Commits · b239ccff7db0d418a74adcebfb1f2304f9a2f1f0 · Samuel Mira / ffmpeg

Apr 13, 2022

avfilter/vf_gblur: fix heap-buffer overflow · b239ccff

Paul B Mahol authored 5 years ago


Fixes #8282

(cherry picked from commit 64a80588)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

b239ccff

avfilter/vf_lenscorrection: fix division by zero · 32a38451

Paul B Mahol authored 5 years ago


Fixes #8265

(cherry picked from commit 19587c93)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

32a38451

avformat/latmenc: abort if no extradata is available · b8197738

James Almer authored 5 years ago


Fixes ticket #8273.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit dd019473)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

b8197738

avcodec/g729dec: Avoid computing invalid temporary pointers for ff_acelp_weighted_vector_sum() · 04240e1d

Michael Niedermayer authored 5 years ago


Fixes: Ticket8176

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c78a76c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

04240e1d

avformat/movenc: Fix segfault when remuxing rtp hint stream · 3b496884

Andreas Rheinhardt authored 4 years ago


When remuxing an rtp hint stream (or any stream with the tag "rtp "),
the mov muxer treats this as one of the rtp hint tracks it creates
internally when ordered to do so; yet this track lacks the
AVFormatContext for the hinting rtp muxer, leading to segfaults in
mov_write_udta_sdp() if a "trak" atom is written for this stream; if not,
the stream's codecpar is freed by mov_free() as if the mov muxer owned
it (it does for the internally created "rtp " tracks), but without
resetting st->codecpar, leading to double-frees lateron. This commit
therefore ignores said tag which makes rtp hint streams unremuxable.

This fixes tickets #8181 and #8186.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 22c3cd17)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

3b496884

avformat/tty: add probe function · b5873ca4
Paul B Mahol authored 5 years ago
```
(cherry picked from commit 3bce9e9b)
```
b5873ca4

avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE · 59b4b908

Michael Niedermayer authored 3 years ago

Fixes: out if array read
Fixes: 40109/clusterfuzz-testcase-minimized-ffmpeg_dem_FLAC_fuzzer-4805686811295744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Reviewed-by: Mattias Wadman <mattias.wadman@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

59b4b908

avcodec/ttadsp: Fix integer overflows in tta_filter_process_c() · a2c450db

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: 822841647 + 1647055738 cannot be represented in type 'int'
Fixes: 39935/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-4592657142251520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f24028c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

a2c450db

avutil/mathematics: Document av_rescale_rnd() behavior on non int64 results · ef075e36

Michael Niedermayer authored 3 years ago


Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e154353f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

ef075e36

Jan 06, 2022
- configure: Add missing libshine->mpegaudioheader dependency · 9e213f50
  Andreas Rheinhardt authored 3 years ago
  
  Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit e228d7b0)
  9e213f50
Oct 11, 2021

configure: update copyright year · 1eca11f8

Lynne authored 4 years ago


(cherry picked from commit 63505fc6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

1eca11f8

Oct 09, 2021

Changelog: update · e7bed708
Michael Niedermayer authored 3 years ago
```
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
```
e7bed708

avformat/wavdec: Check smv_block_size · 7a1c59e4

Michael Niedermayer authored 3 years ago

Fixes: Timeout
Fixes: 39554/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-4915221701984256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 849138f4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

7a1c59e4

avformat/rmdec: Check for multiple audio_stream_info · a8573908

Michael Niedermayer authored 3 years ago

Fixes: memleak
Fixes: 39166/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5153276690038784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8fe3566b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

a8573908

avcodec/apedec: Use 64bit to avoid overflow · c3971ff7

Michael Niedermayer authored 3 years ago

Fixes: runtime error: signed integer overflow: 727298502 * 3 cannot be represented in type 'int'
Fixes: 39172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-638602483033702

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f059b561)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

c3971ff7

avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830() · ca5f10e0

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: -2145648640 - 3357696 cannot be represented in type 'int'
Fixes: 38899/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5358815017566208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad517ee6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

ca5f10e0

oavformat/avidec: Check offset in odml · afe2a1a8

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 255a7b42)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

afe2a1a8

avformat/mpegts: use actually read packet size in mpegts_resync special case · 67b9b10b

Michael Niedermayer authored 3 years ago

Fixes: infinite loop
Fixes: 37986/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5292311517462528 -

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 83b2e4c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

67b9b10b

swscale/alphablend: Fix slice handling · 582098ac

Michael Niedermayer authored 3 years ago


Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06d67265)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

582098ac

avcodec/mxpegdec: Check for AVDISCARD_ALL · d0915974

Michael Niedermayer authored 3 years ago

Fixes: Fixes NULL pointer dereference
Fixes: 36610/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6052641783283712
Fixes: 37907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-4725170850365440
Fixes: 37904/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6367889262247936
Fixes: 38085/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5175270823297024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 20afd3a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

d0915974

avcodec/flicvideo: Check remaining bytes in FLI*COPY · 7f8a534e

Michael Niedermayer authored 3 years ago

Fixes: Timeout
Fixes: 37795/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-4846536543043584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f835efb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

7f8a534e

avcodec/mpeg12dec: Do not put mpeg_f_code into an invalid state on error return · 22181868

Michael Niedermayer authored 3 years ago

Fixes: invalid shift
Fixes: 37018/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-5290280902328320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a95abcc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

22181868

avcodec/mpegvideo_enc: Limit bitrate tolerance to the representable · fdb61f36

Michael Niedermayer authored 3 years ago


Fixes: error: 1.66789e+11 is outside the range of representable values of type 'int'
Fixes: Ticket8201

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 245017ec)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fdb61f36

avcodec/apedec: Fix integer overflow in intermediate · b9761037

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: 559334865 * 4 cannot be represented in type 'int'
Fixes: 37929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6751932295806976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 90da4355)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

b9761037

avformat/mvdec: Do not set invalid sample rate · fa742cda

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: -682581959642593728 * 16 cannot be represented in type 'long'
Fixes: 37883/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5311691517198336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 737e6bf2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fa742cda

avformat/rmdec: Use 64bit for intermediate for DEINT_ID_INT4 · 6715ea85

Michael Niedermayer authored 3 years ago

Fixes: runtime error: signed integer overflow: 65312 * 65535 cannot be represented in type 'int'
Fixes: 32832/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-4817710040088576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e2c28723)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

6715ea85

avformat/jacosubdec: Check for min in t overflow in get_shift() · cbe954f5

Michael Niedermayer authored 3 years ago

Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 34651/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5157941012463616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 989febfb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

cbe954f5

avformat/mxfdec: check channel number in mxf_get_d10_aes3_packet() · 90d2f32f

Michael Niedermayer authored 3 years ago

Fixes: Out of array access
Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3dd5a8a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

90d2f32f

Oct 07, 2021
- avfilter/scale_npp: fix non-aligned output frame dimensions · 11388838
  Timo Rothenpieler authored 3 years ago
  
  11388838
Sep 12, 2021

Update for 3.4.9 · 1b44a20a
Michael Niedermayer authored 3 years ago
```
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
```
1b44a20a

avcodec/utils: don't return negative values in av_get_audio_frame_duration() · a4a3fd81

James Almer authored 3 years ago


In some extrme cases, like with adpcm_ms samples with an extremely high channel
count, get_audio_frame_duration() may return a negative frame duration value.
Don't propagate it, and instead return 0, signaling that a duration could not
be determined.

Fixes ticket #9312

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e01d306c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

a4a3fd81

avcodec/jpeg2000dec: Check that atom header is within bytsetream · 0fe497d7

Michael Niedermayer authored 3 years ago

Fixes: Infinite loop
Fixes: 36666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5912760671141888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3c659f86)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

0fe497d7

avcodec/apedec: Fix 2 integer overflows in filter_3800() · d11d5f7d

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int'
Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 33feb527)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

d11d5f7d

avcodec/xpmdec: Move allocations down after more error checks · 98022477

Michael Niedermayer authored 3 years ago

Fixes: Timeout
Fixes: 37035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5142718576721920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e5869283)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

98022477

network: Define ENOTCONN as WSAENOTCONN if not defined · fc76c603

Martin Storsjö authored 5 years ago


This fixes compilation with old mingw.org toolchains, which has got
much fewer errno.h entries.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 6569e950)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fc76c603

avformat/avidec: Use 64bit for frame number in odml index parsing · 36f962f3

Michael Niedermayer authored 3 years ago

Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int'
Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a4c98c50)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

36f962f3

avcodec/mjpegdec: Check for bits left in mjpeg_decode_scan_progressive_ac() · 43a4d78e

Michael Niedermayer authored 3 years ago

Fixes: Timeout
Fixes: 36262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4969052454912000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 909faca9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

43a4d78e

avformat/adtsenc: return value check for init_get_bits in adts_decode_extradata · bc9e0b6c

maryam ebrahimzadeh authored 3 years ago


As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary.
'buf' is  part of  'AVPacket pkt'.
replace init_get_bits with init_get_bits8.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9ffa4949)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

bc9e0b6c

avcodec/webp: Check available space in loop in decode_entropy_coded_image() · 1e198bd9

Michael Niedermayer authored 3 years ago

Fixes: Timeout
Fixes: 35401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5714401821851648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5e00eab6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

1e198bd9

avcodec/vc1dec: ff_print_debug_info() does not support WMV3 field_mode · f4700142

Michael Niedermayer authored 3 years ago

Fixes: out of array read
Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c59b5e3d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

f4700142