Commits · 02fd294a333baaa55501eb0a26b86c99a80e4569 · Samuel Mira / ffmpeg

May 04, 2022

avformat/nutenc: don't allocate a dynamic AVIOContext if no index is going to be written · 13dfa808

James Almer authored 5 years ago


Fixes ticket #8295

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 1d479300)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

13dfa808

aformat/movenc: add missing padding to output track extradata · 8296bf3d

James Almer authored 5 years ago


Fixes ticket #8183.

Tested-by: Thierry Foucu <tfoucu@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 58aa0ed8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

8296bf3d

Apr 13, 2022

avformat/aqtitledec: Skip unrepresentable durations · 86c204ad

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: -5 - 9223372036854775807 cannot be represented in type 'long'
Fixes: 45665/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-475618463934054

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c2d1597a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

86c204ad

avformat/cafdec: Do not store empty keys in read_info_chunk() · adcacd0d

Michael Niedermayer authored 3 years ago

Fixes: Timeout
Fixes: 45543/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5684953164152832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ec28e1d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

adcacd0d

avformat/hls: Check target_duration · ea391e65

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: 77777777777777 * 1000000 cannot be represented in type 'long long'
Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8fd3f7f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

ea391e65

avformat/matroskadec: Check pre_ns · 92521686

Michael Niedermayer authored 3 years ago

Fixes: division by 0
Fixes: 44615/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6681108677263360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 710e5167)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

92521686

avformat/matroskadec: Use rounded down duration in get_cue_desc() check · 4e305299

Michael Niedermayer authored 3 years ago

Floating point is evil, it would be better if duration was not a double

Fixes: Infinite loop
Fixes: 45123/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6725052291219456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bd3a03db)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

4e305299

avformat/avidec: Check height · b545c250

Michael Niedermayer authored 3 years ago


Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: Ticket8486

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec8ff659)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

b545c250

avformat/rmdec: Better duplicate tags check · 680f821a

Michael Niedermayer authored 3 years ago

Fixes: memleaks
Fixes: 44810/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5619494647627776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15a646e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

680f821a

avformat/mov: Disallow empty sidx · b70429e3

Michael Niedermayer authored 3 years ago


It appears this is not allowed "Each Segment Index box documents how a (sub)segment is divided into one or more subsegments
(which may themselves be further subdivided using Segment Index boxes)."
Fixes: Null pointer dereference
Fixes: Ticket9517

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4419433d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

b70429e3

avformat/matroskadec: Check duration · 77f3f2aa

Michael Niedermayer authored 3 years ago

Fixes: -nan is outside the range of representable values of type 'long'
Fixes: 44614/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6216204841254912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 36680078)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

77f3f2aa

avformat/matroskadec: Check desc_bytes · 79d52d06

Michael Niedermayer authored 3 years ago

Fixes: Division by 0
Fixes: 44035/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4826721386364928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 50389339)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

79d52d06

avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value() · 9eca5d77

Michael Niedermayer authored 3 years ago

Fixes: pointer index expression with base 0x000000000000 overflowed to 0xffffffffffffffff
Fixes: 44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5670607746891776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 59328aab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

9eca5d77

avformat/matroskadec: Fix infinite loop with bz decompression · 00272516

Michael Niedermayer authored 3 years ago

The same check is added to zlib too, it seems not needed there though

Fixes: Infinite loop
Fixes: 43932/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6175167573786624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c3d2cbb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

00272516

avformat/mov: Check size before subtraction · e42732b9

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: -9223372036854775808 - 8 cannot be represented in type 'long'
Fixes: 43542/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5237670148702208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d8d9d506)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

e42732b9

avformat/flvdec: timestamps cannot use the full int64 range · 83778e77

Michael Niedermayer authored 3 years ago

We do not support this as we multiply by 1000
Fixes: signed integer overflow: -45318575073853696 * 1000 cannot be represented in type 'long'
Fixes: 42804/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-4630325425209344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c217ca77)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

83778e77

avformat/4xm: Check for duplicate track ids · fa922acc

Michael Niedermayer authored 3 years ago


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd949124)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fa922acc

avformat/4xm: Consider max_streams on reallocating tracks array · e1793ad6

Michael Niedermayer authored 3 years ago

Fixes: OOM
Fixes: 41595/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-6355979363549184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0dcd95ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

e1793ad6

avformat/mov: Check next offset in mov_read_dref() · 60500dfc

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: 9223372036200463215 + 1109914409 cannot be represented in type 'long'
Fixes: 41480/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6553086177443840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 562021e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

60500dfc

avformat/mxfdec: Check for duplicate mxf_read_index_entry_array() · 816a97ba

Michael Niedermayer authored 3 years ago

Fixes: memleak
Fixes: 41596/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6439060204290048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f44a218)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

816a97ba

avformat/mov: Disallow duplicate smdm · b60f4ff5

Michael Niedermayer authored 3 years ago

Fixes: memleak
Fixes: 39879/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5327819907923968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5ba7405)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

b60f4ff5

avformat/mov: Check for EOF in mov_read_glbl() · c63fed42

Michael Niedermayer authored 3 years ago

Fixes: Infinite loop
Fixes: 41351/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5433895854669824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 59b4e7cb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

c63fed42

avformat/mov: Check channels for mov_parse_stsd_audio() · 54d7297b

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: -776522110086937600 * 16 cannot be represented in type 'long'
Fixes: 40563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644829447127040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a64a4c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

54d7297b

avformat/avidec: Check read_odml_index() for failure · f4860339

Michael Niedermayer authored 3 years ago

Fixes: Timeout
Fixes: 40950/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6478873068437504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 57adb26d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

f4860339

avformat/aiffdec: Use av_rescale() for bitrate · 1cd6a75c

Michael Niedermayer authored 3 years ago

Fixes: integer overflow
Fixes: 40313/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4814761406103552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 905588df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

1cd6a75c

avformat/aiffdec: sanity check block_align · a7eeea78

Michael Niedermayer authored 3 years ago


Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93f77769)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

a7eeea78

avformat/aiffdec: Check sample_rate · b982f9fe

Michael Niedermayer authored 3 years ago


Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b04836d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

b982f9fe

avformat/latmenc: abort if no extradata is available · b8197738

James Almer authored 5 years ago


Fixes ticket #8273.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit dd019473)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

b8197738

avformat/movenc: Fix segfault when remuxing rtp hint stream · 3b496884

Andreas Rheinhardt authored 4 years ago


When remuxing an rtp hint stream (or any stream with the tag "rtp "),
the mov muxer treats this as one of the rtp hint tracks it creates
internally when ordered to do so; yet this track lacks the
AVFormatContext for the hinting rtp muxer, leading to segfaults in
mov_write_udta_sdp() if a "trak" atom is written for this stream; if not,
the stream's codecpar is freed by mov_free() as if the mov muxer owned
it (it does for the internally created "rtp " tracks), but without
resetting st->codecpar, leading to double-frees lateron. This commit
therefore ignores said tag which makes rtp hint streams unremuxable.

This fixes tickets #8181 and #8186.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 22c3cd17)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

3b496884

avformat/tty: add probe function · b5873ca4
Paul B Mahol authored 5 years ago
```
(cherry picked from commit 3bce9e9b)
```
b5873ca4

Oct 09, 2021

avformat/wavdec: Check smv_block_size · 7a1c59e4

Michael Niedermayer authored 3 years ago

Fixes: Timeout
Fixes: 39554/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-4915221701984256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 849138f4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

7a1c59e4

avformat/rmdec: Check for multiple audio_stream_info · a8573908

Michael Niedermayer authored 3 years ago

Fixes: memleak
Fixes: 39166/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5153276690038784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8fe3566b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

a8573908

oavformat/avidec: Check offset in odml · afe2a1a8

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 255a7b42)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

afe2a1a8

avformat/mpegts: use actually read packet size in mpegts_resync special case · 67b9b10b

Michael Niedermayer authored 3 years ago

Fixes: infinite loop
Fixes: 37986/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5292311517462528 -

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 83b2e4c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

67b9b10b

avformat/mvdec: Do not set invalid sample rate · fa742cda

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: -682581959642593728 * 16 cannot be represented in type 'long'
Fixes: 37883/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5311691517198336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 737e6bf2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fa742cda

avformat/rmdec: Use 64bit for intermediate for DEINT_ID_INT4 · 6715ea85

Michael Niedermayer authored 3 years ago

Fixes: runtime error: signed integer overflow: 65312 * 65535 cannot be represented in type 'int'
Fixes: 32832/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-4817710040088576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e2c28723)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

6715ea85

avformat/jacosubdec: Check for min in t overflow in get_shift() · cbe954f5

Michael Niedermayer authored 3 years ago

Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 34651/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5157941012463616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 989febfb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

cbe954f5

avformat/mxfdec: check channel number in mxf_get_d10_aes3_packet() · 90d2f32f

Michael Niedermayer authored 3 years ago

Fixes: Out of array access
Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3dd5a8a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

90d2f32f

Sep 12, 2021

network: Define ENOTCONN as WSAENOTCONN if not defined · fc76c603

Martin Storsjö authored 5 years ago


This fixes compilation with old mingw.org toolchains, which has got
much fewer errno.h entries.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 6569e950)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fc76c603

avformat/avidec: Use 64bit for frame number in odml index parsing · 36f962f3

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int'
Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a4c98c50)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

36f962f3