avformat/hls: Partially revert "reduce default max reload to 3" (setting to 100 as a reasonable compromise) The change has caused regressions for many users and consumers. Playlist reloads only happen when a playlist doesn't indicate that it has ended (via #EXT-X-ENDLIST), which means that the addition of future segments is still expected. It is well possible that an HLS server is temporarily unable to serve further segments but resumes after some time, either indicating a discontinuity or even by fully catching up. With a segment length of 3s, a max_reload value of 1000 corresponds to a duration of 50 minutes which appears to be a reasonable default. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ace9f03a6c0a58b84a02701df1b6e5d5ac1d1b8e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/hls: Fix twitter Allow mp4 with all mpegts extensions Fixes: Ticket11435 Reviewed-by: Steven Liu <lingjiujianke@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cef3422b4819e3b6f07086625fa7890eaa8d45e7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/hls: Be more picky on extensions This blocks disallowed extensions from probing It also requires all available segments to have matching extensions to the format mpegts is treated independent of the extension It is recommended to set the whitelists correctly instead of depending on extensions, but this should help a bit, and this is easier to backport Fixes: CVE-2023-6602 II. HLS Force TTY Demuxer Fixes: CVE-2023-6602 IV. HLS XBIN Demuxer DoS Amplification The other parts of CVE-2023-6602 have been fixed by prior commits Found-by: Harvey Phillips of Amazon Element55 (element55) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 91d96dc8ddaebe0b6cb393f672085e6bfaf15a31) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat: add ff_match_url_ext() Match url against a list of extensions similar to av_match_ext() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a7b06bfc5d20b12ff0122702c09517cf359fbb66) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avfilter/bwdif: account for chroma sub-sampling in min size calculation The current logic for detecting frames that are too small for the algorithm does not account for chroma sub-sampling, and so a sample where the luma plane is large enough, but the chroma planes are not will not be rejected. In that event, a heap overflow will occur. This change adjusts the logic to consider the chroma planes and makes the change to all three bwdif implementations. Fixes #10688 Signed-off-by: Cosmin Stejerean <cosmin@cosmin.at> Reviewed-by: Thomas Mundt <tmundt75@gmail.com> Signed-off-by: Philip Langdale <philipl@overt.org> (cherry picked from commit 737ede405b11a37fdd61d19cf25df296a0cb0b75) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/iff: Check that we have a stream in read_dst_frame() Fixes: null pointer dereference Fixes: 385644864/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4551049565765632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8668957ef604bd2b99175310638bc5031ae0d991) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/mlvdec: fix size checks Fixes: heap-buffer-overflow Fixes: 391962476/clusterfuzz-testcase-minimized-ffmpeg_dem_MLV_fuzzer-5746746587676672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 251d43aef0df9262f2688c1c848af993bbb67d08) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/mxfdec: Check edit unit for overflow in mxf_set_current_edit_unit() Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long' Fixes: 392672068/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6232335892152320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas H?rdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8a6ad9eab2f1c37a18c2f30e6660260edd7c0c16) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/h263dec: Check against previous dimensions instead of coded Fixes: out of array access Fixes: crash-a41ef3db699013f669b076f02f36942925f5a98c Found-by: Kacper Michajlow <kasper93@gmail.com> Reviewed-by: Kacper Michajlow <kasper93@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0fe33c99a26a06a6875c4abfb96362a65145264b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet() Fixes: Use of uninitialized memory Fixes: 71444/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5448597561212928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ecc96f4d08d74b0590ab03f39f93f386910c4c0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/huffyuvdec: Initialize whole output for decode_gray_bitstream() Fixes: use of uninitialized memory Fixes: 375286238/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-6352546854141952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ef71552cf970876085d99834abdb8e429aea9730) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/ipmovie: Check signature_buffer read Fixes: use of uninitilaized data Fixes: 385167047/clusterfuzz-testcase-minimized-ffmpeg_dem_IPMOVIE_fuzzer-5941477505564672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 788abe0d253b2034af15876d7889265d4746df2b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/wtvdec: Initialize buf ff_parse_mpeg2_descriptor() reads over what is initialized Fixes: use of uninitialized memory Fixes: 383825645/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5144130618982400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 17b019c517af26c6d2f0c6266938c60d36db1fa3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/cbs_vp9: Initialize VP9RawSuperframeIndex Fixes: use-of-uninitialized-value Fixes: 70907/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_METADATA_fuzzer-6339363208757248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e81d410242ea604c4f667da4a415836c1575d72f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/vqf: Propagate errors from add_metadata() Suggested-by: Marton Balint <cus@passwd.hu> Reviewed-by: Alexander Strasser <eclipse7@gmx.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 49fa3f6c5ba6d43cc4b3ade4f8d9dc2fdbc71f0a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>