wrapper/FFmpeg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
76900 commits 40 branches 405 tags 230 MiB
Commit graph

44 commits

Author SHA1 Message Date
Michael Niedermayer
d8d3395c17
avformat/asfdec_o: Check size of index object 
We subtract 24 so it must be at least 24

Fixes: CID1604482 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 891bc070f0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2024-07-22 14:49:57 +02:00
Michael Niedermayer
3503a45d98
avformat/asfdec_o: Limit packet offset 
avoids overflows with it

Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 736e9e69d5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-28 21:04:04 +02:00
Michael Niedermayer
998111d4c1
avformat/asfdec_o: limit recursion depth in asf_read_unknown() 
The threshold of 5 is arbitrary, both smaller and larger should work fine

Fixes: Stack overflow
Fixes: 50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f1a368169)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-10-28 21:04:04 +02:00
Michael Niedermayer
e4bae4cb70 avformat/asfdec_o: Check for EOF in asf_read_marker() 
Fixes: Timeout
Fixes: 26460/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5710884393189376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e3d09f435)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-17 21:34:53 +02:00
Michael Niedermayer
98ff613711 avformat/asfdec_o: Check size vs. offset in detect_unknown_subobject() 
Fixes: signed integer overflow: 2314885530818453566 + 7503032301549264928 cannot be represented in type 'long'
Fixes: 26639/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6024222100684800

Alternatively this could be ignored but then the end condition of the loop
would be hard to reach as avio_tell() is int64_t

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0bee216ad4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-17 21:34:53 +02:00
Andreas Cadhalpun
d640bc7545 asfdec_o: check for too small size in asf_read_unknown 
This fixes infinite loops due to seeking back.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit c29e87ad55)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
 2016-01-27 23:45:45 +01:00
Andreas Cadhalpun
93559adfbf asfdec_o: break if EOF is reached after asf_read_packet_header 
asf_read_payload can unset eof_reached, so check it also before calling
that function.

This fixes infinite loops.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 0e32153e9c)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
 2016-01-27 23:45:45 +01:00
Andreas Cadhalpun
4679e54388 asfdec_o: make sure packet_size is non-zero before seeking 
This fixes infinite loops due to seeking back.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 3776a72962)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
 2016-01-27 23:45:45 +01:00
Andreas Cadhalpun
782257ba66 asfdec_o: prevent overflow causing seekback 
This fixes infinite loops.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 74474750f1)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
 2016-01-27 23:45:45 +01:00
Andreas Cadhalpun
e188c267c8 asfdec_o: check avio_skip in asf_read_simple_index 
The loop can be very long, even though the file is very short.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 0002d845e8)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
 2016-01-27 23:45:44 +01:00
Andreas Cadhalpun
407ab167c0 asfdec_o: reject size > INT64_MAX in asf_read_unknown 
Both avio_skip and detect_unknown_subobject use int64_t for the size
parameter.

This fixes a segmentation fault due to infinite recursion.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit aa18016996)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
 2016-01-27 23:45:44 +01:00
Andreas Cadhalpun
d7fbd03660 asfdec_o: only set asf_pkt->data_size after sanity checks 
Otherwise invalid values are used unchecked in the next run.
This can cause NULL pointer dereferencing.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 763c572801)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
 2016-01-27 23:45:44 +01:00
Hendrik Leppkes
2cd41c5d52 Merge commit '8375dc1dd1' 
* commit '8375dc1dd1':
  asfdec: handle the case when the stream index has an invalid value better

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
(cherry picked from commit bf67ae3cfa)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
 2016-01-27 23:45:44 +01:00
Andreas Cadhalpun
13d3749424 doc: fix spelling errors 
Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 8d6625642d)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
 2015-10-12 21:46:54 +02:00
Alexandra Hájková
8118fdf8bb asfdec: add more checks for size left in asf packet buffer 
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit c0a49077ea)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
 2015-10-12 21:46:54 +02:00
Alexandra Hájková
f235f511a0 asfdec: alloc enough space for storing name in asf_read_metadata_obj 
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 77cf236689)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
 2015-10-12 21:46:54 +02:00
Hendrik Leppkes
649b2e4c83 Merge commit '317cfaa5e0' 
* commit '317cfaa5e0':
  asfdec: prevent the memory leak in the asf_read_metada_obj

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
 2015-08-18 09:35:56 +02:00
Hendrik Leppkes
3d2d672828 Merge commit 'e5997152f5' 
* commit 'e5997152f5':
  asf: Use time_t where needed

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
 2015-08-07 09:27:55 +02:00
Hendrik Leppkes
b54cf4b886 Merge commit '944f60866f' 
* commit '944f60866f':
  asfdec: read values properly

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
 2015-08-07 09:27:49 +02:00
Hendrik Leppkes
190e521123 Merge commit 'fdbc544d29' 
* commit 'fdbc544d29':
  asfdec: prevent the memory leak while reading metadata

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
 2015-08-02 12:32:10 +02:00
Hendrik Leppkes
2ab827389b Merge commit '33dc1913ab' 
* commit '33dc1913ab':
  asfdec: remove improper assignement that caused wrong timestamps

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
 2015-08-02 10:41:56 +02:00
Hendrik Leppkes
07094e5e40 Merge commit '78491fe8cf' 
* commit '78491fe8cf':
  asfdec: do not export empty metadata

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
 2015-08-02 10:41:45 +02:00
Hendrik Leppkes
988ddfea5e Merge commit 'cd4d9df227' 
* commit 'cd4d9df227':
  asfdec: free AVDictionaries properly when closing the demuxer

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
 2015-08-02 10:34:18 +02:00
Michael Niedermayer
e1296b5fa4 Merge commit 'b5c1c16247' 
* commit 'b5c1c16247':
  asfdec: do not align Data Object when Broadcast Flag is set

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-28 00:13:54 +02:00
Michael Niedermayer
29d147c94d Merge commit '059a934806' 
* commit '059a934806':
  lavc: Consistently prefix input buffer defines

Conflicts:
	doc/examples/decoding_encoding.c
	libavcodec/4xm.c
	libavcodec/aac_adtstoasc_bsf.c
	libavcodec/aacdec.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.h
	libavcodec/asvenc.c
	libavcodec/avcodec.h
	libavcodec/avpacket.c
	libavcodec/dvdec.c
	libavcodec/ffv1enc.c
	libavcodec/g2meet.c
	libavcodec/gif.c
	libavcodec/h264.c
	libavcodec/h264_mp4toannexb_bsf.c
	libavcodec/huffyuvdec.c
	libavcodec/huffyuvenc.c
	libavcodec/jpeglsenc.c
	libavcodec/libxvid.c
	libavcodec/mdec.c
	libavcodec/motionpixels.c
	libavcodec/mpeg4videodec.c
	libavcodec/mpegvideo.c
	libavcodec/noise_bsf.c
	libavcodec/nuv.c
	libavcodec/nvenc.c
	libavcodec/options.c
	libavcodec/parser.c
	libavcodec/pngenc.c
	libavcodec/proresenc_kostya.c
	libavcodec/qsvdec.c
	libavcodec/svq1enc.c
	libavcodec/tiffenc.c
	libavcodec/truemotion2.c
	libavcodec/utils.c
	libavcodec/utvideoenc.c
	libavcodec/vc1dec.c
	libavcodec/wmalosslessdec.c
	libavformat/adxdec.c
	libavformat/aiffdec.c
	libavformat/apc.c
	libavformat/apetag.c
	libavformat/avidec.c
	libavformat/bink.c
	libavformat/cafdec.c
	libavformat/flvdec.c
	libavformat/id3v2.c
	libavformat/isom.c
	libavformat/matroskadec.c
	libavformat/mov.c
	libavformat/mpc.c
	libavformat/mpc8.c
	libavformat/mpegts.c
	libavformat/mvi.c
	libavformat/mxfdec.c
	libavformat/mxg.c
	libavformat/nutdec.c
	libavformat/oggdec.c
	libavformat/oggparsecelt.c
	libavformat/oggparseflac.c
	libavformat/oggparseopus.c
	libavformat/oggparsespeex.c
	libavformat/omadec.c
	libavformat/rawdec.c
	libavformat/riffdec.c
	libavformat/rl2.c
	libavformat/rmdec.c
	libavformat/rtpdec_latm.c
	libavformat/rtpdec_mpeg4.c
	libavformat/rtpdec_qdm2.c
	libavformat/rtpdec_svq3.c
	libavformat/sierravmd.c
	libavformat/smacker.c
	libavformat/smush.c
	libavformat/spdifenc.c
	libavformat/takdec.c
	libavformat/tta.c
	libavformat/utils.c
	libavformat/vqf.c
	libavformat/westwood_vqa.c
	libavformat/xmv.c
	libavformat/xwma.c
	libavformat/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-27 23:15:19 +02:00
Michael Niedermayer
90696ef368 Merge commit '9e8627a1ff' 
* commit '9e8627a1ff':
  asfdec: interpret the first flag in an asf packet as length flag

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-27 12:27:35 +02:00
Michael Niedermayer
0a03271ef6 Merge commit '7f388c0fab' 
* commit '7f388c0fab':
  asfdec: remove the wrong condition

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-23 12:45:00 +02:00
Michael Niedermayer
40e8ade9eb Merge commit 'aed7715b8f' 
* commit 'aed7715b8f':
  asfdec: increment nb_streams right after the stream allocation

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-23 11:43:56 +02:00
Michael Niedermayer
cd4c878934 Merge commit 'ee80f834cb' 
* commit 'ee80f834cb':
  asfdec: set nb_streams to 0 in the asf_read_close

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-23 11:34:40 +02:00
Michael Niedermayer
6b9be608ce Merge commit '2a187a074a' 
* commit '2a187a074a':
  asfdec: avoid crash in the case when chunk_len is 0 or pkt_len is 0

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-22 17:13:18 +02:00
Michael Niedermayer
fa7defc89a Merge commit '93f16f338f' 
* commit '93f16f338f':
  asfdec: close the demuxer properly when read_header is failing

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-22 17:06:22 +02:00
Michael Niedermayer
fce350be0e Merge commit '5655236a67' 
* commit '5655236a67':
  asfdec: factor out seeking to the Data Object outside while

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-22 16:53:26 +02:00
Michael Niedermayer
3d4297f851 Merge commit 'e61f39849c' 
* commit 'e61f39849c':
  asfdec: make nb_sub to be unsigned int

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-19 11:52:35 +02:00
Michael Niedermayer
74aba00700 Merge commit '2883ef34b5' 
* commit '2883ef34b5':
  asfdec: read the replicated data in a separate function

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-19 11:45:08 +02:00
Michael Niedermayer
80a37fc3e1 Merge commit '0989d3ad1f' 
* commit '0989d3ad1f':
  asfdec: convert condition for the replicated data reading to be safer

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-19 11:29:55 +02:00
Michael Niedermayer
f509c9503a Merge commit '406627287e' 
* commit '406627287e':
  asfdec: do not read replicated data when their length is 0

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-19 11:23:01 +02:00
Michael Niedermayer
db1ab7e5af Merge commit 'c571424c7f' 
* commit 'c571424c7f':
  asfdec: prevent memory leaks found with Coverity Scan

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-14 00:54:55 +02:00
Michael Niedermayer
d2e5297e93 Merge commit '796268654c' 
* commit '796268654c':
  asfdec: always reset packet state after seeking

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-12 16:34:18 +02:00
Michael Niedermayer
ba77fb61f7 Merge commit 'd80811c94e' 
* commit 'd80811c94e':
  riff: Use the correct logging context

Conflicts:
	libavformat/asfdec_o.c
	libavformat/avidec.c
	libavformat/dxa.c
	libavformat/matroskadec.c
	libavformat/mov.c
	libavformat/riff.h
	libavformat/riffdec.c
	libavformat/wavdec.c
	libavformat/wtvdec.c
	libavformat/xwma.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-12 15:22:37 +02:00
Michael Niedermayer
72527d9c54 Merge commit '872fab4a3d' 
* commit '872fab4a3d':
  asfdec: Fix reading from the pipe

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
 2015-07-10 20:47:46 +02:00
Michael Niedermayer
30ffbeb04a Merge commit '016cac75c6' 
* commit '016cac75c6':
  asfdec: prevent the infinite loop in detect unknown_subobject

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2015-07-03 03:58:33 +02:00
Michael Niedermayer
7755a57440 Merge commit '9752d2e6cc' 
* commit '9752d2e6cc':
  asfdec: prevent possible memory leak in the asf_read_metadata_obj

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2015-07-03 03:51:00 +02:00
Michael Niedermayer
3cd6b6aa0f Merge commit '5bdfc17189' 
* commit '5bdfc17189':
  asf: Do not skip data streams

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2015-06-30 12:48:11 +02:00
Michael Niedermayer
0d5a27c2b5 Rename asfdec-o.c to asfdec_o.c 
Most files use _ instead of - as spacer, so this is more consistent

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2015-06-30 12:23:44 +02:00
Renamed from libavformat/asfdec-o.c (Browse further)