summaryrefslogtreecommitdiff
path: root/libavformat
Commit message (Collapse)AuthorAgeFilesLines
* avformat/mxfdec: Use 64bit in remainderMichael Niedermayer2023-03-271-2/+2
| | | | | | | | | | | Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int' Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 64a04fc165d453fe49906b228ac16385eda28564) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/id3v2: Check taglen in read_uslt()Michael Niedermayer2023-03-271-2/+2
| | | | | | | | | | | Fixes: Timeout (read mostly the same data repeatly) Fixes: 52457/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-6610706313379840 Fixes: 53098/clusterfuzz-testcase-minimized-ffmpeg_dem_SOL_fuzzer-6481382981632000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a798af91d7d1fc31cfc1ae09cc6ab3907304f44f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/replaygain: avoid undefined / negative absMichael Niedermayer2023-03-271-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 * 100000 cannot be represented in type 'int' Fixes: 52060/clusterfuzz-testcase-minimized-ffmpeg_dem_MP3_fuzzer-5131616708329472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2532b20b17ec557f1b925bfc41c00e7d4e17356c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/vividas: Check packet sizeMichael Niedermayer2022-11-031-0/+7
| | | | | | | | | | Fixes: signed integer overflow: 119760682 - -2084600173 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6745781167587328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f44489cc5d4f3767f6ad2ad067ee6a3f78374bb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/spdifdec: Use 64bit to compute bit rateMichael Niedermayer2022-11-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4075f0cec1830a7ac081b1a23bd3f5c4e266fe26) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rpl: Use 64bit for duration computationMichael Niedermayer2022-11-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 24709512 * 88 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6737973728641024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 529f64b2eb98e0c3ae4944abd5d01fa7c1def047) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/xwma: Use av_rescale() for duration computationMichael Niedermayer2022-11-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c789f753c3657be9041307f9c03749f5ba5a6bb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration ↵Michael Niedermayer2022-11-031-1/+1
| | | | | | | | | | | | calculation Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa8eb1bed075931b0ce0a8bc9a8ff5882830044c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sbgdec: Check ts_int in genrate_intervalsMichael Niedermayer2022-11-031-0/+2
| | | | | | | | | | | | | There is probably a better place to check for this, but better here than nowhere Fixes: signed integer overflow: -9223372036824775808 - 86400000000 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6601162580688896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f529e9147a5c5c8ecf8d5ef0dd569194ce30eed) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sbgdec: clamp end_tsMichael Niedermayer2022-11-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 9223372036851135042 + 15666854 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6573717339111424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 981f5e46afa3673dfa43eb2bf5017680d5df25dd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: check tag_sizeMichael Niedermayer2022-11-031-0/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2cb7ee8a36bddd3425897135db514ca62fec6e44) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nutdec: Check fieldsMichael Niedermayer2022-11-031-0/+5
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c146406eac06f3d3cd3d981c29e7affd834cb4d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flvdec: Use 64bit for sum_flv_tag_sizeMichael Niedermayer2022-11-031-3/+3
| | | | | | | | | | Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7124f10c1d521096042ba3c9c519828147f78c46) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/jacosubdec: Fix overflow in get_shift()Michael Niedermayer2022-11-031-1/+1
| | | | | | | | | | Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-6722544461283328 Fixes: signed integer overflow: 48214448 * 60 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b1a68127bbcd3d638363fa0249982c494e87c9e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dxa: avoid bpc overflowsMichael Niedermayer2022-11-031-2/+5
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 93db0f0740cacd64ae07b5e8606b70021e48d364) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dhav: Use 64bit seek_backMichael Niedermayer2022-11-031-1/+1
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-6604736532447232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 10453f5192869b63b071aee3962ae2c712f9bfd3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/cafdec: Check that nb_frasmes fits within 64bitMichael Niedermayer2022-11-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_o: Limit packet offsetMichael Niedermayer2022-11-031-0/+2
| | | | | | | | | | | | | avoids overflows with it Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136 Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 736e9e69d5dbbe1d81885dfef59917eb915d2f96) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/ape: Check frames sizeMichael Niedermayer2022-11-031-0/+2
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/icodec: Check nb_palMichael Niedermayer2022-11-031-0/+3
| | | | | | | | | | | Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit db73ae0dc114aa6fae08e69f977944f056a24995) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aiffdec: Use 64bit for block_duration useMichael Niedermayer2022-11-031-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9303ba272e988d87084880c57056b750cc5ffd08) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aiffdec: Check block_durationMichael Niedermayer2022-11-031-0/+2
| | | | | | | | | | | Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1c2b6265c87417033f990fa4a14da9d4008320a4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mxfdec: only probe max run inMichael Niedermayer2022-11-031-1/+1
| | | | | | | Suggested-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1182bbb2c3226260ed672920251e3410bde8c6c9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mxfdec: Check run_in is within 65536Michael Niedermayer2022-11-031-1/+6
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7786097825d9e3f02b4574c1924c28818eb83340) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavformat/hls: Free keysMichael Niedermayer2022-11-031-0/+1
| | | | | | | | | | | Fixes: memleak Fixes: 50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu <lingjiujianke@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d32a9f3137c91de86547601a38fea0693c3497f1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/cafenc: derive Opus frame size from the relevant stream parametersJames Almer2022-09-241-5/+14
| | | | | | | | | | | | | Use the stream duration as last resort, as an off-by-one result of the "st->duration / (caf->packets - 1)" calculation can break playback on some devices. Also, don't write the sample_rate value propagated by encoders like libopus. The sample rate of the audio fed to it is irrelevant after being encoded. Fixes ticket #9930. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit aa79d13f51aa820c7e5f07784a2512434e68bc46)
* avformat/asfdec_o: limit recursion depth in asf_read_unknown()Michael Niedermayer2022-09-011-3/+7
| | | | | | | | | | | | The threshold of 5 is arbitrary, both smaller and larger should work fine Fixes: Stack overflow Fixes: 50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1f1a368169ef9d945dc4b4764f5c60ba9bbc9134) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavformat/iff: Check for overflow in body_end calculationMichael Niedermayer2022-09-011-0/+3
| | | | | | | | | | Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 cannot be represented in type 'long' Fixes: 50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bcb46903040e5a5199281f4ad0a1fdaf750ebc37) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Prevent entity expansion attacksMichael Niedermayer2022-09-011-1/+11
| | | | | | | | | Fixes: Timeout Fixes no testcase, this is the same idea as similar attacks against XML parsers Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f3e823c2aa04d4f5571a5e04c27a244890704c8d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/subviewerdec: Make read_ts() more flexibleMichael Niedermayer2022-09-011-15/+21
| | | | | | | | | Fixes: signed integer overflow: -1948269928 * 10 cannot be represented in type 'int' Fixes: 49451/clusterfuzz-testcase-minimized-ffmpeg_dem_SUBVIEWER_fuzzer-6344614822412288 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg (cherry picked from commit 58a8e739ef93f8b42f8139e73227508256929d20) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flvdec: Check for EOF in index readingMichael Niedermayer2022-09-011-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ceff5d7b74cd9ae6055957979d27d289c70a9e1b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nutdec: Check get_packetheader() in mainheaderMichael Niedermayer2022-09-011-0/+2
| | | | | | | | | | Fixes; Timeout Fixes: 48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b5de084aa63b79586bc445e6a7fea837688b3941) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_f: Use 64bit for packet start timeMichael Niedermayer2022-09-011-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 49014/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6314973315334144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8ed78486fcb065b5b459f14d4b1c3242f6d21ec7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rtsp: break on unknown protocolsMichael Niedermayer2022-09-011-0/+2
| | | | | | | | | | | This function needs more cleanup and it lacks error handling Fixes: use of uninitialized memory Fixes: CID700776 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 73c0fd27c5c53c42e5060fb3a0c1fc5708b6f670) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aaxdec: Check for empty segmentsMichael Niedermayer2022-09-011-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 48154/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5149094353436672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit db31b3ea861c280e7fae282d06957ebd0d37c2d2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/iff: simplify duration calculationMichael Niedermayer2022-09-011-2/+3
| | | | | | | | | | Fixes: signed integer overflow: 315680096256 * 134215943 cannot be represented in type 'long long' Fixes: 48713/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5886272312311808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0740641e932551342cc1737d981e950ecffa3b63) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sctp: close socket on errorsMichael Niedermayer2022-09-011-0/+2
| | | | | | | | | | This is untested as i have no testcase Fixes: CID1302709 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c9a2996544187f67e533bc24f4cf773e50d2362b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/cinedec: Check size and pos moreMichael Niedermayer2022-09-011-5/+6
| | | | | | | | | | Fixes: signed integer overflow: 9223372036848019263 + 134232320 cannot be represented in type 'long' Fixes: 48155/clusterfuzz-testcase-minimized-ffmpeg_dem_CINE_fuzzer-5751429207293952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 884a108121d027ee4aa7d5a70247565cf0105afa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aiffdec: cleanup size handling for extreem casesMichael Niedermayer2022-09-011-17/+12
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c6f1e48b86471b1cc91c468e78a065075ed409bd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/matroskadec: avoid integer overflows in SAR computationMichael Niedermayer2022-09-011-5/+8
| | | | | | | | | | | | | | This ignores >64bit Alternatively we could support that if it occurs in reality Fixes: negation of -9223372036854775808 Fixes: integer overflows Fixes: 46072/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5029840966778880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e6cad01122c6dea0435d042d68a56045a214492d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/hls: Limit start_seq_no to one bit lessMichael Niedermayer2022-09-011-3/+3
| | | | | | | | | | | | | This avoids overflow checks on additions with 32bit numbers Fixes: signed integer overflow: 9223372036854775806 + 2 cannot be represented in type 'long' Fixes: 44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-4747770734444544 Fixes: 48065/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5372410355908608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d8ee01425459aaafe36acc7743b3f9f28a01821b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aiffdec: avoid integer overflow in get_meta()Michael Niedermayer2022-09-011-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 45891/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6159183893889024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6a02de21278ec3bea1d2c62665f2629d5a62210f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aaxdec: Check for overlaping segmentsMichael Niedermayer2022-09-011-0/+4
| | | | | | | | | | Fixes: Timeout Fixes: 45875/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-6121689903136768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c16a0ed2422a86e0f3286f59281d119c4d8d159a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/ape: more bits in size for less overflowsMichael Niedermayer2022-09-011-4/+5
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 3 cannot be represented in type 'int' Fixes: 46184/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-4678059519770624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e5f6707a7b91664491041526ef3cce7412258b89) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aviobuf: Check buf_size in ffio_ensure_seekback()Michael Niedermayer2022-09-011-0/+3
| | | | | | | | | | | buffer_size is an int Fixes: signed integer overflow: 9223372036854775754 + 32767 cannot be represented in type 'long' Fixes: 45691/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5263458831040512 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c4b130e876fe9ac5875a2f2480e96de4fdac7760) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/bfi: Check offsets betterMichael Niedermayer2022-09-011-3/+3
| | | | | | | | | | Fixes: signed integer overflow: -2145378272 - 538976288 cannot be represented in type 'int' Fixes: 45690/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5015496544616448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 35dc93ab44a57d78956414624c4e011414220e98) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_f: Check packet_frag_timestampMichael Niedermayer2022-09-011-4/+6
| | | | | | | | | | Fixes: signed integer overflow: -9223372036854775808 - 4607 cannot be represented in type 'long' Fixes: 45685/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5280102802391040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ffc877215056e8f0feb1ff23ba7dc4c19277b94b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/act: Check ff_get_wav_header() for failureMichael Niedermayer2022-09-011-1/+4
| | | | | | | | | Fixes: missing error check Fixes: CID717495 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5982da87e3464e7df529a169352748560d70ba80) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/libzmq: Improve r redundancy in occuredMichael Niedermayer2022-09-011-9/+9
| | | | | | Reviewed-by: "mypopy@gmail.com" <mypopy@gmail.com> (cherry picked from commit e06b1ba7d79ac15f23fb08947949dcfec8bfb408) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/genh: Check sample rateMichael Niedermayer2022-08-311-0/+3
| | | | | | | | | | | Fixes: signed integer overflow: -2515507630940093440 * 4 cannot be represented in type 'long' Fixes: 46318/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5009637474172928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a3d790f1977ed6c326eb93bb61757297a7905dcc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
View Lorry Controller Status