[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sun Mar 20 22:54:31 2022 +0100| [6d4c5f4e2b3c4101bcd02855bf5d8bdbdd5b] |
committer: Michael Niedermayer
avformat/hls: Check target_duration
Fixes: signed integer overflow: 77 * 100 cannot be represented
in type 'long long'
Fixes:
45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
(cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d4c5f4e2b3c4101bcd02855bf5d8bdbdd5b
---
libavformat/hls.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 7915ee7996..0b55507790 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -742,10 +742,16 @@ static int parse_playlist(HLSContext *c, const char *url,
);
new_rendition(c, , url);
} else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) {
+int64_t t;
ret = ensure_playlist(c, , url);
if (ret < 0)
goto fail;
-pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE;
+t = strtoll(ptr, NULL, 10);
+if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+pls->target_duration = t * AV_TIME_BASE;
} else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) {
ret = ensure_playlist(c, , url);
if (ret < 0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/3.4 | Michael Niedermayer |
Sun Mar 20 22:54:31 2022 +0100| [ea391e65ef771e5516a9244f52396e48d3eb4531] |
committer: Michael Niedermayer
avformat/hls: Check target_duration
Fixes: signed integer overflow: 77 * 100 cannot be represented
in type 'long long'
Fixes:
45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
(cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ea391e65ef771e5516a9244f52396e48d3eb4531
---
libavformat/hls.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 332d10f2ee..73a5d22b39 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -750,10 +750,16 @@ static int parse_playlist(HLSContext *c, const char *url,
);
new_rendition(c, , url);
} else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) {
+int64_t t;
ret = ensure_playlist(c, , url);
if (ret < 0)
goto fail;
-pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE;
+t = strtoll(ptr, NULL, 10);
+if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+pls->target_duration = t * AV_TIME_BASE;
} else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) {
ret = ensure_playlist(c, , url);
if (ret < 0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/4.1 | Michael Niedermayer |
Sun Mar 20 22:54:31 2022 +0100| [0402ac6f59d2e79d5ee5be234555fd3d2f8776ab] |
committer: Michael Niedermayer
avformat/hls: Check target_duration
Fixes: signed integer overflow: 77 * 100 cannot be represented
in type 'long long'
Fixes:
45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
(cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0402ac6f59d2e79d5ee5be234555fd3d2f8776ab
---
libavformat/hls.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 67ed691ae0..22fd6f1f1b 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -786,10 +786,16 @@ static int parse_playlist(HLSContext *c, const char *url,
);
new_rendition(c, , url);
} else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) {
+int64_t t;
ret = ensure_playlist(c, , url);
if (ret < 0)
goto fail;
-pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE;
+t = strtoll(ptr, NULL, 10);
+if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+pls->target_duration = t * AV_TIME_BASE;
} else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) {
ret = ensure_playlist(c, , url);
if (ret < 0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/4.2 | Michael Niedermayer |
Sun Mar 20 22:54:31 2022 +0100| [a882801bc3b1f7b57b6e129510af3a6e92866772] |
committer: Michael Niedermayer
avformat/hls: Check target_duration
Fixes: signed integer overflow: 77 * 100 cannot be represented
in type 'long long'
Fixes:
45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
(cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a882801bc3b1f7b57b6e129510af3a6e92866772
---
libavformat/hls.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 48d133b87a..994f7222cd 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -791,10 +791,16 @@ static int parse_playlist(HLSContext *c, const char *url,
);
new_rendition(c, , url);
} else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) {
+int64_t t;
ret = ensure_playlist(c, , url);
if (ret < 0)
goto fail;
-pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE;
+t = strtoll(ptr, NULL, 10);
+if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+pls->target_duration = t * AV_TIME_BASE;
} else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) {
ret = ensure_playlist(c, , url);
if (ret < 0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun Mar 20 22:54:31 2022 +0100| [023b7e79792020af978c1743d565ae4326395dc6] |
committer: Michael Niedermayer
avformat/hls: Check target_duration
Fixes: signed integer overflow: 77 * 100 cannot be represented
in type 'long long'
Fixes:
45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
(cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=023b7e79792020af978c1743d565ae4326395dc6
---
libavformat/hls.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index a831e3f10c..a48c081ece 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -813,10 +813,16 @@ static int parse_playlist(HLSContext *c, const char *url,
);
new_rendition(c, , url);
} else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) {
+int64_t t;
ret = ensure_playlist(c, , url);
if (ret < 0)
goto fail;
-pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE;
+t = strtoll(ptr, NULL, 10);
+if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+pls->target_duration = t * AV_TIME_BASE;
} else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) {
ret = ensure_playlist(c, , url);
if (ret < 0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/4.4 | Michael Niedermayer |
Sun Mar 20 22:54:31 2022 +0100| [79ad18ddbd2f7feee33e24bff02afe4c10928b75] |
committer: Michael Niedermayer
avformat/hls: Check target_duration
Fixes: signed integer overflow: 77 * 100 cannot be represented
in type 'long long'
Fixes:
45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
(cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79ad18ddbd2f7feee33e24bff02afe4c10928b75
---
libavformat/hls.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 75209906d3..f2ca4f3443 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -810,10 +810,16 @@ static int parse_playlist(HLSContext *c, const char *url,
);
new_rendition(c, , url);
} else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) {
+int64_t t;
ret = ensure_playlist(c, , url);
if (ret < 0)
goto fail;
-pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE;
+t = strtoll(ptr, NULL, 10);
+if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+pls->target_duration = t * AV_TIME_BASE;
} else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) {
uint64_t seq_no;
ret = ensure_playlist(c, , url);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Sun Mar 20 22:54:31 2022 +0100| [478bd4c73f33d7b598f4be8cfe8543cb4f520349] |
committer: Michael Niedermayer
avformat/hls: Check target_duration
Fixes: signed integer overflow: 77 * 100 cannot be represented
in type 'long long'
Fixes:
45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
(cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=478bd4c73f33d7b598f4be8cfe8543cb4f520349
---
libavformat/hls.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index caa4182952..53be0f591c 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -817,10 +817,16 @@ static int parse_playlist(HLSContext *c, const char *url,
);
new_rendition(c, , url);
} else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) {
+int64_t t;
ret = ensure_playlist(c, , url);
if (ret < 0)
goto fail;
-pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE;
+t = strtoll(ptr, NULL, 10);
+if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+pls->target_duration = t * AV_TIME_BASE;
} else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) {
uint64_t seq_no;
ret = ensure_playlist(c, , url);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: master | Michael Niedermayer | Sun
Mar 20 22:54:31 2022 +0100| [a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5] |
committer: Michael Niedermayer
avformat/hls: Check target_duration
Fixes: signed integer overflow: 77 * 100 cannot be represented
in type 'long long'
Fixes:
45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5
---
libavformat/hls.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 1a1b40abe4..0541d3c610 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -819,10 +819,16 @@ static int parse_playlist(HLSContext *c, const char *url,
);
new_rendition(c, , url);
} else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) {
+int64_t t;
ret = ensure_playlist(c, , url);
if (ret < 0)
goto fail;
-pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE;
+t = strtoll(ptr, NULL, 10);
+if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+pls->target_duration = t * AV_TIME_BASE;
} else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) {
uint64_t seq_no;
ret = ensure_playlist(c, , url);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
