Michael Niedermayer
4dcceb650d
avcodec/tiff: Perform multiply in tiff_unpack_lzma() as 64bit
...
This should make no difference as the value should not be able to be that large
but its more correct this way
Fixes CID1348138
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f48b6b8b91michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Steven Liu
7129dfdba8
avformat/test/fifo_muxer: add check for FailingMuxerPacketData alloc
...
CID: 1396257
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Steven Liu <lq@chinaffmpeg.org >
(cherry picked from commit d1f3e475f9michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Timothy Gu
efc708afae
omx: Fix OOM check
...
Also use av_mallocz_array().
Fixes CID1396839.
(cherry picked from commit 16a75304femichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Philip Langdale
d4f4fa22d7
avcodec/vdpau_hevc: Fix potential out-of-bounds write
...
The maximum number of references is 16, so the index value cannot
exceed 15.
Fixes Coverity CID 1348139, 1348140, 1348141
(cherry picked from commit 4e6d1c1f4emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
8ee3f73464
avcodec/h264_ps: Fix runtime error: signed integer overflow: 2147483647 + 26 cannot be represented in type 'int'
...
Fixes: 902/clusterfuzz-testcase-4561155144024064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f727fbc73michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
fc863900b7
avcodec/tiff: Check geotag count for being non zero
...
Fixes memleak
Fixes: 874/clusterfuzz-testcase-5252796175613952
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3182e19c1cmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
6f0a892ba0
avcodec/vp56: Check avctx->error_concealment before enabling EC
...
Fixes timeout with 847/clusterfuzz-testcase-5291877358108672
Fixes timeout with 850/clusterfuzz-testcase-5721296509861888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 98da63b3f5michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
a7ccd87090
avcodec/tiff: Check stripsize strippos for overflow
...
Fixes: 861/clusterfuzz-testcase-5688284384591872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5d996b5649michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
6652799267
avcodec/mpegaudiodec_template: Make l3_unscale() work with e=0
...
Fixes undefined behavior
Fixes: 830/clusterfuzz-testcase-6253175327686656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8ebed703f1michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
6ee76fab4c
avcodec/tiff: Check for multiple geo key directories
...
Fixes memleak
Fixes: 826/clusterfuzz-testcase-5316921379520512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 108b02e547michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
81ea01fb1c
avcodec/wavpack: Fix runtime error: shift exponent 32 is too large for 32-bit type 'int'
...
Fixes: 822/clusterfuzz-testcase-4873433189974016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7cebc5a9ccmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
b0c5fff859
avcodec/rv34: Fix runtime error: signed integer overflow: 36880 * 66288 cannot be represented in type 'int'
...
Fixes: 768/clusterfuzz-testcase-4807444305805312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a66c6e28b5michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
8eadc50021
avcodec/amrwbdec: Fix runtime error: left shift of negative value -1
...
Fixes: 763/clusterfuzz-testcase-6007567320875008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 44e2105189michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
f03bab0240
avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: -135088512 * 16 cannot be represented in type 'int'
...
Fixes: 736/clusterfuzz-testcase-5580263943831552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e2a4f1a9ebmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
7c349ae7e9
avcodec/h264_mvpred: Fix runtime error: left shift of negative value -1
...
Fixes: 734/clusterfuzz-testcase-4821293192970240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 222c9f031dmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
60385207aa
avcodec/mjpegdec: Fix runtime error: left shift of negative value -127
...
Fixes: 733/clusterfuzz-testcase-4682158096515072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 800d02abe0michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
d63cec6ce3
avcodec/wavpack: Fix runtime error: left shift of negative value -5
...
Fixes: 729/clusterfuzz-testcase-5154831595470848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3016e919d4michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
9b783dc492
avcodec/wavpack: Fix runtime error: left shift of negative value -2
...
Fixes: 723/clusterfuzz-testcase-6471394663596032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ba15005132michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
43919b6e2e
avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 134527392 * 16 cannot be represented in type 'int'
...
This checks the sprite delta intermediates for overflow
Fixes: 716/clusterfuzz-testcase-4890287480504320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fab13bbbcdmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
b31b1499cf
avcodec/mpeg12dec: Fix runtime error: left shift of negative value -13
...
Fixes: 709/clusterfuzz-testcase-4789836449841152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d757ddbaabmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
87ae545648
avcodec/h264_mvpred: Fix multiple runtime error: left shift of negative value
...
Fixes: 710/clusterfuzz-testcase-5091051431788544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ab998f4c7fmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
0cabddc13b
avcodec/adxdec: Fix runtime error: left shift of negative value -1
...
Fixes: 705/clusterfuzz-testcase-5129572590813184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d23727e042michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
4071e7eaab
avcodec/mpeg4videodec: Improve the overflow checks in mpeg4_decode_sprite_trajectory()
...
Also clear the state on errors
Fixes integer overflows in 701/clusterfuzz-testcase-6594719951880192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eb41956636michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
fe4b666707
avcodec/mjpegdec: Fix runtime error: left shift of negative value -511
...
Fixes: 693/clusterfuzz-testcase-6109776066904064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4b72d5cd6fmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
a07319a0cc
avcodec/h264_direct: Fix runtime error: left shift of negative value -14
...
Fixes: 682/clusterfuzz-testcase-4799120021651456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4bd3f1ce3emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
4c91e1eb5c
avcodec/pictordec: Check plane value before doing value/mask computations
...
Fixes integer overflow
Fixes: 675/clusterfuzz-testcase-6722971232108544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 63e400a880michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
aa34d29b2e
avcodec/mpeg4videodec: Fix runtime error: left shift of negative value -2650
...
Fixes: 674/clusterfuzz-testcase-6713275880308736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 25e93aacc2michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
5d21cfb170
avcodec/eac3dec: Fix runtime error: left shift of negative value -3
...
Fixes: 672/clusterfuzz-testcase-5595018867769344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 87eb374970michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
842c0b9f59
avcodec/mpeg12dec: Fix runtime error: left shift of negative value -2
...
671/clusterfuzz-testcase-4990381827555328
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aff8cf18cbmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
be3852ab9b
avcodec/mpeg4videodec: Check the other 3 sprite points for intermediate overflows
...
This is not necessarily specific to fuzzed files
Fixes: Multiple integer overflows
Fixes: 656/clusterfuzz-testcase-6463814516080640
Fixes: 658/clusterfuzz-testcase-6691260146384896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 76ba09d182michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
025af5ccd1
avcodec/mpeg4videodec: Check sprite_offset in addition to shifts
...
Fixes: 651/clusterfuzz-testcase-5710668915277824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6871df02d9michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
706dd2331a
avcodec/mpeg4video: Fix runtime error: left shift of negative value
...
Fixes: 644/clusterfuzz-testcase-4726434209726464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6179dc8aa7michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
0ccc767a15
avcodec/ituh263dec: Fix runtime error: left shift of negative value -22
...
Fixes: 639/clusterfuzz-testcase-5143866241974272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 631f748491michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
e2b46de961
avcodec/rv40: Fix runtime error: left shift of negative value
...
Fixes: 630/clusterfuzz-testcase-6608718928019456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 956472a323michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
297b077b49
avcodec/h264_cabac: runtime error: signed integer overflow: 2147483647 + 14 cannot be represented in type 'int'
...
Fixes: 614/clusterfuzz-testcase-4931860079575040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 258763ad0emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
09dfcb857e
avcodec/mpeg4videodec: Fix runtime error: shift exponent -2 is negative
...
Fixes: 612/clusterfuzz-testcase-4707817137111040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aa2b75263emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
6be28e7545
avcodec/mjpegdec: Fix runtime error: left shift of negative value -507
...
Fixes: 611/clusterfuzz-testcase-5613455820193792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c91bdd4524michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
762bf27fcc
avcodec/eac3dec: Fix runtime error: left shift of negative value
...
Fixes: 610/clusterfuzz-testcase-4831030085156864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 067485b673michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
8161ebbcc3
avcodec/htmlsubtitles: Fix reading one byte beyond the array
...
Fixes: fuzz-2-ffmpeg_SUBTITLE_AV_CODEC_ID_SUBRIP_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 04bd1b38eemichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
3e6b3d20b2
avcodec/vp6: clear dimensions on failed resolution change in vp6_parse_header()
...
Fixes: 807/clusterfuzz-testcase-6470061042696192
Fixes null pointer dereference
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 967feea5ebmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
e1ebd54a26
avcodec/vp56: Reset have_undamaged_frame on resolution changes
...
Fixes: timeout in 758/clusterfuzz-testcase-4720832028868608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6e913f2129michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Thomas Guilbert
c73128381f
avcodec/vp8: Fix hang with slice threads
...
Fixes: 447860.webm
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9bbc73ae9fmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
cc08c44904
avcodec/vp8: Check for the bitstream end per MB in decode_mb_row_no_filter()
...
Fixes: timeout in 730/clusterfuzz-testcase-5265113739165696 (part 2 of 2)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1afd246960michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
9e0e1e3d54
avcodec/vp568: Check that there is enough data for ff_vp56_init_range_decoder()
...
Fixes: timeout in 730/clusterfuzz-testcase-5265113739165696 (part 1 of 2)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 55d7371fe0michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
4770ef8742
avcodec/vp8: remove redundant check
...
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5098a6f627michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
c098e99d06
avcodec/vp56: Require a correctly decoded frame before using vp56_conceal_mb()
...
Fixes timeout with 700/clusterfuzz-testcase-5660909504561152
Fixes timeout with 702/clusterfuzz-testcase-4553541576294400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2ce4f28431michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
de43cdb2f5
avcodec/vp3: Do not return random positive values but the buf size
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d8094a303bmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
b8b8e4f9eb
avcodec/vp8: Check for bitsteam end in decode_mb_row_no_filter()
...
Fixes timeout with 686/clusterfuzz-testcase-5853946876788736
this shortcuts (i.e. speeds up) the error and
return-to-user when decoding a truncated frame
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Previous version reviewed by: "Ronald S. Bultje" <rsbultje@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7b5ff7d573michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
4b1f14dcf5
avcodec/vp56: Factorize vp56_render_mb() out
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4c0139463cmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
d7d2a121a3
avcodec/vp3dsp: Fix multiple signed integer overflow: 46341 * 47523 cannot be represented in type 'int'
...
Fixes: 664/clusterfuzz-testcase-4917047475568640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2b8b7921c5michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
