ffmpeg

mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-02-14 03:11:25 +00:00

Author	SHA1	Message	Date
Michael Niedermayer	ea209bee9c	avformat/mov: Move +1 in check to avoid hypothetical overflow in add_ctts_entry() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `eb60b9d3aa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 19:45:45 +02:00
Michael Niedermayer	0288fa9319	avformat/mov: Check STSC and remove invalid entries Fixes assertion failure Fixes: crbug 822547, crbug 822666 and crbug 823009 Affects: aark15sd_9A62E2FA.mp4 Found-by: ClusterFuzz Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9e67447a4f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 19:45:45 +02:00
Michael Niedermayer	791c0940f5	avformat/mov: Fix integer overflows related to sample_duration Fixes: runtime error: signed integer overflow: -9166684017437101870 + -2495066639299164439 cannot be represented in type Fixes: Chromium bug 791349 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2f37082827`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 19:45:45 +02:00
Michael Niedermayer	2583022266	avformat/oggparsedaala: Do not adjust AV_NOPTS_VALUE Fixes: potential signed integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f655ddfb47`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 19:45:45 +02:00
Michael Niedermayer	723f154ae0	avformat/oggparseogm: Check lb against psize No testcase, this was found during code review Found-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3e7c847aaf`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 19:45:45 +02:00
Michael Niedermayer	bdb68741ba	avformat/oggparseogm: Fix undefined shift in ogm_packet() Fixes: shift exponent 48 is too large for 32-bit type 'int' Fixes: Chromium bug 786793 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `010b7b30b7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 19:45:45 +02:00
Michael Niedermayer	35194c4e02	avformat/avidec: Fix integer overflow in cum_len check Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long' Fixes: Chromium bug 791237 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `06e092e781`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 19:45:45 +02:00
Michael Niedermayer	adfbb5112d	avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE Fixes: Chromium bug 795653 Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long' Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `02ecda4aba`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 19:45:45 +02:00
Michael Niedermayer	d3e6b38a41	avformat/utils: Fix integer overflow of fps_first/last_dts Fixes: runtime error: signed integer overflow: 7738135736989908991 - -7898362169240453118 cannot be represented in type 'long' Fixes: Chromium bug 796778 Reported-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1b1362e408`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 19:45:45 +02:00
Michael Niedermayer	4c1d58f937	libavformat/oggparsevorbis: Fix memleak on multiple headers Fixes: Chromium bug 800123 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3934aa495d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 19:45:45 +02:00
Nikolas Bowe	4eb8e1bce2	avformat/lrcdec: Fix memory leak in lrc_read_header() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ef5994e09d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 13:07:06 +02:00
Nikolas Bowe	e7701e89ec	avformat/matroskadec: Fix float-cast-overflow undefined behavior in matroska_parse_tracks() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e07649e618`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-08 13:07:06 +02:00
James Almer	0a340924ef	avformat/hvcc: zero initialize the nal buffers past the last written byte Prevents use of uninitialized values. Fixes ticket #7038. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `9482ec1b20`)	2018-02-24 00:37:41 -03:00
James Almer	4fb5f391ae	avformat/libssh: check the user provided a password before trying to use it Fixes ticket #6413 Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `8ddb6820bd`)	2018-01-11 10:37:11 -03:00
Dale Curtis	32d1657192	Don't manipulate duration when it's AV_NOPTS_VALUE. This leads to signed integer overflow. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `c5fd57f483`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Dale Curtis	fc3e4c9ab3	avformat/utils: Prevent undefined shift with wrap_bits > 64. 2LL << (wrap_bits=64 - 1) does not fit in int64_t; change the code to use a uint64_t (2ULL) and add an av_assert2() to ensure wrap_bits <= 64. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `03fbc0daa7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Dale Curtis	02d11e616a	Close ogg stream upon error when using AV_EF_EXPLODE. Without this there can be multiple memory leaks for unrecognized ogg streams. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bce8fc0754`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Jacob Trimble	a03d488ae2	avformat/mov: Propagate errors in mov_switch_root. Signed-off-by: Jacob Trimble <modmaker@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2d9cf3bf16`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Fredrik Hubinette	7d14046740	avformat/mov: Check size of STSC allocation Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a6fdd75fe6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Luca Barbato	d6ecc61db8	avformat: Free the internal codec context at the end Avoid a use after free in avformat_find_stream_info. (cherry picked from commit `9e4a5eb51b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Fredrik Hubinette	b76dcd0786	avformat/id3v2: fix leak in chapter parsing Reviewed-on: https://chromium-review.googlesource.com/439405 Reviewed-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: James Almer <jamrial@gmail.com>	2017-10-26 21:47:41 +02:00
Michael Niedermayer	4e4177dde2	avformat/asfdec: Fix DoS in asf_build_simple_index() Fixes: Missing EOF check in loop No testcase Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `afc9c683ed`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	c9527df274	avformat/mov: Fix DoS in read_tfra() Fixes: Missing EOF check in loop No testcase Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9cb4eb7728`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
孙浩(晓黑)	816f7337bf	avformat/mxfdec: Fix Sign error in mxf_read_primer_pack() Fixes: 20170829B.mxf Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com> Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9d00fb9d70`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
孙浩(晓黑)	9cbac36026	avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array() Fixes: 20170829A.mxf Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com> Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `900f39692c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
孙浩(晓黑)	a051de092e	avformat/nsvdec: Fix DoS due to lack of eof check in nsvs_file_offset loop. Fixes: 20170829.nsv Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com> Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c24bcb5536`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	d4fc6b211f	avformat/mvdec: Fix DoS due to lack of eof check Fixes: loop.mv Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4f05e2e2dc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
孙浩 and 张洪亮(望初)	5bc9f70441	avformat/rl2: Fix DoS due to lack of eof check Fixes: loop.rl2 Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `96f24d1bee`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
孙浩 and 张洪亮(望初)	2bbef8ee27	avformat/rmdec: Fix DoS due to lack of eof check Fixes: loop.ivr Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `124eb202e7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
孙浩 and 张洪亮(望初)	98e177c728	avformat/cinedec: Fix DoS due to lack of eof check Fixes: loop.cine Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7e80b63ecd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
孙浩 and 张洪亮(望初)	f94517934b	avformat/asfdec: Fix DoS due to lack of eof check Fixes: loop.asf Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7f9ec5593e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	2920c7cec0	avformat/hls: Fix DoS due to infinite loop Fixes: loop.m3u The default max iteration count of 1000 is arbitrary and ideas for a better solution are welcome Found-by: Xiaohei and Wangchu from Alibaba Security Team Previous version reviewed-by: Steven Liu <lingjiujianke@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7ec414892d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	53a6cdf89d	avformat/rtpdec_h264: Fix heap-buffer-overflow Fixes: rtp_sdp/poc.sdp Found-by: Bingchang <l.bing.chang.bc@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c42a1388a6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Vitaly Buka	50cb32480b	avformat/aviobuf: Fix signed integer overflow in avio_seek() Signed integer overflow is undefined behavior. Detected with clang and -fsanitize=signed-integer-overflow Signed-off-by: Vitaly Buka <vitalybuka@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `eca2a49716`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Vitaly Buka	74410f2aba	avformat/mov: Fix signed integer overflows with total_size Signed integer overflow is undefined behavior. Detected with clang and -fsanitize=signed-integer-overflow Signed-off-by: Vitaly Buka <vitalybuka@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4a404cb5b9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Steven Siloti	16ee405707	avformat/utils: fix memory leak in avformat_free_context The pointer to the packet queue is stored in the internal structure so the queue needs to be flushed before internal is freed. Signed-off-by: Steven Siloti <ssiloti@bittorrent.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `949debd1d1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	b375cc8bb7	avformat/rtmppkt: Convert ff_amf_get_field_value() to bytestream2 Fixes: out of array accesses Found-by: JunDong Xie of Ant-financial Light-Year Security Lab Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ffcc82219c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-07-29 14:17:57 +02:00
Michael Niedermayer	f2a6f41dd7	avformat/rtmppkt: Convert ff_amf_tag_size() to bytestream2 Fixes: out of array accesses Fixes: crash-9238fa9e8d4fde3beda1f279626f53812cb001cb-SEGV Found-by: JunDong Xie of Ant-financial Light-Year Security Lab Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `08c073434e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-07-29 04:49:46 +02:00
Michael Niedermayer	6cc7777d4b	avformat/oggparsecelt: Do not re-allocate os->private Fixes: double free Fixes: clusterfuzz-testcase-minimized-5080550145785856 Found-by: ClusterFuzz Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7140761481`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-07-26 00:14:57 +02:00
Michael Niedermayer	25dac3128b	avformat/hls: Check local file extensions This reduces the attack surface of local file-system information leaking. It prevents the existing exploit leading to an information leak. As well as similar hypothetical attacks. Leaks of information from files and symlinks ending in common multimedia extensions are still possible. But files with sensitive information like private keys and passwords generally do not use common multimedia filename extensions. It does not stop leaks via remote addresses in the LAN. The existing exploit depends on a specific decoder as well. It does appear though that the exploit should be possible with any decoder. The problem is that as long as sensitive information gets into the decoder, the output of the decoder becomes sensitive as well. The only obvious solution is to prevent access to sensitive information. Or to disable hls or possibly some of its feature. More complex solutions like checking the path to limit access to only subdirectories of the hls path may work as an alternative. But such solutions are fragile and tricky to implement portably and would not stop every possible attack nor would they work with all valid hls files. Developers have expressed their dislike / objected to disabling hls by default as well as disabling hls with local files. There also where objections against restricting remote url file extensions. This here is a less robust but also lower inconvenience solution. It can be applied stand alone or together with other solutions. limiting the check to local files was suggested by nevcairiel This recommits the security fix without the author name joke which was originally requested by Nicolas. Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `189ff42196`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:29 +02:00
Michael Niedermayer	858adb27a0	avformat/options: log filename on open The loglevel is choosen so that the main filename and any images of multi image sequences are shown only at debug level to avoid clutter. This makes exploits in playlists more visible. As they would show accesses to private/sensitive files Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `53e0d5d724`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:29 +02:00
Michael Niedermayer	5415c88e37	avformat/avidec: Limit formats in gab2 to srt and ass/ssa This prevents part of one exploit leading to an information leak Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a5d849b149`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:29 +02:00
Michael Niedermayer	9b27474cdf	avformat/mux: Fix copy an paste typo Found-by: Roger Scott <rscott@grammatech.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1a36354698`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:27 +02:00
Gregory J. Wolfe	5d737a3d0c	avformat/tests/fifo_muxer: includes libavformat/network.h to define ETIMEDOUT for fate build. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9c041a3cd5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-16 04:00:30 +02:00
李赞	a4fb44723d	avformat/wavdec: Check chunk_size Fixes integer overflow and out of array access Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3d23219637`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-14 12:20:16 +02:00
Derek Buitenhuis	e66548345c	avformat/webmdashenc: Validate the 'streams' adaptation sets parameter It should not be a value larger than the number of streams we have, or it will cause invalid reads and/or SIGSEGV. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ec07efa700`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-14 12:20:15 +02:00
Derek Buitenhuis	1485562f6e	avformat/webmdashenc: Require the 'adaptation_sets' option to be set This seems to be non-optional, and if the muxer is run without it, strlen() is run on NULL, causing a segfault. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cbd3a68f3e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-14 12:20:15 +02:00
Michael Niedermayer	bb61a31223	avformat/oggparseogm: Check ff_alloc_extradata() for failure Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9eff4b0d2b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-14 12:20:15 +02:00
Michael Niedermayer	773c55b820	avformat/oggparseogm: Check available data before reading global header Fixes use of uninitialized data Found-by: Thomas Guilbert <tguilbert@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `170d864d2c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-14 12:20:15 +02:00
Michael Niedermayer	502313dd50	avformat/mov: Check creation_time for overflow Fixes integer overflow Fixes: 701640 Found-by: Found-by: Thomas Guilbert <tguilbert@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `39ee3ddff8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-14 12:20:15 +02:00

1 2 3 4 5 ...

19595 commits