wrapper/FFmpeg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
FFmpeg/libavformat
History
Michael Niedermayer aef73c3676 avformat/oggparsespeex: Check frames_per_packet and packet_size 
The speex specification does not seem to restrict these values, thus
the limits where choosen so as to avoid multiplicative overflow

Fixes undefined behavior
Fixes: 635422.ogg

Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit afcf15b0db)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-23 13:15:16 +02:00
..
4xm.c
a64.c
aacdec.c
ac3dec.c
act.c Merge commit 'd80811c94e' 2015-11-26 01:38:17 +01:00
adp.c
adtsenc.c
adxdec.c
aea.c
afc.c
aiff.h
aiffdec.c
aiffenc.c
allformats.c avformat/allformats: Making av_register_all() thread-safe. 2017-08-23 13:15:16 +02:00
amr.c
anm.c
apc.c
ape.c
apetag.c
apetag.h
aqtitledec.c
asf.c
asf.h
asfcrypt.c
asfcrypt.h
asfdec.c Merge commit 'd80811c94e' 2015-11-26 01:38:17 +01:00
asfenc.c avformat/asfenc: Check pts 2016-01-31 00:25:20 +01:00
assdec.c
assenc.c
ast.c
ast.h
astdec.c
astenc.c
au.c
audiointerleave.c
audiointerleave.h
avc.c
avc.h
avformat.h avformat: Document urls a bit 2016-02-01 02:12:22 +01:00
avformatres.rc
avi.h
avidec.c avformat/avidec: Check nb_streams in read_gab2_sub() 2017-08-23 13:15:16 +02:00
avienc.c
avio.c avformat/avio: Limit url option parsing to the documented cases 2016-02-01 02:12:21 +01:00
avio.h
avio_internal.h
aviobuf.c avformat/aviobuf: Fix end check in put_str16() 2016-01-31 00:25:20 +01:00
avisynth.c
avlanguage.c
avlanguage.h
avr.c
avs.c
bethsoftvid.c
bfi.c
bink.c bink: check vst->index_entries before using it 2015-04-25 15:06:54 +02:00
bintext.c
bit.c
bluray.c
bmv.c
boadec.c
brstm.c brstm: fix missing closing brace 2016-01-28 02:15:49 +01:00
c93.c
cache.c
caf.c
caf.h
cafdec.c
cafenc.c
cavsvideodec.c
cdg.c
cdxl.c
cinedec.c
concat.c avformat/concat: Check protocol prefix 2016-02-01 02:12:22 +01:00
concatdec.c avformat/concatdec: set safe mode to enabled instead of auto 2017-08-23 13:15:16 +02:00
crcenc.c
crypto.c
cutils.c
data_uri.c
dauddec.c
daudenc.c
dfa.c
diracdec.c
dnxhddec.c
dsfdec.c
dsicin.c
dtsdec.c
dtshddec.c
dump.c avformat/dump: Fix integer overflow in av_dump_format() 2015-12-06 12:40:50 +01:00
dv.c
dv.h
dvenc.c
dxa.c Merge commit 'd80811c94e' 2015-11-26 01:38:17 +01:00
eacdata.c
electronicarts.c
epafdec.c
ffm.h
ffmdec.c ffmdec: reset packet_end in case of failure 2016-01-28 02:15:49 +01:00
ffmenc.c
ffmeta.h
ffmetadec.c
ffmetaenc.c
file.c
file_open.c
filmstripdec.c
filmstripenc.c
flac_picture.c
flac_picture.h
flacdec.c
flacenc.c avformat/flacenc: Check length in flac_write_block_comment() 2015-06-01 23:25:20 +02:00
flacenc.h
flacenc_header.c
flic.c
flv.h
flvdec.c
flvenc.c
format.c avformat/format: Fix registering a format more than once and related races 2017-08-23 13:15:16 +02:00
framecrcenc.c
framehash.c
frmdec.c
ftp.c
g722.c
g723_1.c
g729dec.c
gif.c
gifdec.c
golomb_tab.c
gopher.c
gsmdec.c
gxf.c
gxf.h
gxfenc.c
h261dec.c
h263dec.c
h264dec.c
hdsenc.c
hevc.c avformat/hevc: Check num_long_term_ref_pics_sps to avoid potentially long loops 2015-08-24 14:47:04 +02:00
hevc.h
hevcdec.c
hls.c avformat/hls: Even stricter URL checks 2016-01-31 00:25:20 +01:00
hlsenc.c
hlsproto.c
hnm.c
http.c
http.h
httpauth.c avformat/httpauth: Add space after commas in HTTP/RTSP auth header 2015-12-06 12:40:49 +01:00
httpauth.h
icecast.c
icodec.c
icoenc.c
id3v1.c
id3v1.h
id3v2.c
id3v2.h
id3v2enc.c
idcin.c
idroqdec.c avformat/idroqdec: Check chunk_size for being too large 2017-08-23 13:15:16 +02:00
idroqenc.c
iff.c
ilbc.c
img2.c
img2.h
img2_alias_pix.c
img2_brender_pix.c
img2dec.c lavf/img2dec: Fix memory leak 2015-10-09 22:07:29 +02:00
img2enc.c
ingenientdec.c
internal.h
ipmovie.c avformat/ipmovie: put video decoding_map_size into packet and use it in decoder 2016-01-28 02:09:52 +01:00
ircam.c
ircam.h
ircamdec.c
ircamenc.c
isom.c
isom.h mov: Add an option to toggle dref opening 2016-02-01 02:13:24 +01:00
iss.c
iv8.c
ivfdec.c
ivfenc.c
jacosubdec.c
jacosubenc.c
jvdec.c jvdec: avoid unsigned overflow in comparison 2015-11-26 01:38:17 +01:00
latmenc.c
libavformat.v
libgme.c
libmodplug.c
libnut.c
libquvi.c
librtmp.c
libsmbclient.c
libssh.c
lmlm4.c
loasdec.c
log2_tab.c
lrc.c
lrc.h
lrcdec.c
lrcenc.c
lvfdec.c
lxfdec.c
m4vdec.c
Makefile
matroska.c
matroska.h
matroskadec.c avformat/matroskadec: Check subtitle stream before dereferencing 2015-12-06 12:40:50 +01:00
matroskaenc.c avformat/matroskaenc: Check ff_vorbiscomment_length in put_flac_codecpriv() 2015-06-01 23:25:20 +02:00
md5enc.c
md5proto.c
metadata.c
metadata.h
mgsts.c
microdvddec.c
microdvdenc.c
mkvtimestamp_v2.c
mlvdec.c mlvdec: check that index_entries exist 2015-12-20 16:13:48 +01:00
mm.c
mmf.c
mms.c
mms.h
mmsh.c
mmst.c
mov.c avformat/mov: Check sample size 2017-08-23 13:15:16 +02:00
mov_chan.c mov: abort on EOF in ff_mov_read_chan 2015-08-20 14:29:12 +02:00
mov_chan.h
movenc.c
movenc.h
movenchint.c
mp3dec.c Merge commit '78a3a4580c' into release/2.4 2015-05-19 20:25:58 +02:00
mp3enc.c
mpc.c
mpc8.c
mpeg.c avformat/mpeg: Adjust vid probe threshold to correct mis-detection 2017-08-23 13:15:16 +02:00
mpeg.h
mpegenc.c
mpegts.c avformat/mpegts: Do not trust BSSD descriptor, it is sometimes not an S302M stream 2017-08-23 13:15:16 +02:00
mpegts.h
mpegtsenc.c mpegencts: Fix overflow in cbr mode period calculations 2015-12-06 12:40:51 +01:00
mpegvideodec.c
mpjpeg.c
mpl2dec.c
mpsubdec.c
msnwc_tcp.c
mtv.c
mux.c avformat/mux: Update sidedata in ff_write_chained() 2015-08-20 14:38:28 +02:00
mvdec.c
mvi.c
mxf.c
mxf.h
mxfdec.c
mxfenc.c avformat/mxfenc: Do not crash if there is no packet in the first stream 2016-01-31 00:25:19 +01:00
mxg.c
ncdec.c
network.c
network.h
nistspheredec.c
noproxy-test.c
nsvdec.c
nullenc.c
nut.c
nut.h nutdec: fix infinite resync loops 2015-06-01 23:25:19 +02:00
nutdec.c nutdec: reject negative value_len in read_sm_data 2015-12-20 16:13:44 +01:00
nutenc.c
nuv.c nuv: sanitize negative fps rate 2015-12-20 16:14:07 +01:00
oggdec.c libavformat/oggdec: Free stream private when header parsing fails. 2017-08-23 13:15:16 +02:00
oggdec.h avformat/oggdec: Fix integer overflow with invalid pts 2017-08-23 13:15:16 +02:00
oggenc.c avformat/oggenc: Check segments_count for headers too 2015-10-09 22:10:29 +02:00
oggparsecelt.c
oggparsedirac.c oggparsedirac: check return value of init_get_bits 2015-08-20 14:38:27 +02:00
oggparseflac.c
oggparseogm.c
oggparseopus.c avformat/oggparseopus: Fix Undefined behavior in oggparseopus.c and libavformat/utils.c 2017-08-23 13:15:16 +02:00
oggparseskeleton.c
oggparsespeex.c avformat/oggparsespeex: Check frames_per_packet and packet_size 2017-08-23 13:15:16 +02:00
oggparsetheora.c
oggparsevorbis.c
oggparsevp8.c
oma.c
oma.h
omadec.c
omaenc.c
options.c
options_table.h avformat/options_table: Add missing identifier for very strict compliance 2017-08-23 13:15:16 +02:00
os_support.c
os_support.h
paf.c
pcm.c
pcm.h
pcmdec.c
pcmenc.c
pjsdec.c
pmpdec.c
psxstr.c
pva.c
pvfdec.c
qcp.c
qtpalette.h
r3d.c
rawdec.c rawdec: fix mjpeg probing buffer size check 2015-08-20 14:38:28 +02:00
rawdec.h
rawenc.c
rawenc.h
rawvideodec.c
rdt.c
rdt.h
realtextdec.c
redspark.c
replaygain.c
replaygain.h
riff.c
riff.h Merge commit 'd80811c94e' 2015-11-26 01:38:17 +01:00
riffdec.c riffdec: prevent negative bit rate 2015-11-26 01:38:17 +01:00
riffenc.c
rl2.c
rm.c
rm.h
rmdec.c
rmenc.c
rmsipr.c
rmsipr.h
rpl.c
rsd.c
rso.c
rso.h
rsodec.c
rsoenc.c
rtmp.h
rtmpcrypt.c rtmpcrypt: Do the xtea decryption in little endian mode 2015-12-06 12:40:50 +01:00
rtmpcrypt.h
rtmpdh.c
rtmpdh.h
rtmphttp.c
rtmppkt.c
rtmppkt.h
rtmpproto.c
rtp.c
rtp.h
rtpdec.c
rtpdec.h
rtpdec_amr.c
rtpdec_asf.c libavformat/rtpdec_asf: zero initialize the AVIOContext struct 2017-08-23 13:15:16 +02:00
rtpdec_formats.h
rtpdec_g726.c
rtpdec_h261.c
rtpdec_h263.c
rtpdec_h263_rfc2190.c
rtpdec_h264.c
rtpdec_hevc.c
rtpdec_ilbc.c
rtpdec_jpeg.c avformat/rtpdec_jpeg: fix low contrast image on low quality setting 2017-08-23 13:15:16 +02:00
rtpdec_latm.c
rtpdec_mpeg4.c
rtpdec_mpeg12.c
rtpdec_mpegts.c
rtpdec_qcelp.c
rtpdec_qdm2.c
rtpdec_qt.c
rtpdec_svq3.c
rtpdec_vp8.c
rtpdec_xiph.c avformat/rtpdec_xiph: Check upper bound on len in xiph_handle_packet() 2015-06-01 23:25:20 +02:00
rtpenc.c avformat/rtpenc: Fix integer overflow in NTP_TO_RTP_FORMAT 2017-08-23 13:15:16 +02:00
rtpenc.h
rtpenc_aac.c
rtpenc_amr.c
rtpenc_chain.c
rtpenc_chain.h
rtpenc_h261.c
rtpenc_h263.c
rtpenc_h263_rfc2190.c
rtpenc_h264.c
rtpenc_jpeg.c avformat/rtpenc_jpeg: Check remaining buffer size for SOS 2015-06-01 23:25:20 +02:00
rtpenc_latm.c
rtpenc_mpv.c
rtpenc_vp8.c
rtpenc_xiph.c
rtpproto.c
rtpproto.h
rtsp.c Merge commit 'f77c9d7161' into release/2.4 2015-05-19 20:50:54 +02:00
rtsp.h
rtspcodes.h
rtspdec.c
rtspenc.c
samidec.c
sapdec.c
sapenc.c
sauce.c
sauce.h
sbgdec.c
sctp.c
sdp.c
sdr2.c
seek-test.c
seek.c
seek.h
segafilm.c
segment.c
sierravmd.c
siff.c
smacker.c avformat/smacker: fix integer overflow with pts_inc 2015-12-06 12:40:51 +01:00
smjpeg.c
smjpeg.h
smjpegdec.c
smjpegenc.c
smoothstreamingenc.c
smush.c
sol.c
sox.h
soxdec.c
soxenc.c
spdif.c
spdif.h
spdifdec.c
spdifenc.c
srtdec.c
srtenc.c
srtp.c
srtp.h
srtpproto.c
subfile.c
subtitles.c avformat/subtitles: Use size_t for len 2015-06-01 23:25:20 +02:00
subtitles.h avformat/subtitles: Use size_t for len 2015-06-01 23:25:20 +02:00
subviewer1dec.c
subviewerdec.c
swf.c
swf.h
swfdec.c avformat/swfdec: Fix inflate() error code check 2017-08-23 13:15:16 +02:00
swfenc.c
takdec.c
tcp.c
tedcaptionsdec.c
tee.c
thp.c
tiertexseq.c
tls.c
tmv.c
tta.c
tty.c
txd.c
udp.c
uncodedframecrcenc.c
unix.c
url-test.c
url.c avformat/url: Use size_t for len from strlen() 2015-06-01 23:25:20 +02:00
url.h
urldecode.c
urldecode.h
utils.c avformat/utils: Check start/end before computing duration in update_stream_timings() 2017-08-23 13:15:16 +02:00
vc1test.c
vc1testenc.c
version.h
vivo.c
voc.c
voc.h
vocdec.c
vocenc.c
vorbiscomment.c avformat/vorbiscomment: Check entry length in ff_vorbiscomment_write() 2015-06-01 23:25:20 +02:00
vorbiscomment.h
vplayerdec.c
vqf.c
w64.c
w64.h
wavdec.c Merge commit 'd80811c94e' 2015-11-26 01:38:17 +01:00
wavenc.c
wc3movie.c
webmdashenc.c
webvttdec.c
webvttenc.c lavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream. 2015-12-06 12:40:49 +01:00
westwood_aud.c
westwood_vqa.c
wtv.h
wtv_common.c
wtvdec.c Merge commit 'd80811c94e' 2015-11-26 01:38:17 +01:00
wtvenc.c
wv.c
wv.h
wvdec.c
wvenc.c
xa.c
xmv.c avformat/xmv: Discard remainder of packet on error 2015-12-06 12:40:49 +01:00
xwma.c Merge commit 'd80811c94e' 2015-11-26 01:38:17 +01:00
yop.c
yuv4mpeg.h
yuv4mpegdec.c
yuv4mpegenc.c