Dale Curtis
36db62ca98
avformat/utils: Prevent undefined shift with wrap_bits > 64.
...
2LL << (wrap_bits=64 - 1) does not fit in int64_t; change the
code to use a uint64_t (2ULL) and add an av_assert2() to
ensure wrap_bits <= 64.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 03fbc0daa7michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
17f05ff656
avcodec/j2kenc: Fix out of array access in encode_cblk()
...
Fixes: 4427/clusterfuzz-testcase-minimized-5106919271301120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0674087004michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
0ccbbf034d
avcodec/hevcdsp_template: Fix undefined shift in put_hevc_epel_bi_w_h()
...
Fixes: runtime error: left shift of negative value -127
Fixes: 4397/clusterfuzz-testcase-minimized-4779061080489984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0409d33311michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
John Stebbins
f7357facd8
lavf/mov: fix huge alloc in mov_read_ctts
...
An invalid file may cause huge alloc. Delay expansion of ctts entries
until the number of samples is known in mov_build_index.
Fixes: 23
Found-by: zhao dongzhuo, AD-lab of Venustech
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2d015d3bf9michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
ed87667bd3
avcodec/mlpdsp: Fix signed integer overflow, 2nd try
...
The outputted bits should match what is used in the lossless check
Fixes: runtime error: signed integer overflow: -538697856 * 256 cannot be represented in type 'int'
Fixes: 4326/clusterfuzz-testcase-minimized-5689449645080576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 97c00edaa0michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
983d119c9b
avcodec/h264idct_template: Fix integer overflow in ff_h264_idct8_add
...
Fixes: signed integer overflow: 452986184 - -2113885312 cannot be represented in type 'int'
Fixes: 4196/clusterfuzz-testcase-minimized-5580648594014208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9cc926da7dmichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
e56f691283
avcodec/kgv1dec: Check that there is enough input for maximum RLE compression
...
Fixes: Timeout
Fixes: 4271/clusterfuzz-testcase-4676667768307712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3aad94bf2bmichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
3ae71b648a
avformat/aacdec: Fix leak in adts_aac_read_packet()
...
Fixes: chromium-773637/clusterfuzz-testcase-minimized-6418078673141760
Found-by: ossfuzz/chromium
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2779d33ed9michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
f2f0273588
avcodec/dirac_dwt: Fix integer overflow in COMPOSE_FIDELITYi*
...
Fixes: runtime error: signed integer overflow: -2143827186 - 7404944 cannot be represented in type 'int'
Fixes: 4354/clusterfuzz-testcase-minimized-4671122764201984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2b6964f764michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
de20dad15e
avcodec/sbrdsp_fixed: Fix integer overflow
...
Fixes: signed integer overflow: 2147483598 + 64 cannot be represented in type 'int'
Fixes: 4337/clusterfuzz-testcase-minimized-6192658616680448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 12a511f2c2michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
1549890035
avcodec/mpeg4videodec: Check also for negative versions in the validity check
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0e7865ce41michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Dale Curtis
35c7a1df8a
Close ogg stream upon error when using AV_EF_EXPLODE.
...
Without this there can be multiple memory leaks for unrecognized
ogg streams.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bce8fc0754michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Dale Curtis
f8fcb6bbf0
Fix undefined shift on assumed 8-bit input.
...
decode_user_data() attempts to create an integer |build|
value with 8 bits of spacing for 3 components. However
each component is an int32_t, so shifting each component
is undefined for values outside of the 8 bit range.
This patch simply clamps input to 8-bits per component
and prints out a warning that the values were clamped.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7010dd98b5michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Dale Curtis
50c93ce5ef
Use ff_thread_once for fixed, float table init.
...
These tables are static so they should only be initialized once
instead of on every call to ff_mpadsp_init().
Signed-off-by: Dale Curtis <dalecurtis@chromium.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5eaaffaf64michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Dale Curtis
9a00ce0ff8
Fix leak of frame_duration_buffer in mov_fix_index().
...
Should be unconditionally freed at the end of mov_fix_index() in
case it hasn't been used during the fix up.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org >
Reviewed-by: Sasi Inguva <isasi-at-google.com@ffmpeg.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d073be2291michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Jacob Trimble
8aabc4fdb5
avformat/mov: Propagate errors in mov_switch_root.
...
Signed-off-by: Jacob Trimble <modmaker@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2d9cf3bf16michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
2e58db3db0
avcodec/hevcdsp_template: Fix invalid shift in put_hevc_epel_bi_w_v()
...
Fixes: runtime error: left shift of negative value -255
Fixes: 4037/clusterfuzz-testcase-minimized-5290998163832832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7d88586e47michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
4942de6f93
avcodec/mlpdsp: Fix undefined shift ff_mlp_pack_output()
...
Fixes: runtime error: left shift of negative value -7862264
Fixes: 4074/clusterfuzz-testcase-minimized-4516104123711488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f7f70738emichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
cc9d1bb839
avcodec/zmbv: Check that the buffer is large enough for mvec
...
Fixes: Timeout
Fixes: 4143/clusterfuzz-testcase-4736864637419520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2ab9568a2cmichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
0ba93614cf
avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD137iL0()
...
Fixes: 4035/clusterfuzz-testcase-minimized-6479308925173760
Fixes: runtime error: signed integer overflow: 9 * 402653183 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 73964680d7michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
ecf2755a41
avcodec/wmv2dec: Check end of bitstream in parse_mb_skip() and ff_wmv2_decode_mb()
...
Fixes: Timeout
Fixes: 3200/clusterfuzz-testcase-5750022136135680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 65e0a7c473michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
23d5f15b42
avcodec/snowdec: Check for remaining bitstream in decode_blocks()
...
Fixes: Timeout
Fixes: 3142/clusterfuzz-testcase-5007853163118592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4527ec2216michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
77cfc820cf
avcodec/snowdec: Check intra block dc differences.
...
Fixes: Timeout
Fixes: 3142/clusterfuzz-testcase-5007853163118592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c3b9bbcc6emichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Fredrik Hubinette
53715eb13e
avformat/mov: Check size of STSC allocation
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a6fdd75fe6michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
7b16eacf81
avcodec/vc2enc: Clear coef_buf on allocation
...
Fixes: Use of uninitialized memory
Fixes: assertion failure
Reviewed-by: <atomnuker>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6d00905f81michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
d25736dc87
avcodec/h264dec: Fix potential array overread
...
add padding before scantable arrays
See: 522d850e68michael@niedermayer.cc >
(cherry picked from commit 380b48fb9fmichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
6ccf19198b
avcodec/x86/mpegvideodsp: Fix signedness bug in need_emu
...
Fixes: out of array read
Fixes: 3516/attachment-311488.dat
Found-by: Insu Yun, Georgia Tech.
Tested-by: wuninsu@gmail.com
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 58cf31cee7michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
44fb120112
avcodec/aacpsdsp_template: Fix integer overflows in ps_decorrelate_c()
...
Fixes: runtime error: signed integer overflow: 1939661764 - -454942263 cannot be represented in type 'int'
Fixes: 3191/clusterfuzz-testcase-minimized-5688798451073024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2afe05402fmichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
db82e4f1e0
avcodec/aacdec_fixed: Fix undefined shift
...
Fixes: runtime error: left shift of negative value -801112064
Fixes: 3492/clusterfuzz-testcase-minimized-5784775283441664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fca198fb5bmichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
168ee58255
avcodec/mdct_*: Fix integer overflow in addition in RESCALE()
...
Fixes: runtime error: signed integer overflow: 1219998458 - -1469874012 cannot be represented in type 'int'
Fixes: 3443/clusterfuzz-testcase-minimized-5369987105554432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 770c934fa1michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
3a143bfa19
avcodec/snowdec: Fix integer overflow in header parsing
...
Fixes: 3984/clusterfuzz-testcase-minimized-5265759929368576
Fixes: runtime error: signed integer overflow: -1085585801 + -1094995529 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c897a92858michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
ed87b8b61f
avcodec/cngdec: Fix integer clipping
...
Fixes: runtime error: value -36211.7 is outside the range of representable values of type 'short'
Fixes: 2992/clusterfuzz-testcase-6649611793989632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 51090133b3michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
87f39642f3
avcodec/sbrdsp_fixed: Fix integer overflow in shift in sbr_hf_g_filt_c()
...
Fixes: runtime error: shift exponent 66 is too large for 64-bit type 'long long'
Fixes: 3642/clusterfuzz-testcase-minimized-5443853801750528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 981e99ab99michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
8ec1ff14fe
avcodec/aacsbr_fixed: Fix division by zero in sbr_gain_calc()
...
Fixes: 3642/clusterfuzz-testcase-minimized-5443853801750528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7d1dec4668michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
3f2be02b4d
avutil/softfloat: Add FLOAT_MIN
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e34fe61bf4michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
56ce961cc3
avcodec/h264idct_template: Fix integer overflows in ff_h264_idct8_add()
...
Fixes: runtime error: signed integer overflow: -503316480 + -2013265038 cannot be represented in type 'int'
Fixes: 3805/clusterfuzz-testcase-minimized-6578427831255040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e131b8cedbmichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
3ca4f1868d
avcodec/xan: Check for bitstream end in xan_huffman_decode()
...
Fixes: Timeout
Fixes: 3707/clusterfuzz-testcase-6465922706440192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4b51437dccmichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
0ee2cb866c
avcodec/exr: fix undefined shift in pxr24_uncompress()
...
Fixes: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 3787/clusterfuzz-testcase-minimized-5728764920070144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 66f0c958bfmichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Luca Barbato
78b8aeee58
avformat: Free the internal codec context at the end
...
Avoid a use after free in avformat_find_stream_info.
(cherry picked from commit 9e4a5eb51bmichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
66e65e0a68
avcodec/h264idct_template: Fix integer overflows in ff_h264_idct8_add()
...
Fixes: runtime error: signed integer overflow: 924846844 + 1457520640 cannot be represented in type 'int'
Fixes: 3416/clusterfuzz-testcase-minimized-6125587682820096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2b739e1cb8michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
6be60aedcb
avcodec/xan: Improve overlapping check
...
Fixes: memcpy-param-overlap
Fixes: 3612/clusterfuzz-testcase-minimized-6393461273001984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e8fafef1dbmichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
dccead84c6
avcodec/aacdec_fixed: Fix integer overflow in apply_dependent_coupling_fixed()
...
Fixes: runtime error: signed integer overflow: 623487 * 536870912 cannot be represented in type 'int'
Fixes: 3594/clusterfuzz-testcase-minimized-4650622935629824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 41d96af2a7michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
b3bdb0ddc1
avcodec/aacdec_fixed: Fix integer overflow in predict()
...
Fixes: runtime error: signed integer overflow: -2110708110 + -82837504 cannot be represented in type 'int'
Fixes: 3547/clusterfuzz-testcase-minimized-6009386439802880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0976752420michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
7a23220bf9
avcodec/jpeglsdec: Check for end of bitstream in ls_decode_line()
...
Fixes: 1773/clusterfuzz-testcase-minimized-4832523987189760
Fixes: Timeout
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f80224ed19michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
1c931d5ab9
avcodec/jpeglsdec: Check ilv for being a supported value
...
Fixes: 1773/clusterfuzz-testcase-minimized-4832523987189760
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fe533628b9michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
7ff156b112
tests/ffserver.regression.ref: update checksums to what ffserver currently produces
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 431eccd61emichael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
Michael Niedermayer
561e276899
ffserver: Fix off by 1 error in path
...
Code suggested by ubitux
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 617f0c65e1michael@niedermayer.cc >
2017-12-07 23:38:06 +01:00
James Almer
bcfbcbec48
avcodec/proresdec: align dequantization matrix buffers
...
Should fix ticket #6838
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit f399172d6e
2017-12-01 01:27:24 -03:00
James Almer
2940b3e17c
avformat/matroskaenc: add missing allocation failure checks for stream durations
...
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 5f67073b4c
2017-12-01 01:26:15 -03:00
James Almer
8d51090dcb
avformat/matroskaenc: actually enforce the stream limit
...
Prevents out of array accesses. Adressess ticket #6873
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 9d464dc3fc
2017-12-01 01:25:45 -03:00
