[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun Mar 20 22:54:31 2022 +0100| [6d4c5f4e2b3c4101bcd02855bf5d8bdbdd5b] | committer: Michael Niedermayer avformat/hls: Check target_duration Fixes: signed integer overflow: 77 * 100 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu Signed-off-by: Michael Niedermayer (cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d4c5f4e2b3c4101bcd02855bf5d8bdbdd5b --- libavformat/hls.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index 7915ee7996..0b55507790 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -742,10 +742,16 @@ static int parse_playlist(HLSContext *c, const char *url, ); new_rendition(c, , url); } else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) { +int64_t t; ret = ensure_playlist(c, , url); if (ret < 0) goto fail; -pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE; +t = strtoll(ptr, NULL, 10); +if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) { +ret = AVERROR_INVALIDDATA; +goto fail; +} +pls->target_duration = t * AV_TIME_BASE; } else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) { ret = ensure_playlist(c, , url); if (ret < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Mar 20 22:54:31 2022 +0100| [ea391e65ef771e5516a9244f52396e48d3eb4531] | committer: Michael Niedermayer avformat/hls: Check target_duration Fixes: signed integer overflow: 77 * 100 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu Signed-off-by: Michael Niedermayer (cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ea391e65ef771e5516a9244f52396e48d3eb4531 --- libavformat/hls.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index 332d10f2ee..73a5d22b39 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -750,10 +750,16 @@ static int parse_playlist(HLSContext *c, const char *url, ); new_rendition(c, , url); } else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) { +int64_t t; ret = ensure_playlist(c, , url); if (ret < 0) goto fail; -pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE; +t = strtoll(ptr, NULL, 10); +if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) { +ret = AVERROR_INVALIDDATA; +goto fail; +} +pls->target_duration = t * AV_TIME_BASE; } else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) { ret = ensure_playlist(c, , url); if (ret < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/4.1 | Michael Niedermayer | Sun Mar 20 22:54:31 2022 +0100| [0402ac6f59d2e79d5ee5be234555fd3d2f8776ab] | committer: Michael Niedermayer avformat/hls: Check target_duration Fixes: signed integer overflow: 77 * 100 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu Signed-off-by: Michael Niedermayer (cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0402ac6f59d2e79d5ee5be234555fd3d2f8776ab --- libavformat/hls.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index 67ed691ae0..22fd6f1f1b 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -786,10 +786,16 @@ static int parse_playlist(HLSContext *c, const char *url, ); new_rendition(c, , url); } else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) { +int64_t t; ret = ensure_playlist(c, , url); if (ret < 0) goto fail; -pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE; +t = strtoll(ptr, NULL, 10); +if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) { +ret = AVERROR_INVALIDDATA; +goto fail; +} +pls->target_duration = t * AV_TIME_BASE; } else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) { ret = ensure_playlist(c, , url); if (ret < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/4.2 | Michael Niedermayer | Sun Mar 20 22:54:31 2022 +0100| [a882801bc3b1f7b57b6e129510af3a6e92866772] | committer: Michael Niedermayer avformat/hls: Check target_duration Fixes: signed integer overflow: 77 * 100 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu Signed-off-by: Michael Niedermayer (cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a882801bc3b1f7b57b6e129510af3a6e92866772 --- libavformat/hls.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index 48d133b87a..994f7222cd 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -791,10 +791,16 @@ static int parse_playlist(HLSContext *c, const char *url, ); new_rendition(c, , url); } else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) { +int64_t t; ret = ensure_playlist(c, , url); if (ret < 0) goto fail; -pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE; +t = strtoll(ptr, NULL, 10); +if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) { +ret = AVERROR_INVALIDDATA; +goto fail; +} +pls->target_duration = t * AV_TIME_BASE; } else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) { ret = ensure_playlist(c, , url); if (ret < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun Mar 20 22:54:31 2022 +0100| [023b7e79792020af978c1743d565ae4326395dc6] | committer: Michael Niedermayer avformat/hls: Check target_duration Fixes: signed integer overflow: 77 * 100 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu Signed-off-by: Michael Niedermayer (cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=023b7e79792020af978c1743d565ae4326395dc6 --- libavformat/hls.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index a831e3f10c..a48c081ece 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -813,10 +813,16 @@ static int parse_playlist(HLSContext *c, const char *url, ); new_rendition(c, , url); } else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) { +int64_t t; ret = ensure_playlist(c, , url); if (ret < 0) goto fail; -pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE; +t = strtoll(ptr, NULL, 10); +if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) { +ret = AVERROR_INVALIDDATA; +goto fail; +} +pls->target_duration = t * AV_TIME_BASE; } else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) { ret = ensure_playlist(c, , url); if (ret < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/4.4 | Michael Niedermayer | Sun Mar 20 22:54:31 2022 +0100| [79ad18ddbd2f7feee33e24bff02afe4c10928b75] | committer: Michael Niedermayer avformat/hls: Check target_duration Fixes: signed integer overflow: 77 * 100 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu Signed-off-by: Michael Niedermayer (cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79ad18ddbd2f7feee33e24bff02afe4c10928b75 --- libavformat/hls.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index 75209906d3..f2ca4f3443 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -810,10 +810,16 @@ static int parse_playlist(HLSContext *c, const char *url, ); new_rendition(c, , url); } else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) { +int64_t t; ret = ensure_playlist(c, , url); if (ret < 0) goto fail; -pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE; +t = strtoll(ptr, NULL, 10); +if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) { +ret = AVERROR_INVALIDDATA; +goto fail; +} +pls->target_duration = t * AV_TIME_BASE; } else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) { uint64_t seq_no; ret = ensure_playlist(c, , url); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/5.0 | Michael Niedermayer | Sun Mar 20 22:54:31 2022 +0100| [478bd4c73f33d7b598f4be8cfe8543cb4f520349] | committer: Michael Niedermayer avformat/hls: Check target_duration Fixes: signed integer overflow: 77 * 100 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu Signed-off-by: Michael Niedermayer (cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=478bd4c73f33d7b598f4be8cfe8543cb4f520349 --- libavformat/hls.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index caa4182952..53be0f591c 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -817,10 +817,16 @@ static int parse_playlist(HLSContext *c, const char *url, ); new_rendition(c, , url); } else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) { +int64_t t; ret = ensure_playlist(c, , url); if (ret < 0) goto fail; -pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE; +t = strtoll(ptr, NULL, 10); +if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) { +ret = AVERROR_INVALIDDATA; +goto fail; +} +pls->target_duration = t * AV_TIME_BASE; } else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) { uint64_t seq_no; ret = ensure_playlist(c, , url); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: master | Michael Niedermayer | Sun Mar 20 22:54:31 2022 +0100| [a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5] | committer: Michael Niedermayer avformat/hls: Check target_duration Fixes: signed integer overflow: 77 * 100 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5 --- libavformat/hls.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index 1a1b40abe4..0541d3c610 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -819,10 +819,16 @@ static int parse_playlist(HLSContext *c, const char *url, ); new_rendition(c, , url); } else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) { +int64_t t; ret = ensure_playlist(c, , url); if (ret < 0) goto fail; -pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE; +t = strtoll(ptr, NULL, 10); +if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) { +ret = AVERROR_INVALIDDATA; +goto fail; +} +pls->target_duration = t * AV_TIME_BASE; } else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) { uint64_t seq_no; ret = ensure_playlist(c, , url); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".