Michael Niedermayer
4c9ba64d54
avcodec/utils: use 32pixel alignment for bink
...
bink supports 16x16 blocks in chroma planes thus we need to allocate enough.
Fixes: out of array access
Fixes: 55026/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6013915371012096
Reviewed-by: Peter Ross <pross@xvid.org >
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b95b2c8492michael@niedermayer.cc >
2023-04-15 22:38:04 +02:00
Michael Niedermayer
b353459820
avcodec/scpr3: Check bx
...
Fixes: Out of array access
Fixes: 55102/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-4877396618903552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cc7e984a05michael@niedermayer.cc >
2023-04-15 22:38:03 +02:00
Michael Niedermayer
79d40346f5
avcodec/012v: Order operations for odd size handling
...
Fixes: out of array access
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZERO12V_fuzzer-6714182078955520.fuzz
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZERO12V_fuzzer-6698145212137472.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4d42d82563michael@niedermayer.cc >
2023-04-15 22:38:03 +02:00
Michael Niedermayer
54635b3b98
avcodec/eatgq: : Check index increments in tgq_decode_block()
...
Fixes: out of array access
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGQ_fuzzer-6743211456724992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e7755b433emichael@niedermayer.cc >
2023-04-15 22:38:03 +02:00
Michael Niedermayer
83ae0935ab
avcodec/scpr: Test bx before use
...
Fixes: out of array access on 32bit
Fixes: 54850/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5302669294305280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1b59de3770michael@niedermayer.cc >
2023-04-15 22:38:02 +02:00
Michael Niedermayer
76ab2538ed
avformat/mxfdec: Use 64bit in remainder
...
Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int'
Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 64a04fc165michael@niedermayer.cc >
2023-04-15 22:38:02 +02:00
Michael Niedermayer
7b51ee2dab
avcodec/sunrast: Fix maplength check
...
Fixes: out of bounds read
Found-by: Ibrahim Mohamed <ielsayed@meta.com >
Reviewed-by; Ibrahim Mohamed <ielsayed@meta.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f8a2a65078michael@niedermayer.cc >
2023-04-15 22:38:02 +02:00
Michael Niedermayer
9667007462
avcodec/wavpack: Avoid undefined shift in get_tail()
...
Fixes: left shift of 1208485947 by 1 places cannot be represented in type 'int'
Fixes: 54058/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5827521084260352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8374a747afmichael@niedermayer.cc >
2023-04-15 22:38:01 +02:00
Michael Niedermayer
0e5ce7ac7e
avcodec/wavpack: Check for end of input in wv_unpack_dsd_high()
...
Fixes: Timeout
Fixes: 50793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-4980185027444736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6ad7403bcemichael@niedermayer.cc >
2023-04-15 22:38:01 +02:00
Michael Niedermayer
93a685accc
avformat/id3v2: Check taglen in read_uslt()
...
Fixes: Timeout (read mostly the same data repeatly)
Fixes: 52457/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-6610706313379840
Fixes: 53098/clusterfuzz-testcase-minimized-ffmpeg_dem_SOL_fuzzer-6481382981632000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a798af91d7michael@niedermayer.cc >
2023-04-15 22:38:01 +02:00
Michael Niedermayer
6507719760
avcodec/tiff: Ignore tile_count
...
Fixes: out of array access
Fixes: 52427/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4849108968144896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 65ce417828michael@niedermayer.cc >
2023-04-15 22:38:00 +02:00
Michael Niedermayer
1ff546c033
avcodec/ffv1dec: restructure slice coordinate reading a bit
...
Fixes: signed integer overflow: -1094995528 * 8224 cannot be represented in type 'int'
Fixes: 53508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-474551033462784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 74b6ac7ebbmichael@niedermayer.cc >
2023-04-15 22:38:00 +02:00
Michael Niedermayer
8f89df7df9
avcodec/mlpdec: Check max matrix instead of max channel in noise check
...
This is a regression since: adaa06581chttps://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aa79560de5michael@niedermayer.cc >
2023-04-15 22:38:00 +02:00
Michael Niedermayer
9ee16a0ba2
swscale/input: Use more unsigned intermediates
...
Same principle as previous commit, with sufficiently huge rgb2yuv table
values this produces wrong results and undefined behavior.
The unsigned produces the same incorrect results. That is probably
ok as these cases with huge values seem not to occur in any real
use case.
Fixes: signed integer overflow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ba209e3d51michael@niedermayer.cc >
2023-04-15 22:37:59 +02:00
Michael Niedermayer
19d7bbc1f0
avcodec/alsdec: The minimal block is at least 7 bits
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5280947fb6michael@niedermayer.cc >
2023-04-15 22:37:59 +02:00
Michael Niedermayer
f09a1d83da
avformat/replaygain: avoid undefined / negative abs
...
Fixes: signed integer overflow: -2147483648 * 100000 cannot be represented in type 'int'
Fixes: 52060/clusterfuzz-testcase-minimized-ffmpeg_dem_MP3_fuzzer-5131616708329472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2532b20b17michael@niedermayer.cc >
2023-04-15 22:37:59 +02:00
Michael Niedermayer
d1c90886cc
swscale/output: Bias 16bps output calculations to improve non overflowing range
...
Fixes: integer overflow
Fixes: ./ffmpeg -f rawvideo -video_size 66x64 -pixel_format yuva420p10le -i ~/videos/overflow_input_w66h64.yuva420p10le -filter_complex "scale=flags=bicubic+full_chroma_int+full_chroma_inp+bitexact+accurate_rnd:in_color_matrix=bt2020:out_color_matrix=bt2020:in_range=full:out_range=full,format=rgba64[out]" -pixel_format rgba64 -map '[out]' -y overflow_w66h64.png
Found-by: Drew Dunne <asdunne@google.com >
Tested-by: Drew Dunne <asdunne@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0f0afc7fb5michael@niedermayer.cc >
2023-04-15 22:37:58 +02:00
Michael Niedermayer
a321349464
avcodec/speedhq: Check buf_size to be big enough for DC
...
Fixes: Timeout
Fixes: 51919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-6023716480090112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9184d3d7b6michael@niedermayer.cc >
2023-04-15 22:37:58 +02:00
Michael Niedermayer
5b23daa99f
avcodec/ffv1dec: Fail earlier if prior context is corrupted
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4df91e2215michael@niedermayer.cc >
2023-04-15 22:37:58 +02:00
James Almer
c3981b30a8
avfilter/vf_untile: swap the chroma shift values used for plane offsets
...
Fixes ticket #10265
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit dc61d5cf19
2023-03-16 17:10:43 -03:00
Jiasheng Jiang
7694a44baa
avcodec/vp3: Add missing check for av_malloc
...
Since the av_malloc() may fail and return NULL pointer,
it is needed that the 's->edge_emu_buffer' should be checked
whether the new allocation is success.
Fixes: d14723861bpross@xvid.org >
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn >
2022-12-18 07:50:02 -03:00
Timo Rothenpieler
540b9826b3
avcodec/nvenc: fix vbv buffer size in cq mode
...
The CQ calculation gets thrown off and behaves very nonsensical
if it isn't set to 0.
2022-12-08 12:40:24 +01:00
James Almer
3b11b5f2f3
avcodec/mjpegenc: take into account component count when writing the SOF header size
...
Fixes ticket #10069
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 1009396953
2022-11-28 08:46:53 -03:00
Martin Storsjö
3993a90732
swscale: aarch64: Fix yuv2rgb with negative strides
...
Treat the 32 bit stride registers as signed.
Alternatively, we could make the stride arguments ptrdiff_t instead
of int, and changing all of the assembly to operate on these
registers with their full 64 bit width, but that's a much larger
and more intrusive change (and risks missing some operation, which
would clamp the intermediates to 32 bit still).
Fixes: https://trac.ffmpeg.org/ticket/9985
Signed-off-by: Martin Storsjö <martin@martin.st >
(cherry picked from commit cb803a0072martin@martin.st >
2022-11-04 14:32:19 +02:00
Michael Niedermayer
74b7488739
Update for 4.3.5
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2022-10-10 21:50:30 +02:00
Michael Niedermayer
400d2d91b3
avformat/vividas: Check packet size
...
Fixes: signed integer overflow: 119760682 - -2084600173 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6745781167587328
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5f44489cc5michael@niedermayer.cc >
2022-10-10 21:49:58 +02:00
Michael Niedermayer
bc246da376
avcodec/dstdec: Check for overflow in build_filter()
...
Fixes: signed integer overflow: 1917019860 + 265558963 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-4833165046317056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8008940da5michael@niedermayer.cc >
2022-09-26 16:51:04 +02:00
Michael Niedermayer
a411aba2c9
avformat/spdifdec: Use 64bit to compute bit rate
...
Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4075f0cec1michael@niedermayer.cc >
2022-09-26 16:51:04 +02:00
Michael Niedermayer
a9eaeba875
avformat/rpl: Use 64bit for duration computation
...
Fixes: signed integer overflow: 24709512 * 88 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6737973728641024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 529f64b2ebmichael@niedermayer.cc >
2022-09-26 16:51:03 +02:00
Michael Niedermayer
48b2e91f98
avformat/xwma: Use av_rescale() for duration computation
...
Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2c789f753cmichael@niedermayer.cc >
2022-09-26 16:51:03 +02:00
Michael Niedermayer
765b73c9be
avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation
...
Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aa8eb1bed0michael@niedermayer.cc >
2022-09-26 16:51:03 +02:00
Michael Niedermayer
964fb9f59f
avformat/sbgdec: Check ts_int in genrate_intervals
...
There is probably a better place to check for this, but better
here than nowhere
Fixes: signed integer overflow: -9223372036824775808 - 86400000000 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6601162580688896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5f529e9147michael@niedermayer.cc >
2022-09-26 16:51:02 +02:00
Michael Niedermayer
f24aa3a531
avformat/rmdec: check tag_size
...
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2cb7ee8a36michael@niedermayer.cc >
2022-09-26 16:51:02 +02:00
Michael Niedermayer
d3c80525b0
avformat/nutdec: Check fields
...
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2c146406eamichael@niedermayer.cc >
2022-09-26 16:51:02 +02:00
Michael Niedermayer
fc0678a1fd
avformat/flvdec: Use 64bit for sum_flv_tag_size
...
Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7124f10c1dmichael@niedermayer.cc >
2022-09-26 16:51:01 +02:00
Michael Niedermayer
71e8a575da
avformat/jacosubdec: Fix overflow in get_shift()
...
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-6722544461283328
Fixes: signed integer overflow: 48214448 * 60 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b1a68127bbmichael@niedermayer.cc >
2022-09-26 16:51:01 +02:00
Michael Niedermayer
78ed283608
avformat/dxa: avoid bpc overflows
...
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 93db0f0740michael@niedermayer.cc >
2022-09-26 16:51:01 +02:00
Michael Niedermayer
650f0f97db
avformat/cafdec: Check that nb_frasmes fits within 64bit
...
Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d4bb4e3759michael@niedermayer.cc >
2022-09-26 16:51:00 +02:00
Michael Niedermayer
bf9ac33cff
avformat/asfdec_o: Limit packet offset
...
avoids overflows with it
Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 736e9e69d5michael@niedermayer.cc >
2022-09-26 16:51:00 +02:00
Michael Niedermayer
080c074c25
avformat/ape: Check frames size
...
Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d0349c9929michael@niedermayer.cc >
2022-09-26 16:51:00 +02:00
Michael Niedermayer
2cdc8254eb
avformat/icodec: Check nb_pal
...
Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit db73ae0dc1michael@niedermayer.cc >
2022-09-26 16:50:59 +02:00
Michael Niedermayer
b591a55e7a
avformat/aiffdec: Use 64bit for block_duration use
...
Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9303ba272emichael@niedermayer.cc >
2022-09-26 16:50:59 +02:00
Michael Niedermayer
68d39d6a4b
avformat/aiffdec: Check block_duration
...
Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1c2b6265c8michael@niedermayer.cc >
2022-09-26 16:50:59 +02:00
Michael Niedermayer
7b7e6478d9
avformat/mxfdec: only probe max run in
...
Suggested-by: Tomas Härdin <tjoppen@acc.umu.se >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1182bbb2c3michael@niedermayer.cc >
2022-09-26 16:50:58 +02:00
Michael Niedermayer
663fa835cc
avformat/mxfdec: Check run_in is within 65536
...
Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7786097825michael@niedermayer.cc >
2022-09-26 16:50:58 +02:00
Michael Niedermayer
37ac298e09
avcodec/mjpegdec: Check for unsupported bayer case
...
Fixes: out of array access
Fixes: 51462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-662559341582745
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit dd81cc22b3michael@niedermayer.cc >
2022-09-26 16:50:58 +02:00
Michael Niedermayer
5aecf2c1c0
avcodec/apedec: Fix integer overflow in filter_3800()
...
Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f05247f6a4michael@niedermayer.cc >
2022-09-26 16:50:57 +02:00
Michael Niedermayer
3cf9bfa0d1
avcodec/tta: Check 24bit scaling for overflow
...
Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3993345f91michael@niedermayer.cc >
2022-09-26 16:50:57 +02:00
Michael Niedermayer
900c4ffc48
avcodec/tiff: Fix loop detection
...
Fixes regression with tickets/4364/L1004220.DNG
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 43a4854510michael@niedermayer.cc >
2022-09-26 16:50:57 +02:00
Michael Niedermayer
25d79ebbf5
libavformat/hls: Free keys
...
Fixes: memleak
Fixes: 50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu <lingjiujianke@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d32a9f3137michael@niedermayer.cc >
2022-09-26 16:50:56 +02:00
