Fixes: CID1500312 Unintentional integer overflow
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 034054b3706bea8524cf8846813e17636ca5ab33)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Maybe Closes: CID1452496 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 019fce18bb0628ac8bc47a81d647a23d604b6123)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1453457 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0263b6a48caaff839e4c28df15b299b89c7da92d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This changes the behavior and makes it behave how it probably was intended.
Either way this is unlikely to result in any user visible change
Fixes: CID1494637 Missing break in switch
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5712f36dd0ee0144b92edd2147e24b3724d7ec89)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1494636 Missing break in switch
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7d04c6016b0971fecb890d3a0afe4e6706a1a68e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found by reviewing code related to CID1500301 String not null terminated
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5b82852519e92a2b94de0f22da1a81df5b3e0412)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1460758 Operands don't affect result
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 348c3a7ffe0c3aecf35f1a26a9f321a4e608dab7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1500342 Unintentional integer overflow
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 70b499476213a198ac0f39450cddaea4b34662f5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1467435 Unintentional integer overflow
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d9d1f65308d40502015272a3d1cc9f805c77e075)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1505963 Unintentional integer overflow
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a2b8d03347930c051358fcbbdc557e57e157d9c9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1473512 Unused value
Fixes: CID1529228 Unused value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 33da5f4e2717cc947cf44ad9a52668694ea4ee82)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 538976288 - -9223372036315799520 cannot be represented in type 'long'
Fixes: 68060/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5523457266745344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 20a6bfda0f7c6447ac94611736cee6e9ce6972a0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62
Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed49391961999f028e0bc55767d0eef6eeb15e49)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
add_program() will deallocate the whole array on failure so
we must clear nb_prgs
Fixes: null pointer dereference
Fixes: crash-35a3b39ddcc5babeeb005b7399a3a1217c8781bc
Found-by: Catena cyber
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cb9752d897de17212a7a3ce54ad3e16b377b22c0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access (av_channel_layout_copy())
Fixes: 67087/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4920720268263424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 23b29f72eeb2ff6f2176ee74b9abe78aec4cd1f4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Assertion av_rescale_rnd(start_dts, mov->movie_timescale, track->timescale, AV_ROUND_DOWN) <= 0 failed at libavformat/movenc.c:3694
Fixes: poc2
Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d88c284c18bf6cd3dd24a7c86b5e496dd3037405)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is kind of ugly
Fixes: signed integer overflow: 255 * 1157565362826411919 cannot be represented in type 'long'
Fixes: 67313/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6250434245230592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6ed6f6e8dffcf777c336869f56002da588e2de8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483424 * 2 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4576211411795968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 86f73277bf014e2ce36dd2594f1e0fb8b3bd6661)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 3.82046e+18 is outside the range of representable values of type 'unsigned int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6381436594421760
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e849eb23432e45d0a1fda3901bb84eff0ce91282)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 5053074104798691550 + 5053074104259715104 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6515315309936640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 61dca9e150b723a160d4a570885f3e5326c3d276)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0bed22d597b78999151e3bde0768b7fe763fc2a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4677434693517312
Fixes: signed integer overflow: 5555555555555555556 * 8 cannot be represented in type 'long long'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 878625812f164fbb733f442965235656d9eaccc8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1768972133 + 968491058 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4802790784303104
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f01a89c5a378cb7b55a0bcb5763cfb1da83b81f1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5401294942371840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 746203af3116288b1dd4442e46a5724ba759e831)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6434245599690752
Fixes: signed integer overflow: 9223372026773000000 + 22337000000 cannot be represented in type 'long'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 007486058c2eb7a7518450a2ddb4fa98845887a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
An alternative would be to limit all time/duration fields to below 64bit
Fixes: signed integer overflow: -93000000 - 9223372036839000000 cannot be represented in type 'long long'
Fixes: 64546/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5110813828186112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd733b2be472cea766c62984237533b239e9a93d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
add comments, rename variables and indent things differently
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e83e8d443b5b86aabf17d1cfb7fba9abf15e24fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 64 + 9223372036854775803 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b792e4d4c772b7b5ef8ea32be187a871000e50c2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 9223372036854775796 + 12 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4898373660704768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b8e754525ca3d3fd835f7360e11f29b02b39cd62)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464
Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 50d8e4f27398fd5778485a827d7a2817921f8540)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 64 + 9223372036854775807 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d973fcbcc2f944752ff10e6a76b0b2d9329937a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -93000000 - 9223372036839000000 cannot be represented in type 'long'
Fixes: 64546/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5110813828186112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b2d7cbc378fa276d62fd676c037b9df59fc319a0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This patch populates the third entry for HLS codec attribute using the
AAC profile.
The HLS specifications[1] require this value to be the Object Type ID as
referred to in table 1.3 of ISO/IEC 14496-3:2009[2].
The numerical constants in the code refer to these OTIs minus one, as
documented in commit 372597e[3], confirmed by comparing the values in the
code with the values in the table mentioned above.
Links:
1: https://datatracker.ietf.org/doc/html/rfc6381#section-3.3
2: https://csclub.uwaterloo.ca/~ehashman/ISO14496-3-2009.pdf
3: 372597e538
Changes in this version:
- Default value set to "mp4a.40.2" when profile is unknown for backward
compatibility.
Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
(cherry picked from commit 797f0b27c175022d896e46db4ac2873e3e0a70af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 029294ff541c9c85092f81dd45f18081d234f0d5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2314885530818453536 - -7412889664301817824 cannot be represented in type 'long'
Fixes: 64296/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6304027146846208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cfc0a68d4d3192779e356a852e71b8218e7a00ab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes https://crbug.com/1499669:
runtime error: signed integer overflow: 9223372036853334272 + 1375731456
cannot be represented in type 'int64_t' (aka 'long')
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2182173a6933c02b0853751034bd5e0bf829b5f7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Stop reading keys and return AVERROR_INVALIDDATA if key_size
is larger than the amount of space left in the atom.
Bug: https://crbug.com/41496983
Signed-off-by: Eugene Zemtsov <eugene@chromium.org>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 8a23a145d85964950123952d897b89c2c2b1b8c5)
The VP9 spec defines a SmDm box for this information, and the ISOBMFF spec defines a
mdvc one. If both are present, just ignore one of them.
This is in line with clli and CoLL boxes.
Fixes ticket #10711.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 189c32f53659b8f9dc402765905fc12a321ab1ac)
UUIDs do not have to be unique if their type sets them apart, so avoid using
AnyType, since we are only interested in specific types.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit aa299faa9ad2b01010acc4641b1f215d60a1336b)
This is the proper poll mode for waiting for an incoming connection according
to the SRT API docs.
Fixes ticket #9142.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 87677c2195e86b126c3438439a05d0a46ae5bb50)
By using AnyType for resolving a strong reference we searched among all types,
not just the ones which can be the target of the reference, which in some cases
caused to find the wrong type, if the metadata set UUIDs were not unique.
UUIDs do not have to be unique if their type sets them apart, SMPTE 377M says:
> StrongRef: 'One to One’ relationship between sets and implemented in MXF
> with UUIDs. Strong References are typed which means that the definition
> identifies the kind of set which is the target of the reference.
Fixes ticket #10865.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 68f2b32ef2b29aa95488531b007adde92ca82165)
Also remove unused descriptor member from MXFPackage.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 41672f558673151e77798f8a184fc1d3e60b16b9)
The channel designation metadata should not override the number of channels.
Let's warn the user if it is inconsistent, and keep the channel layout
unspecified.
Before the conversion to the channel layout API the code only set the mask, but
never overridden the channel count, so this restores the old behaviour.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit dc9d64f7941f5b071283e16fa56e3af86e5c84d6)
