[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: release/5.0 | Michael Niedermayer | Sat Sep 17 21:19:53 2022 +0200| [a00c812a9bee5eff1645711ee9a89ea1a9ac7f4f] | committer: Michael Niedermayer avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a00c812a9bee5eff1645711ee9a89ea1a9ac7f4f --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index 3f43055d9f..6ef8aecdbb 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -298,6 +298,8 @@ static int ape_read_header(AVFormatContext * s) ape->frames[i].pos -= ape->frames[i].skip; ape->frames[i].size += ape->frames[i].skip; } +if (ape->frames[i].size > INT_MAX - 3) +return AVERROR_INVALIDDATA; ape->frames[i].size = (ape->frames[i].size + 3) & ~3; } if (ape->fileversion < 3810) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: release/2.8 | Michael Niedermayer | Sat Sep 17 21:19:53 2022 +0200| [fe862271a4645987cd854b188c3ddc977686e5cf] | committer: Michael Niedermayer avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe862271a4645987cd854b188c3ddc977686e5cf --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index ca00242813..db00b8d84d 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -325,6 +325,8 @@ static int ape_read_header(AVFormatContext * s) ape->frames[i].pos -= ape->frames[i].skip; ape->frames[i].size += ape->frames[i].skip; } +if (ape->frames[i].size > INT_MAX - 3) +return AVERROR_INVALIDDATA; ape->frames[i].size = (ape->frames[i].size + 3) & ~3; } if (ape->fileversion < 3810) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sat Sep 17 21:19:53 2022 +0200| [89914fa82b70eec8e34e6f1400230fb4cc5a2f12] | committer: Michael Niedermayer avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=89914fa82b70eec8e34e6f1400230fb4cc5a2f12 --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index 99d6b666a5..6d62ee0ab9 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -325,6 +325,8 @@ static int ape_read_header(AVFormatContext * s) ape->frames[i].pos -= ape->frames[i].skip; ape->frames[i].size += ape->frames[i].skip; } +if (ape->frames[i].size > INT_MAX - 3) +return AVERROR_INVALIDDATA; ape->frames[i].size = (ape->frames[i].size + 3) & ~3; } if (ape->fileversion < 3810) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sat Sep 17 21:19:53 2022 +0200| [225d003f5b944a96ede6d6d964b69e8d0eea7f50] | committer: Michael Niedermayer avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=225d003f5b944a96ede6d6d964b69e8d0eea7f50 --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index 3a3b91283e..c3cc7b6445 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -323,6 +323,8 @@ static int ape_read_header(AVFormatContext * s) ape->frames[i].pos -= ape->frames[i].skip; ape->frames[i].size += ape->frames[i].skip; } +if (ape->frames[i].size > INT_MAX - 3) +return AVERROR_INVALIDDATA; ape->frames[i].size = (ape->frames[i].size + 3) & ~3; } if (ape->fileversion < 3810) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: release/4.1 | Michael Niedermayer | Sat Sep 17 21:19:53 2022 +0200| [3e208ef0886f3e45931357f2c2a7b26c65f2352b] | committer: Michael Niedermayer avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e208ef0886f3e45931357f2c2a7b26c65f2352b --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index 3a3b91283e..c3cc7b6445 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -323,6 +323,8 @@ static int ape_read_header(AVFormatContext * s) ape->frames[i].pos -= ape->frames[i].skip; ape->frames[i].size += ape->frames[i].skip; } +if (ape->frames[i].size > INT_MAX - 3) +return AVERROR_INVALIDDATA; ape->frames[i].size = (ape->frames[i].size + 3) & ~3; } if (ape->fileversion < 3810) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: release/4.2 | Michael Niedermayer | Sat Sep 17 21:19:53 2022 +0200| [4235afc12c303219c458be1016a36c84d3cc3354] | committer: Michael Niedermayer avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4235afc12c303219c458be1016a36c84d3cc3354 --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index dcca9b20fb..b7e4368c0a 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -323,6 +323,8 @@ static int ape_read_header(AVFormatContext * s) ape->frames[i].pos -= ape->frames[i].skip; ape->frames[i].size += ape->frames[i].skip; } +if (ape->frames[i].size > INT_MAX - 3) +return AVERROR_INVALIDDATA; ape->frames[i].size = (ape->frames[i].size + 3) & ~3; } if (ape->fileversion < 3810) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sat Sep 17 21:19:53 2022 +0200| [080c074c254a9687b787488a39c257b15a1d923c] | committer: Michael Niedermayer avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=080c074c254a9687b787488a39c257b15a1d923c --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index 92bf6360ef..58d4f7cfa8 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -332,6 +332,8 @@ static int ape_read_header(AVFormatContext * s) ape->frames[i].pos -= ape->frames[i].skip; ape->frames[i].size += ape->frames[i].skip; } +if (ape->frames[i].size > INT_MAX - 3) +return AVERROR_INVALIDDATA; ape->frames[i].size = (ape->frames[i].size + 3) & ~3; } if (ape->fileversion < 3810) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: release/4.4 | Michael Niedermayer | Sat Sep 17 21:19:53 2022 +0200| [5ee0beb7997bc08d1926054c597d87f490971e1f] | committer: Michael Niedermayer avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5ee0beb7997bc08d1926054c597d87f490971e1f --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index a7be29a469..7ced92cf76 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -301,6 +301,8 @@ static int ape_read_header(AVFormatContext * s) ape->frames[i].pos -= ape->frames[i].skip; ape->frames[i].size += ape->frames[i].skip; } +if (ape->frames[i].size > INT_MAX - 3) +return AVERROR_INVALIDDATA; ape->frames[i].size = (ape->frames[i].size + 3) & ~3; } if (ape->fileversion < 3810) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sat Sep 17 21:19:53 2022 +0200| [ca55032020b1b441a493c2f4e2b69ce17d2438d2] | committer: Michael Niedermayer avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca55032020b1b441a493c2f4e2b69ce17d2438d2 --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index bf1254e7bd..d6c8ec23b0 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -298,6 +298,8 @@ static int ape_read_header(AVFormatContext * s) ape->frames[i].pos -= ape->frames[i].skip; ape->frames[i].size += ape->frames[i].skip; } +if (ape->frames[i].size > INT_MAX - 3) +return AVERROR_INVALIDDATA; ape->frames[i].size = (ape->frames[i].size + 3) & ~3; } if (ape->fileversion < 3810) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: master | Michael Niedermayer | Sat Sep 17 21:19:53 2022 +0200| [d0349c9929e2891c90011a83152624d5cf18e628] | committer: Michael Niedermayer avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d0349c9929e2891c90011a83152624d5cf18e628 --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index f904fde178..92e9ac7cb1 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -298,6 +298,8 @@ static int ape_read_header(AVFormatContext * s) ape->frames[i].pos -= ape->frames[i].skip; ape->frames[i].size += ape->frames[i].skip; } +if (ape->frames[i].size > INT_MAX - 3) +return AVERROR_INVALIDDATA; ape->frames[i].size = (ape->frames[i].size + 3) & ~3; } if (ape->fileversion < 3810) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".