RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
93,709 Commits 36 Branches 392 Tags 303 MiB
Commit Graph

93709 Commits

Author SHA1 Message Date
Michael Niedermayer 6c4135ae35
avcodec/ffv1dec: restructure slice coordinate reading a bit 
Fixes: signed integer overflow: -1094995528 * 8224 cannot be represented in type 'int'
Fixes: 53508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-474551033462784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 74b6ac7ebb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-05-26 00:04:31 +02:00
Michael Niedermayer 82dc3224b7
avcodec/mlpdec: Check max matrix instead of max channel in noise check 
This is a regression since: adaa06581c
Before this, max_channel and  max_matrix_channel where compared for equality

Fixes: out of array access
Fixes: 53340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-514959011885875

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa79560de5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-05-26 00:04:31 +02:00
Michael Niedermayer 1818f9f4dc
swscale/input: Use more unsigned intermediates 
Same principle as previous commit, with sufficiently huge rgb2yuv table
values this produces wrong results and undefined behavior.
The unsigned produces the same incorrect results. That is probably
ok as these cases with huge values seem not to occur in any real
use case.

Fixes: signed integer overflow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba209e3d51)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-05-26 00:04:31 +02:00
Michael Niedermayer ae61a4ca68
avcodec/alsdec: The minimal block is at least 7 bits 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5280947fb6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-05-26 00:04:30 +02:00
Michael Niedermayer ffeb46560f
avformat/replaygain: avoid undefined / negative abs 
Fixes: signed integer overflow: -2147483648 * 100000 cannot be represented in type 'int'
Fixes: 52060/clusterfuzz-testcase-minimized-ffmpeg_dem_MP3_fuzzer-5131616708329472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2532b20b17)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-05-26 00:04:30 +02:00
Michael Niedermayer 5da206d3a5
swscale/output: Bias 16bps output calculations to improve non overflowing range 
Fixes: integer overflow
Fixes: ./ffmpeg   -f rawvideo -video_size 66x64 -pixel_format yuva420p10le   -i ~/videos/overflow_input_w66h64.yuva420p10le   -filter_complex "scale=flags=bicubic+full_chroma_int+full_chroma_inp+bitexact+accurate_rnd:in_color_matrix=bt2020:out_color_matrix=bt2020:in_range=full:out_range=full,format=rgba64[out]"   -pixel_format rgba64 -map '[out]'   -y overflow_w66h64.png

Found-by: Drew Dunne <asdunne@google.com>
Tested-by: Drew Dunne <asdunne@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0f0afc7fb5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-05-26 00:04:30 +02:00
Michael Niedermayer 0bc8a2c295
avcodec/speedhq: Check buf_size to be big enough for DC 
Fixes: Timeout
Fixes: 51919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-6023716480090112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9184d3d7b6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-05-26 00:04:29 +02:00
Michael Niedermayer 03758674e2
avcodec/ffv1dec: Fail earlier if prior context is corrupted 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4df91e2215)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-05-26 00:04:29 +02:00
Hendrik Leppkes d12e316dbd
avcodec/vdpau_mpeg4: fix order of quant matrix coefficients 
The matrix coefficients are stored permutated for the IDCT,
rather then in plain raster order, and need to be un-permutated
for the hardware.
 2023-05-15 18:50:36 +02:00
Hendrik Leppkes 419248dd19
avcodec/vdpau_mpeg12: fix order of quant matrix coefficients 
The matrix coefficients are stored permutated for the IDCT,
rather then in plain raster order, and need to be un-permutated
for the hardware.
 2023-05-15 18:50:36 +02:00
Hendrik Leppkes ab9b4ea207
avcodec/nvdec_mpeg4: fix order of quant matrix coefficients 
The matrix coefficients are stored permutated for the IDCT,
rather then in plain raster order, and need to be un-permutated
for the hardware.
 2023-05-15 18:50:36 +02:00
Hendrik Leppkes 97c9af0cc9
avcodec/nvdec_mpeg2: fix order of quant matrix coefficients 
The matrix coefficients are stored permutated for the IDCT,
rather then in plain raster order, and need to be un-permutated
for the hardware.
 2023-05-15 18:50:36 +02:00
Jiasheng Jiang 51efa68ec0 avcodec/vp3: Add missing check for av_malloc 
Since the av_malloc() may fail and return NULL pointer,
it is needed that the 's->edge_emu_buffer' should be checked
whether the new allocation is success.

Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
(cherry picked from commit 656cb0450a)
 2022-12-18 07:53:04 -03:00
James Almer a8a208b123 avcodec/mjpegenc: take into account component count when writing the SOF header size 
Fixes ticket #10069

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 1009396953)
 2022-11-28 08:48:42 -03:00
Martin Storsjö f442a376a1 checkasm: float_dsp: Scale FLT/DBL_EPSILON sufficiently when comparing 
As the values generated by av_bmg_get can be arbitrarily large
(only the stddev is specified), we can't use a fixed tolerance.

This matches what was done for test_vector_dmul_scalar in
38f966b222.

This fixes the float_dsp checkasm test for some seeds, when built
with clang for mingw/x86_32.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8f70e261fa)

Fixes ticket #10010
 2022-11-06 20:50:26 +01:00
Martin Storsjö a4ba6e7d2c swscale: aarch64: Fix yuv2rgb with negative strides 
Treat the 32 bit stride registers as signed.

Alternatively, we could make the stride arguments ptrdiff_t instead
of int, and changing all of the assembly to operate on these
registers with their full 64 bit width, but that's a much larger
and more intrusive change (and risks missing some operation, which
would clamp the intermediates to 32 bit still).

Fixes: https://trac.ffmpeg.org/ticket/9985

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit cb803a0072)
Signed-off-by: Martin Storsjö <martin@martin.st>
 2022-11-04 14:32:53 +02:00
Michael Niedermayer a2e14839dc
Changelog: update 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-10 16:05:50 +02:00
Michael Niedermayer c814c2a1ff
avcodec/dstdec: Check for overflow in build_filter() 
Fixes: signed integer overflow: 1917019860 + 265558963 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-4833165046317056

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8008940da5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:52 +02:00
Michael Niedermayer 056695bf43
avformat/spdifdec: Use 64bit to compute bit rate 
Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4075f0cec1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:52 +02:00
Michael Niedermayer ae5b1998e3
avformat/xwma: Use av_rescale() for duration computation 
Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c789f753c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:52 +02:00
Michael Niedermayer 02402b49af
avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation 
Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa8eb1bed0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:51 +02:00
Michael Niedermayer 74b61efa91
avformat/rmdec: check tag_size 
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2cb7ee8a36)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:51 +02:00
Michael Niedermayer e474173f47
avformat/nutdec: Check fields 
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c146406ea)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:51 +02:00
Michael Niedermayer 167c0dcfdc
avformat/dxa: avoid bpc overflows 
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93db0f0740)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:50 +02:00
Michael Niedermayer 9fb728dd1c
avformat/cafdec: Check that nb_frasmes fits within 64bit 
Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d4bb4e3759)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:50 +02:00
Michael Niedermayer 955ed9b641
avformat/asfdec_o: Limit packet offset 
avoids overflows with it

Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 736e9e69d5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:50 +02:00
Michael Niedermayer 3e208ef088
avformat/ape: Check frames size 
Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d0349c9929)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:49 +02:00
Michael Niedermayer 80ec0ca973
avformat/icodec: Check nb_pal 
Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db73ae0dc1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:49 +02:00
Michael Niedermayer d52ed1be9e
avformat/aiffdec: Use 64bit for block_duration use 
Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9303ba272e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:49 +02:00
Michael Niedermayer 9959b6e2eb
avformat/aiffdec: Check block_duration 
Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1c2b6265c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:48 +02:00
Michael Niedermayer e55980d3bf
avformat/mxfdec: only probe max run in 
Suggested-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1182bbb2c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:48 +02:00
Michael Niedermayer 045ed347fb
avformat/mxfdec: Check run_in is within 65536 
Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7786097825)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:48 +02:00
Michael Niedermayer a101c97782
avcodec/apedec: Fix integer overflow in filter_3800() 
Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f05247f6a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:47 +02:00
Michael Niedermayer 7d5e8bdb0a
avcodec/tta: Check 24bit scaling for overflow 
Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3993345f91)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:47 +02:00
Michael Niedermayer 53f3a25107
libavformat/hls: Free keys 
Fixes: memleak
Fixes: 50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d32a9f3137)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:47 +02:00
Michael Niedermayer f0fb070286
avcodec/fmvc: Move frame allocation to a later stage 
This way more things are checked before allocation

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9783749c66)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:46 +02:00
Michael Niedermayer c263380558
avcodec/speedhq: Check width 
Fixes: out of array access
Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400

Alternatively the buffer size can be increased

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f0395f9ef6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:46 +02:00
Michael Niedermayer b222272124
avcodec/bink: disallow odd positioned scaled blocks 
Fixes: out of array access
Fixes: 47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b14104a637)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:46 +02:00
Michael Niedermayer bf29c080b1
avformat/asfdec_o: limit recursion depth in asf_read_unknown() 
The threshold of 5 is arbitrary, both smaller and larger should work fine

Fixes: Stack overflow
Fixes: 50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f1a368169)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:45 +02:00
Michael Niedermayer 8f443328c0
doc/git-howto.texi: Document commit signing 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ced0dc807e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:45 +02:00
Michael Niedermayer 82e77e0dec
libavcodec/8bps: Check that line lengths fit within the buffer 
Fixes: Timeout
Fixes: undefined pointer arithmetic
Fixes: 50330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5436287485607936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2316d5ec1a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:45 +02:00
Michael Niedermayer 37139adfbf
libavformat/iff: Check for overflow in body_end calculation 
Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 cannot be represented in type 'long'
Fixes: 50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bcb4690304)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:44 +02:00
Michael Niedermayer 2f2a3397cc
avformat/avidec: Prevent entity expansion attacks 
Fixes: Timeout
Fixes no testcase, this is the same idea as similar attacks against XML parsers

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f3e823c2aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:44 +02:00
Michael Niedermayer 4d537913e5
avcodec/h263dec: Sanity check against minimal I/P frame size 
Fixes: Timeout
Fixes: 49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca4ff9c21c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:44 +02:00
Michael Niedermayer ec9af84dc5
avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccel 
This is somewhat redundant with the is_decoded check. Maybe
there is a nicer solution

Fixes: Null pointer dereference
Fixes: 49584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5297367351427072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3b51e19922)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:43 +02:00
Michael Niedermayer 8229f4327f
MAINTAINERS: Add ED25519 key for signing my commits in the future 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 05225180be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:43 +02:00
Michael Niedermayer 0bea6b5d50
avcodec/hevc_filter: copy_CTB() only within width&height 
Fixes: out of array access
Fixes: 49271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5424984922652672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 009ef35d38)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:43 +02:00
Michael Niedermayer f198ffcf38
avformat/flvdec: Check for EOF in index reading 
Fixes: Timeout
Fixes: 47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ceff5d7b74)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:42 +02:00
Michael Niedermayer 5cefe5d304
avformat/nutdec: Check get_packetheader() in mainheader 
Fixes; Timeout
Fixes: 48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5de084aa6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:42 +02:00
Michael Niedermayer c9d8271274
avformat/asfdec_f: Use 64bit for packet start time 
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int'
Fixes: 49014/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6314973315334144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8ed78486fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-09 22:15:42 +02:00