subject:"\[FFmpeg\-cvslog\] avformat\/ape\: Check frames size"

[FFmpeg-cvslog] avformat/ape: Check frames size

2022-11-04 Thread Michael Niedermayer

ffmpeg | branch: release/5.0 | Michael Niedermayer  | 
Sat Sep 17 21:19:53 2022 +0200| [a00c812a9bee5eff1645711ee9a89ea1a9ac7f4f] | 
committer: Michael Niedermayer

avformat/ape: Check frames size

Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a00c812a9bee5eff1645711ee9a89ea1a9ac7f4f
---

 libavformat/ape.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index 3f43055d9f..6ef8aecdbb 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -298,6 +298,8 @@ static int ape_read_header(AVFormatContext * s)
 ape->frames[i].pos  -= ape->frames[i].skip;
 ape->frames[i].size += ape->frames[i].skip;
 }
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
 ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
 }
 if (ape->fileversion < 3810) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/ape: Check frames size

2022-10-28 Thread Michael Niedermayer

ffmpeg | branch: release/2.8 | Michael Niedermayer  | 
Sat Sep 17 21:19:53 2022 +0200| [fe862271a4645987cd854b188c3ddc977686e5cf] | 
committer: Michael Niedermayer

avformat/ape: Check frames size

Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe862271a4645987cd854b188c3ddc977686e5cf
---

 libavformat/ape.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index ca00242813..db00b8d84d 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -325,6 +325,8 @@ static int ape_read_header(AVFormatContext * s)
 ape->frames[i].pos  -= ape->frames[i].skip;
 ape->frames[i].size += ape->frames[i].skip;
 }
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
 ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
 }
 if (ape->fileversion < 3810) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/ape: Check frames size

2022-10-21 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sat Sep 17 21:19:53 2022 +0200| [89914fa82b70eec8e34e6f1400230fb4cc5a2f12] | 
committer: Michael Niedermayer

avformat/ape: Check frames size

Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=89914fa82b70eec8e34e6f1400230fb4cc5a2f12
---

 libavformat/ape.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index 99d6b666a5..6d62ee0ab9 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -325,6 +325,8 @@ static int ape_read_header(AVFormatContext * s)
 ape->frames[i].pos  -= ape->frames[i].skip;
 ape->frames[i].size += ape->frames[i].skip;
 }
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
 ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
 }
 if (ape->fileversion < 3810) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/ape: Check frames size

2022-10-12 Thread Michael Niedermayer

ffmpeg | branch: release/3.4 | Michael Niedermayer  | 
Sat Sep 17 21:19:53 2022 +0200| [225d003f5b944a96ede6d6d964b69e8d0eea7f50] | 
committer: Michael Niedermayer

avformat/ape: Check frames size

Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=225d003f5b944a96ede6d6d964b69e8d0eea7f50
---

 libavformat/ape.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index 3a3b91283e..c3cc7b6445 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -323,6 +323,8 @@ static int ape_read_header(AVFormatContext * s)
 ape->frames[i].pos  -= ape->frames[i].skip;
 ape->frames[i].size += ape->frames[i].skip;
 }
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
 ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
 }
 if (ape->fileversion < 3810) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/ape: Check frames size

2022-10-10 Thread Michael Niedermayer

ffmpeg | branch: release/4.1 | Michael Niedermayer  | 
Sat Sep 17 21:19:53 2022 +0200| [3e208ef0886f3e45931357f2c2a7b26c65f2352b] | 
committer: Michael Niedermayer

avformat/ape: Check frames size

Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e208ef0886f3e45931357f2c2a7b26c65f2352b
---

 libavformat/ape.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index 3a3b91283e..c3cc7b6445 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -323,6 +323,8 @@ static int ape_read_header(AVFormatContext * s)
 ape->frames[i].pos  -= ape->frames[i].skip;
 ape->frames[i].size += ape->frames[i].skip;
 }
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
 ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
 }
 if (ape->fileversion < 3810) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/ape: Check frames size

2022-10-09 Thread Michael Niedermayer

ffmpeg | branch: release/4.2 | Michael Niedermayer  | 
Sat Sep 17 21:19:53 2022 +0200| [4235afc12c303219c458be1016a36c84d3cc3354] | 
committer: Michael Niedermayer

avformat/ape: Check frames size

Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4235afc12c303219c458be1016a36c84d3cc3354
---

 libavformat/ape.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index dcca9b20fb..b7e4368c0a 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -323,6 +323,8 @@ static int ape_read_header(AVFormatContext * s)
 ape->frames[i].pos  -= ape->frames[i].skip;
 ape->frames[i].size += ape->frames[i].skip;
 }
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
 ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
 }
 if (ape->fileversion < 3810) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/ape: Check frames size

2022-09-26 Thread Michael Niedermayer

ffmpeg | branch: release/4.3 | Michael Niedermayer  | 
Sat Sep 17 21:19:53 2022 +0200| [080c074c254a9687b787488a39c257b15a1d923c] | 
committer: Michael Niedermayer

avformat/ape: Check frames size

Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=080c074c254a9687b787488a39c257b15a1d923c
---

 libavformat/ape.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index 92bf6360ef..58d4f7cfa8 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -332,6 +332,8 @@ static int ape_read_header(AVFormatContext * s)
 ape->frames[i].pos  -= ape->frames[i].skip;
 ape->frames[i].size += ape->frames[i].skip;
 }
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
 ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
 }
 if (ape->fileversion < 3810) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/ape: Check frames size

2022-09-25 Thread Michael Niedermayer

ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Sep 17 21:19:53 2022 +0200| [5ee0beb7997bc08d1926054c597d87f490971e1f] | 
committer: Michael Niedermayer

avformat/ape: Check frames size

Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5ee0beb7997bc08d1926054c597d87f490971e1f
---

 libavformat/ape.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index a7be29a469..7ced92cf76 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -301,6 +301,8 @@ static int ape_read_header(AVFormatContext * s)
 ape->frames[i].pos  -= ape->frames[i].skip;
 ape->frames[i].size += ape->frames[i].skip;
 }
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
 ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
 }
 if (ape->fileversion < 3810) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/ape: Check frames size

2022-09-24 Thread Michael Niedermayer

ffmpeg | branch: release/5.1 | Michael Niedermayer  | 
Sat Sep 17 21:19:53 2022 +0200| [ca55032020b1b441a493c2f4e2b69ce17d2438d2] | 
committer: Michael Niedermayer

avformat/ape: Check frames size

Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca55032020b1b441a493c2f4e2b69ce17d2438d2
---

 libavformat/ape.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index bf1254e7bd..d6c8ec23b0 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -298,6 +298,8 @@ static int ape_read_header(AVFormatContext * s)
 ape->frames[i].pos  -= ape->frames[i].skip;
 ape->frames[i].size += ape->frames[i].skip;
 }
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
 ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
 }
 if (ape->fileversion < 3810) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/ape: Check frames size

2022-09-24 Thread Michael Niedermayer

ffmpeg | branch: master | Michael Niedermayer  | Sat 
Sep 17 21:19:53 2022 +0200| [d0349c9929e2891c90011a83152624d5cf18e628] | 
committer: Michael Niedermayer

avformat/ape: Check frames size

Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d0349c9929e2891c90011a83152624d5cf18e628
---

 libavformat/ape.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index f904fde178..92e9ac7cb1 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -298,6 +298,8 @@ static int ape_read_header(AVFormatContext * s)
 ape->frames[i].pos  -= ape->frames[i].skip;
 ape->frames[i].size += ape->frames[i].skip;
 }
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
 ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
 }
 if (ape->fileversion < 3810) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/ape: Check frames size

[FFmpeg-cvslog] avformat/ape: Check frames size

[FFmpeg-cvslog] avformat/ape: Check frames size

[FFmpeg-cvslog] avformat/ape: Check frames size

[FFmpeg-cvslog] avformat/ape: Check frames size

[FFmpeg-cvslog] avformat/ape: Check frames size

[FFmpeg-cvslog] avformat/ape: Check frames size

[FFmpeg-cvslog] avformat/ape: Check frames size

[FFmpeg-cvslog] avformat/ape: Check frames size

[FFmpeg-cvslog] avformat/ape: Check frames size

10 matches

Site Navigation

Mail list logo

Footer information