Rostislav Pehlivanov
5546294f63
lavfi/buffersrc: fix directly setting channel layout
...
When setting the channel layout directly using AVBufferSrcParameters
the channel layout was correctly set however the init function still
expected the old string format to set the number of channels (when it
hadn't already been specified).
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com >
(cherry picked from commit 42959044acatomnuker@gmail.com >
2017-02-21 16:40:53 +00:00
Carl Eugen Hoyos
e93e215b36
lavf/mpeg: Initialize a stack variable used by memcmp().
...
Silence a valgrind warning.
Fixes ticket #6160 .
(cherry picked from commit a5c1c7a8b3
2017-02-21 02:16:13 +01:00
Carl Eugen Hoyos
5c524e651f
lavc/avpacket: Initialize a variable in error path.
...
Fixes ticket #6153 .
Tested-by: Tyson Smith
(cherry picked from commit 1d54be2153
2017-02-17 10:44:56 +01:00
Matt Wolenetz
d4b731e271
lavf/mov.c: Avoid heap allocation wraps in mov_read_{senc,saiz}()
...
Core of patch is from paul@paulmehta.com
Reference https://crbug.com/643952 (senc,saiz portions)
Signed-off-by: Matt Wolenetz <wolenetz@chromium.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 36aba43bd5michael@niedermayer.cc >
2017-02-10 12:15:17 +01:00
Matt Wolenetz
927e59b74a
lavf/mov.c: Avoid OOB in mov_read_udta_string()
...
Core of patch is from paul@paulmehta.com
Reference https://crbug.com/643952 (udta_string portion)
Signed-off-by: Matt Wolenetz <wolenetz@chromium.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9bbdf5d921michael@niedermayer.cc >
2017-02-10 12:14:39 +01:00
Michael Niedermayer
cbe65ccfa0
Update for 3.2.4
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2017-02-08 20:30:18 +01:00
Michael Niedermayer
63637e457c
avcodec/h264_slice: Clear ref_counts on redundant slices
...
Fixes reading freed memory
Fixes: 568/clusterfuzz-testcase-6107186067406848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c03029a835michael@niedermayer.cc >
2017-02-08 19:22:05 +01:00
Matt Wolenetz
ed2572b9c8
lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid
...
Core of patch is from paul@paulmehta.com
Reference https://crbug.com/643951
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
Check value reduced as the code does not support values beyond INT_MAX
Also the check is moved to a more common place and before integer truncation
(cherry picked from commit 2d453188c2michael@niedermayer.cc >
2017-02-08 04:08:48 +01:00
Matt Wolenetz
cf8e004a51
lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr
...
Core of patch is from paul@paulmehta.com
Reference https://crbug.com/643950
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
Check value reduced as the code does not support larger lengths
(cherry picked from commit fd30e4d57fmichael@niedermayer.cc >
2017-02-08 04:08:25 +01:00
Michael Niedermayer
a1a14982ec
avcodec/pictordec: Fix logic error
...
Fixes: 559/clusterfuzz-testcase-6424225917173760
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8c2ea3030amichael@niedermayer.cc >
2017-02-07 21:33:20 +01:00
Michael Niedermayer
29ef35abff
ffserver_config: Setup codecpar in add_codec()
...
fixes segfault in the status page code
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 472fee91bc
2017-02-07 13:21:14 +01:00
Michael Niedermayer
1fd78b9b34
Changelog: fix typos
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2017-02-07 13:21:03 +01:00
Michael Niedermayer
68ed682710
Update for 3.2.3
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2017-02-06 12:26:47 +01:00
Michael Niedermayer
44ce16b7f9
avcodec/movtextdec: Fix decode_styl() cleanup
...
Fixes: null pointer dereference
Fixes: 555/clusterfuzz-testcase-5986646595993600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e248522d1bmichael@niedermayer.cc >
2017-02-06 12:11:37 +01:00
Chris Cunningham
d88493c02b
lavf/matroskadec: fix is_keyframe for early Blocks
...
Blocks are marked as key frames whenever the "reference" field is
zero. This breaks for non-keyframe Blocks with a reference timestamp
of zero.
The likelihood of reference timestamp being zero is increased by a
longstanding bug in muxing that encodes reference timestamp as the
absolute time of the referenced frame (rather than relative to the
current Block timestamp, as described in MKV spec).
Now using INT64_MIN to denote "no reference".
Reported to chromium at http://crbug.com/497889 (contains sample)
(cherry picked from commit ac25840ee3michael@niedermayer.cc >
2017-02-06 11:00:24 +01:00
James Almer
87a47c67a6
configure: bump year
...
Happy new year!
(cherry picked from commit d800d48fc6michael@niedermayer.cc >
2017-02-06 10:17:13 +01:00
Michael Niedermayer
7e1d9d25fe
avcodec/pngdec: Check trns more completely
...
Fixes out of array access
Fixes: 546/clusterfuzz-testcase-4809433909559296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e477f09d0bmichael@niedermayer.cc >
2017-02-06 10:17:13 +01:00
Michael Niedermayer
d399f25bd1
avcodec/interplayvideo: Move parameter change check up
...
Fixes out of array read
Fixes: 544/clusterfuzz-testcase-5936536407244800.f8bd9b24_8ba77916_70c2c7be_3df6a2ea_96cd9f14
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b1e2192007michael@niedermayer.cc >
2017-02-06 10:17:13 +01:00
Michael Niedermayer
7323a8ab29
avcodec/dca_lbr: Fix off by 1 error in freq check
...
Fixes out of array read
Fixes: 510/clusterfuzz-testcase-5737865715646464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 61f70416f8michael@niedermayer.cc >
2017-02-06 10:17:13 +01:00
Michael Niedermayer
aa20863f44
avcodec/mjpegdec: Check for for the bitstream end in mjpeg_decode_scan_progressive_ac()
...
Fixes timeout
Fixes: 496/clusterfuzz-testcase-5805083497332736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3782656631michael@niedermayer.cc >
2017-02-06 10:17:13 +01:00
Andreas Cadhalpun
83269fd13b
pgssubdec: reset rle_data_len/rle_remaining_len on allocation error
...
The code relies on their validity and otherwise can try to access a NULL
object->rle pointer, causing segmentation faults.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 842e98b4d8Andreas.Cadhalpun@googlemail.com >
2017-02-01 02:28:09 +01:00
Andreas Cadhalpun
884cd3caa5
swscale: save ebx register when it is not available
...
Configure checks if the ebx register can be used for asm and it has to
be saved if and only if this is not the case.
Without this the build fails when configuring with --toolchain=hardened
--disable-pic on i386 using gcc 4.8:
error: PIC register clobbered by '%ebx' in 'asm'
In that case gcc 4.8 reserves the ebx register for the GOT needed for
PIE, so it can't be used in asm directly.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 319438e2f2Andreas.Cadhalpun@googlemail.com >
2017-01-26 02:22:09 +01:00
Frank Liberato
cc66247603
avformat/flacdec: Check avio_read result when reading flac block header.
...
Return AVERROR_INVALIDDATA if all four bytes aren't present.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 95bde49982michael@niedermayer.cc >
2017-01-26 00:34:13 +01:00
Michael Niedermayer
dc2d3856f3
avcodec/utils: correct align value for interplay
...
Fixes out of array access
Fixes: 452/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_INTERPLAY_VIDEO_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2080bc3371michael@niedermayer.cc >
2017-01-26 00:34:13 +01:00
Michael Niedermayer
dd36b3a06a
avcodec/vp56: Check for the bitstream end, pass error codes on
...
Fixes timeout
Fixes: 446/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_VP6_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9e6a242755michael@niedermayer.cc >
2017-01-26 00:34:13 +01:00
Michael Niedermayer
14f555683a
avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan()
...
Fixes timeout
Fixes: 445/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer
Fixes: 456/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_JPEGLS_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 755933cb5cmichael@niedermayer.cc >
2017-01-26 00:34:13 +01:00
Michael Niedermayer
bd6c1d5149
avcodec/pngdec: Fix off by 1 size in decode_zbuf()
...
Fixes out of array access
Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e371f031b9michael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Andreas Cadhalpun
41fc098a86
libopenmpt: add missing avio_read return value check
...
This fixes heap-buffer-overflows in libopenmpt caused by interpreting
the negative size value as unsigned size_t.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
Reviewed-by: Jörn Heusipp <osmanx@problemloesungsmaschine.de >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 367cac7827michael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Michael Niedermayer
3442c20c4d
avcodec/bsf: Fix av_bsf_list_free()
...
Negate null check
Fixes CID1396248
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 762bf6f4afmichael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Michael Niedermayer
7d222736c2
avcodec/omx: Do not pass negative value into av_malloc()
...
Fixes CID1396849
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bd83c295fcmichael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Tobias Rapp
d5154c055b
avformat/avidec: skip odml master index chunks in avi_sync
...
Fixes pts gaps when reading AVI files > 256GiB generated by FFmpeg.
Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6d579d7c1bmichael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Michael Niedermayer
cd81993070
avcodec/mjpegdec: Check for rgb before flipping
...
Fixes assertion failure due to unsupported case
Fixes: 356/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 25d9643f11michael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Matt Wolenetz
2481f1320a
lavf/utils.c Protect against accessing entries[nb_entries]
...
In ff_index_search_timestamp(), if b == num_entries,
m == num_entries - 1, and entries[m].flags & AVINDEX_DISCARD_FRAME is
true, then the search for the next non-discarded packet could access
entries[nb_entries], exceeding its bounds. This change adds a protection
against that scenario. Reference: https://crbug.com/666770
Reviewed-by: Sasi Inguva <isasi@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fe7547d69emichael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Michael Niedermayer
ceeeccc862
avutil/random_seed: Reduce the time needed on systems with very low precission clock()
...
This should fix issues on BSD
CLOCKS_PER_SEC is 128 on BSD while SUSv2 requires it to be a million
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c4152fc42emichael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Michael Niedermayer
07df85b958
swscale/swscale: Fix dereference of stride array before null check
...
Fixes: CID1396263
Fixes: CID1396271
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 03ce71e4a1michael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Michael Niedermayer
7643e8584f
avutil/random_seed: Improve get_generic_seed() with higher precission clock()
...
Tested-by: Thomas Turner <thomastdt@googlemail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit da73d95badmichael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Chris Cunningham
533431d5af
avformat/mp3dec: fix msan warning when verifying mpa header
...
MPEG Audio frame header must be 4 bytes. If we fail to read
4 bytes bail early to avoid Use-of-uninitialized-value msan error.
Reference https://crbug.com/666874 .
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ab87df9a47michael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Michael Niedermayer
9519b2560e
avformat/utils: Print verbose error message if stream count exceeds max_streams
...
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f0bdd53871michael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Michael Niedermayer
3e3e095fc9
avformat/options_table: Set the default maximum number of streams to 1000
...
Fixes CVE-2016-9561, Note the security relevance of this is disputed as
running out of memory can happen with valid files
Suggested-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com >
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 30581c51e7michael@niedermayer.cc >
2017-01-26 00:34:12 +01:00
Georgi D. Sotirov
41f8a8843d
lavf/chromaprint: Update for version 1.4
...
Fixes ticket #5997 .
(cherry picked from commit 581f93f37e
2017-01-15 11:53:41 +01:00
Michael Niedermayer
64bb329afa
avutil: Add av_image_check_size2()
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f542b152aamichael@niedermayer.cc >
2016-12-11 00:21:53 +01:00
Michael Niedermayer
3ecbac5664
avformat: Add max_streams option
...
This allows user apps to stop OOM due to excessive number of streams
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1296f84495michael@niedermayer.cc >
2016-12-11 00:21:53 +01:00
Michael Niedermayer
0e6febff5a
avcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be allocated
...
We are checking during encoding if there is enough space as version 4 needs that
check.
Fixes Ticket6005
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 38a7834bbbmichael@niedermayer.cc >
2016-12-11 00:21:53 +01:00
Michael Niedermayer
3f779aef79
avcodec/mpeg4videodec: Fix undefined shifts in mpeg4_decode_sprite_trajectory()
...
Fixes: part of 670190.ogg
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8258e36385michael@niedermayer.cc >
2016-12-11 00:21:53 +01:00
Michael Niedermayer
35ef033a19
avformat/oggdec: Skip streams in duration correction that did not had their duration set.
...
Fixes: part of 670190.ogg
Fixes integer overflow
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ee2a6f5df8michael@niedermayer.cc >
2016-12-11 00:21:53 +01:00
Michael Niedermayer
aec21cd840
avcodec/ffv1enc: Fix size of first slice
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cff1c0edaamichael@niedermayer.cc >
2016-12-11 00:21:53 +01:00
Marton Balint
47e47cfb07
ffplay: fix sws_scale possible out of bounds array access
...
As I used simple RGBA formats for subtitles and for the video texture if
avfilter is disabled I kind of assumed that sws_scale won't access data
pointers and strides above index 0, but apparently that is not the case.
Fixes Coverity CID 1396737, 1396738, 1396739, 1396740.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Marton Balint <cus@passwd.hu >
2016-12-10 23:24:05 +01:00
Srinath K R
314c425b16
avfilter/vf_hwupload_cuda: Add min/max limits for the 'device' option
...
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org >
2016-12-08 11:26:34 +01:00
Michael Niedermayer
148c4fb8d2
Update for 3.2.2
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2016-12-06 00:09:40 +01:00
Michael Niedermayer
c12ee64e80
ffserver: Check chunk size
...
Fixes out of array access
Fixes: poc_ffserver.py
Found-by: Paul Cher <paulcher@icloud.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5d25faa3fmichael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
