x/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-22 20:58:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
76,901 Commits 39 Branches 429 Tags
release/2.8
Commit Graph
18500 Commits
Author SHA1 Message Date
Michael Niedermayer 5a6f91fa12 avformat/rpl: Fix check for negative values 
Fixes: signed integer overflow: 10 * -1923267925333400000 cannot be represented in type 'int64_t' (aka 'long')
Fixes: 378891963/clusterfuzz-testcase-minimized-fuzzer_loadfile_direct-5714338935013376
Found-by: ossfuzz
Reported-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eab65379bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-12-31 20:49:27 +01:00
Michael Niedermayer 25fcd936d8 avformat/mlvdec: Check avio_read() 
Fixes: use-of-uninitialized-value
Fixes: 383170476/clusterfuzz-testcase-minimized-ffmpeg_dem_MLV_fuzzer-4696002884337664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bb85423142)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-12-31 20:48:35 +01:00
Michael Niedermayer cf7670f460 avformat/matroskadec: Check pre_ns for overflow 
Fixes: signed integer overflow: -3483479120376300096 - 7442323944145700864 cannot be represented in type 'long'
Fixes: 383187489/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4561470580391936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 361d24e6d9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-12-31 20:44:38 +01:00
Michael Niedermayer deecfb797b avformat/icodec: fix integer overflow with nb_pal 
Fixes: runtime error: signed integer overflow
Fixes: 42536949/clusterfuzz-testcase-minimized-fuzzer_loadfile-6199846684393472
Found-by: ossfuzz
Reported-by: Kacper Michajlow
Tested-by: Kacper Michajlow
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 84569b6c22)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-12-24 00:32:32 +01:00
Michael Niedermayer 457a165a4f avformat/ilbc: Check avio_read() for failure 
Fixes: use of uninitialized value
Fixes: 42537627/clusterfuzz-testcase-minimized-fuzzer_protocol_memory-6656646223298560-cut

Found-by: ossfuzz
Reported-by: Kacper Michajlow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e30d957a9b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-12-24 00:32:31 +01:00
Michael Niedermayer e871c7a004 avformat/mpegts: Initialize predefined_SLConfigDescriptor_seen 
Fixes: use of uninitialized variable
Fixes: 368729566/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTS_fuzzer-6044501804646400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db7b4fc89f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-12-24 00:32:30 +01:00
Michael Niedermayer 02685f052e avformat/matroskadec: Check desc_bytes so bits fit in 64bit 
Likely a tighter check can be done

Fixes: signed integer overflow: 3305606804154370442 * 8 cannot be represented in type 'long'
Fixes: 70449/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4771166007918592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4122406f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-12-22 01:37:59 +01:00
Michael Niedermayer 95777d2e5f avformat/mxfdec: More offset_temp checks 
Fixes: signed integer overflow: 9223372036854775807 - -1927491430256034080 cannot be represented in type 'long'
Fixes: 70607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5282235077951488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a96aa435a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-09-26 00:32:36 +02:00
Michael Niedermayer 890212e83d avformat/apetag: Check APETAGEX 
Fixes: Use of uninitialized value
Fixes: 71074/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5697034877730816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 796ff2d599)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-09-25 23:29:43 +02:00
Michael Niedermayer 5ea7acb177 avformat/mpeg: Check an avio_read() for failure 
Fixes: use-of-uninitialized-value
Fixes: 70849/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGPS_fuzzer-4684401009557504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66ee75d76c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-09-25 22:36:00 +02:00
Michael Niedermayer 9c1e131d7c avformat/segafilm: Set keyframe 
Fixes: use of uninitialized value
Fixes: 70871/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5883617752973312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4dc7dfe65a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-09-25 22:31:49 +02:00
Michael Niedermayer 8c1b303678 avformat/lmlm4: Eliminate some AVERROR(EIO) 
Found by code review related to CID732224 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 191a685010)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-09-25 19:53:19 +02:00
Michael Niedermayer 7a98c6fdab avformat/wtvdec: Check length of read mpeg2_descriptor 
Fixes: Use of uninitialized value
Fixes: 70900/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6286909377150976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c390234da2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-09-25 19:51:40 +02:00
Michael Niedermayer 2e00e41de0 avformat/wtvdec: clear sectors 
The code can leave uninitialized holes in the array.
Fixes: use of uninitialized values
Fixes: 70883/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6698694567591936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c95ea03104)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-09-25 19:51:06 +02:00
Michael Niedermayer 3a1810f1c1 avformat/img2dec: Clear padding data after EOF 
Fixes: use-of-uninitialized-value
Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5179190066872320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3978e81809)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-08-05 23:20:12 +02:00
Michael Niedermayer 818e10d0ce avformat/wavdec: Check if there are 16 bytes before testing them 
Fixes: use-of-uninitialized-value
Fixes: 70839/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5212907590189056

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79a1cf30d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-08-05 23:19:27 +02:00
Michael Niedermayer 7d89f3c14f avformat/xmv: Check this_packet_size 
Fixes: CID1604489 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 696685df0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-22 16:27:47 +02:00
Michael Niedermayer 2975e218a0 avformat/siff: Basic pkt_size check 
Fixes: half of CID1258461 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 124a97dd8b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-22 16:26:25 +02:00
Michael Niedermayer 477d964e32 avformat/sauce: Check avio_size() for failure 
Fixes: CID1604592 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 759aae590c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-22 16:25:47 +02:00
Michael Niedermayer 358be1d9cb avformat/sapdec: Check ffurl_get_file_handle() for error 
Fixes: CID1604506 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e305a0e70)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-22 16:24:57 +02:00
Michael Niedermayer 99b01e80b4 avformat/mp3dec; Check for avio_size() failure 
Fixes: CID1608710 Improper use of negative value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bb936a1a72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-22 16:23:33 +02:00
Michael Niedermayer 962bf1c171 avformat/mov: Use 64bit for str_size 
We assign a 64bit variable to it before checking

Fixes: CID1604544 Overflowed integer argument

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 046d069552)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-22 16:23:08 +02:00
Michael Niedermayer fca1b73d2a avformat/mm: Check length 
Fixes: CID1220824 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 139bf41246)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-22 16:22:25 +02:00
Michael Niedermayer 836e1d8706 avformat/hnm: Check *chunk_size 
Fixes: CID1604419 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 291356f58b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-22 16:21:59 +02:00
Michael Niedermayer d8d3395c17 avformat/asfdec_o: Check size of index object 
We subtract 24 so it must be at least 24

Fixes: CID1604482 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 891bc070f0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-22 14:49:57 +02:00
Michael Niedermayer 02d98cd55a avformat/rtmppkt: Simplify and deobfuscate amf_tag_skip() slightly 
Found while reviewing: CID1530313 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cedbef0394)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-21 21:41:51 +02:00
Michael Niedermayer bcef03443a avformat/rmdec: use 64bit for audio_framesize checks 
It is not entirely clear what would prevent such overflow so even if it is
not possible, it is better to use 64bit

Fixes: CID1491898 Unintentional integer overflow

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 665be4fa2f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-21 21:41:02 +02:00
Michael Niedermayer ea0504bf81 avformat/subfile: Assert that whence is a known case 
This may help CID1452449 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 426d8c84c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-21 21:35:23 +02:00
Michael Niedermayer c7688a21a4 avformat/rtsp: Check that lower transport is handled in one of the if() 
Fixes: CID1473554 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8200d3825)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-21 21:12:40 +02:00
Michael Niedermayer c98549ff4b avformat/rtsp: initialize reply1 
It seems reply1 is initialized by ff_rtsp_send_cmd() in most cases but there
are code paths like "continue" which look like they could skip it but even if not
writing this so a complex loop after several layers of calls initialized a local
variable through a pointer is just bad design.
This patch simply initialized the variable.

Fixes: CID1473532 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 498ce4e8b8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-21 21:11:55 +02:00
Michael Niedermayer d578636445 avformat/rtsp: use < 0 for error check 
Found while reviewing CID1473532 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9bb38ba2b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-21 21:11:10 +02:00
Michael Niedermayer 3fc695526a avformat/rdt: Check pkt_len 
Fixes: CID1473553 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0d0373de3b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-21 19:59:27 +02:00
Michael Niedermayer 3452b66e09 avformat/mpeg: Check len in mpegps_probe() 
Fixes: CID1473590 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca237a841e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-21 19:58:44 +02:00
Michael Niedermayer 5c91dbc76c avformat/img2dec: assert no pipe on ts_from_file 
Help coverity with CID1500302 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4824156fa0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-21 19:55:50 +02:00
Michael Niedermayer 303fea7956 avformat/sdp: Check before appending "," 
Found by reviewing code related to CID1500301 String not null terminated

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5b82852519)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-06-13 19:49:07 +02:00
Michael Niedermayer 52d6370f84 avformat/ape: Use 64bit for final frame size 
Fixes: CID1505963 Unintentional integer overflow

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a2b8d03347)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-06-13 18:51:32 +02:00
Michael Niedermayer 2bcd3136b3 avformat/mxfdec: Check index_edit_rate 
Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62
Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed49391961)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-04 21:10:57 +02:00
Michael Niedermayer 15205f8889 avformat/mxfdec: Make edit_unit_byte_count unsigned 
Suggested-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f30fe5e8d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 01:57:48 +02:00
Michael Niedermayer b3db166971 avformat/movenc: Check that cts fits in 32bit 
Fixes: Assertion av_rescale_rnd(start_dts, mov->movie_timescale, track->timescale, AV_ROUND_DOWN) <= 0 failed at libavformat/movenc.c:3694
Fixes: poc2

Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d88c284c18)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 01:46:13 +02:00
Michael Niedermayer 9ac32ef7f2 avformat/mxfdec: Check first case of offset_temp computation for overflow 
This is kind of ugly
Fixes: signed integer overflow: 255 * 1157565362826411919 cannot be represented in type 'long'
Fixes: 67313/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6250434245230592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6ed6f6e8d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 01:40:43 +02:00
Michael Niedermayer b6447d6e9c avformat/westwood_vqa: Fix 2g packets 
Fixes: signed integer overflow: 2147483424 * 2 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4576211411795968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 86f73277bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 01:21:50 +02:00
Michael Niedermayer ecd23c0b0c avformat/matroskadec: Check timescale 
Fixes: 3.82046e+18 is outside the range of representable values of type 'unsigned int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6381436594421760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e849eb2343)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 01:20:53 +02:00
Michael Niedermayer b6905d16e9 avformat/sbgdec: Check for negative duration 
Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0bed22d597)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 01:05:18 +02:00
Michael Niedermayer f0d1868cda avformat/rpl: Use 64bit for total_audio_size and check it 
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4677434693517312
Fixes: signed integer overflow: 5555555555555555556 * 8 cannot be represented in type 'long long'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 878625812f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-04-03 01:03:31 +02:00
Michael Niedermayer cf051d0750 avformat/cafdec: dont seek beyond 64bit 
Fixes: signed integer overflow: 64 + 9223372036854775807 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d973fcbcc2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-03-26 20:13:56 +01:00
Michael Niedermayer 5355599933 avformat/id3v2: read_uslt() check for the amount read 
Fixes: timeout
Fixes: 66783/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5356884892647424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0f4abe2aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-03-26 20:11:45 +01:00
Michael Niedermayer 367670b387 avformat/flacdec: Avoid double AVERRORS 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 029294ff54)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-12-29 23:10:26 +01:00
Michael Niedermayer 897d4303be avformat/mov: do not set sign bit for chunk_offsets 
Fixes: signed integer overflow: 2314885530818453536 - -7412889664301817824 cannot be represented in type 'long'
Fixes: 64296/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6304027146846208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cfc0a68d4d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-12-29 02:29:46 +01:00
Michael Niedermayer d459dfaf01 avformat/mov: Ignore duplicate ftyp 
Fixes: switch_1080p_720p.mp4
Found-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4cdf2c7f76)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-12-15 00:21:39 +01:00
Martin StorsjöandMichael Niedermayer 3d80573367 seek: Fix crashes in ff_seek_frame_binary if built with latest Clang 14 
Passing an uninitialized variable as argument to a function is
undefined behaviour (UB). The compiler can assume that UB does not
happen.

Hence, the compiler can assume that the variables are never
uninitialized when passed as argument, which means that the codepaths
that initializes them must be taken.

In ff_seek_frame_binary, this means that the compiler can assume
that the codepaths that initialize pos_min and pos_max are taken,
which means that the conditions "if (sti->index_entries)" and
"if (index >= 0)" can be optimized out.

Current Clang git versions (upcoming Clang 14) enabled an optimization
that does this, which broke the current version of this function
(which intentionally left the variables uninitialized, but silencing
warnings about being uninitialized). See [1] for discussion on
the matter.

[1] https://reviews.llvm.org/D105169#3069555

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit ab79263419)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2023-11-16 23:52:44 +01:00