ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	4ade217ae0	avcodec/wavpack: Fix runtime error: signed integer overflow: 1886191616 + 277872640 cannot be represented in type 'int' Fixes: 2181/clusterfuzz-testcase-minimized-6314784322486272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c996374d4d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:18 +02:00
Michael Niedermayer	27c729a21f	avcodec/snowdec: Fix runtime error: left shift of negative value -1 Fixes: 2197/clusterfuzz-testcase-minimized-6010716676947968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2e44126363`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	bae346d1c1	avcodec/tiff: Fix leak of geotags[].val Fixes: 2176/clusterfuzz-testcase-minimized-5908197216878592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `22a25ab389`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	32cd8e5a07	avcodec/ra144: Fix runtime error: signed integer overflow: -2200 * 1033073 cannot be represented in type 'int' Fixes: 2175/clusterfuzz-testcase-minimized-5809657849315328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `71da0a5c97`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	07c9709a33	avcodec/flicvideo: Fix runtime error: signed integer overflow: 4864 * 459296 cannot be represented in type 'int' Fixes: 2174/clusterfuzz-testcase-minimized-5739234533048320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `90e8317b3b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	9d38f5cc2b	avcodec/ac3dec_fixed: Fix multiple runtime error: signed integer overflow: -39271008 * 59 cannot be represented in type 'int' Fixes: 2113/clusterfuzz-testcase-minimized-6510704959946752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4e3ab1a5c1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	1afe127401	avcodec/pafvideo: Fix assertion failure Fixes: 2100/clusterfuzz-testcase-minimized-4522961547558912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c4360559ee`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	31dd76349a	avcodec/takdec: Fix multiple runtime error: signed integer overflow: 637072 * 4096 cannot be represented in type 'int' Fixes: 2079/clusterfuzz-testcase-minimized-5345861779324928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e4efd41b83`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	cd6cce2330	avcodec/mjpegdec: Check that reference frame matches the current frame Fixes: out of array read Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4705edbbb9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	645c3b9009	avcodec/tiff: Avoid loosing allocated geotag values Fixes memleak Fixes: 2076/clusterfuzz-testcase-minimized-6542640243802112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d7cbeab4c1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	0d0418adb5	avcodec/cavs: Fix runtime error: signed integer overflow: -12648062 * 256 cannot be represented in type 'int' Fixes: 2067/clusterfuzz-testcase-minimized-5578430902960128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1e6ee86d92`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	7e6b64a7d9	avformat/hls: Check local file extensions This reduces the attack surface of local file-system information leaking. It prevents the existing exploit leading to an information leak. As well as similar hypothetical attacks. Leaks of information from files and symlinks ending in common multimedia extensions are still possible. But files with sensitive information like private keys and passwords generally do not use common multimedia filename extensions. It does not stop leaks via remote addresses in the LAN. The existing exploit depends on a specific decoder as well. It does appear though that the exploit should be possible with any decoder. The problem is that as long as sensitive information gets into the decoder, the output of the decoder becomes sensitive as well. The only obvious solution is to prevent access to sensitive information. Or to disable hls or possibly some of its feature. More complex solutions like checking the path to limit access to only subdirectories of the hls path may work as an alternative. But such solutions are fragile and tricky to implement portably and would not stop every possible attack nor would they work with all valid hls files. Developers have expressed their dislike / objected to disabling hls by default as well as disabling hls with local files. There also where objections against restricting remote url file extensions. This here is a less robust but also lower inconvenience solution. It can be applied stand alone or together with other solutions. limiting the check to local files was suggested by nevcairiel This recommits the security fix without the author name joke which was originally requested by Nicolas. Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `189ff42196`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	c299d7060e	avcodec/hevc_ps: Fix runtime error: index 32 out of bounds for type 'uint8_t [32]' Fixes: 2010/clusterfuzz-testcase-minimized-6209288450080768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `29808fff33`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	7802a9918d	avcodec/pafvideo: Check packet size and frame code before ff_reget_buffer() Fixes 1745/clusterfuzz-testcase-minimized-6160693365571584 Fixes: Timeout Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `faa5a2181d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	257e6e3eca	avcodec/ac3dec_fixed: Fix runtime error: left shift of 419 by 23 places cannot be represented in type 'int' Fixes: 1352/clusterfuzz-testcase-minimized-5757565017260032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `136ce8baa4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	6e67a3e22c	avcodec/wavpack: Fix runtime error: shift exponent 32 is too large for 32-bit type 'int' Fixes: 1967/clusterfuzz-testcase-minimized-5757031199801344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8b3e580b7f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	6933b322d8	avcodec/wavpack: Fix runtime error: signed integer overflow: 2013265955 - -134217694 cannot be represented in type 'int' Fixes: 1922/clusterfuzz-testcase-minimized-5561194112876544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a47273c803`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	57778a0058	avcodec/cinepak: Check input packet size before frame reallocation Reduces time spend decoding 1917/clusterfuzz-testcase-minimized-5023221273329664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e47057e932`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	81b798e24d	avcodec/hevc_ps: Fix runtime error: signed integer overflow: 2147483628 + 256 cannot be represented in type 'int' Fixes: 1909/clusterfuzz-testcase-minimized-6732072662073344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6726328f79`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	78f780ebed	avcodec/ra144: Fixes runtime error: signed integer overflow: 7160 * 327138 cannot be represented in type 'int' Fixes: 1908/clusterfuzz-testcase-minimized-5392712477966336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `08cb69e870`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	c97a986e4f	avcodec/pnm: Use ff_set_dimensions() Fixes: OOM Fixes: 1906/clusterfuzz-testcase-minimized-4599315114754048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a1c0d1d906`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	c441a8bad5	avcodec/cavsdec: Fix runtime error: signed integer overflow: 59 + 2147483600 cannot be represented in type 'int' Fixes: 1903/clusterfuzz-testcase-minimized-5359318167715840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `58f8cd4ac5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	a34d0a2392	avformat/avidec: Limit formats in gab2 to srt and ass/ssa This prevents part of one exploit leading to an information leak Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a5d849b149`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	758cd1b434	avcodec/acelp_pitch_delay: Fix runtime error: value 4.83233e+39 is outside the range of representable values of type 'float' Fixes: 1902/clusterfuzz-testcase-minimized-4762451407011840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `87bddba43b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	249168eda8	avcodec/wavpack: Check float_shift Fixes: runtime error: shift exponent 40 is too large for 32-bit type 'unsigned int' Fixes: 1898/clusterfuzz-testcase-minimized-5970744880136192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4020b009d1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	2ba5c6e330	avcodec/wavpack: Fix runtime error: signed integer overflow: 24 * -2147483648 cannot be represented in type 'int' Fixes: 1894/clusterfuzz-testcase-minimized-4716739789062144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d90c5bf105`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	cc1fd61f68	avcodec/ansi: Fix frame memleak Fixes: 1892/clusterfuzz-testcase-minimized-4519341733183488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e091b9b3c7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	78bd801c74	avcodec/jpeg2000dec: Use ff_set_dimensions() Fixes: OOM Fixes: 1890/clusterfuzz-testcase-minimized-6329019509243904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f3da6fbff8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	d1eea5ac86	avcodec/truemotion2: Fix passing null pointer to memset() Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c901627918`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	160bd70fd4	avcodec/truemotion2: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c9e884f3d9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	ede351d351	avcodec/ra144: Fix runtime error: signed integer overflow: -2449 * 1398101 cannot be represented in type 'int' Fixes: 1885/clusterfuzz-testcase-minimized-5336328549957632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7c845450d2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	6f7bedb819	avcodec/ra144: Fix runtime error: signed integer overflow: 11184810 * 404 cannot be represented in type 'int' Fixes: 1884/clusterfuzz-testcase-minimized-4637425835966464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4c472c5252`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	7735b8e565	avcodec/webp: Fixes null pointer dereference Fixes: 1470/clusterfuzz-testcase-minimized-5404421666111488 Fixes: 1472/clusterfuzz-testcase-minimized-5677426430443520 Fixes: 1875/clusterfuzz-testcase-minimized-5536474562822144 Approved-by: BBB Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `67020711b7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	ea8984650c	avcodec/snow: Fix runtime error: signed integer overflow: 1086573993 + 1086573994 cannot be represented in type 'int' Fixes: 1871/clusterfuzz-testcase-minimized-5719950331215872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b9c032ebc0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	844cdd2a6c	avcodec/jpeg2000: Fix runtime error: signed integer overflow: 4185 + 2147483394 cannot be represented in type 'int' Fixes: 1870/clusterfuzz-testcase-minimized-4686788029317120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `781f88bb26`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	1e7874b043	avcodec/jpeg2000dec: Check tile offsets more completely Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9c1812491f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	29f40cc2ac	avcodec/wnv1: More strict buffer size check This requires at least 25% of a picture to allocate and decode it Fixes: Timeout Fixes: 1845/clusterfuzz-testcase-minimized-5075974343360512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7f50c25124`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	8bffb94770	avcodec/libfdk-aacdec: Correct buffer_size parameter the timeDataSize argument to aacDecoder_DecodeFrame() seems undocumented and until 2016 04 (203e3f28fbebec7011342017fafc2a0bda0ce530) unused. after that commit libfdk-aacdec interprets it as size in sample units and memsets that on error. FFmpeg as well as others (like GStreamer) did interpret it as size in bytes Fixes: 1442/clusterfuzz-testcase-minimized-4540199973421056 (This requires recent libfdk to reproduce) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ca6776a993`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	8f94a928c5	avcodec/ivi_dsp: Fix runtime error: left shift of negative value -2 Fixes: 1839/clusterfuzz-testcase-minimized-6238490993885184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `357f2316a0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	b1f93365e6	avcodec/mlpdec: Do not leave invalid values in matrix_out_ch[] on error Fixes: runtime error: index 12 out of bounds for type 'uint8_t [8]' Fixes: 1832/clusterfuzz-testcase-minimized-6574546079449088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ac8dfcbd89`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	46f664363c	avcodec/ra144dec: Fix runtime error: left shift of negative value -17 Fixes: 1830/clusterfuzz-testcase-minimized-5828293733384192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `53c0c637d3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	836a174f6b	avutil/internal: Do not enable CHECKED with DEBUG This avoids potential undefined behavior in debug mode while still allowing developers which want to check for potential additional overflows to do so by manually enabling this. Reviewed-by: wm4 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a44b3abb4c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	61a1eab10e	avcodec/smc: Check remaining input Fixes: Timeout Fixes: 1818/clusterfuzz-testcase-minimized-5039166473633792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `356194fcb1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	6d825e9d5f	avcodec/jpeg2000dec: Fix copy and paste error Found-by: jamrial Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5782e0ba8c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	d09e4a9e8b	avcodec/jpeg2000dec: Check tile offsets Fixes: runtime error: signed integer overflow: 4096 - -2147483648 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `89325417e7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Max Justicz	ff4d07b8da	avcodec/sanm: Fix uninitialized reference frames Fixes: poc.snm Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ca616b0f72`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	d06709ee97	avcodec/jpeglsdec: Check get_bits_left() before decoding a picture Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4bc3008d04`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	4639ab5fe4	avcodec/ivi_dsp: Fix multiple runtime error: left shift of negative value -71 Fixes: 1734/clusterfuzz-testcase-minimized-5385630815092736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8fb00b3e85`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	33cbc52d64	avcodec/mjpegdec: Fix runtime error: signed integer overflow: -32767 * 130560 cannot be represented in type 'int' Fixes: 1724/clusterfuzz-testcase-minimized-4842395432648704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `40fa6a2fa2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00
Michael Niedermayer	535fce7a5d	avcodec/vmnc: Check location before use Fixes: runtime error: signed integer overflow: 65535 * 64256 cannot be represented in type 'int' Fixes: 1717/clusterfuzz-testcase-minimized-5491696676634624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ec2b76aab4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-23 13:15:17 +02:00

1 2 3 4 5 ...

67669 Commits