highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67,692 Commits 36 Branches 392 Tags
048ac053e62b8571ffc3df93cd154d0cb1565ab9
Commit Graph

67692 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
048ac053e6 avformat/oggparsecelt: Do not re-allocate os->private 
Fixes: double free
Fixes: clusterfuzz-testcase-minimized-5080550145785856

Found-by: ClusterFuzz
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7140761481)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Brice Waegeneire
b1b795de84 doc/filters: typo in frei0r 
Signed-off-by: Brice Waegeneire <brice.wge@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6a6eec485d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
db440b6f06 avcodec/wavpack: Fix invalid shift 
Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 2377/clusterfuzz-testcase-minimized-6108505935183872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c07af72098)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
f58b107aab avcodec/vb: Check vertical GMC component before multiply 
Fixes: runtime error: signed integer overflow: 8224 * 663584 cannot be represented in type 'int'
Fixes: 2393/clusterfuzz-testcase-minimized-6128334993883136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc6ab72bc7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
96349da5ec avcodec/apedec: Fix integer overflow 
Fixes: out of array access
Fixes: PoC.ape and others

Found-by: Bingchang, Liu@VARAS of IIE
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba4beaf614)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
664201aff8 avcodec/wavpack: Fix integer overflow in wv_unpack_stereo() 
Fixes: runtime error: signed integer overflow: 2080374785 + 2080374784 cannot be represented in type 'int'
Fixes: 2351/clusterfuzz-testcase-minimized-5359403240783872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 73ea2a028e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
babc2c20e3 avcodec/mpeg4videodec: Fix GMC with videos of dimension 1 
Fixes: runtime error: shift exponent -1 is negative
Fixes: 2338/clusterfuzz-testcase-minimized-5153426541379584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4976a3411f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
7df850abf7 avcodec/wavpack: Fix integer overflow 
Fixes: runtime error: signed integer overflow: 227511904 + 1964113935 cannot be represented in type 'int'
Fixes: 2331/clusterfuzz-testcase-minimized-6182185830711296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 24e95f9d4d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
f6ffc80bba avcodec/takdec: Fix integer overflow 
Fixes: runtime error: signed integer overflow: 512 + 2147483146 cannot be represented in type 'int'
Fixes: 2314/clusterfuzz-testcase-minimized-4519333877252096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c2ef4f6b4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
b085b395ec avcodec/hevc_filter: Fix invalid shift 
Fixes: runtime error: left shift of negative value -1

Fixes: 2299/clusterfuzz-testcase-minimized-4843509351710720

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d7b3d5c3f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
215d1fc21b avcodec/mpeg4videodec: Fix overflow in virtual_ref computation 
Fixes: runtime error: signed integer overflow: 262144 * -16120 cannot be represented in type 'int'
Fixes: 2292/clusterfuzz-testcase-minimized-6156080415506432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5443c4bdf4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
3b38db6af0 avcodec/wavpack: Fix undefined integer negation 
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 2291/clusterfuzz-testcase-minimized-5538453481586688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f89747086)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Anton Mitrofanov
3716850e28 avcodec/h264_mb: Fix 8x8dct in lossless for new versions of x264 
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 06dda70f1e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Anton Mitrofanov
a599754e7e avcodec/h264_cabac: Fix CABAC+8x8dct in 4:4:4 
Use the correct ctxIdxInc calculation for coded_block_flag.
Keep old behavior for old versions of x264 for backward compatibility.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 840b41b2a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
d811126c61 avcodec/takdec: Fixes: integer overflow in AV_SAMPLE_FMT_U8P output 
Fixes: runtime error: signed integer overflow: 2147483543 + 128 cannot be represented in type 'int'
Fixes: 2234/clusterfuzz-testcase-minimized-6266896041115648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 27c2006805)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
f2e970b2bd avcodec/hevcpred_template: Fix left shift of negative value 
Fixes: runtime error: left shift of negative value -1
Fixes: 2250/clusterfuzz-testcase-minimized-5693382112313344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c94326c1fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
6a5ade5608 avcodec/hevcdec: Fix signed integer overflow in decode_lt_rps() 
Fixes: runtime error: signed integer overflow: 2147483647 + 6 cannot be represented in type 'int'
Fixes: 2263/clusterfuzz-testcase-minimized-4800359627227136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1edbf5e20c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
8fa71d7b59 avcodec/jpeg2000dec: Check nonzerobits more completely 
Fixes: runtime error: shift exponent 36 is too large for 32-bit type 'int'
Fixes: 2239/clusterfuzz-testcase-minimized-5639766592716800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dfb61ea263)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
aa97dafd26 avcodec/shorten: Sanity check maxnlpc 
Fixes OOM
Fixes: 2131/clusterfuzz-testcase-minimized-4718045157130240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e77ddd31a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
ccc14ccc45 avcodec/hevcdec: Check nb_sps 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc40674462)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
947961a6dc avcodec/hevc_refs: Check nb_refs in add_candidate_ref() 
Fixes: runtime error: index 16 out of bounds for type 'int [16]'
Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1cb4ef526d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
e33febfb86 avcodec/mpeg4videodec: Check sprite delta upshift against overflowing. 
Fixes: runtime error: signed integer overflow: -268386304 * 16 cannot be represented in type 'int'
Fixes: 2204/clusterfuzz-testcase-minimized-5616756909408256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12245ab1f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
6145b27b71 avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 case 
Fixes: runtime error: signed integer overflow: 131072 + 2147352576 cannot be represented in type 'int'
Fixes: 2192/clusterfuzz-testcase-minimized-5370387988742144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0a87be404a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
4ade217ae0 avcodec/wavpack: Fix runtime error: signed integer overflow: 1886191616 + 277872640 cannot be represented in type 'int' 
Fixes: 2181/clusterfuzz-testcase-minimized-6314784322486272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c996374d4d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:18 +02:00
Michael Niedermayer
27c729a21f avcodec/snowdec: Fix runtime error: left shift of negative value -1 
Fixes: 2197/clusterfuzz-testcase-minimized-6010716676947968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2e44126363)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
bae346d1c1 avcodec/tiff: Fix leak of geotags[].val 
Fixes: 2176/clusterfuzz-testcase-minimized-5908197216878592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 22a25ab389)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
32cd8e5a07 avcodec/ra144: Fix runtime error: signed integer overflow: -2200 * 1033073 cannot be represented in type 'int' 
Fixes: 2175/clusterfuzz-testcase-minimized-5809657849315328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 71da0a5c97)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
07c9709a33 avcodec/flicvideo: Fix runtime error: signed integer overflow: 4864 * 459296 cannot be represented in type 'int' 
Fixes: 2174/clusterfuzz-testcase-minimized-5739234533048320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 90e8317b3b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
9d38f5cc2b avcodec/ac3dec_fixed: Fix multiple runtime error: signed integer overflow: -39271008 * 59 cannot be represented in type 'int' 
Fixes: 2113/clusterfuzz-testcase-minimized-6510704959946752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4e3ab1a5c1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
1afe127401 avcodec/pafvideo: Fix assertion failure 
Fixes: 2100/clusterfuzz-testcase-minimized-4522961547558912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4360559ee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
31dd76349a avcodec/takdec: Fix multiple runtime error: signed integer overflow: 637072 * 4096 cannot be represented in type 'int' 
Fixes: 2079/clusterfuzz-testcase-minimized-5345861779324928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e4efd41b83)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
cd6cce2330 avcodec/mjpegdec: Check that reference frame matches the current frame 
Fixes: out of array read
Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4705edbbb9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
645c3b9009 avcodec/tiff: Avoid loosing allocated geotag values 
Fixes memleak
Fixes: 2076/clusterfuzz-testcase-minimized-6542640243802112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d7cbeab4c1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
0d0418adb5 avcodec/cavs: Fix runtime error: signed integer overflow: -12648062 * 256 cannot be represented in type 'int' 
Fixes: 2067/clusterfuzz-testcase-minimized-5578430902960128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1e6ee86d92)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
7e6b64a7d9 avformat/hls: Check local file extensions 
This reduces the attack surface of local file-system
information leaking.

It prevents the existing exploit leading to an information leak. As
well as similar hypothetical attacks.

Leaks of information from files and symlinks ending in common multimedia extensions
are still possible. But files with sensitive information like private keys and passwords
generally do not use common multimedia filename extensions.
It does not stop leaks via remote addresses in the LAN.

The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder becomes sensitive as well.
The only obvious solution is to prevent access to sensitive information. Or to
disable hls or possibly some of its feature. More complex solutions like
checking the path to limit access to only subdirectories of the hls path may
work as an alternative. But such solutions are fragile and tricky to implement
portably and would not stop every possible attack nor would they work with all
valid hls files.

Developers have expressed their dislike / objected to disabling hls by default as well
as disabling hls with local files. There also where objections against restricting
remote url file extensions. This here is a less robust but also lower
inconvenience solution.
It can be applied stand alone or together with other solutions.
limiting the check to local files was suggested by nevcairiel

This recommits the security fix without the author name joke which was
originally requested by Nicolas.

Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 189ff42196)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
c299d7060e avcodec/hevc_ps: Fix runtime error: index 32 out of bounds for type 'uint8_t [32]' 
Fixes: 2010/clusterfuzz-testcase-minimized-6209288450080768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 29808fff33)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
7802a9918d avcodec/pafvideo: Check packet size and frame code before ff_reget_buffer() 
Fixes 1745/clusterfuzz-testcase-minimized-6160693365571584
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit faa5a2181d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
257e6e3eca avcodec/ac3dec_fixed: Fix runtime error: left shift of 419 by 23 places cannot be represented in type 'int' 
Fixes: 1352/clusterfuzz-testcase-minimized-5757565017260032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 136ce8baa4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
6e67a3e22c avcodec/wavpack: Fix runtime error: shift exponent 32 is too large for 32-bit type 'int' 
Fixes: 1967/clusterfuzz-testcase-minimized-5757031199801344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b3e580b7f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
6933b322d8 avcodec/wavpack: Fix runtime error: signed integer overflow: 2013265955 - -134217694 cannot be represented in type 'int' 
Fixes: 1922/clusterfuzz-testcase-minimized-5561194112876544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a47273c803)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
57778a0058 avcodec/cinepak: Check input packet size before frame reallocation 
Reduces time spend decoding 1917/clusterfuzz-testcase-minimized-5023221273329664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e47057e932)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
81b798e24d avcodec/hevc_ps: Fix runtime error: signed integer overflow: 2147483628 + 256 cannot be represented in type 'int' 
Fixes: 1909/clusterfuzz-testcase-minimized-6732072662073344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6726328f79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
78f780ebed avcodec/ra144: Fixes runtime error: signed integer overflow: 7160 * 327138 cannot be represented in type 'int' 
Fixes: 1908/clusterfuzz-testcase-minimized-5392712477966336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 08cb69e870)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
c97a986e4f avcodec/pnm: Use ff_set_dimensions() 
Fixes: OOM
Fixes: 1906/clusterfuzz-testcase-minimized-4599315114754048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a1c0d1d906)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
c441a8bad5 avcodec/cavsdec: Fix runtime error: signed integer overflow: 59 + 2147483600 cannot be represented in type 'int' 
Fixes: 1903/clusterfuzz-testcase-minimized-5359318167715840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 58f8cd4ac5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
a34d0a2392 avformat/avidec: Limit formats in gab2 to srt and ass/ssa 
This prevents part of one exploit leading to an information leak

Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5d849b149)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
758cd1b434 avcodec/acelp_pitch_delay: Fix runtime error: value 4.83233e+39 is outside the range of representable values of type 'float' 
Fixes: 1902/clusterfuzz-testcase-minimized-4762451407011840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 87bddba43b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
249168eda8 avcodec/wavpack: Check float_shift 
Fixes: runtime error: shift exponent 40 is too large for 32-bit type 'unsigned int'
Fixes: 1898/clusterfuzz-testcase-minimized-5970744880136192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4020b009d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
2ba5c6e330 avcodec/wavpack: Fix runtime error: signed integer overflow: 24 * -2147483648 cannot be represented in type 'int' 
Fixes: 1894/clusterfuzz-testcase-minimized-4716739789062144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d90c5bf105)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00
Michael Niedermayer
cc1fd61f68 avcodec/ansi: Fix frame memleak 
Fixes: 1892/clusterfuzz-testcase-minimized-4519341733183488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e091b9b3c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-08-23 13:15:17 +02:00