Michael Niedermayer
2ec7e09a0c
avformat/avidec: fix position overflow in avi_load_index()
...
Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 527821a2ddmichael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
81aa2e05e4
avformat/aiffdec: Check for size overflow in header parsing
...
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bae2e19777michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
4f822df7b5
avformat/mxfdec: Check size for shrinking
...
av_shrink_packet() takes int size, so size must fit in int
Fixes: out of array access
Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 65b862ab59michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
maryam ebr
c7b205dedd
avcodec/dnxhddec: check and propagate function return value
...
Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
crafted DNxHD data can cause unspecified impact.
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 7150f95756michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
764de1f6d8
swscale/slice: Fix wrong return on error
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7874d40f10michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
f9d94e32e5
swscale/slice: Check slice for allocation failure
...
Fixes: null pointer dereference
Fixes: alloc_slice.mp4
Found-by: Rafael Dutra <rafael.dutra@cispa.de >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 997f9cfc12michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
97fe9123d1
avformat/matroskadec: Fix handling of huge default durations
...
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 343d950a4amichael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
8af3700cf1
avcodec/lpc: check for zero err in normalization in compute_lpc_coefs()
...
Fixes: floating point division by 0
Fixes: Ticket8213
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 70874e024amichael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
6977ac9321
avformat/ftp: Check for av_strtok() failure
...
Fixes: CID1396258 Dereference null return value
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9d40782088michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
1aa91dc78f
tools/cws2fws: Check read() for failure
...
Fixes: CID1452579 Argument cannot be negative
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0b3cdd7cc2michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
26cd140d0c
avcodec/cpia: Fix missing src_size update
...
Fixes: out of array read
Fixes: 35210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5669199688105984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cea05864e6michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
39cf28ffd6
avformat/rmdec: Check old_format len for overflow
...
Maybe such large values could be disallowed earlier and closer to where
they are set.
Fixes: signed integer overflow: 538976288 * 8224 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6704350354341888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 06d174e289michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
1bab818597
avformat/realtextdec: Check the pts difference before using it for the duration computation
...
Fixes: signed integer overflow: 5404200000 - -9223372031709351616 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-6737340551790592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fe12aa6890michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
cfd53ab2e9
avformat/qcp: Avoid negative nb_rates
...
Fixes: signed integer overflow: 2 * -1725947872 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_QCP_fuzzer-6726807632084992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1b865cc703michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
84b8d62f8f
avformat/nutdec: Check tmp_size
...
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6739990530883584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1ca00b5e44michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
dbe314da36
avformat/mpc8: Check for position overflow in mpc8_handle_chunk()
...
Fixes: signed integer overflow: 15 + 9223372036854775796 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6723520756318208
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6739833034768384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8ef25d1182michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
aac9aa0130
avformat/dxa: Check fps to be within the supported range more precissely
...
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: assertion failure
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6744985740378112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6ea494befcmichael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
5023d4e66b
avformat/tta: Check for EOF in index reading loop
...
Fixes: OOM
Fixes: 33585/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-4564665830080512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b72d657b73michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
55a8cc1c1b
Update missed irc links
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c067d20177michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
a995a24c1d
avformat/rpl: The associative law doesnt hold for signed integers in C
...
Add () to avoid undefined behavior
Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long'
Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 480f11bdd7michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
38bbe6762b
avcodec/faxcompr: Check available bits in decode_uncompressed()
...
Fixes: Timeout
Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Fixes: 34966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4587409334468608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ff56c139e0michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
7d575feadf
avcodec/faxcompr: Check if bits are available before reading in cmode == 9 || cmode == 10
...
Fixes: Timeout
Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7d8421e3d5michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
86c5a34b7a
avcodec/ttadata: Add sentinel at the end of ff_tta_shift_1
...
Fixes: out of array access
Fixes: 34933/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5629322560929792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit dbbcfbcc4emichael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
291ebdfc72
avformat/rpl: Check for EOF and zero framesize
...
Fixes: Infinite loop
Fixes: 34751/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5439330800762880
Fixes: 34774/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5851571660390400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a0a4a527c3michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
c9abe2d411
avcodec/svq1enc: Do not print debug RD value before it has been computed
...
Avoids floating point division by 0
Fixes: Ticket8191
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c297f7e57amichael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
f590e7b738
avcodec/aacpsy: Check bandwidth
...
Fixes: Ticket8011
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 36dead4bc2michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
bc5dde5ec0
avfilter/vf_yadif: Fix handing of tiny images
...
Fixes: out of array access
Fixes: Ticket8240
Fixes: CVE-2020-22021
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7971f62120michael@niedermayer.cc >
(cherry picked from commit bb08ee0c6fb7bdebd37cbf00aefed206909e8f78)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
6a69e7a2cb
avformat/cinedec: Fix index_entries size check
...
Fixes: out of array access
Fixes: 29868/clusterfuzz-testcase-minimized-ffmpeg_dem_CINE_fuzzer-5692001957445632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
a335ce4de0
avcodec/lpc: Avoid floating point division by 0
...
Fixes: Ticket7996
Fixes: CVE-2020-20445
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 38d18fb578michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
287323027e
avcodec/aacpsy: Avoid floating point division by 0 of norm_fac
...
Fixes: Ticket7995
Fixes: CVE-2020-20446
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 223b5e8ac9michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
af725c3b36
avcodec/exr: x/ymax cannot be INT_MAX
...
The code uses x/ymax + 1 so the maximum is INT_MAX-1
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 33158/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5545462457303040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 48342aa075michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
b9792b3171
avcodec/faxcompr: Check for end of bitstream in decode_group3_1d_line() and decode_group3_2d_line()
...
Fixes: infinite loop
Fixes: 33674/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4816457818046464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 08d2df4153michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
675c3942ea
avcodec/utils: treat PAL8 for jpegs similar to other colorspaces
...
Fixes: out of array access
Fixes: 33713/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5778775641030656
Fixes: 33717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4960397238075392
Fixes: 33718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-5314270096130048.fuzz
Fixes: 33719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5352721864589312
Fixes: 33721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5938892055379968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f0ce023ddbmichael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
738ddf021d
avcodec/jpeglsdec: Set alpha plane in PAL8 so image is not 100% transparent
...
Fixes: tickets/3933/128.jls
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 011006874cmichael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
f9e58ec834
avformat/id3v2: Check end for overflow in id3v2_parse()
...
Fixes: signed integer overflow: 9223372036840103978 + 67637280 cannot be represented in type 'long'
Fixes: 33341/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6408154041679872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit efdb564504michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
e8f5968d4f
avformat/wtvdec: Improve size overflow checks in parse_chunks()
...
Fixes: signed integer overflow: 32 + 2147483647 cannot be represented in type 'int
Fixes: 32967/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5132856218222592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f8ec1da8acmichael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
a8408f5ca2
avcodec/faxcompr: Check remaining bits on error in decode_group3_1d_line()
...
Fixes: Timeout
Fixes: 32886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4779761466474496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7b3881f0damichael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
af78179b4d
avcodec/dpx: Check bits_per_color earlier
...
Fixes: shift exponent 251 is too large for 32-bit type 'int'
Fixes: 32147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-5519111675314176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c093eb3031michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
0b2d4997ba
avcodec/pnm_parser: Check image size addition for overflow
...
Fixes: assertion failure
Fixes: out of array access
Fixes: 32664/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6533642202513408.fuzz
Fixes: 32669/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6001928875147264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 79ac8d5546michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
dae4efc282
avcodec/mpegvideo: Update chroma_?_shift in ff_mpv_common_frame_size_change()
...
Fixes: out of array access
Fixes: 31201/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4627865612189696.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 87d87e6587michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
718c64f03b
avformat/mov: Ignore multiple STSC / STCO
...
Fixes: STSC / STCO inconsistency and assertion failure
Fixes: crbug1184666.mp4
Found-by: Chromium ASAN fuzzer
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2611d20d35michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
59ec9f802f
avformat/utils: Extend overflow check in dts wrap in compute_pkt_fields()
...
Fixes: signed integer overflow: -9223372032574480351 - 4294967296 cannot be represented in type 'long long'
Fixes: 30022/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5568610275819520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b37ff29e0emichael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
17811e6d40
avfilter/vf_scale: Fix adding 0 to NULL (which is UB) in scale_slice()
...
Found-by: Jeremy Leconte <jleconte@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1cf96ce269michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
f2291bace2
avutil/common: Add FF_PTR_ADD()
...
Suggested-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 522a5259e9michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
b7af5a77dd
avformat/wtvdec: Check size in SBE2_STREAM_DESC_EVENT / stream2_guid
...
Fixes: signed integer overflow: 539033600 - -1910497124 cannot be represented in type 'int'
Fixes: 30928/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5922630966312960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1f74661543michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
1b117fb91d
avformat/cafdec: Do not build an index if all packets are the same
...
Fixes: Timeout
Fixes: 28214/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6495999421579264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ea12590c8emichael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
3fb27daa32
avcodec/sonic: Use unsigned temporary in predictor_calc_error()
...
Fixes: signed integer overflow: -2147471366 - 18638 cannot be represented in type 'int'
Fixes: 30157/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5171199746506752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 075d793ba8michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
fc191eeafe
avformat/flvdec: Check array entry number
...
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 30209/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-5724831658147840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b5d8fe1c87michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
3ca8acfe2d
avformat/movenc: Avoid loosing cluster array on failure
...
Fixes: crash
Fixes: check_pkt.mp4
Found-by: Rafael Dutra <rafael.dutra@cispa.de >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5c2ff44f91michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
Michael Niedermayer
1414037c8c
avformat/avidec: Check for dv streams before using priv_data in parse ##dc/##wb
...
Fixes: null pointer dereference
Fixes: 31588/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6165716135968768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f733688d30michael@niedermayer.cc >
2021-10-17 21:34:53 +02:00
