* [FFmpeg-devel] [PATCH 1/4] avformat/alp: Check num_channels
@ 2022-03-20 13:47 Michael Niedermayer
2022-03-20 13:47 ` [FFmpeg-devel] [PATCH 2/4] avformat/cafdec: Do not store empty keys in read_info_chunk() Michael Niedermayer
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Michael Niedermayer @ 2022-03-20 13:47 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: division by 0
Fixes: 45615/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-582660348405350
Fixes: 45625/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-4821437943250944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/alp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/alp.c b/libavformat/alp.c
index f2428a9e3b..40e4890a38 100644
--- a/libavformat/alp.c
+++ b/libavformat/alp.c
@@ -122,7 +122,7 @@ static int alp_read_header(AVFormatContext *s)
par->format = AV_SAMPLE_FMT_S16;
par->sample_rate = hdr->sample_rate;
- if (hdr->num_channels > 2)
+ if (hdr->num_channels > 2 || hdr->num_channels == 0)
return AVERROR_INVALIDDATA;
av_channel_layout_default(&par->ch_layout, hdr->num_channels);
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 5+ messages in thread
* [FFmpeg-devel] [PATCH 2/4] avformat/cafdec: Do not store empty keys in read_info_chunk()
2022-03-20 13:47 [FFmpeg-devel] [PATCH 1/4] avformat/alp: Check num_channels Michael Niedermayer
@ 2022-03-20 13:47 ` Michael Niedermayer
2022-03-20 13:47 ` [FFmpeg-devel] [PATCH 3/4] avformat/apm: Check channels Michael Niedermayer
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Michael Niedermayer @ 2022-03-20 13:47 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: Timeout
Fixes: 45543/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5684953164152832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/cafdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index f0c2c50c59..f6c84e0dae 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -241,6 +241,8 @@ static void read_info_chunk(AVFormatContext *s, int64_t size)
char value[1024];
avio_get_str(pb, INT_MAX, key, sizeof(key));
avio_get_str(pb, INT_MAX, value, sizeof(value));
+ if (!*key)
+ continue;
av_dict_set(&s->metadata, key, value, 0);
}
}
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 5+ messages in thread
* [FFmpeg-devel] [PATCH 3/4] avformat/apm: Check channels
2022-03-20 13:47 [FFmpeg-devel] [PATCH 1/4] avformat/alp: Check num_channels Michael Niedermayer
2022-03-20 13:47 ` [FFmpeg-devel] [PATCH 2/4] avformat/cafdec: Do not store empty keys in read_info_chunk() Michael Niedermayer
@ 2022-03-20 13:47 ` Michael Niedermayer
2022-03-20 13:47 ` [FFmpeg-devel] [PATCH 4/4] avformat/aqtitledec: Skip unrepresentable durations Michael Niedermayer
2022-03-27 10:00 ` [FFmpeg-devel] [PATCH 1/4] avformat/alp: Check num_channels Michael Niedermayer
3 siblings, 0 replies; 5+ messages in thread
From: Michael Niedermayer @ 2022-03-20 13:47 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: division by 0
Fixes: 45643/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4957777905188864.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/apm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/apm.c b/libavformat/apm.c
index 91eea86a57..baf7d2f941 100644
--- a/libavformat/apm.c
+++ b/libavformat/apm.c
@@ -140,7 +140,7 @@ static int apm_read_header(AVFormatContext *s)
if (par->bits_per_coded_sample != 4)
return AVERROR_INVALIDDATA;
- if (channels > 2)
+ if (channels > 2 || channels == 0)
return AVERROR_INVALIDDATA;
av_channel_layout_default(&par->ch_layout, channels);
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 5+ messages in thread
* [FFmpeg-devel] [PATCH 4/4] avformat/aqtitledec: Skip unrepresentable durations
2022-03-20 13:47 [FFmpeg-devel] [PATCH 1/4] avformat/alp: Check num_channels Michael Niedermayer
2022-03-20 13:47 ` [FFmpeg-devel] [PATCH 2/4] avformat/cafdec: Do not store empty keys in read_info_chunk() Michael Niedermayer
2022-03-20 13:47 ` [FFmpeg-devel] [PATCH 3/4] avformat/apm: Check channels Michael Niedermayer
@ 2022-03-20 13:47 ` Michael Niedermayer
2022-03-27 10:00 ` [FFmpeg-devel] [PATCH 1/4] avformat/alp: Check num_channels Michael Niedermayer
3 siblings, 0 replies; 5+ messages in thread
From: Michael Niedermayer @ 2022-03-20 13:47 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: signed integer overflow: -5 - 9223372036854775807 cannot be represented in type 'long'
Fixes: 45665/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-475618463934054
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/aqtitledec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/aqtitledec.c b/libavformat/aqtitledec.c
index a37c9bbeaf..6c14b23862 100644
--- a/libavformat/aqtitledec.c
+++ b/libavformat/aqtitledec.c
@@ -74,7 +74,8 @@ static int aqt_read_header(AVFormatContext *s)
new_event = 1;
pos = avio_tell(s->pb);
if (sub) {
- sub->duration = frame - sub->pts;
+ if (frame >= sub->pts && (uint64_t)frame - sub->pts < INT64_MAX)
+ sub->duration = frame - sub->pts;
sub = NULL;
}
} else if (*line) {
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/4] avformat/alp: Check num_channels
2022-03-20 13:47 [FFmpeg-devel] [PATCH 1/4] avformat/alp: Check num_channels Michael Niedermayer
` (2 preceding siblings ...)
2022-03-20 13:47 ` [FFmpeg-devel] [PATCH 4/4] avformat/aqtitledec: Skip unrepresentable durations Michael Niedermayer
@ 2022-03-27 10:00 ` Michael Niedermayer
3 siblings, 0 replies; 5+ messages in thread
From: Michael Niedermayer @ 2022-03-27 10:00 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 710 bytes --]
On Sun, Mar 20, 2022 at 02:47:36PM +0100, Michael Niedermayer wrote:
> Fixes: division by 0
> Fixes: 45615/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-582660348405350
> Fixes: 45625/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-4821437943250944
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavformat/alp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
will apply patchset
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-03-27 10:00 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-20 13:47 [FFmpeg-devel] [PATCH 1/4] avformat/alp: Check num_channels Michael Niedermayer
2022-03-20 13:47 ` [FFmpeg-devel] [PATCH 2/4] avformat/cafdec: Do not store empty keys in read_info_chunk() Michael Niedermayer
2022-03-20 13:47 ` [FFmpeg-devel] [PATCH 3/4] avformat/apm: Check channels Michael Niedermayer
2022-03-20 13:47 ` [FFmpeg-devel] [PATCH 4/4] avformat/aqtitledec: Skip unrepresentable durations Michael Niedermayer
2022-03-27 10:00 ` [FFmpeg-devel] [PATCH 1/4] avformat/alp: Check num_channels Michael Niedermayer
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git