Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sync upstream/master to fork #2

Closed
wants to merge 474 commits into from
Closed

Sync upstream/master to fork #2

wants to merge 474 commits into from

Conversation

sath33sh
Copy link

@sath33sh sath33sh commented Aug 2, 2024

No description provided.

barbibulle and others added 30 commits February 29, 2020 12:34
@barbibulle
wip
3162846
@barbibulle
wip
dfcb783
@barbibulle
wip
0a974a5
@barbibulle
wip
8a9e1d2
@barbibulle
wip
1882c67
@barbibulle
wip
54c52df
@barbibulle
wip
628b31d
@barbibulle
wip
2dbb8cb
@barbibulle
wip
8d43678
@barbibulle
wip
f9b2140
@barbibulle
add vs2019 support
e6990f6
@enrikb
Ap4StreamCipher: fix skip bytes calculation.
d439e6d
@barbibulle
prep for r630
481c1e6
@barbibulle
fix windows projects
78e95ec
@barbibulle
fix warning
11b265d
@barbibulle
Merge commit 'f9b214042e9a867ba3d234014a3616b78ed775c8'
403a2c4 
* commit 'f9b214042e9a867ba3d234014a3616b78ed775c8':
  ignore xcode file
  fix gcc warnings
  add docker file
  bump version
  works with python3
@barbibulle
update doc
a082a0c
@barbibulle
support audio-only HLS presentations
5997a4d
@barbibulle
Merge pull request axiomatic-systems#481 from enrikb/bugfix/CENS_encr…
455edbc 
…ypt_fix_skip_bytes

Ap4StreamCipher: fix skip bytes calculation.
@barbibulle
cosmetic fix
580f274
@barbibulle
fix webvtt subtitles in mp4-dash.py
4e403b4
@barbibulle
python3 newline updates
87a7e71
@barbibulle
conform to some of the CMAF requirements
2c84c15
@barbibulle
Add some docs
1534f55
@barbibulle
fix axiomatic-systems#326
5ef3c9e
@barbibulle
Create ci.yml
141d36f
@barbibulle
Update ci.yml
c96022c
@barbibulle
add windows to CI matrix
4dea0cc
@barbibulle
fix CMake build for Windows
b004efd
@barbibulle
add GitHub CI badge
50442c7
barbibulle and others added 25 commits March 1, 2024 09:44
@barbibulle
fix leak
f13abef
@thinkski
fix axiomatic-systems#925
4d9da52
@ftyp
Update mp4utils.py
6649d9a 
Use dolby_digital_plus_info for ec-3
@ftyp
Update mp4-dash.py
8637c32 
Use dolby_digital_plus_info for ec-3
@roticv
Fix overflow issues found by fuzzer
147f15a 
Fuzzer had caught a number of large malloc and these large malloc were caused
by overflow of AP4_UI32 causing the validation logic to be skipped.
@roticv
Add boundary checks to Ap4IproAtom
3ed084f 
Fuzzer caught another large malloc. This is caused by lack of boundary check
resulting in the next atom (children atom) to artificially large "size"
due to the underflow in bytes_available.
@barbibulle
Merge pull request axiomatic-systems#933 from roticv/master
61639cc 
Fix overflow issues found by fuzzer
@barbibulle
Merge pull request axiomatic-systems#926 from thinkski/master
ea90ccd 
fix axiomatic-systems#925
@barbibulle
Merge pull request axiomatic-systems#932 from ftyp/fix-eac3-smooth
525027c 
Fix eac3 smooth
@ftyp
Fix Smooth Streaming Client Manifest URLs
995f954 
Partially revert track label support for Smooth Streaming
[4916daf]

trackName in server manifest and part of the client manifest StreamIndex URL should match. Also using arbitrary UTF-8 in language_name as part of the URL should be avoided
@roticv
Add boundary checks to Ap4OdheAtom
06f0d06 
Fuzzer caught another large malloc. This is caused by lack of boundary check
in Ap4OdheAtom causing underflow.
@roticv
More boundary checks for Ap4SaioAtom
84b95d4 
Earlier boundary checks were insufficient to prevent certain potential
payloads. This adds more boundary checks to prevent underflow of remains. I have
also remove the usage of GetHeaderSize in constructor as it is a virtual method.
@roticv
Add boundary checks to Ap4SbgpAtom
f9f6b22 
Fuzzer caught another large malloc. This is caused by lack of boundary check
in Ap4SbgpAtom causing underflow.
@roticv
Prevent overflow in boundary check for Ap4SbgpAtom
8806fe2 
Fuzzer caught another large malloc in Ap4SbgpAtom. It is caused by overflow
in boundary check
@roticv
Boundary checks in Ap4ContainerAtom
b977973 
The lack of boundary checks in Ap4ContainerAtom leads to an underflow
in size which then leads to existing validation checks to fail and hence allow
large malloc.
@roticv
Add boundary checks for Ap4StsdAtom
26df396 
Same problem as before, underflow of bytes_available results in some potential
attack
@barbibulle
Merge pull request axiomatic-systems#935 from roticv/master
b2e4c13 
More fixes for issues caught by fuzzer
@barbibulle
Merge pull request axiomatic-systems#934 from ftyp/fix-smooth-ismc
ad05057 
Fix Smooth Streaming Client Manifest URLs
@barbibulle
fix axiomatic-systems#952
f6bcd2f
@barbibulle
g++/c++ 20 compat
b92b7c3
@barbibulle
add gh LICENSE file
4c5b67f
@barbibulle
Merge branch 'master' of https://github.com/axiomatic-systems/Bento4
3fcc8e8
@barbibulle
update license file
7493cd2
@barbibulle
Merge pull request axiomatic-systems#918 from saisrirammortha/master
874c264 
Fix Level and BitDepth in AV1 Codec String
@sath33sh
Merge remote-tracking branch 'upstream/master' into satheesh/2024-08-…
0b36755 
…01/sync-fork
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 2, 2024
View reviewed changes
Documents/Websites/www.bok.net/dash/players/html5/shaka-player/index.html
<script src="shaka-player.uncompiled.js"></script>
<!-- <script src="third_party/closure/goog/base.js"></script> -->
<!-- <script src="dist/deps.js"></script> -->
<script src="//cdnjs.cloudflare.com/ajax/libs/shaka-player/2.0.5/shaka-player.compiled.debug.js"></script>

Check warning

Code scanning / CodeQL

Inclusion of functionality from an untrusted source Medium

Script loaded from content delivery network with no integrity check.
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 2, 2024
View reviewed changes
Build/Targets/x86_64-microsoft-win32-vs2019/Build.py
def usage(errMsg):
try:
print 'Error: %s' % (errMsg)
except NameError:

Check notice

Code scanning / CodeQL

Empty except Note

'except' clause does nothing but pass and there is no explanatory comment.
Scripts/SdkPrepForRelease.py
file_lines = open(filename).readlines()
file_out = open(filename, "wb")
file_out = open(filename, "w")

Check warning

Code scanning / CodeQL

File is not always closed Warning

File may not be closed if an exception is raised.
Scripts/SdkPrepForRelease.py
file_lines = open(filename).readlines()
file_out = open(filename, "wb")
file_out = open(filename, "w")

Check warning

Code scanning / CodeQL

File is not always closed Warning

File may not be closed if an exception is raised.
Scripts/SdkPrepForRelease.py

filename = os.path.join(BENTO4_HOME, "Build", "Docker", "Dockerfile")
print("Patching", filename)
file_lines = open(filename).readlines()

Check warning

Code scanning / CodeQL

File is not always closed Warning

File is opened but is not closed.
Scripts/SdkPrepForRelease.py
filename = os.path.join(BENTO4_HOME, "Build", "Docker", "Dockerfile")
print("Patching", filename)
file_lines = open(filename).readlines()
file_out = open(filename, "w")

Check warning

Code scanning / CodeQL

File is not always closed Warning

File is opened but is not closed.
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 2, 2024
View reviewed changes
Source/C++/Apps/Mp4Encrypt/Mp4Encrypt.cpp

// create the output stream
char fragment_output_filename[MP4_ENCRYPT_MAX_FILENAME_LENGTH + 1];
snprintf(fragment_output_filename, sizeof(fragment_output_filename), output_filename, fragment_input_filename);

Check failure

Code scanning / CodeQL

Non-constant format string Critical

The format string argument to
snprintf
Loading
has a source which cannot be verified to originate from a string literal.
Source/C++/Apps/Mp4Encrypt/Mp4Encrypt.cpp

// create the output stream
char fragment_output_filename[MP4_ENCRYPT_MAX_FILENAME_LENGTH + 1];
snprintf(fragment_output_filename, sizeof(fragment_output_filename), output_filename, fragment_input_filename);

Check failure

Code scanning / CodeQL

Uncontrolled format string Critical

The value of this argument may come from
a command-line argument
Loading
and is being used as a formatting argument to snprintf(__fmt).
The value of this argument may come from
a command-line argument
Loading
and is being used as a formatting argument to snprintf(__fmt), which calls __builtin___snprintf_chk((unnamed parameter 4)).
Source/C++/Apps/Mp4Diff/Mp4Diff.cpp
}

AP4_ByteStream* input1 = NULL;
AP4_Result result = AP4_FileByteStream::Create(filename1,

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This argument to a file access function is derived from
user input (a command-line argument)
Loading
and then passed to AP4_FileByteStream::Create(name), which calls AP4_StdcFileByteStream::Create(name), which calls fopen_s(filename), which calls fopen(__filename).
Source/C++/Apps/Mp4Diff/Mp4Diff.cpp
}

AP4_ByteStream* input2 = NULL;
result = AP4_FileByteStream::Create(filename2,

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This argument to a file access function is derived from
user input (a command-line argument)
Loading
and then passed to AP4_FileByteStream::Create(name), which calls AP4_StdcFileByteStream::Create(name), which calls fopen_s(filename), which calls fopen(__filename).
Source/C++/Apps/Mp4Edit/Mp4Edit.cpp
if (is_uuid) {
// open the payload
AP4_ByteStream* payload = NULL;
AP4_Result result = AP4_FileByteStream::Create(file_path, AP4_FileByteStream::STREAM_MODE_READ, payload);

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This argument to a file access function is derived from
user input (a command-line argument)
Loading
and then passed to AP4_FileByteStream::Create(name), which calls AP4_StdcFileByteStream::Create(name), which calls fopen_s(filename), which calls fopen(__filename).
Source/C++/Apps/Mp4Edit/Mp4Edit.cpp
} else {
// read the atom to insert
AP4_ByteStream* input = NULL;
AP4_Result result = AP4_FileByteStream::Create(file_path, AP4_FileByteStream::STREAM_MODE_READ, input);

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This argument to a file access function is derived from
user input (a command-line argument)
Loading
and then passed to AP4_FileByteStream::Create(name), which calls AP4_StdcFileByteStream::Create(name), which calls fopen_s(filename), which calls fopen(__filename).
Source/C++/Apps/Mp4Encrypt/Mp4Encrypt.cpp
fprintf(stderr, "ERROR: cannot open input file (%s)\n", input_filename);
return 1;
if (!multi) {
result = AP4_FileByteStream::Create(input_filename, AP4_FileByteStream::STREAM_MODE_READ, input);

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This argument to a file access function is derived from
user input (a command-line argument)
Loading
and then passed to AP4_FileByteStream::Create(name), which calls AP4_StdcFileByteStream::Create(name), which calls fopen_s(filename), which calls fopen(__filename).
Source/C++/Apps/Mp4Encrypt/Mp4Encrypt.cpp
fprintf(stderr, "ERROR: cannot open output file (%s)\n", output_filename);
return 1;
if (!multi) {
result = AP4_FileByteStream::Create(output_filename, AP4_FileByteStream::STREAM_MODE_WRITE, output);

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This argument to a file access function is derived from
user input (a command-line argument)
Loading
and then passed to AP4_FileByteStream::Create(name), which calls AP4_StdcFileByteStream::Create(name), which calls fopen_s(filename), which calls fopen(__filename).
Source/C++/Apps/Mp4Encrypt/Mp4Encrypt.cpp
// create the output stream
char fragment_output_filename[MP4_ENCRYPT_MAX_FILENAME_LENGTH + 1];
snprintf(fragment_output_filename, sizeof(fragment_output_filename), output_filename, fragment_input_filename);
result = AP4_FileByteStream::Create(fragment_output_filename,

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This argument to a file access function is derived from
user input (a command-line argument)
Loading
and then passed to AP4_FileByteStream::Create(name), which calls AP4_StdcFileByteStream::Create(name), which calls fopen_s(filename), which calls fopen(__filename).
Source/C++/Apps/Mp4Encrypt/Mp4Encrypt.cpp
| CreateProcessor
+---------------------------------------------------------------------*/
static AP4_Processor*
CreateProcessor(enum Method method,

Check warning

Code scanning / CodeQL

Poorly documented large function Warning

Poorly documented function: fewer than 2% comments for a function of 103 lines.
@sath33sh sath33sh changed the title Sycn upstream/master to fork Sync upstream/master to fork Aug 2, 2024
@sath33sh sath33sh closed this Aug 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.