Commit graph

18817 commits

Author SHA1 Message Date
Stephan Holljes
73d07e320c lavf/http.c: Free allocated client URLContext in case of error.
Signed-off-by: Stephan Holljes <klaxa1337@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b6b8c9265)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-23 01:44:40 +02:00
Michael Niedermayer
b591673c50 avformat/utils: Check cur_dts in update_initial_timestamps() more
Fixes: runtime error: signed integer overflow: 18133149658382192 - -9223090561878065151 cannot be represented in type 'long long'
Fixes: crbug 831552

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 37d46dc21d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-23 01:44:40 +02:00
Michael Niedermayer
028af5acbe avformat/mov: Check STSC and remove invalid entries
Fixes assertion failure
Fixes: crbug 822547, crbug 822666 and crbug 823009

Affects: aark15sd_9A62E2FA.mp4

Found-by: ClusterFuzz
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e67447a4f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-23 01:44:40 +02:00
Michael Niedermayer
30d40580c4 avformat/mov: Fix integer overflows related to sample_duration
Fixes: runtime error: signed integer overflow: -9166684017437101870 + -2495066639299164439 cannot be represented in type

Fixes: Chromium bug 791349

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f37082827)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-23 01:44:40 +02:00
Michael Niedermayer
ad7c57f9db avformat/oggparsedaala: Do not adjust AV_NOPTS_VALUE
Fixes: potential signed integer overflow

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f655ddfb47)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-23 01:44:40 +02:00
Michael Niedermayer
69344f628b avformat/oggparseogm: Check lb against psize
No testcase, this was found during code review

Found-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e7c847aaf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-23 01:44:40 +02:00
Michael Niedermayer
46f37c65ab avformat/oggparseogm: Fix undefined shift in ogm_packet()
Fixes: shift exponent 48 is too large for 32-bit type 'int'
Fixes: Chromium bug 786793
Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 010b7b30b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-23 01:44:40 +02:00
Michael Niedermayer
4df16ad1ef avformat/avidec: Fix integer overflow in cum_len check
Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long'
Fixes: Chromium bug 791237

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06e092e781)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-23 01:44:40 +02:00
Michael Niedermayer
81a6076e4b avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
Fixes: Chromium bug 795653
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 02ecda4aba)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-23 01:44:40 +02:00
Michael Niedermayer
7fd80d91f7 avformat/utils: Fix integer overflow of fps_first/last_dts
Fixes: runtime error: signed integer overflow: 7738135736989908991 - -7898362169240453118 cannot be represented in type 'long'
Fixes: Chromium bug 796778
Reported-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b1362e408)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-23 01:44:40 +02:00
Michael Niedermayer
b8fd13befe libavformat/oggparsevorbis: Fix memleak on multiple headers
Fixes: Chromium bug 800123
Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3934aa495d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-23 01:44:40 +02:00
James Almer
e0750d2067 avformat/hvcc: zero initialize the nal buffers past the last written byte
Prevents use of uninitialized values.

Fixes ticket #7038.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 9482ec1b20)
2018-02-24 00:37:13 -03:00
Nikolas Bowe
23af1858fe avformat/lrcdec: Fix memory leak in lrc_read_header()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ef5994e09d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-02-19 02:40:54 +01:00
Nikolas Bowe
9d0b3fa58c avformat/matroskadec: Fix float-cast-overflow undefined behavior in matroska_parse_tracks()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e07649e618)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-02-19 02:40:54 +01:00
James Almer
ef95789c8c avformat/libssh: check the user provided a password before trying to use it
Fixes ticket #6413

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 8ddb6820bd)
2018-01-11 10:41:31 -03:00
Dale Curtis
532f0d1278 Don't manipulate duration when it's AV_NOPTS_VALUE.
This leads to signed integer overflow.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit c5fd57f483)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-12-02 00:28:59 +01:00
Dale Curtis
b01020a050 avformat/utils: Prevent undefined shift with wrap_bits > 64.
2LL << (wrap_bits=64 - 1) does not fit in int64_t; change the
code to use a uint64_t (2ULL) and add an av_assert2() to
ensure wrap_bits <= 64.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 03fbc0daa7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-12-02 00:28:59 +01:00
Dale Curtis
50b2264810 Close ogg stream upon error when using AV_EF_EXPLODE.
Without this there can be multiple memory leaks for unrecognized
ogg streams.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bce8fc0754)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-12-02 00:28:59 +01:00
Jacob Trimble
20e78d5339 avformat/mov: Propagate errors in mov_switch_root.
Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d9cf3bf16)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-12-02 00:28:59 +01:00
Fredrik Hubinette
74677deaca avformat/mov: Check size of STSC allocation
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a6fdd75fe6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-12-02 00:28:59 +01:00
Luca Barbato
66754f0a96 avformat: Free the internal codec context at the end
Avoid a use after free in avformat_find_stream_info.

(cherry picked from commit 9e4a5eb51b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-12-02 00:28:59 +01:00
Michael Niedermayer
e4a9790bac avformat/asfdec: Fix DoS in asf_build_simple_index()
Fixes: Missing EOF check in loop
No testcase

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit afc9c683ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-09-08 18:37:40 +02:00
Michael Niedermayer
d08abbd0bd avformat/mov: Fix DoS in read_tfra()
Fixes: Missing EOF check in loop
No testcase

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9cb4eb7728)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-09-08 18:37:21 +02:00
孙浩(晓黑)
b2aa633d66 avformat/mxfdec: Fix Sign error in mxf_read_primer_pack()
Fixes: 20170829B.mxf

Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9d00fb9d70)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-09-01 03:20:53 +02:00
孙浩(晓黑)
74c067e955 avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array()
Fixes: 20170829A.mxf

Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 900f39692c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-09-01 03:04:24 +02:00
孙浩(晓黑)
c6d3640cf7 avformat/nsvdec: Fix DoS due to lack of eof check in nsvs_file_offset loop.
Fixes: 20170829.nsv

Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c24bcb5536)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-09-01 03:03:44 +02:00
Michael Niedermayer
9a73a77681 avformat/mvdec: Fix DoS due to lack of eof check
Fixes: loop.mv

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f05e2e2dc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-28 01:43:28 +02:00
孙浩 and 张洪亮(望初)
4c6bed6e3b avformat/rl2: Fix DoS due to lack of eof check
Fixes: loop.rl2

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 96f24d1bee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-28 01:43:03 +02:00
孙浩 and 张洪亮(望初)
81e6a95e54 avformat/rmdec: Fix DoS due to lack of eof check
Fixes: loop.ivr

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 124eb202e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-28 01:42:34 +02:00
孙浩 and 张洪亮(望初)
adca94d65e avformat/cinedec: Fix DoS due to lack of eof check
Fixes: loop.cine

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7e80b63ecd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-28 01:42:23 +02:00
孙浩 and 张洪亮(望初)
39ddbd204a avformat/asfdec: Fix DoS due to lack of eof check
Fixes: loop.asf

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7f9ec5593e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-28 01:42:00 +02:00
Michael Niedermayer
b9fa2a86e6 avformat/hls: Fix DoS due to infinite loop
Fixes: loop.m3u

The default max iteration count of 1000 is arbitrary and ideas for a better solution are welcome

Found-by: Xiaohei and Wangchu from Alibaba Security Team

Previous version reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ec414892d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-28 01:41:36 +02:00
Vitaly Buka
aadd7fbc14 avformat/aviobuf: Fix signed integer overflow in avio_seek()
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow

Signed-off-by: Vitaly Buka <vitalybuka@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eca2a49716)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-24 12:08:06 +02:00
Vitaly Buka
64af458bb8 avformat/mov: Fix signed integer overflows with total_size
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow

Signed-off-by: Vitaly Buka <vitalybuka@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a404cb5b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-24 12:03:51 +02:00
Steven Siloti
a371850d58 avformat/utils: fix memory leak in avformat_free_context
The pointer to the packet queue is stored in the internal structure
so the queue needs to be flushed before internal is freed.

Signed-off-by: Steven Siloti <ssiloti@bittorrent.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 949debd1d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-05 23:25:05 +02:00
Michael Niedermayer
81c940b151 avformat/rtmppkt: Convert ff_amf_get_field_value() to bytestream2
Fixes: out of array accesses

Found-by: JunDong Xie of Ant-financial Light-Year Security Lab
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ffcc82219c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-07-29 14:17:58 +02:00
Michael Niedermayer
2954ce9dea avformat/rtmppkt: Convert ff_amf_tag_size() to bytestream2
Fixes: out of array accesses
Fixes: crash-9238fa9e8d4fde3beda1f279626f53812cb001cb-SEGV

Found-by: JunDong Xie of Ant-financial Light-Year Security Lab
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 08c073434e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-07-29 04:49:47 +02:00
Michael Niedermayer
8c05ac89d3 avformat/oggparsecelt: Do not re-allocate os->private
Fixes: double free
Fixes: clusterfuzz-testcase-minimized-5080550145785856

Found-by: ClusterFuzz
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7140761481)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-07-26 00:15:38 +02:00
Michael Niedermayer
bb1014279d avformat/hls: Check local file extensions
This reduces the attack surface of local file-system
information leaking.

It prevents the existing exploit leading to an information leak. As
well as similar hypothetical attacks.

Leaks of information from files and symlinks ending in common multimedia extensions
are still possible. But files with sensitive information like private keys and passwords
generally do not use common multimedia filename extensions.
It does not stop leaks via remote addresses in the LAN.

The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder becomes sensitive as well.
The only obvious solution is to prevent access to sensitive information. Or to
disable hls or possibly some of its feature. More complex solutions like
checking the path to limit access to only subdirectories of the hls path may
work as an alternative. But such solutions are fragile and tricky to implement
portably and would not stop every possible attack nor would they work with all
valid hls files.

Developers have expressed their dislike / objected to disabling hls by default as well
as disabling hls with local files. There also where objections against restricting
remote url file extensions. This here is a less robust but also lower
inconvenience solution.
It can be applied stand alone or together with other solutions.
limiting the check to local files was suggested by nevcairiel

This recommits the security fix without the author name joke which was
originally requested by Nicolas.

Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 189ff42196)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-20 02:05:08 +02:00
Michael Niedermayer
641b38c9c8 avformat/options: log filename on open
The loglevel is choosen so that the main filename and any images of
multi image sequences are shown only at debug level to avoid
clutter.

This makes exploits in playlists more visible. As they would show
accesses to private/sensitive files

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 53e0d5d724)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-04 14:11:39 +02:00
Michael Niedermayer
794bcc6eca avformat/avidec: Limit formats in gab2 to srt and ass/ssa
This prevents part of one exploit leading to an information leak

Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5d849b149)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-31 02:45:14 +02:00
Michael Niedermayer
780c360e76 avformat/mux: Fix copy an paste typo
Found-by: Roger Scott <rscott@grammatech.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1a36354698)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-27 04:22:52 +02:00
James Almer
30415662ef avformat/concatdec: fix the h264 annexb extradata check
The start code can be either in the first three or four bytes.

(cherry picked from commit b4330a0e02)
2017-05-17 16:57:38 -03:00
Aaron Levinson
c54a76bf71 avformat/utils: free AVStream.codec properly in free_stream()
Fixes memory leaks.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit b9d2005ea5)
2017-05-17 16:27:25 -03:00
李赞
00e8a7adf4 avformat/wavdec: Check chunk_size
Fixes integer overflow and out of array access

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d23219637)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-17 20:35:20 +02:00
Derek Buitenhuis
b1d5c2de2b avformat/webmdashenc: Validate the 'streams' adaptation sets parameter
It should not be a value larger than the number of streams we have,
or it will cause invalid reads and/or SIGSEGV.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec07efa700)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-17 20:35:19 +02:00
Derek Buitenhuis
351dc1f33a avformat/webmdashenc: Require the 'adaptation_sets' option to be set
This seems to be non-optional, and if the muxer is run without it,
strlen() is run on NULL, causing a segfault.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cbd3a68f3e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-17 20:35:19 +02:00
Michael Niedermayer
ed0c3290f8 avformat/oggparsedaala: Do not leave an invalid value in gpshift
Fixes: undefined behavior
Fixes: 702974

Found-by: Thomas Guilbert <tguilbert@google.com>
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 23ae3cc822)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-17 20:35:19 +02:00
Michael Niedermayer
98f93f5272 avformat/oggparsedaala: Check duration for AV_NOPTS_VALUE
This avoids an integer overflow
the solution matches oggparsevorbis.c and 45581ed15d

Fixes: 700242

Found-by: Thomas Guilbert <tguilbert@google.com>
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 679a315424)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-17 20:35:19 +02:00
Michael Niedermayer
d5cdae9e35 avformat/http: Check for truncated buffers in http_connect()
Reported-by: SleepProgger <security@gnutp.com>
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8fa18e042a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-17 20:35:19 +02:00