highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,309 Commits 36 Branches 392 Tags
04e69effbb31ba21ec5f5da625bcd1edafd8e286
Commit Graph

79309 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
04e69effbb avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED() 
Fixes: runtime error: signed integer overflow: 2147483637 + 128 cannot be represented in type 'int'
Fixes: 6701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5358324934508544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e95d80e6f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
baa4913e12 avcodec/error_resilience: Fix integer overflow in filter181() 
Fixes: runtime error: signed integer overflow: 197710 * 10923 cannot be represented in type 'int'
Fixes: 7010/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5667127596941312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1c97035e3b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
aaa2d4a265 avcodec/h263dec: Check slice_ret in mspeg4 slice loop 
Fixes infinite loop
Fixes: 6858/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_MSMPEG4V3_fuzzer-4681563766784000
Fixes: 6890/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_WMV1_fuzzer-4756103142309888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit de841fbea7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
cc8710b5af avcodec/elsdec: Fix memleaks 
Fixes: 6798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5135899701542912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0bd0401336)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
70c7c73920 avcodec/vc1_block: simplify ac_val computation 
also fixes: runtime error: index 1456 out of bounds for type 'int16_t [16]'

Found-by: durandal_1707
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d06b01fc2d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
142e1e3e9a avcodec/ffv1enc: Check that the crc + version combination is supported 
The crc flag is only stored since version 3 thus before this crcs do not
work. We increase the version as needed same as we do with pix_fmts

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d9706f79c1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Stephan Holljes
73d07e320c lavf/http.c: Free allocated client URLContext in case of error. 
Signed-off-by: Stephan Holljes <klaxa1337@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b6b8c9265)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
3bf0a405f0 avcodec/dsicinvideo: Fail if there is only a small fraction of the data available that comprises a full frame 
Fixes: Timeout
Fixes: 6306/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSICINVIDEO_fuzzer-5079253549842432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5549488bbf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
a8640c87a7 avcodec/dsicinvideo: Propagate errors from cin_decode_rle() 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 942217b153)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
e49e8259df avcodec/dfa: Check dimension against maximum 
The headers from where the dimensions are read in actual files
are limited to 16bit per component.

Fixes: Timeout
Fixes: 6305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-4824270749302784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9d5a4fcfbb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
3009bf0be6 avcodec/cinepak: Skip empty frames 
Speeds up decoding from 3 to 0.1 seconds for 6302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5626371985375232
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9033920bec)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
5891d222ff avcodec/cinepak: move some checks prior to frame allocation 
Speeds up decoding from 8 to 3 seconds for 6302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5626371985375232
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2324ef1ff3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Rahul Chaudhry
ad3ec05d03 swresample/arm: remove unintentional relocation. 
Branch to global symbol results in reference to PLT, and when compiling
for THUMB-2 - in a R_ARM_THM_JUMP19 relocation. Some linkers don't
support this relocation (ld.gold), while others can end up truncating
the relocation to fit (ld.bfd).

Convert this branch through PLT into a direct branch that the assembler
can resolve locally.

See https://github.com/android-ndk/ndk/issues/337 for background.

The current workaround is to disable neon during gstreamer build,
which is not optimal and can be reverted after this patch:
41556c4157

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b22db4f465)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
9665d6258c doc/APIchanges: Fix typos in hashes 
Thanks-to: Moritz Barsnick <barsnick@gmx.net> for finding the correct ones

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec8a5262b0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
b591673c50 avformat/utils: Check cur_dts in update_initial_timestamps() more 
Fixes: runtime error: signed integer overflow: 18133149658382192 - -9223090561878065151 cannot be represented in type 'long long'
Fixes: crbug 831552

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 37d46dc21d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
cf321e93c4 avcodec/utils: Enforce minimum width also for VP5/6 
Fixes: out of array access
Fixes: poc_0411

Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Tested-by: GwanYeong Kim <gy741.kim@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 544324827e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
065057c8a3 avcodec/truemotion2: Propagate out of bounds error from GET_TOK() 
Fixes: Timeout
Fixes: 6389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5695918121680896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f6304af234)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
5aaa5bd1b0 avcodec/mjpegdec: Check input buffer size. 
Fixes: Timeout
Fixes: 6381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5665032743419904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8d381b57fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Matt Wolenetz
4b04da1e52 lavc/libopusdec: Allow avcodec_open2 to call .close 
If there is a decoder initialization failure detected in avcodec_open2
after .init is called, allow graceful decoder .close to prevent leaking
libopus decoder allocations.

BUG=828526

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e43e97f0e0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
c0bb5613d4 avcodec/movtextdec: Check style_start/end 
Limits based on 3GPP TS 26.245 V14.0.0
Fixes: Timeout
Fixes: 6377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5175929115508736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 249aca8f98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
72b9ba8a5b avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble() 
Fixes: runtime error: signed integer overflow: 2052929346 + 204817098 cannot be represented in type 'int'

This was missed in b1bef755f6
Fixes: 5275/clusterfuzz-testcase-minimized-5367635958038528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c837918f50)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
b2be78f9d2 libavcodec/rv34: error out earlier on missing references 
Fixes visual corruption on seeking

Fixes: downloadTest_clip_24M.rmvb

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6cd81d68c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Hendrik Schreiber
da371c5b21 swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering. 
Removed +len1 in call to s->mix_2_1_f() as I found no logical explanation for it. After removal, problem was gone.

Signed-off-by: Hendrik Schreiber <hs@tagtraum.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 647fd4b829)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
98096645f2 avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed() 
I was not able to reproduce this, this fix is based on just the fuzzer log.
Fixes: 4959/clusterfuzz-testcase-minimized-6035350934781952

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 197a4e8fee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
1f648a098d avcodec/cscd: Error out when LZ* decompression fails 
Fixes: Timeout
Fixes: 6304/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-5754772461191168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d52be5d4e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
heimdallr
19379529a5 avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list() 
example:

AVPixelFormat pixFmts[] = { AV_PIX_FMT_RGB24, AV_PIX_FMT_RGBA };
int loss = 0;
AVPixelFormat best = avcodec_find_best_pix_fmt_of_list(pixFmts, AV_PIX_FMT_BGRA, 1, &loss);

best is AV_PIX_FMT_RGB24. But AV_PIX_FMT_RGBA is better.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 354b26a394)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
03f891c050 avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame() 
Fixes: 2018_03_23_poc.wav
Found-by: GwanYeong Kim <gy741.kim@gmail.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea15915b2d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
0721e3c1bd avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables 
Found-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5c75438b89)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
7ccb9c37ac avcodec/get_bits: Make sure the input bitstream with padding can be addressed 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e529fe7633)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
028af5acbe avformat/mov: Check STSC and remove invalid entries 
Fixes assertion failure
Fixes: crbug 822547, crbug 822666 and crbug 823009

Affects: aark15sd_9A62E2FA.mp4

Found-by: ClusterFuzz
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e67447a4f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
f4fe702258 avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it 
Fixes: Timeout
Fixes: 6297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-4882404863901696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 939440ad1a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
e623800387 avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg 
Fixes: Timeout
Fixes: 6297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-4882404863901696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8ee3265dbe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
448cd0d0b3 avcodec/wmalosslessdec: Reset num_saved_bits on error path 
Fixes: NULL pointer dereference
Fixes: poc-201803.wav
Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 64c9ce0abc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
30d40580c4 avformat/mov: Fix integer overflows related to sample_duration 
Fixes: runtime error: signed integer overflow: -9166684017437101870 + -2495066639299164439 cannot be represented in type

Fixes: Chromium bug 791349

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f37082827)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
ad7c57f9db avformat/oggparsedaala: Do not adjust AV_NOPTS_VALUE 
Fixes: potential signed integer overflow

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f655ddfb47)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
69344f628b avformat/oggparseogm: Check lb against psize 
No testcase, this was found during code review

Found-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e7c847aaf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
46f37c65ab avformat/oggparseogm: Fix undefined shift in ogm_packet() 
Fixes: shift exponent 48 is too large for 32-bit type 'int'
Fixes: Chromium bug 786793
Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 010b7b30b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
4df16ad1ef avformat/avidec: Fix integer overflow in cum_len check 
Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long'
Fixes: Chromium bug 791237

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06e092e781)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
81a6076e4b avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE 
Fixes: Chromium bug 795653
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 02ecda4aba)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
7fd80d91f7 avformat/utils: Fix integer overflow of fps_first/last_dts 
Fixes: runtime error: signed integer overflow: 7738135736989908991 - -7898362169240453118 cannot be represented in type 'long'
Fixes: Chromium bug 796778
Reported-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b1362e408)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
Michael Niedermayer
b8fd13befe libavformat/oggparsevorbis: Fix memleak on multiple headers 
Fixes: Chromium bug 800123
Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3934aa495d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-10-23 01:44:40 +02:00
James Almer
29683c6ba1 avdevice/iec61883: free the private context at the end 
Fixes part of ticket #7146.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 5079e96bcc)
 2018-04-18 22:57:49 -03:00
James Almer
b949fd7a65 avdevice/iec61883: return reference counted packets 
Fixes part of ticket #7146, dealing with leaks of packet data since
commit 87c8812270.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit b8629654c6)
 2018-04-18 22:57:41 -03:00
Marton Balint
3c056989dc avdevice/iec61883: free packet on buffer allocation error 
Fixes Coverity CID 1396416.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 4556dad2b7)
 2018-04-18 22:57:26 -03:00
Michael Niedermayer
b910b34926 Changelog: update 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
n3.0.11 		2018-02-27 20:00:58 +01:00
Michael Niedermayer
add3c2468e avcodec/bintext: sanity check dimensions 
Fixes: Timeout
Fixes: 6277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XBIN_fuzzer-6047202288861184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 090c0abff9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-02-27 19:59:58 +01:00
Michael Niedermayer
fbf690d79a avcodec/utvideodec: Check subsample factors 
Fixes: Out of array read
Fixes: heap_poc

Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7414d0bda7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-02-27 19:59:58 +01:00
Michael Niedermayer
789a12b140 avcodec/smc: Check input packet size 
Fixes: Timeout
Fixes: 6261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-5811309653262336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0293663483)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-02-27 19:59:58 +01:00
Michael Niedermayer
24a3c45da5 avcodec/cavsdec: Check alpha/beta offset 
Fixes: Integer overflow
Fixes: 6183/clusterfuzz-testcase-minimized-6269224436629504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ae2eb04648)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-02-27 19:59:58 +01:00
Michael Niedermayer
6822bd50c1 avcodec/diracdec: Fix integer overflow in mv computation 
Fixes: signed integer overflow: -2072 + -2147483646 cannot be represented in type 'int'
Fixes: 6097/clusterfuzz-testcase-minimized-5034145253163008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47e65ad63b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-02-27 19:59:58 +01:00