summaryrefslogtreecommitdiff
path: root/libavformat/aaxdec.c
Commit message (Collapse)AuthorAge
* avformat: Use ffio_read_size where appropriateAndreas Rheinhardt2021-08-06
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* Remove unnecessary avassert.h inclusionsAndreas Rheinhardt2021-07-22
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* avformat/aaxdec: Simplify cleanup after read_header failureAndreas Rheinhardt2021-07-07
| | | | | | by setting the FF_FMT_INIT_CLEANUP flag. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* avformat/aaxdec: Check avio_seek() in header readingMichael Niedermayer2021-06-20
| | | | | | | | Fixes: Timeout Fixes: 32450/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-4875522262827008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat: Constify all muxer/demuxersAndreas Rheinhardt2021-04-27
| | | | | | | This is possible now that the next-API is gone. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/aaxdec: Check that segments table has been initializedMichael Niedermayer2021-03-13
| | | | | | | | Fixes: Timeout Fixes: 29766/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5635887566290944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aaxdec: Check string before strcmp()Michael Niedermayer2021-01-11
| | | | | | | | Fixes: NULL ptr dereference Fixes: 26508/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5694725249826816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aaxdec: Fix potential integer overflowAndreas Rheinhardt2020-09-20
| | | | | | | | | | | | | | | | | | | | | | | The AAX demuxer reads a 32bit number containing the amount of entries of an array and stores it in an uint32_t. Yet when iterating over this array, a loop counter of type int is used. This leads to undefined behaviour if the amount of entries is not in the range of int; to avoid this, it is generally good to use the same type for the loop counter as for the variable it is compared to. This is done in one of the two loops affected by this. In the other loop, the undefined behaviour can begin even earlier: Here the loop counter is multiplied by an uint16_t which can overflow as soon as the loop counter is > 2^15. Using an unsigned type would avoid the undefined behaviour, but truncation would still be possible, so use an uint64_t. Also use an uint32_t for a variable containing an index in said array. This fixes Coverity issue #1466767. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat: add CRI AAX demuxerPaul B Mahol2020-09-18
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-26 18:05:37 +0000