113214 Commits

Author SHA1 Message Date
Michael Niedermayer
01d3f764f7 Changelog: remove stray branch name
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
n6.1.3
2025-08-14 23:12:36 +02:00
Michael Niedermayer
979df1c813 Changelog:update
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 12:31:14 +02:00
Jiasheng Jiang
6250ed77a6 libavfilter/dnn/dnn_backend_tf: Remove redundant av_freep() to avoid double free
Remove redundant av_freep() to avoid double free since task will be freed in dnn_free_model_tf() after the success of ff_queue_push_back().

Fixes: af052f9066 ("lavfi/dnn: fix mem leak in TF backend error handle")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
(cherry picked from commit b8d5f65b9e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:52 +02:00
Michael Niedermayer
f978c37eab avcodec/dxv: Check that we initialize op_data
Fixes: 431665305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_DEC_fuzzer-5339599339847680
Fixes: use of uninitialized memory

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6a8c41dcac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:52 +02:00
Michael Niedermayer
a2e8dc01c0 avcodec/exr: Check for pixel type consistency in DWA
Fixes: out of array access
Fixes: BIGSLEEP-436511754/testcase.exr

Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0469d68acb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:51 +02:00
Kacper Michajłow
2f1fc996ec avcodec/libvorbisdec: avoid overflow when assinging sample rate from long to int
Fixes: 416134551/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_DEC_fuzzer-6096101407260672
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 2287a19abb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:51 +02:00
Kacper Michajłow
8b90fb40e9 avcodec/g726: init missing sample rate
Fixes: 416134551/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_G726_DEC_fuzzer-5695764455292928
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit c2f7dae70d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:51 +02:00
Kacper Michajłow
a991df7c1e avformat/lrcdec: limit input timestamp range to avoid overflows
Fixes: clusterfuzz-testcase-ffmpeg_dem_LRC_fuzzer-5226140131459072
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit c74bc74398)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:50 +02:00
Michael Niedermayer
9c7c34c92f avcodec/scpr3: Clear clr
clr is passing into decode_run_p() its not used when not set
but this possibly triggers msan (it doesnt locally)

Fixes?: use of uninintialized memory
Fixes?: 436997807/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-6253316466606080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3542260376)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:50 +02:00
Michael Niedermayer
164915184f avcodec/ilbcdec: Clear cbvec when used with create_augmented_vector()
Fixes: use of uninitialized memory
Fixes: 42538134/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-6322020827070464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9686fdd729)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:50 +02:00
Michael Niedermayer
435b00a7cc avcodec/jpeg2000dec: Make sure the 4 extra bytes allocated are initialized
Fixes: use of uninitialized memory
Fixes: 429130590/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_DEC_fuzzer-5736930522497024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6fe3786cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:49 +02:00
Muhammad Faiz
8577a6b2fe avfilter/avf_showcqt: fix unbounded index when copying to fft_data
When timeclamp and/or fps are low, j can be negative.

Fix Ticket11640

(cherry picked from commit 35ea458354)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:49 +02:00
Michael Niedermayer
9b9b22993f avcodec/aacsbr_template: Check ilb
Fixes: index 50 out of bounds for type 'INTFLOAT [40][2]'
Fixes: 401661737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-4866055713652736

Someone knowing AAC well should review this, there is likely a nicer fix

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01a1b99fc2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:49 +02:00
Michael Niedermayer
c7bc9e14f2 avcodec/utvideodec: Set B for the width= 1 case
Fixes: use of uninitialized meory
Fixes: 428034093/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_DEC_fuzzer-6195630160805888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 032dfe8584)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:48 +02:00
Michael Niedermayer
25f6058e4f avcodec/ffv1: Clear state on alloc
Fixes: use of uninitialized memory
Fixes: 428969823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_DEC_fuzzer-5909681623334912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 70fc46d185)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:48 +02:00
Michael Niedermayer
465026b37d avcodec/jpeg2000dec: implement cdef remapping during pixel format matching
Fixes: out of array access
Fixes: poc.jp2

Found-by: Andy Nguyen <theflow@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01a292c7e3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:48 +02:00
Michael Niedermayer
4f845aaf7d avcodec/jpeg2000dec: move cdef default check into get_siz()
This way cdef is at its final value earlier

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 104d6846c1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:47 +02:00
Michael Niedermayer
be682029ae avcodec/exr: Check rle_raw_data and surroundings
Fixes: out of array read

Fixes: BIGSLEEP-436510153/dwa_uncompress_read.exr

Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0d9c003d76)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:47 +02:00
Michael Niedermayer
fa543b33f6 avcodec/exr: Dont access outside xsize/ysize
Fixes: out of array access
Fixes: BIGSLEEP-436510316/dwa_uncompress_write.exr

Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f45da79b2c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:47 +02:00
Jiasheng Jiang
63c4658e62 examples: Add check and replace av_free() to avoid potential memory errors
Add check for the return value of av_packet_alloc() to avoid potential NULL pointer dereference.
Moreover, replace redundant av_free() with fprintf().

Fixes: 9a38184a14 ("examples/decode_audio: allocate the packet dynamically")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c64cff64a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:46 +02:00
Jiasheng Jiang
8efb352a85 libavcodec/tests/snowenc: Add av_free() to avoid memory leak
Add av_free() to free s.temp_dwt_buffer and s.temp_idwt_buffer at the end of the function to avoid memory leak.

Fixes: 5d48e4eafa ("Merge commit 'a6a750c7ef240b72ce01e9653343a0ddf247d196'")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 446cfbfb74)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:46 +02:00
Jiasheng Jiang
00b5af29a4 libavfilter/af_firequalizer: Add check for av_malloc_array()
Add check for the return value of av_malloc_array() to avoid potential NULL pointer dereference.

Fixes: d3be186ed1 ("avfilter/firequalizer: add dumpfile and dumpscale option")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a25462482c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:46 +02:00
Jiasheng Jiang
bbac13c54a libavcodec/videotoolbox_vp9: Move av_malloc() to avoid memory leak
Move av_malloc() after the check for subsampling to avoid memory leak if subsampling < 0 and av_malloc() succeeds.

Fixes: a41a2efc85 ("lavc/videotoolbox: add VP9 hardware acceleration")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b4e6ccb13)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:45 +02:00
Kacper Michajłow
7af8307c40 avcodec/mpc8: init avctx->sample_rate
Fixes frame validation.

Fixes: 416134551/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5765557242888192
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 09cb2d41d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:45 +02:00
Kacper Michajłow
f515a3ed02 avcodec/cbs_h266_syntax_template: fix out of bounds access
current->num_tile_columns is not updated in the loop, so the existing
check was not working. Check current index instead and break. This also
simplifies duplicated log.

Fixes: 435225531/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-6639684232216576
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit fb862976df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:45 +02:00
Kimapr
3d86f5e251 avformat/libopenmpt: fix seeking weirdness
- proper pts for packets. leaving it blank leaves it up for guessing,
  but the guess doesn't take seeking into account, causing weirdness.

- clamp to 0 when seeking to negative ts. libopenmpt docs are unclear on
  this but not doing this causes an immediate EOF when seeking backwards
  to the beginning in mpv.

- only set song duration and packet pts when they are non-negative and
  in int64 range. NaNs count as out of range. this isn't a fix for any
  specific issue but might be helpful still, and shouldn't break
  anything.

(cherry picked from commit ecef5f9e1f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:44 +02:00
Michael Niedermayer
5deafdfb64 avformat/hls: add cmfv/cmfa exceptions
Fixes: Ticket11526

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f3c3a6ecfb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:44 +02:00
Kacper Michajłow
02b6fa099f avformat/lrcdec: support arbitrary precision timestamp
Apparently files with milliseconds exist in the wild. And since it cost
nothing to support arbitrary number of digits, extend format to support
that.

Depending on number of digits, the time base of fractional part is
changing. Most LRCs use 2 digits and centiseconds base, but subs with 3
digits and miliseconds exist too.

Set internal time base to AV_TIME_BASE, which in parcitice allows to
hold microseconds with 6 digits. Totally artificial, but who knows maybe
someone wants that.

Fixes: #11677

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit bc3cc0a6af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:43 +02:00
Michael Niedermayer
4014ff00f9 avcodec/ffv1dec: Disable frame threading due to race condition
Slice threading remains available!

The race condition fix is in 8d5efc2182
and bcf08c1171
Backport of these is welcome

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-14 02:55:43 +02:00
Marton Balint
845c5e71fa swscale/swscale_unscaled: use 8 line alignment for planarCopyWrapper with dithering
Dithering relies on a 8 line dithering table and the code always uses it from
the beginning. So in order to make dithering independent from height of the
slices used we must enforce a 8 line alignment.

Fixes issue #20071.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit b61e510e75)
2025-08-13 00:28:22 +02:00
Michael Niedermayer
c0f13e324a Update for 6.1.3
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:38:07 +02:00
Jiasheng Jiang
5544cacc3c libavcodec/tests/motion: Add check for avcodec_alloc_context3()
Add check for the return value of avcodec_alloc_context3() to avoid potential NULL pointer dereference.

Fixes: 5d48e4eafa ("Merge commit 'a6a750c7ef240b72ce01e9653343a0ddf247d196'")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 55d234b433)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:52 +02:00
Jiasheng Jiang
2edff58de7 avcodec/tests/avpacket: Add av_free() to avoid memory leak
Add av_free() to free extra_data if av_packet_add_side_data() fails.

Fixes: da3c69a5a9 ("Added test for libavcodec/avpacket.c")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 008679ec16)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:52 +02:00
Jiasheng Jiang
9f7b46e6d9 examples: Add av_freep to avoid potential memory leak
Add av_freep() to free avio_ctx_buffer if avio_alloc_context fails
to avoid potential memory leak.

Fixes: 5fc4dea39c ("examples: add avio_reading.c example")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9ca58424de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:52 +02:00
Jiasheng Jiang
6c6e745e7c avcodec/tests/avpacket: Add av_packet_free() to avoid memory leak
Add av_packet_free() to free avpkt_clone and avpkt in the error paths to avoid potential memory leak.

Fixes: da3c69a5a9 ("Added test for libavcodec/avpacket.c")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab040e2565)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:51 +02:00
Michael Niedermayer
30a7a47e8c avcodec/fits: Clear naxis
Fixes: Use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_DEC_fuzzer-5602250833854464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1687daa93c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:51 +02:00
Michael Niedermayer
95f209e7d9 avcodec/vqavideo; Check bytestream2_get_buffer() reading next_codebook_buffer
Fixes: use of uninintilaized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-6235973619351552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 44864dbbb9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:51 +02:00
Michael Niedermayer
a83631dcb6 avcodec/lzf: Check for input space
Fixes: use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5597015691296768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 610d368d9b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:50 +02:00
Michael Niedermayer
6f8a9bea33 avcodec/imc: Clear padding of buf16
Fixes: use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IAC_fuzzer-6685890556788736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 715df4b1ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:50 +02:00
Michael Niedermayer
7d62dfda4c avcodec/iff: Clear ham_buf
Fixes: use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6651797156724736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7e9e7cb3b6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:50 +02:00
Michael Niedermayer
9d719c6779 avcodec/cri: Check bytestream2_get_buffer() for end
Fixes: use of uninintialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5910856640823296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea3851bebf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:49 +02:00
Michael Niedermayer
a8d3b7559a avcodec/cri: Factor read_len out
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d9bf3c141b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:49 +02:00
Michael Niedermayer
01c3093510 avformat/dashdec: Allocate space for appended "/"
Fixes: writing 1 byte over the end of the array
Fixes: BIGSLEEP-433502298/test.xml

Found-by: Google Big Sleep

A prettier solution is welcome!
A testcase exists only for the baseurl case

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce0a655f85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:48 +02:00
Michael Niedermayer
e8a2d5fca3 avcodec/mpegvideo_dec: Fix lowres=3 field select interlaced mpeg4 frame
Fixes: out of array read in the chroma plane
Fixes: 428034092/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_DEC_fuzzer-5582608941776896.test

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b849ac006b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:48 +02:00
Michael Niedermayer
369fbc9cb5 avformat/mxg: clear AV_INPUT_BUFFER_PADDING_SIZE
Fixes: use of uninitialized memory
Fixes: 427532813/clusterfuzz-testcase-minimized-ffmpeg_dem_MXG_fuzzer-5661938917113856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b12e919cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:48 +02:00
Michael Niedermayer
1865bc93fc avformat/vqf: Ensure that comm_chunk is fully read
Fixes: use of uninitialized memory
Fixes: 412125811/clusterfuzz-testcase-minimized-ffmpeg_dem_VQF_fuzzer-6253774274887680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b7a327b3a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 18:14:47 +02:00
Michael Niedermayer
4e196c9128 avformat/mov: make sure file_checksum is fully initialized
Fixes: use of uninitialized memory
Fixes: 394990189/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6431722199908352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b16e1ddd9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 17:10:17 +02:00
Michael Niedermayer
bdeed02e5f avformat/asfdec_f: Check amount of value read
Fixes: use of uninitialized memory
Fixes: 403675492/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-4754281823797248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fa197924a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 17:10:17 +02:00
Leo Izen
7d04839657 avcodec/jpegxl_parser: add sanity check for frame size
If a frame size is absolutely massive, this can spin the parser as it
attempts to decode a permuted TOC. We add a sanity check here for eight
times the size of the image for an internal frame to prevent malicious
bitstreams from slowing the parser down to a crawl.

Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 829680f96a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 17:10:17 +02:00
Michael Niedermayer
a744b338c6 avformat/concatdec: Clip duration in one more case in get_best_effort_duration()
Fixes: signed integer overflow: 40000 - -9223372036854770000 cannot be represented in type 'long'
Fixes: 427262541/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-4831506940100608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8cdb47e47a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-08-04 17:10:16 +02:00