ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	68ed682710	Update for 3.2.3 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> n3.2.3	2017-02-06 12:26:47 +01:00
Michael Niedermayer	44ce16b7f9	avcodec/movtextdec: Fix decode_styl() cleanup Fixes: null pointer dereference Fixes: 555/clusterfuzz-testcase-5986646595993600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e248522d1b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-06 12:11:37 +01:00
Chris Cunningham	d88493c02b	lavf/matroskadec: fix is_keyframe for early Blocks Blocks are marked as key frames whenever the "reference" field is zero. This breaks for non-keyframe Blocks with a reference timestamp of zero. The likelihood of reference timestamp being zero is increased by a longstanding bug in muxing that encodes reference timestamp as the absolute time of the referenced frame (rather than relative to the current Block timestamp, as described in MKV spec). Now using INT64_MIN to denote "no reference". Reported to chromium at http://crbug.com/497889 (contains sample) (cherry picked from commit `ac25840ee3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-06 11:00:24 +01:00
James Almer	87a47c67a6	configure: bump year Happy new year! (cherry picked from commit `d800d48fc6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-06 10:17:13 +01:00
Michael Niedermayer	7e1d9d25fe	avcodec/pngdec: Check trns more completely Fixes out of array access Fixes: 546/clusterfuzz-testcase-4809433909559296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e477f09d0b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-06 10:17:13 +01:00
Michael Niedermayer	d399f25bd1	avcodec/interplayvideo: Move parameter change check up Fixes out of array read Fixes: 544/clusterfuzz-testcase-5936536407244800.f8bd9b24_8ba77916_70c2c7be_3df6a2ea_96cd9f14 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b1e2192007`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-06 10:17:13 +01:00
Michael Niedermayer	7323a8ab29	avcodec/dca_lbr: Fix off by 1 error in freq check Fixes out of array read Fixes: 510/clusterfuzz-testcase-5737865715646464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `61f70416f8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-06 10:17:13 +01:00
Michael Niedermayer	aa20863f44	avcodec/mjpegdec: Check for for the bitstream end in mjpeg_decode_scan_progressive_ac() Fixes timeout Fixes: 496/clusterfuzz-testcase-5805083497332736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3782656631`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-06 10:17:13 +01:00
Andreas Cadhalpun	83269fd13b	pgssubdec: reset rle_data_len/rle_remaining_len on allocation error The code relies on their validity and otherwise can try to access a NULL object->rle pointer, causing segmentation faults. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `842e98b4d8`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2017-02-01 02:28:09 +01:00
Andreas Cadhalpun	884cd3caa5	swscale: save ebx register when it is not available Configure checks if the ebx register can be used for asm and it has to be saved if and only if this is not the case. Without this the build fails when configuring with --toolchain=hardened --disable-pic on i386 using gcc 4.8: error: PIC register clobbered by '%ebx' in 'asm' In that case gcc 4.8 reserves the ebx register for the GOT needed for PIE, so it can't be used in asm directly. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `319438e2f2`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2017-01-26 02:22:09 +01:00
Frank Liberato	cc66247603	avformat/flacdec: Check avio_read result when reading flac block header. Return AVERROR_INVALIDDATA if all four bytes aren't present. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `95bde49982`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:13 +01:00
Michael Niedermayer	dc2d3856f3	avcodec/utils: correct align value for interplay Fixes out of array access Fixes: 452/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_INTERPLAY_VIDEO_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2080bc3371`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:13 +01:00
Michael Niedermayer	dd36b3a06a	avcodec/vp56: Check for the bitstream end, pass error codes on Fixes timeout Fixes: 446/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_VP6_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9e6a242755`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:13 +01:00
Michael Niedermayer	14f555683a	avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan() Fixes timeout Fixes: 445/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer Fixes: 456/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_JPEGLS_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `755933cb5c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:13 +01:00
Michael Niedermayer	bd6c1d5149	avcodec/pngdec: Fix off by 1 size in decode_zbuf() Fixes out of array access Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e371f031b9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Andreas Cadhalpun	41fc098a86	libopenmpt: add missing avio_read return value check This fixes heap-buffer-overflows in libopenmpt caused by interpreting the negative size value as unsigned size_t. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Reviewed-by: Jörn Heusipp <osmanx@problemloesungsmaschine.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `367cac7827`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Michael Niedermayer	3442c20c4d	avcodec/bsf: Fix av_bsf_list_free() Negate null check Fixes CID1396248 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `762bf6f4af`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Michael Niedermayer	7d222736c2	avcodec/omx: Do not pass negative value into av_malloc() Fixes CID1396849 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bd83c295fc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Tobias Rapp	d5154c055b	avformat/avidec: skip odml master index chunks in avi_sync Fixes pts gaps when reading AVI files > 256GiB generated by FFmpeg. Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6d579d7c1b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Michael Niedermayer	cd81993070	avcodec/mjpegdec: Check for rgb before flipping Fixes assertion failure due to unsupported case Fixes: 356/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `25d9643f11`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Matt Wolenetz	2481f1320a	lavf/utils.c Protect against accessing entries[nb_entries] In ff_index_search_timestamp(), if b == num_entries, m == num_entries - 1, and entries[m].flags & AVINDEX_DISCARD_FRAME is true, then the search for the next non-discarded packet could access entries[nb_entries], exceeding its bounds. This change adds a protection against that scenario. Reference: https://crbug.com/666770 Reviewed-by: Sasi Inguva <isasi@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fe7547d69e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Michael Niedermayer	ceeeccc862	avutil/random_seed: Reduce the time needed on systems with very low precission clock() This should fix issues on BSD CLOCKS_PER_SEC is 128 on BSD while SUSv2 requires it to be a million Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c4152fc42e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Michael Niedermayer	07df85b958	swscale/swscale: Fix dereference of stride array before null check Fixes: CID1396263 Fixes: CID1396271 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `03ce71e4a1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Michael Niedermayer	7643e8584f	avutil/random_seed: Improve get_generic_seed() with higher precission clock() Tested-by: Thomas Turner <thomastdt@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `da73d95bad`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Chris Cunningham	533431d5af	avformat/mp3dec: fix msan warning when verifying mpa header MPEG Audio frame header must be 4 bytes. If we fail to read 4 bytes bail early to avoid Use-of-uninitialized-value msan error. Reference https://crbug.com/666874. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ab87df9a47`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Michael Niedermayer	9519b2560e	avformat/utils: Print verbose error message if stream count exceeds max_streams Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f0bdd53871`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Michael Niedermayer	3e3e095fc9	avformat/options_table: Set the default maximum number of streams to 1000 Fixes CVE-2016-9561, Note the security relevance of this is disputed as running out of memory can happen with valid files Suggested-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `30581c51e7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-26 00:34:12 +01:00
Georgi D. Sotirov	41f8a8843d	lavf/chromaprint: Update for version 1.4 Fixes ticket #5997. (cherry picked from commit `581f93f37e`) Fixes Debian bug 841501.	2017-01-15 11:53:41 +01:00
Michael Niedermayer	64bb329afa	avutil: Add av_image_check_size2() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f542b152aa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-11 00:21:53 +01:00
Michael Niedermayer	3ecbac5664	avformat: Add max_streams option This allows user apps to stop OOM due to excessive number of streams Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1296f84495`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-11 00:21:53 +01:00
Michael Niedermayer	0e6febff5a	avcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be allocated We are checking during encoding if there is enough space as version 4 needs that check. Fixes Ticket6005 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `38a7834bbb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-11 00:21:53 +01:00
Michael Niedermayer	3f779aef79	avcodec/mpeg4videodec: Fix undefined shifts in mpeg4_decode_sprite_trajectory() Fixes: part of 670190.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8258e36385`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-11 00:21:53 +01:00
Michael Niedermayer	35ef033a19	avformat/oggdec: Skip streams in duration correction that did not had their duration set. Fixes: part of 670190.ogg Fixes integer overflow Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ee2a6f5df8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-11 00:21:53 +01:00
Michael Niedermayer	aec21cd840	avcodec/ffv1enc: Fix size of first slice Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cff1c0edaa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-11 00:21:53 +01:00
Marton Balint	47e47cfb07	ffplay: fix sws_scale possible out of bounds array access As I used simple RGBA formats for subtitles and for the video texture if avfilter is disabled I kind of assumed that sws_scale won't access data pointers and strides above index 0, but apparently that is not the case. Fixes Coverity CID 1396737, 1396738, 1396739, 1396740. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Marton Balint <cus@passwd.hu>	2016-12-10 23:24:05 +01:00
Srinath K R	314c425b16	avfilter/vf_hwupload_cuda: Add min/max limits for the 'device' option Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>	2016-12-08 11:26:34 +01:00
Michael Niedermayer	148c4fb8d2	Update for 3.2.2 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> n3.2.2	2016-12-06 00:09:40 +01:00
Michael Niedermayer	c12ee64e80	ffserver: Check chunk size Fixes out of array access Fixes: poc_ffserver.py Found-by: Paul Cher <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a5d25faa3f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	46cd1699f9	Avoid using the term "file" and prefer "url" in some docs and comments This should make it less ambigous that these are URLs Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a5f27a9c3a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	32b95471a8	avformat/rtmppkt: Check for packet size mismatches Fixes out of array access Found-by: Paul Cher <paulcher@icloud.com> Reviewed-by: Paul Cher <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7d57ca4d9a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Timothy Gu	f66bfe71bb	zmqsend: Initialize ret to 0 Fixes CID1396857. (cherry picked from commit `d903b4e3ad`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	af1e19b9e4	avcodec/flacdec: Fix undefined shift in decode_subframe() Fixes undefined behavior Fixes: 639961-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1f5630af51`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	334901aea0	avcodec/get_bits: Fix get_sbits_long(0) Fixes undefined behavior Fixes: 640889-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c72fa43234`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	bbe9a4b542	avformat/ffmdec: Check media type for chunks Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e706e2e775`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	a772aaf5dc	avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed() Fixes undefined behavior Fixes: 640912-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `83a75bf6c3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	c39e8d05f5	avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c Fixes: left shift of negative value Fixes: 668346-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `acc163c6ab`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	a0715c1e89	avformat/oggparsespeex: Check frames_per_packet and packet_size The speex specification does not seem to restrict these values, thus the limits where choosen so as to avoid multiplicative overflow Fixes undefined behavior Fixes: 635422.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `afcf15b0db`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	a0ed412f38	avformat/utils: Check start/end before computing duration in update_stream_timings() Fixes undefined behavior Fixes: 637428.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `90da187f1d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	2fb7eb05dc	avcodec/flac_parser: Update nb_headers_buffered Fixes infinite loop Fixes: fuzz.flac Found-by: Frank Liberato <liberato@google.com> Reviewed-by: Frank Liberato <liberato@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2475858889`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	8e4f737d2f	avformat/idroqdec: Check chunk_size for being too large Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `744a0b5206`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00

1 2 3 4 5 ...

82379 Commits