ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	1bc94e816b	avcodec/hevc_mp4toannexb_bsf: Check nalu_size Fixes: Timeout (29sec -> 5ms) Fixes: 20237/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_MP4TOANNEXB_fuzzer-5165615044362240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ae2537f53e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	4d9462837c	avcodec/iff: Check length before memcpy() in decode_deep_rle32() Fixes: out of array read Fixes: 20796/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5111364702175232.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b4a33387cb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	22fba2adee	avcodec/iff: Fix invalid pointer intermediates in decode_deep_rle32() Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bc41a29a5a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	0078687445	avcodec/pngdec: Pass ret from decode_iccp_chunk() Found while reviewing a patch fixing a similar issue Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4c7bcaa385`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	d6b070771e	avcodec/rv40dsp: Fix integer overflows in rv40_weight_func_() Fixes: signed integer overflow: 40550400 128 cannot be represented in type 'int' Fixes: 20331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV40_fuzzer-5676685725007872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `13171ad2e3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	8777426938	avcodec/ac3dec_fixed: Fix several invalid left shifts in scale_coefs() Fixes: left shift of negative value -14336 Fixes: 20298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-5675484201615360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8e30502abe`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	fe91bb30e9	avcodec/flac_parser: Do not lose header count in find_headers_search() Fixes: Timeout Fixes: out of array access Fixes: 20274/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-5649631988154368 Fixes: 19275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-5757535722405888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `55f9683cf6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	f70d5d99ce	avcodec/audiodsp: Fix integer overflow in scalarproduct_int16_c() Fixes: signed integer overflow: 2145417478 + 76702564 cannot be represented in type 'int' Fixes: 20313/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5734487724130304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `abb5762e98`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	ed1c60d06b	avcodec/cbs_jpeg_syntax_template: Check array index in huffman_table() Fixes: index 224 out of bounds for type 'uint8_t [224]' Fixes: 21534/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-6291612167831552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `18f5256c0d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	8967905307	avcodec/cbs_jpeg_syntax_template: Check table index before use in dht() Fixes: out of array access Fixes: 21515/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5766121576988672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d31862c2b1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	33d17d1b53	avformat/oggdec: Check for EOF after page header Fixes: Infinite loop Fixes: Ticket8594 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f1589be9fd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	01628af26d	swscale/yuv2rgb: Fix vertical dither offset with slices Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `be3c29e379`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	85138be8e1	avcodec/dpcm: clip exponent into supported range in XAN DPCM Fixes: shift exponent 32 is too large for 32-bit type 'int' Fixes: 21200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_DPCM_fuzzer-5754704894361600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `20ade59d96`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	ddcbb66e00	avcodec/flacdsp_template: Fix invalid shifts in decorrelate Fixes: left shift of negative value -2 Fixes: 20303/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-5096829297623040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3935c891e9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	85b921c4dc	avcodec/xvididct: Fix integer overflow in MULT() Fixes: signed integer overflow: 23170 * 95058 cannot be represented in type 'int' Fixes: 20295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5800212870463488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7ccb576191`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	21be7407af	avcodec/ffwavesynth: Correct undefined overflow of PINK_UNIT Fixes: signed integer overflow: 9223372036854775775 + 128 cannot be represented in type 'long' Fixes: 20054/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5686385113825280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `187161d62f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	90a306ba97	avcodec/cbs_h264_syntax_template: fix off by 1 error with slice_group_change_cycle Fixes: assertion failure Fixes: 20390/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_REDUNDANT_PPS_fuzzer-5683400772157440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `741565a1e6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	c3b5c1423e	swscale/output: Fix integer overflow in yuv2rgb_write_full() with out of range input Fixes: signed integer overflow: 1169365504 + 981452800 cannot be represented in type 'int' Fixes: ticket8293 Found-by: Suhwan Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e057e83a4f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	824c773263	swscale/output: Fix integer overflow in alpha computation in yuv2gbrp16_full_X_c() Fixes: signed integer overflow: 524280 * 4432 cannot be represented in type 'int' Fixes: ticket8322 Found-by: Suhwan Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `49ba1879ad`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
John Rummell	83b2cc152d	libavformat/amr.c: Check return value from avio_read() If the buffer doesn't contain enough bytes when reading a stream, fail rather than continuing on with initialized data. Caught by Chromium fuzzeras (crbug.com/1065731). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5b967f56b6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
John Rummell	8c73f80276	libavformat/mov.c: Free aes_decrypt to avoid leaking memory Found by Chromium fuzzers (crbug.com/1057205). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ad91cf1f2f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
John Rummell	33bdb19d23	libavformat/oggdec.c: Check return value from avio_read() If the buffer doesn't contain enough bytes when reading a stream, fail rather than continuing on with unitialized data. Caught by Chromium fuzzers (crbug.com/1054229). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b7c67b1ae3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	52dbafe7b6	avformat/asfdec_f: Fix overflow check in get_tag() Fixes: signed integer overflow: 2 * 1210064928 cannot be represented in type 'int' Fixes: 20873/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5761116909338624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c8140fe732`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	69ff8871ff	avformat/nsvdec: Fix memleaks on errors while reading the header Fixes: memleaks Fixes: 21084/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5655975492321280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `96c0469455`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	cf64e8c5b1	avcodec/ffwavesynth: Fix integer overflow in computation of ddphi Fixes: signed integer overflow: 1302123111085380114 - -8319005078741256972 cannot be represented in type 'long' Fixes: 20991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5148554161291264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c85bf16318`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	838105153a	avcodec/cbs_jpeg: Check length for SOS Fixes: out of array access Fixes: 19734/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5673507031875584 Fixes: 19353/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5703944462663680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1812352d76`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	614fc179d6	avcodec/adpcm: Fix invalid shift in AV_CODEC_ID_ADPCM_PSX Fixes: left shift of negative value -1 Fixes: 20859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_PSX_fuzzer-5720391507247104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0a11ef68f0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	0eb38a9b84	avcodec/mpeg12dec: Fix invalid shift in mpeg2_fast_decode_block_intra() Fixes: left shift of negative value -695 Fixes: 19232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5702856963522560 Fixes: 19555/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5741218147598336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c40df2166c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Andreas Rheinhardt	fe7f3e3d27	avcodec/cbs_h2645: Treat slices without data as invalid Slices that end after their header (meaning slices after the header without any data before the rbsp_stop_one_bit or possibly without any rbsp_stop_one_bit at all) are invalid and are now dropped. This ensures that one doesn't run into two asserts in cbs_h2645_write_slice_data(). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Fixes: 19629/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5676822528524288 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `66fac1ff7c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Andreas Rheinhardt	b10b63f24a	avcodec/cbs_h2645: Remove dead code to delete trailing zeroes Trailing zeroes are already discarded when splitting a fragment, which makes the code to remove them when decomposing slices dead code. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8f701932b3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	5921562180	avcodec/cbs_av1_syntax_template: Set seen_frame_header only after successfull uncompressed_header() Fixes: assertion failure Fixes: 19301/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_MERGE_fuzzer-5743212006473728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a2e4879432`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	10e9e8b811	avcodec/mpegaudioenc_template: fix invalid shift of sample Fixes: Ticket8010 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a2c97a8342`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:36 +02:00
Michael Niedermayer	a78fb50d1f	avcodec/motion_est_template: Fix invalid shifts in no_sub_motion_search() Fixes: Ticket8167 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e13eee37ee`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	1756a83aed	libavformat/avienc: Check bits per sample for PAL8 Fixes: assertion failure Fixes: Ticket 8172 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3595878281`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	5946d0bafa	avformat/mpegts: Improve the position determination for avpriv_mpegts_parse_packet() Fixes: assertion failure Fixes: Ticket 8005 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e5bb48ae59`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	c80bb322a8	avcodec/magicyuv: Check that there are enough lines for interlacing to be possible Fixes: out of array access Fixes: 20763/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5759562508664832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f8a0e9f9f7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	07ffedc01d	avformat/mvdec: Check stream numbers Fixes: null pointer dereference Fixes: 20768/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5638648978735104.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `618a9bea65`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	85705482f2	avcodec/pcm: Fix invalid shift in AV_CODEC_ID_PCM_LXF Fixes: left shift of 233 by 24 places cannot be represented in type 'int' Fixes: 20736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_LXF_fuzzer-4829212685107200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `051d11f659`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	f10514b5e6	avcodec/qdm2: Check fft_coefs_index Fixes: out of array access Fixes: 20660/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5658290216501248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9fc73bf022`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	f5180c3b9b	avformat/utils: Fix integer overflow with complex time bases in avformat_find_stream_info() Fixes: signed integer overflow: 2045163756 * 2 cannot be represented in type 'int' Fixes: Ticket5132 Found-by: tsmith Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f3d8f517db`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	c7df41ed6b	avformat/avidec: Avoid integer overflow in NI switch check Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long' Fixes: Ticket8149 Found-by: Suhwan Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `347920ca21`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	26e55785dd	fftools/ffmpeg: Fix integer overflow in duration computation in seek_to_start() Fixes: signed integer overflow: -9223372036854775808 - 9223372036854775807 cannot be represented in type 'long' Fixes: Ticket8142 Found-by: Suhwan Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4f4ad33d96`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	0a565190a7	avfilter/vf_aspect: Fix integer overflow in compute_dar() Fixes: signed integer overflow: 1562273630 * 17 cannot be represented in type 'int' Fixes: Ticket8323 Found-by: Suhwan Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0c0ca0f244`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	3e88c32669	avcodec/apedec: Fix invalid shift with 24 bps Fixes: left shift of negative value -463 Fixes: 20542/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5688714435231744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8e27867229`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Dale Curtis	9a6d41e979	avformat/utils: Fix undefined behavior in ff_configure_buffers_for_index() When e2_pts == INT64_MIN and e1_pts >= 0 the calculation of e2_pts - e1_pts will overflow an int64_t. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f15007afa9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	3919ee03dd	avcodec/dpcm: Fix integer overflow in AV_CODEC_ID_GREMLIN_DPCM Fixes: signed integer overflow: -2147479324 + -32568 cannot be represented in type 'int' Fixes: 20103/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GREMLIN_DPCM_fuzzer-5667667579240448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b1aecad9ea`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	1016074532	avcodec/wmalosslessdec: Fix integer overflow with sliding in padding bits Fixes: signed integer overflow: -53716100 * 256 cannot be represented in type 'int' Fixes: 20143/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5716604000403456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b8a0be9352`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	df317ec215	avcodec/wmalosslessdec: Fix loop in revert_acfilter() Fixes: out of array read Fixes: 20059/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5691776237305856 No testcase except the fuzzed one. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5584c0bb94`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	6a4b26eaf6	avcodec/agm: YUV420 without DCT needs even dimensions Fixes: out of array access Fixes: 19892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5707525924323328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a98eeb0c1e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00
Michael Niedermayer	e6567ca7dc	avcodec/agm: Test remaining data in decode_raw_intra_rgb() Fixes: Timeout (270sec -> 25ms) Fixes: 20485/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5636954207289344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5c151e1491`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-05-19 17:17:35 +02:00

1 2 3 4 5 ...

94821 Commits