ffmpeg

mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-06 07:20:31 +00:00

Author	SHA1	Message	Date
Michael Niedermayer	d17fc6f96d	avcodec/mpegvideo_enc: Restructure ff_h263_encode_gob_header() relation to update_mb_info() Fixes: out of array access Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8eecba02c7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:07 +02:00
Michael Niedermayer	c652083a7c	avcodec/exr: check tile_attr.x/ySize Fixes: division by zero Fixes: 473579863/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_DEC_fuzzer-5105281257504768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c5ccc13fe0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:07 +02:00
Michael Niedermayer	3da3ed0877	avformat/demux: Fix integer overflows in select_from_pts_buffer() Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long long'); cast to an unsigned type to negate this value to itself Fixes: 473334102/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5109540931829760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0465a9bb8f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:06 +02:00
Michael Niedermayer	4460a3f851	avcodec/golomb: Fix get_ur_golomb_jpegls() with esclen = 0 If there is no escape case then reaching that branch is an error Fixes: shift exponent 32 is too large for 32-bit type 'uint32_t' (aka 'unsigned int') Fixes: 472335543/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-6682453243920384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fb3012269e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:06 +02:00
Michael Niedermayer	87f4b690ab	swresample/resample_template: add casts to avoid undefined overflows resample_linear can produce overflows with craftet input, The added casts should have no effect on the binary output or the operations they just change things to a defined regime Fixes: signed integer overflow: 2069416960 + 78151680 cannot be represented in type 'int' Fixes: 472047214/clusterfuzz-testcase-minimized-ffmpeg_SWR_fuzzer-6374046976770048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `17cad7ac75`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:06 +02:00
Michael Niedermayer	89af4f49b3	avcodec/h264_parser: Check pts for overflow Fixes: signed integer overflow: 9223372036854775807 + 3546086691638400 cannot be represented in type 'int64_t' (aka 'long') Fixes: 471723681/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4841032488648704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `30a6b78bd4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:06 +02:00
Michael Niedermayer	99f7a46e20	avformat/wtvdec: Check that language is fully read Fixes: use-of-uninitialized-value Fixes: 483856523/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5221422609006592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `989d6ddea0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:06 +02:00
Michael Niedermayer	db97d09fd9	avcodec/imm5: Dont pass EAGAIN on as is Fixes: Assertion consumed != (-(11)) failed at libavcodec/decode.c:465 Fixes: 471587358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IMM5_fuzzer-4737412376100864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7761b8fbac`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:06 +02:00
Michael Niedermayer	330d94b08c	avcodec/interplayacm: Check input for fill_block() Fixes: Timeout Fixes: 476763877/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-4515681843609600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2ab23ec729`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:05 +02:00
Michael Niedermayer	ffd7599c80	avcodec/flashsv: Check for input space before (re)allocating frame Fixes: Timeout Fixes: 471605680/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV2_DEC_fuzzer-6210773459468288 Fixes: 471605920/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV_DEC_fuzzer-6230719287590912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4446dfb0e3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:05 +02:00
Michael Niedermayer	0b1b176361	avcodec/mdec: Check input space vs minimal block size Fixes: Timeout Fixes: 481006706/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MDEC_fuzzer-6122832651419648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `40cafc25cf`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:05 +02:00
Michael Niedermayer	c71ddedf9f	avcodec/h264_parser: Check remaining input length in loop in scan_mmco_reset() Fixes: read of uninitialized memory Fixes: 476177761/clusterfuzz-testcase-minimized-ffmpeg_dem_H264_fuzzer-6400884824408064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `73681f888d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:05 +02:00
Michael Niedermayer	73cd18ac91	avcodec/exr: fix AVERROR typo Fixes: out of array read Fixes: 485866440/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_DEC_fuzzer-4520520419966976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7e10579f49`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:05 +02:00
Michael Niedermayer	19f423a8e9	avcodec/cfhd: Check transform type before continuing Fixes: null pointer dereference Fixes: 471768165/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_DEC_fuzzer-6187504467509248 The first frame allocates buffers with one transform type the second frame sets up another transform type but the code to reallocate buffers is never triggered Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `52b676bb29`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:04 +02:00
Michael Niedermayer	9e094958c0	avcodec/cfhd: Add CFHDSegment enum and named identifiers Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2263e05e41`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:04 +02:00
Michael Niedermayer	7896e1d76c	avformat/icodec: Check size Fixes: signed integer overflow: 14 + 2147483647 cannot be represented in type 'int' Fixes: 471688026/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5616495813263360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `237d03717f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:04 +02:00
Michael Niedermayer	cd93b34867	avformat/lrcdec: Check ss for finiteness Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Fixes: 471604230/clusterfuzz-testcase-minimized-ffmpeg_dem_LRC_fuzzer-5474264750030848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bce0e22133`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:04 +02:00
Michael Niedermayer	9922811ba3	avformat/http: Also count redirects from the cache Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `82fbb04d07`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:04 +02:00
Michael Niedermayer	9f9d9d2de0	avformat/http: allow adjusting the redirect limit Idea from: BapToutatis and also curl and wget have equivalent options Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ba3639bc90`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:04 +02:00
Michael Niedermayer	fa7b9317f1	fftools/ffmpeg_opt: limit recursion of presets Fixes: stack overflow This should have limited security impact as it requires access to arbitrary options. Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0833dd3665`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:03 +02:00
Michael Niedermayer	8c22cb5d8b	swscale/rgb2rgb_template: fix signed shift into sign bit Fixes: left shift of 255 by 24 places cannot be represented in type 'int' Fixes: 471591904/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5141341165387776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3ec03b847b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:03 +02:00
Michael Niedermayer	7cca19acdd	swresample: Check ch layouts in swr_alloc_set_opts2() This way we can error out earlier Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0e3ac1f4f9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:03 +02:00
Michael Niedermayer	8a53022b29	swresample: Check user chlayout in swr_set_matrix() All callers in FFmpeg check this already, but it is a public function that can plausibly be given more channels. In which case out of array writes would occur This is likely a regression from when channel layouts where extended to support more than 64 channels Found-by: 이동준 <ldj6192@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `906e3edc70`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:03 +02:00
Michael Niedermayer	97c654edb9	avcodec/bmp: fix indention Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `50adb62670`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:03 +02:00
Michael Niedermayer	46462ecec1	avcodec/exr: Handle axmax like bxmin in `04d7a6d3db` Fixes: out of array access Fixes: 418335931/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_DEC_fuzzer-6718455383654400 Fixes: 471611870/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_DEC_fuzzer-6645447302381568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `33b3dbaf15`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:03 +02:00
Michael Niedermayer	7306c2fa5c	avformat/cafdec: Check nb_entries in read_info_chunk() Fixes: Timeout Fixes: 477315122/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5274792315125760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4f97e52042`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:02 +02:00
Michael Niedermayer	31450268e6	avcodec/vp9: Reallocate on resolution change which does not change tile_cols Fixes: out of array access on resolution change with slices threads Fixes: VULN-10/poc.ivf Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `38230db7b9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:02 +02:00
Michael Niedermayer	fca094e777	avformat/img2dec: Check avio_size() for failure More complete fix for #YWH-PGM40646-32 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `521d18cea3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:02 +02:00
Michael Niedermayer	1c912eaa32	avformat/mpegtsenc: Check remaining space in SDT Fixes: out of array access Fixes: VULN-8 Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `19c78cd6d9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:02 +02:00
Michael Niedermayer	c0a782beca	avformat/img2enc: Check split planes packet size Fixes: out of array read Fixes: VULN-6/poc.raw Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ca1c1f29ce`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:02 +02:00
Michael Niedermayer	2a5615e109	avformat/yuv4mpegen: Sanity check input packet frame dimensions Fixes: out of array access if a filter-graph is used the injects changing dimensions Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b740b85872`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:01 +02:00
Michael Niedermayer	9c26de9637	avformat/iff: Error out with 0 channel loudspeaker configuration Fixes: division by 0 Fixes: 478005965/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5748337088462848 Fixes: 472226169/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4528777763028992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9bfa1635ae`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:01 +02:00
Ted Meyer	4048e559bb	Fix overflow in STSD parser Reset `sc->stsd_count` before parsing entries. This number doesn't get reset, which means that multiple parse passes can increment it past the `sc->extradata` array end and cause OOB writes. (cherry picked from commit `a58cb16e27`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:01 +02:00
Michael Niedermayer	df11b39888	avcodec/adpcm: Check input buffer size Larger values will lead to integer overflows in intermediates No testcase Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5f84a7263e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:01 +02:00
Michael Niedermayer	059fe30d55	avformat/scd: Use ffio_read_size() Fixes: use of uninitialized memory Fixes: 471771529/clusterfuzz-testcase-minimized-ffmpeg_dem_SCD_fuzzer-5328203515494400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a5007428e8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:01 +02:00
Michael Niedermayer	140fc8ca5d	avformat/hls: Check for integer overflow with #EXTINF: Found-by: 이동준 <ldj6192@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f112ae503e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:01 +02:00
Michael Niedermayer	a3264dee79	avcodec/dca_xll: Clear padding in ff_dca_xll_parse() Fixes: Use of uninitialized memory Fixes: 472020020/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DCA_DEC_fuzzer-6433045331902464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `af86f0ffcc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:00 +02:00
Michael Niedermayer	c86b3a49c4	vfilter/vf_find_rect: Clamp x/y min/max to valid values Fixes: #YWH-PGM40646-15 Found-by: An0n99X Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `12321e5eba`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:00 +02:00
Michael Niedermayer	a6d62766bf	avcodec/dca_xll: Check get_rice_array() Fixes: use of uninitialized memory Fixes: 451655450/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DCA_DEC_fuzzer-6527248623796224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `11a5afea31`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:00 +02:00
Michael Niedermayer	8c42b4064d	avformat/mpegts: Check program_info_length Fixes: overread No testcase Found-by: Marton Balint Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1fd718c6a9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:00 +02:00
Michael Niedermayer	f99c53118d	avformat/mpegts: Check IOD_DESCRIPTOR len Fixes: out of array read Fixes: VULN-7/poc.ts Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5975149603`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:21:00 +02:00
Oliver Chang	115ff6126a	avcodec/qdm2: fix heap-use-after-free in qdm2_decode_frame The `sub_packet` index in `QDM2Context` was not reset to 0 when `qdm2_decode_frame` started processing a new packet. If an error occurred during the decoding of a previous packet, `sub_packet` would retain a non-zero value. In subsequent calls to `qdm2_decode_frame` with a new packet, this non-zero `sub_packet` value caused `qdm2_decode` to skip `qdm2_decode_super_block`. This function is responsible for initializing packet lists with pointers to the current packet's data. Skipping it led to the use of stale pointers from the previous (freed) packet, resulting in a heap-use-after-free vulnerability. This patch explicitly resets `s->sub_packet = 0` at the beginning of `qdm2_decode_frame`, ensuring correct initialization for each new packet. Fixes: OSS-Fuzz issue 476179569 (https://issues.oss-fuzz.com/issues/476179569). (cherry picked from commit `a795ca89fa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:20:59 +02:00
Michael Niedermayer	bedd39eb28	avcodec/jpeg2000dec: Print bpno level when erroring out Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8a3c7c9c32`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:20:59 +02:00
Steven Liu	ff97be6e23	avformat/dashdec: check value valid after read value from mpd xml before this commit ffmpeg get Heap Buffer Overflow in DASH Demuxer via Negative Start Number. Check the value from mpd xml, set the value to 0 if get negative value. Fixes: heap buffer overflow Found-by: Zhenpeng (Leo) Lin from depthfirst (cherry picked from commit `a97632827d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:20:59 +02:00
Kacper Michajłow	31ceabcd58	swscale/utils: zero init filter memory as before Commit `795bb37a39` removed zeroing of those buffers, without mention, which introduces corrupted output. Fixes: `795bb37a39` Fixes: https://github.com/mpv-player/mpv/issues/17317 (cherry picked from commit `10db62d205`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:20:59 +02:00
Carl Eugen Hoyos	c41109b09f	lavc/j2kdec: Do not ignore colour association for packed formats Fixes ticket #9468. Signed-off-by: Carl Eugen Hoyos <ceffmpeg@gmail.com (cherry picked from commit `aab0c23cb8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:20:59 +02:00
Michael Niedermayer	8f6d664afd	swscale/utils: Sanity check sizeFactor Fixes: multiple integer overflows Fixes: out of array access The PoC modifies filter parameters generally inaccessable to an attacker Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `404775a141`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:20:59 +02:00
Michael Niedermayer	0d7a077b8f	swscale/utils: Avoid FF_ALLOC_TYPED_ARRAY() and use av_malloc_array() directly Fixes: multiple integer overflows Fixes: out of array access Regression since: `a408d03ee6` The PoC modifies filter parameters generally inaccessable to an attacker Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `795bb37a39`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:20:58 +02:00
Ramiro Polla	af2f36957d	avcodec/mjpegdec: fix segfault on extern_huff and no extradata Regression since `1debadd58e`. (cherry picked from commit `96d8e19720`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:20:58 +02:00
Michael Niedermayer	1512e9f11b	avcodec/exr: use av_realloc_array() Related to: #YWH-PGM40646-33 See: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21347 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `09ec2b397a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2026-05-05 15:20:58 +02:00

1 2 3 4 5 ...

108265 commits