- 10 Jul, 2020 6 commits
-
-
Michael Niedermayer authored
Signed-off-by:Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array read Fixes: 24034/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5111884337119232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: 86987846-429c8d80-c197-11ea-916b-bb4738e09687.jpg Fixes: Regression since ec3d8a0eSigned-off-by:
-
Michael Niedermayer authored
Fixes: Out of array read Fixes: 24043/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5084566275751936.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Andreas Rheinhardt authored
Reviewed-by:
Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 5d91b7718efc581da8882a4e9bf2f5953e41adbf) Signed-off-by:
-
Andreas Rheinhardt authored
No audio stream is created unconditionally and if none has been created, no packet with stream_index 1 may be returned. This fixes an assert in ff_read_packet() in libavformat/utils reported in ticket #8782. Reviewed-by:
-
- 09 Jul, 2020 13 commits
-
-
Michael Niedermayer authored
Signed-off-by: -
Zhao Zhili authored
Reviewed-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int' Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int' Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: Assertion failure Fixes: 23758/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5160954605338624.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 23888/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6021365974171648.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
This reduces the number of paths reachable with DNG and should improve security Signed-off-by:
-
Michael Niedermayer authored
Found-by:
"Steinar H. Gunderson" <steinar+ffmpeg@gunderson.no> Signed-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 6500736 * 473 cannot be represented in type 'int' Fixes: 23259/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5179394271477760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: index 128 out of bounds for type 'float [128]' Fixes: 23465/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5089866596745216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: 23721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5914074721550336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 23589/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5110559589793792.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Real files do skip coding 0 bits at the end, thus this kind of check does not work reliable. Fixes: Ticket 8770 Fixes: dst-256fs44-6ch-refdstencoder.dff The samplerate is specified in ISO/IEC 14496-3:2005(E) as one of 3 fixed values, this also can be used to limit the duration and avoid the timeout This reverts commit f6df99db. (cherry picked from commit 1679f23beb3cfc3639352b3cbe7c08c00189c6b0) Signed-off-by:
-
- 06 Jul, 2020 1 commit
-
-
Reimar Döffinger authored
We should not silently allocate an incorrect sized buffer. Fixes trac issue #8718. Signed-off-by:
Reimar Döffinger <Reimar.Doeffinger@gmx.de> Reviewed-by:
Guo, Yejun <yejun.guo@intel.com>
-
- 04 Jul, 2020 1 commit
-
-
Andreas Rheinhardt authored
This bug was introduced in 3c8a2a11. Reviewed-by:
James Almer <jamrial@gmail.com> Signed-off-by:
-
- 03 Jul, 2020 4 commits
-
-
James Almer authored
Based on cbs_h264 code. Should fix ticket #8752. Signed-off-by: -
Manoj Bonda authored
Initialize avctx->pix_fmt in av1_parser.c AV1 Chroma format is invalid when quering using below code if no AV1 decoder is available: iVideoStream = av_find_best_stream(fmtc, AVMEDIA_TYPE_VIDEO, -1, -1, NULL, 0); eChromaFormat = (AVPixelFormat)fmtc->streams[iVideoStream]->codecpar->format; Signed-off-by: -
James Almer authored
Signed-off-by: -
James Almer authored
Signed-off-by:
-
- 02 Jul, 2020 10 commits
-
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2147483610 + 52 cannot be represented in type 'int' Fixes: 23260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-5187871274434560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 8 * 9223372036854774783 cannot be represented in type 'long' Fixes: 23381/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4818340509122560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
The segments / url can be modified by the io read when reloading This may be an alternative or additional fix for Ticket8673 as a further alternative the reload stuff could be disabled during probing Signed-off-by:
-
Michael Niedermayer authored
Fixes: left shift of 1913647649 by 1 places cannot be represented in type 'int' Fixes: 23572/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5082619795734528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2048 + 2147483646 cannot be represented in type 'int' Fixes: 23538/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5227567073460224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 1394614304 * 2 cannot be represented in type 'int' Fixes: 23491/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5697377020411904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 1 - -9223372036854775808 cannot be represented in type 'long' Fixes: 23490/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5133490093031424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by:
Nicolas George <george@nsup.org> Signed-off-by:
-
Guo Yejun authored
it fixed the issue in https://trac.ffmpeg.org/ticket/8716 (cherry-pick from 0b3bd001ac1745d9d008a2d195817df57d7d1d14) Signed-off-by:
-
Guo Yejun authored
(cherry-pick from fc932195ab0c9c00fa0cd9620c60763d978d495b) Signed-off-by:
-
- 01 Jul, 2020 5 commits
-
-
Zhao Zhili authored
Fix two cases of memleaks: 1. The leak of dv_demux 2. The leak of dv_fctx upon dv_demux allocate failure Signed-off-by:
-
Andreas Rheinhardt authored
The code for demuxing DV audio predates the introduction of refcounted packets and when the latter was added, changes to the former were forgotten. This meant that when avpriv_dv_produce_packet initialized the packet containing the AVBufferRef, the AVBufferRef as well as the underlying AVBuffer leaked; the actual packet data didn't leak: They were directly freed, but not via their AVBuffer's free function. https://samples.ffmpeg.org/ffmpeg-bugs/trac/ticket4671/dir1.tar.bz2 contains samples for this (enable_drefs needs to be enabled for them). Moreover, errors in avpriv_dv_produce_packet were ignored; this has been changed, too. Furthermore, in the hypothetical scenario that the track has a palette, this would leak, too, so reorder the code so that the palette code appears after the DV audio code. Signed-off-by:
-
Andreas Rheinhardt authored
Fixes: assertion failure Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 23264/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6308429248593920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Andreas Rheinhardt authored
Up until now, ff_avc_decode_sps would parse a SPS and return some properties from it in a freshly allocated structure. Yet said structure is very small and completely internal to libavformat, so there is no reason to use the heap for it. This commit therefore changes the function to return an int and to modify a caller-provided structure. This will also allow ff_avc_decode_sps to return better error codes in the future. It also fixes a memleak in mxfenc: If a packet contained multiple SPS, only the SPS structure belonging to the last SPS would be freed, the other ones would leak when the pointer is overwritten to point to the new SPS structure. Of course, without allocations there are no leaks. This is Coverity issue #1445194. Furthermore, the SPS structure has been renamed from H264SequenceParameterSet to H264SPS in order to avoid overlong lines. Reviewed-by:
Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by:
-
Andreas Rheinhardt authored
Reviewed-by:
-
