Commit graph

23642 commits

Author SHA1 Message Date
Michael Niedermayer
c5df87e259 avformat/rpl: The associative law doesnt hold for signed integers in C
Add () to avoid undefined behavior
Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long'
Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 480f11bdd7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
4afa465eb3 avformat/utils: Avoid overflow in codec_info_duration computation for subtitles
Fixes: signed integer overflow: 9223126845747118112 - -2594073385365397472 cannot be represented in type 'long'
Fixes: 34936/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6739888002170880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ffe4851e23)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
71b264c8fa avformat/utils: check dts/duration to be representable before using them
Fixes: signed integer overflow: 6854513951393103890 + 3427256975738527712 cannot be represented in type 'long'
Fixes: 32936/clusterfuzz-testcase-minimized-ffmpeg_dem_R3D_fuzzer-5236914752978944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf4e7ec825)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
7af1a73711 avformat/mov: Check for duplicate mdcv
Fixes: memleak
Fixes: 34932/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5456227658235904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f54d85cee6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
57f68127da avformat/rpl: Check for EOF and zero framesize
Fixes: Infinite loop
Fixes: 34751/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5439330800762880
Fixes: 34774/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5851571660390400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a0a4a527c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
5664263561 avformat/rpl: Use 64bit in bitrate computation and check it
Fixes: signed integer overflow: 777777776 * 4 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6726188921913344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 29b244ffc1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
5f9f689497 avformat/movenc: Check pal_size before use
Fixes: assertion failure
Fixes: out of array read
Fixes: Ticket8190
Fixes: CVE-2020-22015

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c1afa2925)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
5d3c96cf11 avformat/avio: Check av_opt_copy() for failure
Fixes: CID1477416 Unchecked return value

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f8611ae1ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
95224c3ffb avformat/moflex: Remove unneeded format variable
Fixes: CID1477423 Uninitialized scalar variable

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 36a3a5050a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
567eacd42e avformat/fifo: check for flushed packets and timeshift
Fixes: CID1464151 Dereference after null check

Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e44bd068f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
6f7a7b5ffb avformat/mov: Ignore duplicate CoLL
Fixes: memleak
Fixes: 32146/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5377612845285376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9548dc74d8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
409c33e5f8 avformat/mov: Limit nb_chapter_tracks to input size
Fixes: Timeout (15k loop iterations instead of 400m)
Fixes: 31368/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6601583174483968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 299a56c900)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
ba1cc675eb avformat/utils: Use 64bit earlier in r_frame_rate check
Fixes: signed integer overflow: 1406796319 * 2 cannot be represented in type 'int'
Fixes: 32777/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5632576913014784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 578633fc1a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
5f0c0883c2 avformat/mvdec: Check sample rate in parse_audio_var()
Fixes: signed integer overflow: -635424002382840000 * 16 cannot be represented in type 'long'
Fixes: 33612/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5704741108711424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ff60249a5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
2d177dba88 avformat/asfdec_o: Use ff_get_extradata()
Fixes: OOM
Fixes: 27240/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5937469859823616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 098314e1e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
6f83f6de04 avformat/id3v2: Check end for overflow in id3v2_parse()
Fixes: signed integer overflow: 9223372036840103978 + 67637280 cannot be represented in type 'long'
Fixes: 33341/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6408154041679872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit efdb564504)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
f0d9b5899a avformat/mxfdec: Fix file position addition
Fixes: signed integer overflow: 9223372036854775805 + 4 cannot be represented in type 'long'
Fixes: 29927/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5579985228267520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f7c3484b26)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
c1d3a0638a avformat/wtvdec: Improve size overflow checks in parse_chunks()
Fixes: signed integer overflow: 32 + 2147483647 cannot be represented in type 'int
Fixes: 32967/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5132856218222592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f8ec1da8ac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
26369e6ca9 avformat/mov: check for pts overflow in mov_read_sidx()
Fixes: signed integer overflow: 9223372036846336888 + 4278255871 cannot be represented in type 'long'
Fixes: 32782/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6059216516284416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ee53bb2399)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
3d2af8afef avformat/cafdec: Check channels
Fixes: signed integer overflow: -1184429040541376544 * 32 cannot be represented in type 'long'
Fixes: 31788/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6236746338664448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 641c1db22b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
Michael Niedermayer
b2a94f5937 avformat/mvi: Check audio_data_size to be non negative
Fixes: left shift of negative value -224
Fixes: 32144/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-4971479323246592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7e241a1b73)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-06-18 20:53:56 +02:00
James Almer
75c3969292 avformat/mpegts: add missing sample_rate value to Opus extradata
Finishes fixing ticket #9190.

Signed-off-by: James Almer <jamrial@gmail.com>
2021-05-02 20:54:59 -03:00
James Almer
40b896a781 avformat/movenc: fix writing dOps atoms
Don't blindly copy all bytes in extradata past ChannelMappingFamily. Instead
check if ChannelMappingFamily is not 0 and then only write the correct amount
of bytes from ChannelMappingTable, as defined in the spec[1].

Fixes part of ticket #9190.

[1] https://opus-codec.org/docs/opus_in_isobmff.html#4.3.2

Signed-off-by: James Almer <jamrial@gmail.com>
2021-05-02 20:54:59 -03:00
Andreas Rheinhardt
450f5ae49d avformat/matroskaenc: Fix leak when writing attachment without filename
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 08c805f4ac)
2021-04-10 05:17:21 +02:00
Michael Niedermayer
d22550dd61 avformat/mov: check offset for overflow in mov_probe()
Fixes: Invalid read of size 4
Fixes: ASAN_Deadlysignal.zip

Found-by: Hardik Shah <hardik05@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0f6a3405e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-08 22:55:16 +02:00
Marton Balint
25e794a1ea avformat/url: add ff_make_absolulte_url2 to be able to test windows path cases
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit fb4da90fec)
2021-04-08 17:38:06 +02:00
Marton Balint
d622923b36 avformat/url: fix ff_make_absolute_url with Windows file paths
Ugly, but a lot less broken than it was.

Fixes ticket #9166.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 5dc5f289ce)
2021-04-08 17:35:09 +02:00
Andreas Rheinhardt
44d218e99a avformat/rmdec: Don't rely on unspecified order of evaluation
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 4666ce0aef)
2021-04-08 11:58:05 +02:00
Andreas Rheinhardt
be5970fcaa avformat/rmdec: Fix memleaks upon read_header failure
For both the RealMedia as well as the IVR demuxer (which share the same
context) each AVStream's priv_data contains an AVPacket that might
contain data (even when reading the header) and therefore needs to be
unreferenced. Up until now, this has not always been done:

The RealMedia demuxer didn't do it when allocating a new stream's
priv_data failed although there might be other streams with packets to
unreference. (The reason for this was that until recently rm_read_close()
couldn't handle an AVStream without priv_data, so one had to choose
between a potential crash and a memleak.)

The IVR demuxer meanwhile never ever called read_close so that the data
already contained in packets leaks upon error.

This patch fixes both demuxers by adding the appropriate cleanup code.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 9a471c5437)
2021-04-08 11:57:57 +02:00
Andreas Rheinhardt
639c60f5aa avformat/vividas: Fix crash when seeking without audio stream
The current code tries the access the codecpar of a nonexistent
audio stream when seeking. Stop that. Fixes ticket #9121.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit af867e59d9)
2021-04-03 07:20:39 +02:00
Andreas Rheinhardt
b51d5b222e avformat/dss: Don't prematurely modify context variable
The DSS demuxer currently decrements a counter that should be positive
at the beginning of read_packet; should it become negative, it means
that the data to be read can't be read contiguosly, but has to be read
in two parts. In this case the counter is incremented again after the
first read if said read succeeded; if not, the counter stays negative.

This can lead to problems in further read_packet calls; in tickets #9020
and #9023 it led to segfaults if one tries to seek lateron if the seek
failed and generic seek tried to read from the beginning. But it could
also happen when av_new_packet() failed and the user attempted to read
again afterwards.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit afa511ad34)
2021-04-02 21:42:37 +02:00
Andreas Rheinhardt
70028ce7fd avformat/utils: Check allocations for failure
There would be leaks in case of failure.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 543e4a1942)
2021-04-02 21:42:29 +02:00
Andreas Rheinhardt
9f011f0876 avformat/webmdashenc: Don't pass NULL to memcmp
Affects the FATE-tests webm-dash-manifest-unaligned-video-streams,
webm-dash-manifest and webm-dash-manifest-representations.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit a42c47b77f)
2021-04-02 21:38:12 +02:00
Andreas Rheinhardt
955be73bc5 avformat/libmodplug: Fix memleaks on error
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit df6dc331dd)
2021-04-02 21:37:20 +02:00
Andreas Rheinhardt
3f94e061cb avformat/libgme: Fix memleaks on errors
Also free the gme_info_t structure immediately after its use.
This simplifies cleanup, because it might be unsafe to call
gme_free_info(NULL) (or even worse, gme_track_info() might even
on error set the pointer to the gme_info_t structure to something
else than NULL).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 05457a3661)
2021-04-02 21:37:09 +02:00
Andreas Rheinhardt
a01cf1fe54 avformat/aadec: Fix leak on error
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 3ec3370dea)
2021-04-02 21:37:00 +02:00
Andreas Rheinhardt
fe8ae68738 avformat/jacosubdec: Fix leak on error
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 4f11685e4c)
2021-04-02 21:36:51 +02:00
Andreas Rheinhardt
a57ba45eb4 avformat/webpenc: Fix memleak when trailer is never written
When the trailer is never written (or when a stream switches from
non-animation mode to animation mode mid-stream), a cached packet
(if existing) would leak. Fix this by adding a deinit function.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 3903c139a9)
2021-04-02 21:35:42 +02:00
Andreas Rheinhardt
ceb5863d04 avformat/webpenc: Fix memleak when using invalid packets
The WebP muxer sometimes caches a packet it receives to write it later;
yet if a cached packet is too small (so small as to be invalid),
it is cached, but not written and not unreferenced. Such a packet leaks,
either by being overwritten by the next packet or because it is never
unreferenced at all.

Fix this by not caching unusable packets at all; and error out on
invalid packets.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit f9043de99a)
2021-04-02 21:35:29 +02:00
Michael Niedermayer
45f40cec3a avformat/imx: Check palette chunk size
Fixes: out of array write
Fixes: 32116/clusterfuzz-testcase-minimized-ffmpeg_dem_SIMBIOSIS_IMX_fuzzer-6702533894602752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f7a5150447)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:45 +02:00
Michael Niedermayer
1ff644e509 avformat/rmdec: use larger intermediate type for audio_framesize * sub_packet_h check
Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
Fixes: 31406/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5024692843970560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf2fd9204b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:45 +02:00
Michael Niedermayer
807b703a48 avformat/mpc8: check for size overflow in mpc8_get_chunk_header()
Fixes: signed integer overflow: -9223372036854775760 - 50 cannot be represented in type 'long'
Fixes: 31673/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-580134751869337

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6cc65d3d67)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
5978b8bd9c avformat/mov: Do not zero memory that is written too or unused
Fixes: OOM
Fixes: 31220/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6033383962574848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1fe1114bc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
be3225153e avformat/mov: Ignore multiple STSC / STCO
Fixes: STSC / STCO inconsistency and assertion failure
Fixes: crbug1184666.mp4

Found-by: Chromium ASAN fuzzer
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2611d20d35)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
9b25cf8b06 avformat/utils: Extend overflow check in dts wrap in compute_pkt_fields()
Fixes: signed integer overflow: -9223372032574480351 - 4294967296 cannot be represented in type 'long long'
Fixes: 30022/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5568610275819520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b37ff29e0e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
9179ab9227 avformat/wtvdec: Check size in SBE2_STREAM_DESC_EVENT / stream2_guid
Fixes: signed integer overflow: 539033600 - -1910497124 cannot be represented in type 'int'
Fixes: 30928/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5922630966312960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f74661543)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
6ef700dfb0 avformat/utils: Fix integer overflow with duration_gcd in ff_rfps_calculate()
Fixes: signed integer overflow: 136323327 * 281474976710656 cannot be represented in type 'long'
Fixes: 30913/clusterfuzz-testcase-minimized-ffmpeg_dem_IVF_fuzzer-5753392189931520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6dc6e1cce0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
ee059d8ef8 avformat/cafdec: Do not build an index if all packets are the same
Fixes: Timeout
Fixes: 28214/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6495999421579264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea12590c8e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
419f62c902 avformat/vividas: Use equals check with n in read_sb_block()
Fixes: OOM
Fixes: 27780/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5097985075314688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e44214a824)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
79ff380da7 avformat/jacosubdec: Use 64bit intermediate for start/end timestamp shift
Fixes: signed integer overflow: -1957694447 + -1620425806 cannot be represented in type 'int'
Fixes: 30207/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5050791771635712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c477be08a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00