Michael Niedermayer
26083824d7
avformat/mxfdec: check channel number in mxf_get_d10_aes3_packet()
...
Fixes: Out of array access
Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3dd5a8a135michael@niedermayer.cc >
2021-10-05 23:19:39 +02:00
Stéphane Cerveau
79c114e1b2
avcodec/wmadec: handle run_level_decode error
...
Consider data as invalid if ff_wma_run_level_decode
gets out with an error.
It avoids an unpleasant sound distorsion.
See http://trac.ffmpeg.org/ticket/9358
(cherry picked from commit f9fbe2f9a9
2021-09-21 23:20:37 -03:00
Olivier Crête
6f24f503ef
avcodec/wma: Return specific error code
...
This way, the calling function can just forward it instead of
making it up.
Signed-off-by: Olivier Crête <olivier.crete@collabora.com >
(cherry picked from commit 521388edb7
2021-09-21 23:20:29 -03:00
Tong Wu
df288deb9b
avcodec/dxva2_av1: fix superres_denom parameter
...
Defined in spec 5.9.8. When superres is enabled, SuperresDenom equals
"coded_denom + SUPERRES_DENOM_MIN" instead of coded_denom.
Signed-off-by: Tong Wu <tong1.wu@intel.com >
Signed-off-by: Hendrik Leppkes <h.leppkes@gmail.com >
(cherry picked from commit f31033c6ca
2021-09-14 23:51:42 +02:00
James Almer
5e61fce832
avcodec/libdav1d: fix compilation after recent libdav1d API changes
...
They were done in preparation for an upcoming 1.0 release.
Keep supporting previous releases for the time being.
Reviewed-by: BBB
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit e204846ec1
2021-09-09 09:31:53 -03:00
Michael Niedermayer
b5cdf08cae
Changelog: update
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2021-09-08 23:14:28 +02:00
James Almer
07dec5b0c3
avcodec/utils: don't return negative values in av_get_audio_frame_duration()
...
In some extrme cases, like with adpcm_ms samples with an extremely high channel
count, get_audio_frame_duration() may return a negative frame duration value.
Don't propagate it, and instead return 0, signaling that a duration could not
be determined.
Fixes ticket #9312
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit e01d306c64michael@niedermayer.cc >
2021-09-08 23:12:50 +02:00
Michael Niedermayer
620fa723b8
Update for 4.4.1
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2021-09-08 22:45:01 +02:00
Michael Niedermayer
b3e21be8e1
avcodec/jpeg2000dec: Check that atom header is within bytsetream
...
Fixes: Infinite loop
Fixes: 36666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5912760671141888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3c659f8618michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
7d58def70a
avcodec/apedec: Fix 2 integer overflows in filter_3800()
...
Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int'
Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 33feb527ffmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
baefa5385e
avcodec/xpmdec: Move allocations down after more error checks
...
Fixes: Timeout
Fixes: 37035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5142718576721920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e58692837cmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
34aad02457
avcodec/argo: Move U, fix shift
...
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 37249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5754862984888320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 26659fe53emichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
3d5f361290
avformat/mov: Check dts for overflow in mov_read_trun()
...
Fixes: signed integer overflow: 9223372034248226491 + 3275247799 cannot be represented in type 'long'
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-4538729166077952
Reported-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4de4bc06fdmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
e64b4a75bd
avformat/avidec: Use 64bit for frame number in odml index parsing
...
Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int'
Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a4c98c507emichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
fa4ac6b43a
avcodec/mjpegbdec: Skip SOS on AVDISCARD_ALL as does mjpeg
...
Fixes: NULL pointer dereference
Fixes: 36342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-4579188072906752
Fixes: 36344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-5049579300061184
Fixes: 36345/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-5301149845553152
Fixes: 36374/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-6056312352931840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 104a8399aemichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
af8de920b7
avcodec/mjpegdec: Check for bits left in mjpeg_decode_scan_progressive_ac()
...
Fixes: Timeout
Fixes: 36262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4969052454912000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 909faca929michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
maryam ebrahimzadeh
fb993619d1
avformat/adtsenc: return value check for init_get_bits in adts_decode_extradata
...
As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary.
'buf' is part of 'AVPacket pkt'.
replace init_get_bits with init_get_bits8.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9ffa49496dmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
671e182cc4
avcodec/webp: Check available space in loop in decode_entropy_coded_image()
...
Fixes: Timeout
Fixes: 35401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5714401821851648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5e00eab611michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
fa6d6cc810
avcodec/h264dec: use picture parameters in ff_print_debug_info2()
...
Fixes: out of array read
Fixes: 36341/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6737583085322240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 65892516d5michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
82fe7775a8
avcodec/vc1dec: ff_print_debug_info() does not support WMV3 field_mode
...
Fixes: out of array read
Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c59b5e3d1emichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
4254dbe20f
avcodec/frame_thread_encoder: Free AVCodecContext structure on error during init
...
Fixes: MemLeak
Fixes: 8281
Fixes: PoC_option158.jpg
Fixes: CVE-2020-22037
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7bba0dd638michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
f6f682f5aa
avcodec/faxcompr: Check for end of input in cmode == 1 in decode_group3_2d_line()
...
Fixes: Infinite loop
Fixes: 35591/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4503764022198272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f803635c4fmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
674adf0a02
avcodec/vc1dec: Disable error concealment for *IMAGE
...
The existing error concealment makes no sense for the image formats, they
use transformed source images which is different from keyframe + MC+difference
for which the error concealment is designed.
Of course feel free to re-enable this if you have a case where it works and
improves vissual results
Fixes: Timeout
Fixes: 36234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6300306743885824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 643b2d49bfmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
f25834ab07
avcodec/sbrdsp_fixed: Fix negation overflow in sbr_neg_odd_64_c()
...
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 35593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5182217725804544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8f2856a1damichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
725a0446b4
avcodec/argo: Check for even dimensions
...
Fixes: reading over the end
Fixes: 36346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5366943107383296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c2f5e9ff3cmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
88264f84c9
avformat/wtvdec: Check for EOF before seeking back in parse_media_type()
...
Fixes: Infinite loop
Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 89505d38demichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
58477f42a2
avformat/mpc8: Check first keyframe position for overflow
...
Fixes: signed integer overflow: 9223372036854775791 + 18 cannot be represented in type 'long'
Fixes: 36307/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-4917863877050368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2bbef69b0bmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
fbf576417a
avcodec/exr: Check ac_count
...
Fixes: signed integer overflow: -9223372036854775808 * 2 cannot be represented in type 'long long'
Fixes: 36244/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6090656186499072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9bc32d7c4bmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
8a3eb4498b
avformat/wavdec: Use 64bit in new_pos computation
...
Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9b57d2f0a9michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
3a18a6acc4
avformat/sbgdec: Check for overflow in timestamp preparation
...
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9dbed90840michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
a09127eacd
avformat/dsicin: Check packet size for overflow
...
Fixes: signed integer overflow: 24672 + 2147483424 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSICIN_fuzzer-6731325979623424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9d1c47ec03michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
70fa5522c7
avformat/dsfdec: Change order of operations in bitrate computation
...
Fixes: signed integer overflow: 538976288 * 67372036 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6751696819716096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5e38eff284michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
6d86416c92
avformat/bfi: check nframes
...
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6737028768202752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b4e77dfca1michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
f89b52fbca
avformat/avidec: fix position overflow in avi_load_index()
...
Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 527821a2ddmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
622b48d1fb
avformat/asfdec_f: Check sizeX against padding
...
Fixes: signed integer overflow: 2147483607 + 64 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6753897878257664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f034c2e36amichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
6666313248
avformat/aiffdec: Check for size overflow in header parsing
...
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bae2e19777michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
3a67e33368
avcodec/aaccoder: Add minimal bias in search_for_ms()
...
Fixes: floating point division by 0
Fixes: Ticket8218
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 75a099fc73michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
da9e84fabd
avformat/mov: Fix incorrect overflow detection in mov_read_sidx()
...
Fixes: signed integer overflow: 9223372036854775807 + 1442840321 cannot be represented in type 'long'
Fixes: 33670/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644379491106816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 200406d930michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
890a801468
avformat/mov: Avoid undefined overflow in time_offset calculation
...
Fixes: signed integer overflow: 8511838621821575200 - -3954125146725285889 cannot be represented in type 'long'
Fixes: 33414/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6610119325515776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7666d588bamichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
ebc5ea216f
avfilter/af_drmeter: Check that there is data
...
Fixes: floating point division by 0
Fixes: -nan is outside the range of representable values of type 'int'
Fixes: Ticket8307
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f49fa6abemichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
c7ac580288
avfilter/vf_fftdnoiz: Use lrintf() in export_row8()
...
Fixes: 1.04064e+10 is outside the range of representable values of type 'int'
Fixes: Ticket 8279
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1f21349d20michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
433d93a3b6
avfilter/vf_mestimate: Check b_count
...
Fixes: left shift of negative value -1
Fixes: Ticket8270
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 06af6e101bmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
5334967a56
avformat/mov: do not ignore errors in mov_metadata_hmmt()
...
Fixes: Timeout
Fixes: 35637/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6311060272447488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c52c99a18fmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
aa5b8c9590
avformat/mxfdec: Check size for shrinking
...
av_shrink_packet() takes int size, so size must fit in int
Fixes: out of array access
Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 65b862ab59michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
maryam ebr
46bbf194c4
avcodec/dnxhddec: check and propagate function return value
...
Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
crafted DNxHD data can cause unspecified impact.
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 7150f95756michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
b21120a924
swscale/slice: Fix wrong return on error
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7874d40f10michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
6a5d7fd8ad
avcodec/aacdec_template: Avoid some invalid values to be set by decode_audio_specific_config_gb()
...
Fixes: NULL pointer dereference
Fixes: decode_spectrum_and_dequant.mp4
Found-by: Rafael Dutra <rafael.dutra@cispa.de >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eaec4df63fmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
8da08ef1ff
swscale/slice: Check slice for allocation failure
...
Fixes: null pointer dereference
Fixes: alloc_slice.mp4
Found-by: Rafael Dutra <rafael.dutra@cispa.de >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 997f9cfc12michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
3b6f7601b7
avformat/matroskadec: Fix handling of huge default durations
...
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 343d950a4amichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
1196932f1c
avcodec/lpc: check for zero err in normalization in compute_lpc_coefs()
...
Fixes: floating point division by 0
Fixes: Ticket8213
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 70874e024amichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
