ffmpeg

mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-12-15 03:20:00 +01:00

Author	SHA1	Message	Date
Michael Niedermayer	28f1396cfb	avformat/avidec: Prevent entity expansion attacks Fixes: Timeout Fixes no testcase, this is the same idea as similar attacks against XML parsers Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f3e823c2aa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 21:33:02 +02:00
Michael Niedermayer	78707ae025	avformat/avidec: Check height Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: Ticket8486 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ec8ff659f5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-04-07 16:27:00 +02:00
Michael Niedermayer	208434c164	avformat/avidec: Check read_odml_index() for failure Fixes: Timeout Fixes: 40950/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6478873068437504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `57adb26d05`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-04-07 16:26:59 +02:00
Michael Niedermayer	501f0aef5d	oavformat/avidec: Check offset in odml Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long' Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `255a7b423e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-12 16:46:06 +02:00
Michael Niedermayer	295597b749	avformat/avidec: Use 64bit for frame number in odml index parsing Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int' Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a4c98c507e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 13:56:53 +02:00
Michael Niedermayer	baa941a5f9	avformat/avidec: fix position overflow in avi_load_index() Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `527821a2dd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 13:54:16 +02:00
Michael Niedermayer	97bb7b8ac7	avformat/avidec: Check for dv streams before using priv_data in parse ##dc/##wb Fixes: null pointer dereference Fixes: 31588/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6165716135968768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f733688d30`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-10 16:04:26 +02:00
Michael Niedermayer	bcdcc17015	avformat/avidec: Use 64bit in get_duration() Fixes: signed integer overflow: 2147483424 + 8224 cannot be represented in type 'int' Fixes: 29619/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5191424373030912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a0ceb0cdd4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-10 16:04:26 +02:00
Michael Niedermayer	5367c59d68	avformat/avidec: dv does not support palettes Fixes: memleak Fixes: 26937/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5763003338981376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1b373b41d9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-10 16:04:26 +02:00
Michael Niedermayer	beb4bd4e3a	avformat/avidec: Fix io_fsize overflow Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long' Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cf0c700b0c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-10-05 21:28:08 +02:00
Andreas Rheinhardt	710ad43919	avformat/avidec: Fix memleak with embedded GAB2 subtitles The code for GAB2 subtitles predates refcounting AVPackets. So in order to transfer the ownership of a packet's data pkt->data was simply stored and the packet zeroed; in the end (i.e. in the read_close-function) this data was then simply freed with av_freep(). This of course leads to a leak of an AVBufferRef and an AVBuffer. It has been fixed by keeping and eventually unreferencing the packet's buf instead. Additionally, the packet is now reset via av_packet_unref(). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `da44bbefaa`)	2020-05-20 02:54:39 +02:00
Michael Niedermayer	c7df41ed6b	avformat/avidec: Avoid integer overflow in NI switch check Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long' Fixes: Ticket8149 Found-by: Suhwan Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `347920ca21`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Marton Balint	b4e9103709	avformat/avidec: add support for recognizing HEVC fourcc when demuxing Some security cams generate this, as well as some versions of VirtualDub and VLC so support for _reading_ such files is justified. Fixes ticket #7110. See also this discussion: https://patchwork.ffmpeg.org/patch/8744/ Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit `2e31774b40`)	2019-09-02 22:06:00 +02:00
Carl Eugen Hoyos	ab648f79c8	lavf/avidec: Do not test for bitrate <= INT_MAX. AVCodecContext->bit_rate is int64_t since `7404f3bd` Unbreaks non-interleaved detection of v210 4k avi files, broken since `0eec40b7`. Reported-by: Xavier Càmara, Centre de Conservació i Restauració, Filmoteca de Catalunya	2019-05-10 10:57:54 +02:00
Carl Eugen Hoyos	4d8875ec23	lavf: Constify the probe function argument. Reviewed-by: Lauri Kasanen Reviewed-by: Tomas Härdin	2019-03-21 11:42:17 +01:00
Carl Eugen Hoyos	3aa6208db9	lavf: Constify AVInputFormat pointer.	2019-03-20 18:52:38 +01:00
Paul B Mahol	6972dae5a4	avformat/avidec: fix demuxing of all keyframes of sample 200707170736151.avi	2018-08-21 12:14:44 +02:00
Michael Niedermayer	06e092e781	avformat/avidec: Fix integer overflow in cum_len check Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long' Fixes: Chromium bug 791237 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-03-10 02:44:45 +01:00
James Almer	ae100046ca	avcodec/exif: remove GetByteContext usage from avpriv_exif_decode_ifd() This prevents potential ABI issues with GetByteContext. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>	2017-10-26 00:45:49 -03:00
Anton Khirnov	78a7af823b	Use the new AVIOContext destructor. (cherry picked from commit `6f554521af`) Signed-off-by: James Almer <jamrial@gmail.com>	2017-09-01 02:16:33 -03:00
Michael Niedermayer	511e10f673	avformat/avidec: Move packet skip after prefix and related checks This fixes loosing packets Fixes: big.avi Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-11 12:07:08 +02:00
Michael Niedermayer	a5d849b149	avformat/avidec: Limit formats in gab2 to srt and ass/ssa This prevents part of one exploit leading to an information leak Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:32:42 +02:00
Michael Niedermayer	78f6ec32a3	avformat/avidec: Fix txts fmts parsing Fixes: subtitle.avi from vlc/ticket/1162 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:32:42 +02:00
Clément Bœsch	bec96a7286	lavf: use av_fourcc2str() where appropriate	2017-03-29 14:49:29 +02:00
Clément Bœsch	cd4d6cba12	lavf: fix usages of av_get_codec_tag_string()	2017-03-29 14:49:29 +02:00
Clément Bœsch	1436769c57	Merge commit 'ca1e5eea0c7b72a6e30aa6488cfeced3a4853521' * commit 'ca1e5eea0c7b72a6e30aa6488cfeced3a4853521': Remove some pointless TRACE level debug code Merged-by: Clément Bœsch <u@pkh.me>	2017-03-24 13:23:52 +01:00
Clément Bœsch	554cc43ac6	Merge commit 'bad4aad4037f59ba0ad656164be9ab8f7a0fa2d4' * commit 'bad4aad4037f59ba0ad656164be9ab8f7a0fa2d4': avidec: Do not special case palette on big-endian This commit is a noop, see `64cafe340b` Merged-by: Clément Bœsch <u@pkh.me>	2017-03-23 11:26:32 +01:00
James Almer	4de591e6fb	Merge commit '83548fe894cdb455cc127f754d09905b6d23c173' * commit '83548fe894cdb455cc127f754d09905b6d23c173': lavf: fix usage of AVIOContext.seekable Merged-by: James Almer <jamrial@gmail.com>	2017-03-21 17:02:30 -03:00
Tobias Rapp	5796048f6a	avformat/avidec: clean-up identifier names Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-03 13:46:55 +01:00
Tobias Rapp	6d579d7c1b	avformat/avidec: skip odml master index chunks in avi_sync Fixes pts gaps when reading AVI files > 256GiB generated by FFmpeg. Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-23 21:47:47 +01:00
Andreas Cadhalpun	2c908f22c2	avidec: fix leaking extradata Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-30 02:22:50 +01:00
Diego Biurrun	ca1e5eea0c	Remove some pointless TRACE level debug code This also kills some warnings with certain compiler options.	2016-10-27 12:54:14 +02:00
Carl Eugen Hoyos	31a0a84216	lavf/avidec: Be more verbose when ignoring very large tag size.	2016-10-18 15:01:50 +02:00
Carl Eugen Hoyos	a20f3238be	lavf/avidec: Do not fail for very large idx1 tags. Fixes demuxing the sample file from github pull request 197, the size of its idx1 tag is 6171936 bytes, followed by a JUNK tag of 9505704 bytes.	2016-10-18 00:25:41 +02:00
Vittorio Giovara	bad4aad403	avidec: Do not special case palette on big-endian This simplifies the code a bit, does not change output data in any way.	2016-10-02 15:42:03 -04:00
Vittorio Giovara	497c087939	avidec: Set palette alpha as fully opaque Palette format is always in RGBA.	2016-10-02 15:42:03 -04:00
Anton Khirnov	83548fe894	lavf: fix usage of AVIOContext.seekable It is supposed to be a flag. The only currently defined value is AVIO_SEEKABLE_NORMAL, but other ones may be added in the future. However all the current lavf code treats this field as a bool (mainly for historical reasons). Change all those cases to properly check for AVIO_SEEKABLE_NORMAL.	2016-09-30 16:54:33 +02:00
Michael Niedermayer	2679ad4773	avformat/avidec: Check nb_streams in read_gab2_sub() Fixes null pointer dereference Fixes: 1/null_point.avi Found-by: 连一汉 <lianyihan@360.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-09-28 16:46:24 +02:00
Michael Niedermayer	14bac7e00d	avformat/avidec: Remove ancient assert This assert can with crafted files fail, a warning is already printed for this case. Fixes assertion failure Fixes:1/assert.avi Found-by: 连一汉 <lianyihan@360.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-09-28 16:46:24 +02:00
James Almer	aa0dc698db	avformat/avidec: remove warning about deprecated declarations Signed-off-by: James Almer <jamrial@gmail.com>	2016-09-25 16:03:21 -03:00
Michael Niedermayer	b98dafe045	avformat/avidec: Fix memleak with dv in avi Found-by: 连一汉 <lianyihan@360.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-09-25 19:06:51 +02:00
Michael Niedermayer	e4e4a9cad7	avformat/avidec: Fix infinite loop in avi_read_nikon() Fixes: 360/test.poc Found-by: 连一汉 <lianyihan@360.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-09-02 13:57:40 +02:00
Clément Bœsch	8ef57a0d61	Merge commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb' * commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb': cosmetics: Fix spelling mistakes Merged-by: Clément Bœsch <u@pkh.me>	2016-06-21 21:55:34 +02:00
Michael Niedermayer	d08f2c172f	avformat/avidec: Detect index with too short entries Fixes Ticket5498 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-05-18 23:59:02 +02:00
Vittorio Giovara	41ed7ab45f	cosmetics: Fix spelling mistakes Signed-off-by: Diego Biurrun <diego@biurrun.de>	2016-05-04 18:16:21 +02:00
Paul B Mahol	323b8c95e4	avformat: add AVFormatContext to ff_get_extradata() Needed for av_log() inside that function. Signed-off-by: Paul B Mahol <onemda@gmail.com>	2016-04-14 18:21:08 +02:00
Derek Buitenhuis	6f69f7a8bf	Merge commit '9200514ad8717c63f82101dc394f4378854325bf' * commit '9200514ad8717c63f82101dc394f4378854325bf': lavf: replace AVStream.codec with AVStream.codecpar This has been a HUGE effort from: - Derek Buitenhuis <derek.buitenhuis@gmail.com> - Hendrik Leppkes <h.leppkes@gmail.com> - wm4 <nfxjfg@googlemail.com> - Clément Bœsch <clement@stupeflix.com> - James Almer <jamrial@gmail.com> - Michael Niedermayer <michael@niedermayer.cc> - Rostislav Pehlivanov <atomnuker@gmail.com> Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>	2016-04-10 20:59:55 +01:00
Mats Peterson	d8a1633ee4	lavf/avidec: Add blurb regarding the skipping of xxpc entries in the index Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-03-18 13:47:43 +01:00
Mats Peterson	caeed0479f	lavf/avidec: Skip xxpc entries in index; fixes trac #5311 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-03-10 00:30:39 +01:00
Derek Buitenhuis	93629735d7	avformat: Add a protocol blacklisting API Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>	2016-03-04 16:13:42 +00:00

1 2 3 4 5 ...

539 Commits