ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	db94bff826	avformat/subviewerdec: fail on AV_NOPTS_VALUE Such values are not supported by ff_subtitles_queue* Fixes: signed integer overflow: 10 - -9223372036854775808 cannot be represented in type 'long' Fixes: 24193/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5714901855895552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b7f51428b1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:21 +02:00
Michael Niedermayer	13a10e107a	avcodec/exr: Check line size for overflow Fixes: signed integer overflow: 570425356 * 6 cannot be represented in type 'int Fixes: 25929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5099197739827200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9b72cea446`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:21 +02:00
Michael Niedermayer	8a4aab7f0f	avcodec/exr: Check xdelta, ydelta Fixes: assertion failure Fixes: 25617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5648746061496320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6949df35d0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:21 +02:00
Michael Niedermayer	c275fefad9	avcodec/celp_filters: Avoid invalid negation in ff_celp_lp_synthesis_filter() Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 25675/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-4786580731199488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `11a6347f9e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:21 +02:00
Michael Niedermayer	dc12287307	avcodec/takdsp: Fix negative shift in decorrelate_sf() Fixes: left shift of negative value -4 Fixes: 25723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6250580752990208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4f54f53003`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	d8359218a2	avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420() Fixes: left shift of negative value -640 Fixes: 26044/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5631057602543616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3291d994b7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	6bbc565af8	avformat/asfdec_f: Change order or operations slightly Fixes: signed integer overflow: 20 * 5184056935931942919 cannot be represented in type 'long' Fixes: 25466/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4798660247552000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `686f015190`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	5a86c28a73	avformat/dxa: Use av_rescale() for duration computation Fixes: signed integer overflow: 8224000000 * 1629552639 cannot be represented in type 'long' Fixes: 24908/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4658478506049536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c313089fbe`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	cb6cdd3f84	avcodec/vc1_block: Fix integer overflow in ac value Fixes: signed integer overflow: 25488 * 87381 cannot be represented in type 'int' Fixes: 24765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5108259565076480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3056e19e68`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	c242e3efe0	avformat/iff: Check data_size not overflowing int64 Fixes: Infinite loop Fixes: 25844/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5660803318153216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `24352ca792`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	8b84fcb78f	avcodec/dxtory: Fix negative shift in dx2_decode_slice_410() Fixes: left shift of negative value -768 Fixes: 25574/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-6012596027916288 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `abebd87764`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	91f7983a89	avcodec/sonic: Check channels before deallocating Fixes: heap-buffer-overflow Fixes: 25744/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5172961169113088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f249981976`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	b81d1379c2	avformat/wvdec: Check rate for overflow Fixes: signed integer overflow: 6000 * -2147483648 cannot be represented in type 'int' Fixes: 25700/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6578316302352384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `688c1175ba`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	f4d75810b4	avcodec/ansi: Check nb_args for overflow Fixes: Integer overflow (no testcase) Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bc0e776c9a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	124a433d15	avformat/wc3movie: Move wc3_read_close() up Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0c635f2ce6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	6afbda6ce8	avcodec/diracdsp: Fix integer anomaly in dequant_subband_* Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself Fixes: 23760/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-604209011412172 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ca3c6c981a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	d3bbc76f8e	avutil/fixed_dsp: Fix integer overflows in butterflies_fixed_c() Fixes: signed integer overflow: 0 - -2147483648 cannot be represented in type 'int' Fixes: 23646/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5480991098667008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4a02ae49c2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	2fee883f52	avcodec/wmalosslessdec: Check remaining space before padding and channel residue Fixes: Timeout (1101sec -> 0.4sec) Fixes: 24491/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5725337036783616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c467adf3bf`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	b9c0480f17	avformat/cdg: Fix integer overflow in duration computation Fixes: signed integer overflow: 8398407 * 300 cannot be represented in type 'int' Fixes: 23914/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4702539290509312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `aa8935b395`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	d5e57e7496	avcodec/mpc: Fix multiple numerical overflows in ff_mpc_dequantize_and_synth() Fixes: -2.4187e+09 is outside the range of representable values of type 'int' Fixes: signed integer overflow: -14512205 + -2147483648 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384 Fixes: 23528/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2b9f39689a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	ca56067055	avformat/electronicarts: Check if there are any streams Fixes: Assertion failure (invalid stream index) Fixes: 25120/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6565251898933248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `39a98623ed`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	df67250903	avcodec/ffwavesynth: Fix integer overflow in wavesynth_synth_sample / WS_SINE Fixes: signed integer overflow: -1429092 * -32596 cannot be represented in type 'int' Fixes: 24419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5157849974702080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a0da95df77`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	de79966a44	avcodec/vp9dsp_template: Fix integer overflow in iadst8_1d() Fixes: signed integer overflow: 998938090 + 1169275991 cannot be represented in type 'int' Fixes: 23411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-4644692330545152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d182d8f10c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	ca689b0002	avformat/avidec: Fix io_fsize overflow Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long' Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cf0c700b0c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	9474d161c2	avcodec/cfhd: Check transform type Fixes: out of array access Fixes: 24823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4855119863349248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `659658d08b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	a4f01dfad9	avcodec/tiff: Restrict tag order based on specification "The entries in an IFD must be sorted in ascending order by Tag. Note that this is not the order in which the fields are described in this document." This way various dimensions, sample and bit sizes cannot be changed at arbitrary times which reduces the potential for bugs. The tag reading code also on various places assumes that numerically previous tags have already been parsed, so this needs to be enforced one way or another. If this commit causes problems with real world files which are not easy to fix then some other form of checks are needed to ensure the various dependencies in the tag reading are not violated. Fixes: out of array access Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ad29f9e47c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	2e9d90680d	avformat/siff: Reject audio packets without audio stream Fixes: Assertion failure Fixes: 24612/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6600899842277376.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8931c55789`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	f13fb1cfb8	avformat/mpeg: Check avio_read() return value in get_pts() Found-by: Thierry Foucu <tfoucu@gmail.com> Fixes: Use-of-uninitialized-value Reviewed-by: Thierry Foucu <tfoucu@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e8a88a16f7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	b0fd8d6b15	avcodec/tiff: Check bpp/bppcount for 0 Fixes: division by zero Fixes: 24253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6250318007107584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `be090da25f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	2dc9462462	avcodec/snowdec: Sanity check hcoeff Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int' Fixes: 24011/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5486376610168832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d51d569cf6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	301801bfd2	avformat/mov: Check comp_brand_size Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 24457/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5760093644390400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ffa6072fc7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	8636ff4bdf	avcodec/alac: Check decorr_shift to avoid invalid shift Later the decorrelate_stereo call is guarded by channels == 2 and non-zero decorr_left_weight. Make sure decorr_shift is in the expected shift range for that case. Fixes: shift exponent 128 is too large for 32-bit type 'int' Fixes: 23860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5751138914402304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Alexander Strasser <eclipse7@gmx.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4333718b35`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	bd5e97fd6b	avcodec/tdsc: Fix tile checks Fixes: out of array access Fixes: crash.asf Found-by: anton listov <greyfarn7@yandex.ru> Reviewed-by: anton listov <greyfarn7@yandex.ru> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `081e3001ed`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Andreas Rheinhardt	4646f94b9c	avformat/mm: Check for existence of audio stream No audio stream is created unconditionally and if none has been created, no packet with stream_index 1 may be returned. This fixes an assert in ff_read_packet() in libavformat/utils reported in ticket #8782. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `ec59dc73f0`) Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	14a4be8fb4	avcodec/cbs_jpeg: Fix uninitialized end index in cbs_jpeg_split_fragment() Fixes: Out of array read Fixes: 24043/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5084566275751936.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4a10bc8f6f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Zhao Zhili	02fd603a18	avformat/mov: Fix unaligned read of uint32_t and endian-dependance in mov_read_default Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `806a4d5187`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	41049b0d76	avcodec/apedec: Fix undefined integer overflow with 24bit Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int' Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9f7b252cdf`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	bf0b15d76a	avcodec/loco: Fix integer overflow with large values from loco_get_rice() Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int' Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3ddc5e1f3c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	32815740f7	avformat/smjpegdec: Check the existence of referred streams Fixes: Assertion failure Fixes: 23758/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5160954605338624.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `321ea59dac`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
Michael Niedermayer	34f9c735ad	avcodec/pnmdec: Fix misaligned reads Found-by: "Steinar H. Gunderson" <steinar+ffmpeg@gunderson.no> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ea28ce9bc1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:37:20 +02:00
James Almer	347bcf6054	avcodec/h264_slice: clear old slice POC values on parsing failure If a slice header fails to parse, and the next one uses different Sequence and Picture parameter sets, certain values may not be read if they are not coded, resulting in the previous slice values being used. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `ce4a31cd1f`)	2021-08-11 12:01:14 -03:00
Timo Rothenpieler	d44da66fac	avcodec/cuviddec: backport extradata fixes	2020-10-01 22:09:25 +02:00
Timo Rothenpieler	7f0db52c53	avcodec/cuviddec: handle arbitrarily sized extradata	2020-09-30 14:14:30 +02:00
Błażej Szczygieł	3dd24b0f70	lavf/tls_gnutls: check for interrupt inside handshake loop fixes #8080 Signed-off-by: Błażej Szczygieł <spaz16@wp.pl> (cherry picked from commit `561ba15c97`)	2020-09-04 22:06:02 +03:00
Remita Amine	082dfc8bd5	lavf/tls_gnutls: retry gnutls_handshake on non fatal errors fixes #7801 Signed-off-by: Remita Amine <remitamine@gmail.com> (cherry picked from commit `bc1749c6e4`)	2020-09-04 22:06:01 +03:00
Jan Ekström	dce15293da	avformat/tls_schannel: immediately return decrypted data if available Until now, we would have only attempted to utilize already decrypted data if it was enough to fill the size of buffer requested, that could very well be up to 32 kilobytes. With keep-alive connections this would just lead to recv blocking until rw_timeout had been reached, as the connection would not be officially closed after each transfer. This would also lead to a loop, as such timed out I/O request would just be attempted again. By just returning the available decrypted data, keep-alive based connectivity such as HLS playback is fixed with schannel. (cherry picked from commit `6f8826e4aa`)	2020-09-04 19:26:16 +03:00
Jan Ekström	0adddc08c6	avformat/tls_schannel: always decrypt all received data The dec_buf seems to be properly managed between read calls, and we have no logic to decrypt before attempting socket I/O. Thus - until now - such data would not be decrypted in case of connections such as HTTP keep-alive, as the recv call would always get executed first, block until rw_timeout, and then get retried by retry_transfer_wrapper. Thus - if data is received - decrypt all of it right away. This way it is available for the following requests in case they can be satisfied with it. (cherry picked from commit `39977fff20`)	2020-09-04 19:26:16 +03:00
Michael Niedermayer	918a41d40e	Changelog: update Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> n4.1.6	2020-07-05 00:31:07 +02:00
Andreas Rheinhardt	3df2eab778	avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit is so big that it extends beyond the end of the input packet; it does so only implicitly by using the checked version of the bytestream2 API. But this has downsides compared to real checks: It can lead to huge allocations (up to 2GiB) even when the input packet is just a few bytes. And furthermore it leads to uninitialized data being output. So add a check to error out early if it happens. Also check directly whether there is enough data for the length field. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `ea1b71e82f`) Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>	2020-07-03 17:11:15 +02:00
Michael Niedermayer	fd43c6dc0e	Update for 4.1.6 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 17:03:14 +02:00

... 3 4 5 6 7 ...

93392 Commits