probably a better place to check for this, but better
here than nowhere

Fixes: signed integer overflow: -9223372036824775808 - 86400000000 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6601162580688896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f529e9147)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:22 +02:00
Michael Niedermayer
3e2b970b00 avformat/sbgdec: clamp end_ts 
Fixes: signed integer overflow: 9223372036851135042 + 15666854 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6573717339111424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 981f5e46af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:22 +02:00
Michael Niedermayer
77628600aa avformat/rmdec: check tag_size 
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2cb7ee8a36)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:22 +02:00
Michael Niedermayer
de79299bf0 avformat/nutdec: Check fields 
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c146406ea)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:21 +02:00
Michael Niedermayer
1c3c25491a avformat/flvdec: Use 64bit for sum_flv_tag_size 
Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7124f10c1d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:21 +02:00
Michael Niedermayer
740a71b583 avformat/jacosubdec: Fix overflow in get_shift() 
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-6722544461283328
Fixes: signed integer overflow: 48214448 * 60 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b1a68127bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:21 +02:00
Michael Niedermayer
4038dfc1d1 avformat/genh: Check nb_channels for IMA ADPCM 
The check could be made more strict

Fixes: signed integer overflow: 36 * 538976288 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-6539389873815552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0345a88545)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:20 +02:00
Michael Niedermayer
c38fde3b9d avformat/dxa: avoid bpc overflows 
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93db0f0740)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:20 +02:00
Michael Niedermayer
48acb06c78 avformat/dhav: Use 64bit seek_back 
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-6604736532447232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 10453f5192)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:20 +02:00
Michael Niedermayer
ef0a505126 avformat/cafdec: Check that nb_frasmes fits within 64bit 
Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d4bb4e3759)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:19 +02:00
Michael Niedermayer
01834eaec2 avformat/asfdec_o: Limit packet offset 
avoids overflows with it

Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 736e9e69d5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:19 +02:00
Michael Niedermayer
08047db178 avformat/apm: Use 64bit for bit_rate computation 
Fixes: signed integer overflow: -1155522528 * 4 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APM_fuzzer-6580670570299392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5b23cab5c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:19 +02:00
Michael Niedermayer
ca55032020 avformat/ape: Check frames size 
Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d0349c9929)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:19 +02:00
Michael Niedermayer
c9bb4e3bcc avformat/icodec: Check nb_pal 
Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db73ae0dc1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:18 +02:00
Michael Niedermayer
14787c60ec avformat/aiffdec: Use 64bit for block_duration use 
Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9303ba272e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:18 +02:00
Michael Niedermayer
4143d0a33a avformat/aiffdec: Check block_duration 
Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1c2b6265c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:18 +02:00
Michael Niedermayer
a3d59e33d9 avformat/mxfdec: only probe max run in 
Suggested-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1182bbb2c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:17 +02:00
Michael Niedermayer
89c2911a3c avformat/mxfdec: Check run_in is within 65536 
Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7786097825)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:17 +02:00
Michael Niedermayer
47e510aa0c libavformat/hls: Free keys 
Fixes: memleak
Fixes: 50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d32a9f3137)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:15 +02:00
James Almer
746a210630 avformat/cafenc: derive Opus frame size from the relevant stream parameters 
Use the stream duration as last resort, as an off-by-one result of the
"st->duration / (caf->packets - 1)" calculation can break playback on some
devices.
Also, don't write the sample_rate value propagated by encoders like libopus.
The sample rate of the audio fed to it is irrelevant after being encoded.

Fixes ticket #9930.

Signed-off-by: James Almer <jamrial@gmail.com>
 2022-09-24 12:20:24 -03:00
Andreas Rheinhardt
f202a1fdf7 avformat/dashdec: Fix crash on invalid input/ENOMEM, fix leak 
In case a SupplementalProperty node exists in an adaptationset,
it is searched for a "schemeIdUri" property via xmlGetProp().
Whatever xmlGetProp() returns is then compared via av_strcasecmp()
to a string literal. xmlGetProp() can return NULL, namely in case
no "schemeIdUri" exists and (given that this string is allocated)
presumably also on allocation failure. No check for NULL is done,
so this may crash.

Furthermore, the string returned by xmlGetProp() needs to be freed
with xmlFree(), but this is not done either.

This commit fixes both of these issues; they existed since this code
has been added in 10d008f0fd.

This has been found while investigating ticket #9697. The continuous
leaks might very well be the reason behind the observed slowdown.

Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 14b3830b33)
 2022-09-23 16:25:21 +02:00
James Almer
425ffaec23 avformat/riffdec: don't unconditionally overwrite WAVEFORMATEXTENSIBLE layout 
Do it only if the value conflicts with the previous channels value.

Fixes ticket #9912

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 60d8c2019f)
 2022-09-11 09:56:37 -03:00
Michael Niedermayer
5c0309d278 avformat/asfdec_o: limit recursion depth in asf_read_unknown() 
The threshold of 5 is arbitrary, both smaller and larger should work fine

Fixes: Stack overflow
Fixes: 50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f1a368169)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-31 18:06:17 +02:00
Michael Niedermayer
6f53f0d09e avformat/mov: Check count sums in build_open_gop_key_points() 
Fixes: ffmpeg.md
Fixes: Out of array access
Fixes: CVE-2022-2566

Found-by: Andy Nguyen <theflow@google.com>
Found-by: 3pvd <3pvd@google.com>
Reviewed-by: Andy Nguyen <theflow@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c953baa084)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:07 +02:00
Michael Niedermayer
1cd07b178b libavformat/iff: Check for overflow in body_end calculation 
Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 cannot be represented in type 'long'
Fixes: 50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bcb4690304)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:06 +02:00
Michael Niedermayer
59afc50ab4 avformat/avidec: Prevent entity expansion attacks 
Fixes: Timeout
Fixes no testcase, this is the same idea as similar attacks against XML parsers

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f3e823c2aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:06 +02:00
Michael Niedermayer
fdc5e2329a avformat/subviewerdec: Make read_ts() more flexible 
Fixes: signed integer overflow: -1948269928 * 10 cannot be represented in type 'int'
Fixes: 49451/clusterfuzz-testcase-minimized-ffmpeg_dem_SUBVIEWER_fuzzer-6344614822412288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
(cherry picked from commit 58a8e739ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:04 +02:00
Derek Buitenhuis
8479e2fc8b ipfsgateway: Remove default gateway 
A gateway can see everything, and we should not be shipping a hardcoded
default from a third party company; it's a security risk.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
(cherry picked from commit 412922cc6f)
 2022-08-15 20:38:08 +01:00
Stephen Hutchinson
ffaf606130 avformat/avisynth: use ch_layout.nb_channels for channel count 
Fixes deprecation warning

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit dc9843d829)
 2022-08-07 22:43:32 -03:00
Michael Niedermayer
5767941df8 avformat/flvdec: Check for EOF in index reading 
Fixes: Timeout
Fixes: 47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ceff5d7b74)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-07-22 17:15:48 +02:00
Michael Niedermayer
e6584a3f19 avformat/nutdec: Check get_packetheader() in mainheader 
Fixes; Timeout
Fixes: 48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5de084aa6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-07-22 17:15:14 +02:00
Michael Niedermayer
e8a51675ea avformat/mov: Check for EOF in mov_read_iloc() 
Fixes: Timeout
Fixes: 49216/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6563000529584128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 744ad45c44)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-07-22 17:14:53 +02:00
Michael Niedermayer
1c06f776e6 avformat/asfdec_f: Use 64bit for packet start time 
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int'
Fixes: 49014/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6314973315334144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8ed78486fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-07-22 17:12:24 +02:00
Michael Niedermayer
6f1b144358 Bump Versions for 5.1 branch 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-07-13 00:27:37 +02:00
Michael Niedermayer
73c0fd27c5 avformat/rtsp: break on unknown protocols 
This function needs more cleanup and it lacks error handling

Fixes: use of uninitialized memory
Fixes: CID700776

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-07-12 21:55:22 +02:00
Michael Niedermayer
db31b3ea86 avformat/aaxdec: Check for empty segments 
Fixes: Timeout
Fixes: 48154/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5149094353436672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-07-12 21:55:22 +02:00
Michael Niedermayer
ba0c3d1db4 avformat/avienc: Check video dimensions 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-07-12 21:55:22 +02:00