Commits · n4.4.5 · sixue.cheng / FFmpeg

28 Jul, 2024 1 commit
- Update for 4.4.5 · 9bcede27
  Michael Niedermayer authored 10 months ago
  
  9bcede27
24 Jul, 2024 4 commits

avcodec/cfhdenc: Height of 16 is not supported · 4a4fe5cb

Michael Niedermayer authored 10 months ago

Fixes: out of array access
Fixes: 68941/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5990952685600768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5dde255abdeb50aefb0dcf8b060277e37d180ec6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

4a4fe5cb

avcodec/cfhdenc: Allocate more space · f6f253a4

Michael Niedermayer authored 10 months ago

Fixes: Assertion failure
Fixes: 68979/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5375874714107904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a308d79e4dedea11667cb2ad42c6676ce96e8ee1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

f6f253a4

avcodec/vaapi_encode: Check hwctx · c8283c82

Michael Niedermayer authored 10 months ago

Fixes: null pointer dereference
Fixes: 70376/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_VAAPI_fuzzer-4733551250046976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3cd077e2820679e8b9f8eb10954b4f5701191c48)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

c8283c82

avcodec/proresdec: Consider negative bits left · d53ea7a0

Michael Niedermayer authored 10 months ago

Fixes: 70036/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_fuzzer-6298797647396864
Fixes: shift exponent 40 is too large for 32-bit type 'uint32_t' (aka 'unsigned int')

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 419eee63565f81aca67b29582297841c59deaab8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

d53ea7a0

23 Jul, 2024 1 commit

avcodec/hevc/hevcdec: Do not allow slices to depend on failed slices · 75529eed

Michael Niedermayer authored 11 months ago

An alternative would be to leave the context unchanged on failure of hls_slice_header()

Fixes: out of array access
Fixes: NULL pointer dereference
Fixes: 69584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5931086299856896
Fixes: 69724/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5104066422702080
Fixes: 70422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5908731129298944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d9544cfb03d8597aa2b0037def3a4679949cec6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

75529eed

22 Jul, 2024 23 commits

avutil/slicethread: Check pthread_*_init() for failure · 18a25916

Michael Niedermayer authored 11 months ago


Fixes: CID1604383 Unchecked return value
Fixes: CID1604439 Unchecked return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 23851c9ee0f231122c58955e795e17cfe8ca5d98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

18a25916

avutil/frame: Check log2_crop_align · 2bdd6aad

Michael Niedermayer authored 11 months ago


Fixes: CID1604586 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15540b3d28676d5e797764a04f6681dcd01736f8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

2bdd6aad

avutil/buffer: Check ff_mutex_init() for failure · df2c70bd

Michael Niedermayer authored 11 months ago


Fixes: CID1604487 Unchecked return value
Fixes: CID1604494 Unchecked return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 82f5b20ff5be4fccbf42f4b90f155db0076c0462)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

df2c70bd

avformat/xmv: Check this_packet_size · 2b66ed91

Michael Niedermayer authored 11 months ago


Fixes: CID1604489 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 696685df0ccf437083d15f40358a6ec86f5748ac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

2b66ed91

avformat/ty: rec_size seems to only need 32bit · 13d2d237

Michael Niedermayer authored 11 months ago


May help CID1604560 Overflowed integer argument

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be30913538d4be9a50672ceb683f8745d8aa75a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

13d2d237

avformat/tty: Check avio_size() · 9ed17395

Michael Niedermayer authored 11 months ago


Fixes: CID1220824 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 41745e550a0274571bd9fbfb12b36ff1743d4e9c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

9ed17395

avformat/siff: Basic pkt_size check · 10dca289

Michael Niedermayer authored 11 months ago


Fixes: half of CID1258461 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 124a97dd8b7636fb52e042b2e85a44cce40ab5e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

10dca289

avformat/sauce: Check avio_size() for failure · 4e8c771b

Michael Niedermayer authored 11 months ago


Fixes: CID1604592 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 759aae590c0298414db4d2925a33b084d7f9e7f9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

4e8c771b

avformat/sapdec: Check ffurl_get_file_handle() for error · ae7b317a

Michael Niedermayer authored 11 months ago


Fixes: CID1604506 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e305a0e703843765d4dd7042092c3a38c0f97af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

ae7b317a

avformat/nsvdec: Check asize for PCM · 75d0aebd

Michael Niedermayer authored 11 months ago


Fixes: CID1604527 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e83e24650489e63f6b31e8c72a973db6367947b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

75d0aebd

avformat/mp3dec: Check header_filesize · c426f6c4

Michael Niedermayer authored 11 months ago


Fixes: CID1608714 Division or modulo by float zero

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cea4dbc903eaf8cb7a4ea53b281deff495ff8fa0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

c426f6c4

avformat/mp3dec; Check for avio_size() failure · eb9ce850

Michael Niedermayer authored 11 months ago


Fixes: CID1608710 Improper use of negative value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bb936a1a720856a51c48bf907475daa8065920c9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

eb9ce850

avformat/mov: Use 64bit for str_size · 439ca028

Michael Niedermayer authored 11 months ago


We assign a 64bit variable to it before checking

Fixes: CID1604544 Overflowed integer argument

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 046d069552f5c2824f36fcf95d409670208dc94b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

439ca028

avformat/mm: Check length · 37f05d29

Michael Niedermayer authored 11 months ago


Fixes: CID1220824 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 139bf412464e62a83984cd49093936dcaa7a0865)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

37f05d29

avformat/hnm: Check *chunk_size · 0644c267

Michael Niedermayer authored 11 months ago


Fixes: CID1604419 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 291356f58b8a1af491c692a89e6c4e70e9496f9d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

0644c267

avformat/hlsenc: Check ret · 8cedb049

Michael Niedermayer authored 11 months ago


Fixes: CID1609624 Unused value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7e577165c101513b4d8afe164e604cbef6901546)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

8cedb049

avformat/bintext: Check avio_size() return · 9806a37b

Michael Niedermayer authored 11 months ago


Fixes: CID1604503 Overflowed constant
Fixes: CID1604566 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf61f811e73dc62d1b53ed4ef6044b4e9e195113)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

9806a37b

avformat/asfdec_o: Check size of index object · 4d56eff1

Michael Niedermayer authored 11 months ago


We subtract 24 so it must be at least 24

Fixes: CID1604482 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 891bc070f0294e564a02f9a71f6591b6a62c90cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

4d56eff1

avfilter/vf_scale: Check ff_scale_adjust_dimensions() for failure · 8b7a6c18

Michael Niedermayer authored 11 months ago


Helps: CID1513722 Operands don't affect result

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a8fb3c2cc07e741bca556eee8aea704fda4c33f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

8b7a6c18

avfilter/scale_eval: Use 64bit, check values in ff_scale_adjust_dimensions() · 491bee58

Michael Niedermayer authored 11 months ago


Found by reviewing CID1513722 Operands don't affect result

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad9df8bcfebc1085cb8b42dae9ab688af824cdab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

491bee58

avfilter/vf_lut3d: Check av_scanf() · fbebb92b

Michael Niedermayer authored 11 months ago


Fixes: CID1604398 Unchecked return value
Fixes: CID1604542 Unchecked return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ace2e25720b8a26906b15aab7eebbac860bb7bf0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fbebb92b

avfilter/vf_deshake_opencl: Ensure that the first iteration initializes the best variables · a83209c6

Michael Niedermayer authored 1 year ago


Fixes: CID1452759 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9385847af47211e8c618198499ffea99614bb55d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

a83209c6

swscale/output: Fix integer overflows in yuv2rgba64_X_c_template · 11fdf674

Michael Niedermayer authored 11 months ago

Fixes: signed integer overflow: -1082982400 + -1068681048 cannot be represented in type 'int'
Fixes: 69995/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6285740271534080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bcab9789ef750670277956e79736bca442aec2ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

11fdf674

21 Jul, 2024 11 commits

avformat/mxfdec: Reorder elements of expression in bisect loop · d6eb6a05

Michael Niedermayer authored 11 months ago

Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 68578/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6032171648221184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d8d288479d3431d65318d957aab710b13714fc05)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

d6eb6a05

avcodec/pnmdec: Use 64bit for input size check · ceeb1928

Michael Niedermayer authored 10 months ago


Fixes: out of array read
Fixes: poc3

Reported-by: VulDB CNA Team
Found-by: CookedMelon
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

ceeb1928

avcodec/utvideoenc: Use unsigned shift to build flags · 6913ebd5

Michael Niedermayer authored 11 months ago

Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 69083/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-5608202363273216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 69e90491f15d8eef643f8dfd1b75805829496678)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

6913ebd5

avcodec/vc2enc: Fix overflows with storing large values · 47cdc9df

Michael Niedermayer authored 11 months ago

Fixes: left shift of 1431634944 by 2 places cannot be represented in type 'int'
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: 69061/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC2_fuzzer-6325700826038272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit af9935835335cae1ae5a4ec7fc14c1b5e25c1f2d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

47cdc9df

avcodec/mpegvideo_enc: Do not duplicate pictures on shifting · a0e7f6ea

Michael Niedermayer authored 11 months ago

Fixes: out of array access
Fixes: 69098/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-6107989688778752
Fixes: 69599/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4848626296225792.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c8881cb3534b257d6e6539f563006599cd96b48)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

a0e7f6ea

avdevice/dshow_capture: Fix error handling in ff_dshow_##prefix##_Create() · 6737f26d

Michael Niedermayer authored 11 months ago


Untested, needs review

Fixes: CID1591856 Resource leak
Fixes: CID1591887 Resource leak
Fixes: CID1591874 Resource leak

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 348968e9f7d8abb743a5dfca8e522ae0cf1ddc8b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

6737f26d

avcodec/tiff: Check value on positive signed targets · ff443c8a

Michael Niedermayer authored 11 months ago


Fixes: CID1604593 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66d6b8033b4bf8e9b33f26729c4ab9f9b328c5a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

ff443c8a

avfilter/vf_bm3d: Dont round MSE2SSE to an integer · 65565a0a

Michael Niedermayer authored 1 year ago


Fixes: CID1439581 Result is not floating-point

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec18ec9fc1080c37a02f3709afda5c4b08d4ea89)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

65565a0a

avdevice/dshow: Check device_filter_unique_name before use · 8f00c0ed

Michael Niedermayer authored 1 year ago


Fixes: CID1591931 Explicit null dereferenced

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 175c19166824bd93b02f60c5178365014212366e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

8f00c0ed

avdevice/dshow_filter: Use wcscpy_s() · e7c31b31

Michael Niedermayer authored 1 year ago


Fixes: CID1591929 Copy into fixed size buffer

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit daf61dddc8e27424c320d5c3abe3e0c5182cd5c0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

e7c31b31

avcodec/flac_parser: Assert that we do not overrun the link_penalty array · bc5f8416

Michael Niedermayer authored 1 year ago


Helps: CID1454676 Out-of-bounds read

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9af348bd1aa41ea10d6719c56ed2b4eda97642f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

bc5f8416

GitLab

Menu