Commits · b83407f9839a505240929c7e7750aabc70b3b066 · sixue.cheng / FFmpeg

24 Jul, 2024 40 commits

avformat/nsvdec: Check asize for PCM · b83407f9


Fixes: CID1604527 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e83e24650489e63f6b31e8c72a973db6367947b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

b83407f9

avformat/mp3dec: Check header_filesize · 3a308dff

Michael Niedermayer authored 1 year ago


Fixes: CID1608714 Division or modulo by float zero

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cea4dbc903eaf8cb7a4ea53b281deff495ff8fa0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

3a308dff

avformat/mp3dec; Check for avio_size() failure · 3b8cb4dc

Michael Niedermayer authored 1 year ago


Fixes: CID1608710 Improper use of negative value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bb936a1a720856a51c48bf907475daa8065920c9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

3b8cb4dc

avformat/mov: Use 64bit for str_size · 7271c1b5

Michael Niedermayer authored 1 year ago


We assign a 64bit variable to it before checking

Fixes: CID1604544 Overflowed integer argument

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 046d069552f5c2824f36fcf95d409670208dc94b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

7271c1b5

avformat/mm: Check length · fea96888

Michael Niedermayer authored 1 year ago


Fixes: CID1220824 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 139bf412464e62a83984cd49093936dcaa7a0865)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fea96888

avformat/hnm: Check *chunk_size · c16a71e7

Michael Niedermayer authored 1 year ago


Fixes: CID1604419 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 291356f58b8a1af491c692a89e6c4e70e9496f9d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

c16a71e7

avformat/hlsenc: Check ret · 3a661757

Michael Niedermayer authored 1 year ago


Fixes: CID1609624 Unused value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7e577165c101513b4d8afe164e604cbef6901546)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

3a661757

avformat/bintext: Check avio_size() return · f60c294f

Michael Niedermayer authored 1 year ago


Fixes: CID1604503 Overflowed constant
Fixes: CID1604566 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf61f811e73dc62d1b53ed4ef6044b4e9e195113)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

f60c294f

avformat/asfdec_o: Check size of index object · bab5b22a

Michael Niedermayer authored 1 year ago


We subtract 24 so it must be at least 24

Fixes: CID1604482 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 891bc070f0294e564a02f9a71f6591b6a62c90cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

bab5b22a

avfilter/vf_scale: Check ff_scale_adjust_dimensions() for failure · 90b99445

Michael Niedermayer authored 1 year ago


Helps: CID1513722 Operands don't affect result

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a8fb3c2cc07e741bca556eee8aea704fda4c33f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

90b99445

avfilter/scale_eval: Use 64bit, check values in ff_scale_adjust_dimensions() · 38c02913

Michael Niedermayer authored 1 year ago


Found by reviewing CID1513722 Operands don't affect result

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad9df8bcfebc1085cb8b42dae9ab688af824cdab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

38c02913

avfilter/vf_lut3d: Check av_scanf() · 05ef1642

Michael Niedermayer authored 1 year ago


Fixes: CID1604398 Unchecked return value
Fixes: CID1604542 Unchecked return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ace2e25720b8a26906b15aab7eebbac860bb7bf0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

05ef1642

avfilter/vf_elbg: Use unsigned for shifting into the top bit · d10954e6

Michael Niedermayer authored 1 year ago


Fixes: part of CID1355110 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2af95b9214a6bf75f946440d36c349963396e23b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

d10954e6

avfilter/vf_deshake_opencl: Ensure that the first iteration initializes the best variables · f3a360a0

Michael Niedermayer authored 1 year ago


Fixes: CID1452759 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9385847af47211e8c618198499ffea99614bb55d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

f3a360a0

swscale/output: Fix integer overflows in yuv2rgba64_X_c_template · 160ecb2b

Michael Niedermayer authored 1 year ago

Fixes: signed integer overflow: -1082982400 + -1068681048 cannot be represented in type 'int'
Fixes: 69995/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6285740271534080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bcab9789ef750670277956e79736bca442aec2ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

160ecb2b

avformat/mxfdec: Reorder elements of expression in bisect loop · c08ff45c

Michael Niedermayer authored 1 year ago

Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 68578/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6032171648221184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d8d288479d3431d65318d957aab710b13714fc05)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

c08ff45c

avutil/timecode: Use a 64bit framenum internally · bc1b078b

Michael Niedermayer authored 1 year ago

Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 68550/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6424065930756096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d5ca373d7efa37d2d3911f0afbc85fad0dc86b38)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

bc1b078b

avcodec/pnmdec: Use 64bit for input size check · d0ce2529

Michael Niedermayer authored 1 year ago


Fixes: out of array read
Fixes: poc3

Reported-by: VulDB CNA Team
Found-by: CookedMelon
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

d0ce2529

avcodec/mpeg12enc: Use av_rescale() in vbv_buffer_size computation · 88336d81

Michael Niedermayer authored 1 year ago

Fixes: signed integer overflow: 20 * 2314885530818453759 cannot be represented in type 'long'
Fixes: 69098/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-6107989688778752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0993ef675f06042402a97b08a60155c65dae8ba7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

88336d81

avcodec/utvideoenc: Use unsigned shift to build flags · 04885dde

Michael Niedermayer authored 1 year ago

Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 69083/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-5608202363273216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 69e90491f15d8eef643f8dfd1b75805829496678)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

04885dde

avcodec/j2kenc: Merge dwt_norm into lambda · 62a9b53e

Michael Niedermayer authored 1 year ago

This moves computations out of a loop

This may help with UB in vsynth*-jpeg2000-yuva444p16

Fixes: signed integer overflow: 31665934879948800 * 9998 cannot be represented in type 'long'
Fixes: 69024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5949662967169024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a84fbd747119841942c67d2f55cc796ab25cd245)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

62a9b53e

avcodec/vc2enc: Fix overflows with storing large values · 4a554ffb

Michael Niedermayer authored 1 year ago

Fixes: left shift of 1431634944 by 2 places cannot be represented in type 'int'
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: 69061/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC2_fuzzer-6325700826038272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit af9935835335cae1ae5a4ec7fc14c1b5e25c1f2d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

4a554ffb

avcodec/mpegvideo_enc: Do not duplicate pictures on shifting · 573987e8

Michael Niedermayer authored 1 year ago

Fixes: out of array access
Fixes: 69098/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-6107989688778752
Fixes: 69599/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4848626296225792.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c8881cb3534b257d6e6539f563006599cd96b48)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

573987e8

avdevice/dshow_capture: Fix error handling in ff_dshow_##prefix##_Create() · 74d626d3

Michael Niedermayer authored 1 year ago


Untested, needs review

Fixes: CID1591856 Resource leak
Fixes: CID1591887 Resource leak
Fixes: CID1591874 Resource leak

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 348968e9f7d8abb743a5dfca8e522ae0cf1ddc8b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

74d626d3

avcodec/tiff: Check value on positive signed targets · 5743c339

Michael Niedermayer authored 1 year ago


Fixes: CID1604593 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66d6b8033b4bf8e9b33f26729c4ab9f9b328c5a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

5743c339

avfilter/vf_convolution_opencl: Assert that the filter name is one of the filters · 0b5ef219

Michael Niedermayer authored 1 year ago


Helps with: CID1439572 Uninitialized pointer read

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 19a5a8997c93d72d6fe169c42a2a04ad4bb6e03a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

0b5ef219

avfilter/vf_bm3d: Dont round MSE2SSE to an integer · 02694abd

Michael Niedermayer authored 1 year ago


Fixes: CID1439581 Result is not floating-point

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec18ec9fc1080c37a02f3709afda5c4b08d4ea89)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

02694abd

avdevice/dshow: Remove NULL check on pin · 24717b7b

Michael Niedermayer authored 1 year ago


The pointer is used before the check

Fixes: CID1591884 Dereference before null check

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 989e11acb65e640d336d0d911e958a6008311a9d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

24717b7b

avdevice/dshow: check ff_dshow_pin_ConnectionMediaType() for failure · 09c9cc0c

Michael Niedermayer authored 1 year ago


Maybe Fixes: CID1598557 Explicit null dereferenced

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c2e72708831ca0cc76f72368676a8ccf624a2fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

09c9cc0c

avdevice/dshow: Check device_filter_unique_name before use · c3badb1c

Michael Niedermayer authored 1 year ago


Fixes: CID1591931 Explicit null dereferenced

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 175c19166824bd93b02f60c5178365014212366e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

c3badb1c

avdevice/dshow: Cleanup also on av_log case · d7357176

Michael Niedermayer authored 1 year ago


Fixes: CID1598550 Resource leak

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 25f9211bdd61641cb8739efcb45bf31b46557178)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

d7357176

avdevice/dshow_filter: Use wcscpy_s() · 769d8574

Michael Niedermayer authored 1 year ago


Fixes: CID1591929 Copy into fixed size buffer

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit daf61dddc8e27424c320d5c3abe3e0c5182cd5c0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

769d8574

avcodec/flac_parser: Assert that we do not overrun the link_penalty array · 02606b6a

Michael Niedermayer authored 1 year ago


Helps: CID1454676 Out-of-bounds read

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9af348bd1aa41ea10d6719c56ed2b4eda97642f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

02606b6a

avcodec/osq: avoid signed overflow in downsample path · 18025bf3

Michael Niedermayer authored 1 year ago

Fixes: signed integer overflow: 865309950 * 256 cannot be represented in type 'int'
Fixes: 69191/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6310214413385728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed34b0c54ebdce7f741d9fb6a9ac11a1816df59c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

18025bf3

avcodec/pixlet: Simplify pfx computation · 85dbf6d8

Michael Niedermayer authored 1 year ago


Found by reviewing code related to CID1604365 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0474614e6cf8edcd0077b95772c29fae894a7db9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

85dbf6d8

avcodec/motion_est: Fix score squaring overflow · 6498053b

Michael Niedermayer authored 1 year ago


Fixes: CID1604552 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f18b442370d714b930e3e983c2e5d789229f3356)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

6498053b

avcodec/mlpenc: Use 64 for ml, mr · d39d90e5

Michael Niedermayer authored 1 year ago


Fixes: CID1604429 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06f01d9fa0ecfa7dd785b3dfe2957999472930b2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

d39d90e5

avcodec/loco: Check loco_get_rice() for failure · 21d7ac3a

Michael Niedermayer authored 1 year ago


Fixes: CID1604495 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d55327684349b4db5d5905eefaa7d2aec597908d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

21d7ac3a

avcodec/loco: check get_ur_golomb_jpegls() for failure · 41c5289c

Michael Niedermayer authored 1 year ago


Fixes: CID1604400 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b9899866418cb3bd930846271470e3096917f5f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

41c5289c

avcodec/imm4: check cbphi for error · 99c3834f

Michael Niedermayer authored 1 year ago


Fixes: CID1604356 Overflowed constant
Fixes: CID1604573 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e4c037833c3ca0e0bd3e348701c4c0dc58bed91)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

99c3834f

GitLab

Menu