ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	3df814c735	avformat/sbgdec: Reduce the amount of floating point in str_to_time() Fixes: 1e+75 is outside the range of representable values of type 'long' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6626834808700928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ac6c8993f7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	d7566366ff	avformat/mxfdec: Free all types for both Descriptors Fixes: memleak Fixes: 26352/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5201158714687488 Suggested-by: Tomas Härdin <tjoppen@acc.umu.se> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `88519be8db`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	4520a4efa4	uavformat/rsd: check for EOF in extradata Fixes: OOM Fixes: 26503/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6530816735444992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7186ec88b9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	35729e0fdb	avcodec/wmaprodec: Check packet size Fixes: left shift of negative value -25824 Fixes: 27754/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5760255962906624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `69aeba8a19`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	62dd7e3dc0	avcodec/rasc: Check frame before clearing Fixes: null pointer dereference Fixes: 27737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RASC_fuzzer-5769028685266944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `380a3a0adf`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	f8940d5104	avcodec/alsdec: Fix integer overflow with quant_cof Fixes: signed integer overflow: -210824 * 16384 cannot be represented in type 'int' Fixes: 28670/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5682310846480384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7ce40dde03`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	94fbe523ee	avformat/mpegts: Fix argument type for av_log Reviewed-by: Marton Balint <cus@passwd.hu> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `654b21ef17`)	2021-09-09 13:53:29 +02:00
Michael Niedermayer	1e015c01a2	avformat/cafdec: clip sample rate Fixes: 1.21126e+111 is outside the range of representable values of type 'int' Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5412960339755008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `684aec6a68`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	ed4e706190	avcodec/ffv1dec: Fix off by 1 error with quant tables Fixes: assertion failure Fixes: 28447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5369575948550144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5cae71d2b7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	5d4d2910a5	avformat/mpegts: Increase pcr_incr width to 64bit Fixes: division by zero Fixes: 26459/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5666350112178176 Fixes: 28154/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5195728439476224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Marton Balint <cus@passwd.hu> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ef7b117b7b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	85cdb58efb	avcodec/utils: Check bitrate for overflow in get_bit_rate() Fixes: signed integer overflow: 617890810133996544 * 16 cannot be represented in type 'long' Fixes: 26565/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5092054700654592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8aadae670f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	7c36b94966	avformat/mov: Check if hoov is at the end Fixes: Timeout, probably infinite loop Fixes: 26559/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5391165484171264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0afbaabdca`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	cb1f3b5fc6	avcodec/hevc_ps: check scaling_list_dc_coef Fixes: signed integer overflow: 2147483640 + 8 cannot be represented in type 'int' Fixes: 28449/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5686013259284480 Reviewed-by: James Almer <jamrial@gmail.com> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f1700bd8bb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	6c57a7ce4d	avformat/iff: Check data_size Fixes: infinite loop Fixes: 27834/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5694930919620608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `001bc594d8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	b12ef6f7ac	avformat/matroskadec: Sanity check codec_id/track type Fixes: memleak Fixes: 27766/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5198300814508032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7b88dd8f0c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	9ca2abb90c	avformat/rpl: Check the number of streams Fixes: out of memory access Fixes: 27787/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4743666463408128.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0677bdb1f5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	57c8136d6c	avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct() Fixes: signed integer overflow: -2105540608 - 2105540608 cannot be represented in type 'int' Fixes: 26870/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5656647567147008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `51dfd6f1bd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	471c8ae5b6	avformat/dsfdec: Check block_align more completely Fixes: infinite loop Fixes: 26865/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-5649473830912000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `65b8974d54`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	6eba6551b8	avformat/mpc8: Check remaining space in mpc8_parse_seektable() Fixes: Fixes infinite loop Fixes: 26704/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6327056939614208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4f66dd13d0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	1e4a9d64d1	avformat/id3v2: Sanity check tlen before alloc and uncompress Fixes: Timeout (>20sec -> 65ms) Fixes: 26896/clusterfuzz-testcase-minimized-ffmpeg_dem_DAUD_fuzzer-5691024049176576 Fixes: 27627/clusterfuzz-testcase-minimized-ffmpeg_dem_AEA_fuzzer-4907019324358656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d7f87a4b9e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	a290ea5127	avformat/vqf: Check len for COMM chunks Fixes: Infinite loop Fixes: 26696/clusterfuzz-testcase-minimized-ffmpeg_dem_VQF_fuzzer-5648269168082944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a834af133b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	bb81e6eb55	avcodec/hevc_cabac: Limit value in coeff_abs_level_remaining_decode() tighter The max depth is 16bps, the max allowed coefficient depth is depth+6 Fixes: signed integer overflow: 1074266112 + 1073725439 cannot be represented in type 'int' Fixes: 26493/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657763331702784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7cf852b03c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	44e692bb0a	avformat/cafdec: Check the return code from av_add_index_entry() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9dc3301745`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	aeef24785a	avformat/cafdec: Check for EOF in index read loop Fixes: OOM Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-541296033975500 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `eb46939e3a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	6723d6db9b	avformat/cafdec: Check that bytes_per_packet and frames_per_packet are non negative These fields are not signed in the spec (1.0) so they cannot be negative Changing bytes_per_packet to unsigned would not solve this as it is exported as block_align which is signed Fixes: Infinite loop Fixes: 26492/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5632087614554112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5eed718087`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	6379a6f343	avformat/mpc8: correct integer overflow in mpc8_parse_seektable() Fixes: signed integer overflow: -4683718486770919638 * 2 cannot be represented in type 'long' Fixes: 26704/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6327056939614208 Fixes: 27550/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6259212652642304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0897402ac8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	2cb42f5cc0	avformat/mpc8: correct 32bit timestamp truncation Fixes: left shift of 65536 by 15 places cannot be represented in type 'int' Fixes: 26801/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-5164313092030464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ad3e495657`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	40f056abed	avcodec/exr: Check ymin vs. h Fixes: out of array access Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344 Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3e5959b345`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	f149875325	avformat/avs: Use 64bit for the avio_tell() output Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long' Fixes: 26549/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4844306424397824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1278f117d7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	56789d3ea3	avformat/wavdec: More complete size check in find_guid() Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long' Fixes: 27341/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5442833206738944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a207df2acb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	71411669cd	avformat/iff: Check size before skip Fixes: Infinite loop Fixes: 27292/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5731168991051776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8b50e8bc29`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	680f50938f	avformat/rmdec: Check for EOF in index packet reading Fixes: Timeout(>10sec -> 1ms) Fixes: 27284/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6304211110985728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ebf4bc629e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	0dc7491879	avformat/icodec: Check for zero streams and stream creation failure Fixes: NULL pointer dereference Fixes: 26814/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5758487797432320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b33233bd53`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	2781ce1ea9	avformat/icodec: Factor failure code out in read_header() Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `27ee67c00f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	158f357b10	avformat/bintext: Check width Fixes: division by 0 Fixes: 26780/clusterfuzz-testcase-minimized-ffmpeg_dem_ADF_fuzzer-5117945027756032 Fixes: 26998/clusterfuzz-testcase-minimized-ffmpeg_dem_ADF_fuzzer-5119352359354368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f6dc285fb5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	82728dee12	avformat/sbgdec: Check that end is not before start Fixes: signed integer overflow: -9223372036854775808 + -5279949906739200 cannot be represented in type 'long' Fixes: 26908/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6329610851319808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9ef60a66f1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	a675945380	avformat/lvfdec: Check stream_index before use Fixes: assertion failure Fixes: 26905/clusterfuzz-testcase-minimized-ffmpeg_dem_LVF_fuzzer-5724267599364096.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b1d99ab14f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	5d0d405d6c	avformat/au: cleanup on EOF return in au_read_annotation() Fixes: memleak Fixes: 26841/clusterfuzz-testcase-minimized-ffmpeg_dem_AU_fuzzer-5174166309044224 Regression since: `e680d50eb4` Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d16974c3dd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	f9cde79ca7	avformat/mpegts: Limit copied data to space Fixes: out of array access Fixes: 26816/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-6282861159907328.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Marton Balint <cus@passwd.hu> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `79cf7c7191`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	c2221da019	avformat/bintext: Check width in idf_read_header() Fixes: division by 0 Fixes: 26802/clusterfuzz-testcase-minimized-ffmpeg_dem_IDF_fuzzer-5180591554953216.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `442d53f409`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	9d2df3050e	avformat/iff: check size against INT64_MAX Bigger sizes are misinterpreted as negative numbers by the API Fixes: infinite loop Fixes: 26611/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4890614975692800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f291cd681b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	72a8fb594d	avformat/paf: Check for EOF in read_table() Fixes: OOM Fixes: 26528/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5081929248145408 Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `437b7302b0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	da5220bc06	avformat/gxf: Check pkt_len Fixes: Infinite loop Fixes: 26576/clusterfuzz-testcase-minimized-ffmpeg_dem_GXF_fuzzer-4823080360476672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dad9a86ca7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	5a76224c88	avformat/aiffdec: Check packet size Fixes: Fixes infinite loop Fixes: 26575/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5727522236661760 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0ba71a72d3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	4ed6695658	avformat/concatdec: use av_strstart() Fixes: out array read Fixes: 26610/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5631838049271808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2610acb49a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	26db6eccce	avformat/wavdec: Refuse to read chunks bigger than the filesize in w64_read_header() Fixes: OOM Fixes: 26414/clusterfuzz-testcase-minimized-ffmpeg_dem_FWSE_fuzzer-5070632544632832 Fixes: 26475/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5770207722995712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7b2244565a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	c07f2cfaec	avformat/rsd: Check size and start before computing duration Fixes: signed integer overflow: 100794754 * 28 cannot be represented in type 'int' Fixes: 26474/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-5181797606096896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c79d8a6851`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	36ff07fd02	avformat/iff: More completely check body_size Fixes: infinite loop Fixes: 26485/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5126561373880320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3588e2e6b0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	bb88c223d6	avformat/xwma: Check for EOF in dpds_table read code Fixes: Timeout (>30 -> 140ms) Fixes: 26478/clusterfuzz-testcase-minimized-ffmpeg_dem_XWMA_fuzzer-5918147066200064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `44b18a76b8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00
Michael Niedermayer	c07661c8cd	avcodec/utils: Check sample rate before use for AV_CODEC_ID_BINKAUDIO_DCT in get_audio_frame_duration() Fixes: shift exponent 95 is too large for 32-bit type 'int' Fixes: 26590/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-5120609937522688 Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ec7e0d4288`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +02:00

1 2 3 4 5 ...

93279 Commits