ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	30b3f2712d	avformat/sbgdec: Check for negative duration or un-representable end pts Fixes: signed integer overflow: 9230955872951340 - -9223372036854775808 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6330481893572608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9b00b5734d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:09 +01:00
Michael Niedermayer	44978c5b83	avcodec/escape124: Do not return random numbers Fixes: out of array access Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-6035022714634240 Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-6422176201572352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fe6d46490f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:09 +01:00
Michael Niedermayer	95b2569427	avcodec/apedec: Fix an integer overflow in predictor_update_filter() Fixes: signed integer overflow: -2147483506 + -801380 cannot be represented in type 'int' Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6578985923117056 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `515c0247a3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:08 +01:00
Michael Niedermayer	43c6fabb63	tools/target_dec_fuzzer: Adjust wmapro threshold Fixes: Timeout Fixes: 62266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5125460729921536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bb9f8a1cb7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:08 +01:00
Michael Niedermayer	3817209b6d	avformat/avs: Check if return code is representable Fixes: leak Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-6738814988320768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `52d666edec`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:08 +01:00
Michael Niedermayer	6e4690ede0	avcodec/lcldec: Make PNG filter addressing match the code afterwards Also update check accordingly Fixes: tickets/10237/mszh_306_306_yuv422_nocompress.avi Fixes: tickets/10237/mszh_306_306_yuv411_nocompress.avi Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d11b8bd0c6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:08 +01:00
Michael Niedermayer	87f556a10c	avformat/westwood_vqa: Check chunk size the type is also changed to int as it is interpreted as int in av_get_packet() Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-6593408795279360 Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4613908817903616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5c0df3da0b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:07 +01:00
Michael Niedermayer	f43562c38a	avformat/sbgdec: Check for period overflow Fixes: signed integer overflow: 4481246996173000000 - -4778576820000000000 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5063670588899328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a9137110ed`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:07 +01:00
Michael Niedermayer	d491053334	avformat/concatdec: Check in/outpoint for overflow Fixes: signed integer overflow: 91542414454000000 - -9154241494546000000 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-4739147999084544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dedc78b4b5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:07 +01:00
Michael Niedermayer	b358b080a1	avformat/mxfdec: Remove this_partition Suggested-by: Tomas Härdin <git@haerdin.se> Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5130394286817280 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `442d9412d2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:06 +01:00
Michael Niedermayer	d5f1ecbe24	avcodec/xvididct: Fix integer overflow in idct_row() Fixes: signed integer overflow: 1871429831 + 343006811 cannot be represented in type 'int' Fixes: 61784/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5372151001120768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b12444fe72`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:06 +01:00
Michael Niedermayer	0224effb52	avcodec/celp_math: avoid overflow in shift by making gain unsigned we have 1 bit more available alternatively we can clip twice as in the g729 reference Fixes: left shift of 23404 by 17 places cannot be represented in type 'int' Fixes: 61728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-6280412547383296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6580a7b2b2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:06 +01:00
Michael Niedermayer	7be649290e	tools/target_dec_fuzzer: Adjust threshold for rtv1 Fixes: 60499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RTV1_fuzzer-5020295866744832 Fixes: Timeout Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9ee87245c5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:05 +01:00
Michael Niedermayer	6c176df7e9	avformat/hls: reduce default max reload to 3 The 1000 did result in the appearance of a never ending reload loop The RFC mandates that "If the client reloads a Playlist file and finds that it has not changed, then it MUST wait for a period of one-half the target duration before retrying." and if it has changed "the client MUST wait for at least the target duration before attempting to reload the Playlist file again" Trying to reload 3 times seems a better default than 1000 given these durations Issue found by: Сергей Колесников Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5f810435c2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:05 +01:00
Michael Niedermayer	ee90868c67	avformat/format: Stop reading data at EOF during probing Issue found by: Сергей Колесников Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `80f6e0378b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:05 +01:00
Michael Niedermayer	3c56b5c3df	avcodec/jpeg2000dec: jpeg2000 has its own lowres option jpeg2000 overrides the global lowres variable with a lowres field called reduction_factor ffmpeg -lowres X causes the reduction_factor to be set ffplay -lowres X causes both lowres and the reduction_factor to be set ossfuss sets only lowres only the ffmpeg variant works. This patch tries to make the other 2 work. Alternative we could just error out if things are inconsistent. More complex restructuring should be limited to the master branch to keep this reasonably easy to backport Fixes: out of array access Fixes: 59672/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c012d1f2bb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:04 +01:00
Michael Niedermayer	55a00e464c	avcodec/huffyuvdec: avoid undefined behavior with get_vlc2() failure Fixes: left shift of negative value -1 Fixes: 59889/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HUFFYUV_fuzzer-5472742275940352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `90647a9249`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:04 +01:00
Michael Niedermayer	82f7adf45d	avcodec/cscd: Fix "CamStudio Lossless Codec 1.0" gzip files Fixes: tickets/10241/cscd_1_0_306_306_gzip.avi Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ab7d38f970`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:04 +01:00
Michael Niedermayer	fccc3130c7	avcodec/cscd: Check for CamStudio Lossless Codec 1.0 behavior in end check of LZO files Alternatively the check could be simply made more tolerant Fixes: Ticket10227 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d2a0464fc2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:03 +01:00
Michael Niedermayer	10dfb498ea	avcodec/mpeg4videodec: consider lowres in dest_pcm[] Fixes: out of array access Fixes: 59999/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5767982157266944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d48476183f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:03 +01:00
Michael Niedermayer	54d87e4b28	avcodec/hevcdec: Fix undefined memcpy() There is likely a better way to fix this, this is mainly to show the problem Fixes: MC within same frame resulting in overlapping memcpy() Fixes: 60189/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4992746590175232 Fixes: 61753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5022150806077440 Fixes: 58062/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4717458841010176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `94bd1796ff`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:03 +01:00
Michael Niedermayer	06ff2bfe0f	avcodec/mpeg4videodec: more unsigned in amv computation Fixes: signed integer overflow: -2147483648 + -1048576 cannot be represented in type 'int' Fixes: 59365/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-642654923954585 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0adaa90d89`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:02 +01:00
Michael Niedermayer	b91b26813c	avcodec/tta: fix signed overflow in decorrelate Fixes: signed integer overflow: 2079654542 - -139267653 cannot be represented in type 'int' Fixes: 60811/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5915858409750528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `283bf5c35b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:02 +01:00
Michael Niedermayer	e61e0ea8c6	avcodec/apedec: Fix 48khz 24bit below insane level Fixes: Ticket9816 Fixes: vlc.ape and APE_48K_24bit_2CH_02_01.ape Regression since: `ed0001482a`. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `80ad0e2198`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:02 +01:00
Michael Niedermayer	d548c94bfa	avcodec/apedec: Fix CRC for 24bps and bigendian Fixes CRC for vlc.ape and APE_48K_24bit_2CH_02_01.ape Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `696e161919`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:01 +01:00
Michael Niedermayer	7c646d22cf	avcodec/xvididct: Fix integer overflow in idct_row() Fixes: signed integer overflow: -1403461578 + -843974775 cannot be represented in type 'int' Fixes: 60868/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-4599793035378688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0ce322a51e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:01 +01:00
Michael Niedermayer	cfa3ae4181	avformat/avr: Check sample rate Fixes: 54979/clusterfuzz-testcase-minimized-ffmpeg_dem_AVR_fuzzer-6681035461230592 Fixes: Timeout Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `32556fa62b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:01 +01:00
Michael Niedermayer	9b5a8aa16d	avformat/imf_cpl: Replace NULL content_title_utf8 by "" Suggested-by: Pierre-Anthony Lemieux <pal@sandflow.com> Reviewed-by: Pierre-Anthony Lemieux <pal@sandflow.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ac3e6b74bd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:00 +01:00
Michael Niedermayer	c09250be43	avformat/imf_cpl: xmlNodeListGetString() can return NULL Fixes: NULL pointer dereference Fixes: 60166/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5998301577871360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Pierre-Anthony Lemieux <pal@sandflow.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `509ce40f18`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:00 +01:00
Michael Niedermayer	1759fd0d82	avcodec/pcm: allow Changing parameters SDR needs this for switching between mono and stereo stations Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `94d44dbe21`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:39:00 +01:00
Michael Niedermayer	fc94130cd6	avcodec/jpeg2000dec: Check for reduction factor and image offset This combination is not working (it writes out of array) Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9b6d191a66`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:59 +01:00
Michael Niedermayer	18bf4e4ff7	avutil/softfloat: Basic documentation for av_sincos_sf() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4aa1a42a91`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:59 +01:00
Michael Niedermayer	706c44541e	avutil/softfloat: fix av_sincos_sf() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d84677abd8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:59 +01:00
Michael Niedermayer	cde6758306	tools/target_dec_fuzzer: Adjust threshold for speex Fixes: Timeout Fixes: 59731/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEX_fuzzer-4809436670328832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fe167bae96`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:58 +01:00
Michael Niedermayer	515c7b21f4	avcodec/utils: fix 2 integer overflows in get_audio_frame_duration() Fixes: signed integer overflow: 256 * 668003712 cannot be represented in type 'int' Fixes: 59819/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4674636538052608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a4bf559683`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:58 +01:00
Michael Niedermayer	9b10b9b8cb	avcodec/hevcdec: Avoid null pointer dereferences in MC Fixes: runtime error: pointer index expression with base 0x000000000000 overflowed to 0xfffffffffffffff8 Fixes: 58440/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5956015530311680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a0f4d4e650`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:58 +01:00
Michael Niedermayer	df4170b2bc	avcodec/takdsp: Fix integer overflows Fixes: avcodec/takdsp.c:44:23: runtime error: signed integer overflow: -2097158 - 2147012608 cannot be represented in type 'int' Fixes: 58417/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5268919664640000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ff8a496d41`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:57 +01:00
Michael Niedermayer	74d3c9261a	avcodec: Ignoring errors is only possible before the input end Fixes: out of array read Fixes: Ticket 10308 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fead656a7b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:57 +01:00
Michael Niedermayer	537600e785	avformat/jpegxl_probe: Forward error codes Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `09621fd7d9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:57 +01:00
Michael Niedermayer	55de397fe0	avformat/jpegxl_probe: check length instead of blindly reading Enable the checked bitreader to avoid overread. Also add a few checks in loops and between blocks so we exit instead of continued execution. Alternatively we could add manual checks so that no overread can happen. This would be slightly faster but a bit more work and a bit more fragile Fixes: Out of array accesses Fixes: 59640/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-6584117345779712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1ec4553e35`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:56 +01:00
Michael Niedermayer	4e68048151	avformat/jpegxl_probe: Remove intermediate macro obfuscation around get_bits*() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `25c937c0e0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:56 +01:00
Michael Niedermayer	2cb93e863f	avcodec/noise_bsf: Check for wrapped frames Wrapped frames contain pointers so they need specific code to noise them, the generic code would lead to segfaults Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0889ebc577`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:56 +01:00
Michael Niedermayer	1892181787	avformat/oggparsetheora: clip duration within 64bit Fixes: signed integer overflow: 9079256848778919936 - -288230376151711746 cannot be represented in type 'long' Fixes: 58248/clusterfuzz-testcase-minimized-ffmpeg_dem_OGG_fuzzer-6326851353313280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b1c3d81e71`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:55 +01:00
Michael Niedermayer	50e2f8ef33	avformat/wavdec: Check that smv block fits in available space Fixes: OOM Fixes: 56271/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5290810045497344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a76efafdb9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:55 +01:00
Michael Niedermayer	7337f2e8e3	avcodec/tiff: add a zero DNG_LINEARIZATION_TABLE check Fixes: index 4294967295 out of bounds for type 'uint16_t [65536]' Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5950405086674944 Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6666195176914944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6e98cf0280`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:55 +01:00
Michael Niedermayer	f174aa7134	avcodec/tak: Check remaining bits in ff_tak_decode_frame_header() Fixes: out of array access Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6682195323650048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `19b66b89da`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:54 +01:00
Michael Niedermayer	2878299b73	avcodec/sonic: Fix two undefined integer overflows Fixes: signed integer overflow: 2147483372 - -148624 cannot be represented in type 'int' Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5477177805373440 Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-6681622236233728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2632e90493`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:54 +01:00
Michael Niedermayer	0c2b08227e	avcodec/utils: the IFF_ILBM implementation assumes that there are a multiple of 16 allocated Fixes: out of array access Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5124452659888128 Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6362836707442688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `34056a94ea`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:54 +01:00
Michael Niedermayer	b9c79be726	avcodec/exr: Cleanup befor return Fixes: leaks Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6703454090559488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `885ff3b879`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:53 +01:00
Michael Niedermayer	13644a75d8	avcodec/pngdec: Do not pass AVFrame into global header decode The global header should not contain a frame, and decoding it would result in leaks Fixes: memleak Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-6603443149340672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d31d4f3228`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-30 00:38:53 +01:00

1 2 3 4 5 ...

107645 Commits