ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	4fa2078217	avcodec/wavpack: Fix overflow in adding tail Fixes: signed integer overflow: 2146907204 + 26846088 cannot be represented in type 'int' Fixes: 8105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-6233036682166272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d13379fb79`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	081874a050	avcodec/shorten: Fix multiple integer overflows Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int' Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f2abd36b38`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	028a0c9148	avcodec/shorten: Fix undefined shift in fix_bitshift() Fixes: left shift of negative value -9 Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `606c714823`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	9a53e8572a	avcodec/shorten: Fix a negative left shift in shorten_decode_frame() Fixes: left shift of negative value -9057 Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a711efe922`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	3aa3b05d64	avcodec/shorten: Sanity check nmeans Fixes: OOM Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232 The reference software appears to use longs for 32bits and it uses int for nmeans hinting that the intended maximum size was not 32bit. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d91a0b503d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	7a5ddf731b	avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header() Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `424a81df10`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	4b12afccb2	avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan() Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int' Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `936f4a2c2e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	b55c824ee7	avcodec/truemotion2: Fix overflow in tm2_apply_deltas() Fixes: signed integer overflow: 1077952576 + 1077952576 cannot be represented in type 'int' Fixes: 7712/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5056281753681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `79c6047c36`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	a90497c183	avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c Fixes: runtime error: signed integer overflow: -1440457022 - 785819492 cannot be represented in type 'int' Fixes: 7700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OPUS_fuzzer-6595838684954624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e7dda51150`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	65b2b0d98a	avcodec/amrwbdec: Fix division by 0 in find_hb_gain() This restructures the code slightly toward D_UTIL_dec_synthesis() Fixes: 7420/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMRWB_fuzzer-6577305112543232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dce80a4b47`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	0097cc0ea3	avcodec/h263dec: Reinitialize idct context if it has not been setup for the active profile The profile after reading headers can be different from when the context was initialized Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `44a2415a6d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	07767c704b	avcodec/idctdsp: Clear idct/idct_add for studio profile This does not leave them "as before" which may be a value from a previous profile Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8c50d0cccf`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	2e7830e5ff	avformat/mov: replace a value error by clipping into valid range in mov_read_stsc() Fixes: #7165 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fe84f70819`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	4f644b2632	avformat/bintext: Reduce detection for random .bin files as it more likely is not a multimedia related file Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `919e37377a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	1d01a3b34c	avformat/mov: Break out early if chunk_count is 0 in mov_build_index() Without this some operations might overflow (undefined behavior) even though the index adding loop would never execute No testcase known Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `56e76bd057`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	2742cb10c7	avcodec/fic: Avoid some magic numbers related to cursors Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c6a11714c4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	8229afc3a9	avcodec/mpeg4video: Detect reference studio streams as studio streams Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ba97d75ac6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	76f8c8cd05	avcodec/mpeg4videodec: Do not corrupt bits_per_raw_sample Reviewed-by: Kieran Kunhya <kierank@obe.tv> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9e5d0860c0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	786834a693	avcodec/mpeg4videode: Eliminate out of loop VOP startcode reading for studio profile Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9f73ae31e0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	f2c253f083	avcodec/g2meet: ask for sample with overflowing RGB Suggested-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ab834b8f36`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	e26be20a27	avcodec/idctdsp: Transmit studio_profile to init instead of using AVCodecContext profile These 2 fields are not always the same, it is simpler to always use the same field for detecting studio profile Fixes: null pointer dereference Fixes: ffmpeg_crash_3.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b3332a182f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	7b7c582c15	avcodec/ac3dec: Check that the number of channels with dependant streams is valid Fixes: left shift of 1 by 63 places cannot be represented in type 'long long' Fixes: out of array access Fixes: 7284/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_fuzzer-5767914968842240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e3275f937d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	06b84f7271	avcodec/ac3dec: Fix null pointer dereference in ac3_decode_frame() Fixes: index 8 out of bounds for type 'uint8_t *[8]' Fixes: 7273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-6296497667702784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e3f656f2de`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	f974cc9830	avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed() Fixes: signed integer overflow: -2141499320 + -14469590 cannot be represented in type 'int' Fixes: 7351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-6351214791884800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `90475db97e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	af0ba288e7	oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behavior Fixes: signed integer overflow: 1073741842 + 1784008138 cannot be represented in type 'int' Fixes: 6792/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5677589835284480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `62cb6fadf3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	c98d84e229	avcodec/g723_1dec: Clip bits2 in both directions Fixes: shift exponent 33 is too large for 32-bit type 'int' Fixes: 6743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5823772687859712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `53f241218d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	b3d740263c	avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header() Fixes truncation Fixes Assertion n <= 31 && value < (1U << n) failed at libavcodec/put_bits.h:169 Fixes: ffmpeg_crash_2.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e1182fac1a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	6edf0ecab0	avcodec/mlpdec: Only change noise_type if the related fields are valid Fixes: inconsistency Fixes:runtime error: index 8 out of bounds for type 'int32_t [8]' Fixes: 6686/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5191383498358784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `63c4a4b0d6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	b2aaf5de42	indeo4: Decode all or nothing of a band header. This avoids inconsistent value combinations. Alternatively it would be possible to add more checks and careful use of temporary variables, but my try of this quickly seemed to become a rather large change. The disadvantage of this, is that the struct is copied back and forth. Fixes: index 6 out of bounds for type 'const uint16_t [5][16]' Fixes: 6557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-4787296550256640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `10c8521265`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	217367b5eb	avcodec/ac3dec: Use frame_size if superframe_size is 0 Fixes: Infinite loop Fixes: 7669/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-4689042185650176 Fixes: 7670/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_AC3_fuzzer-4706306762997760 Fixes: 7672/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-4702108499574784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f77eee67e2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	c97f9ed53f	avformat/mov: Only fail for STCO/STSC contradictions if both exist Fixes regression with playback of GF9720Repeal20the20Eighth20with20Helen20Linehan.m4a See: crbug 822666 Found-by: "Mattias Wadman <mattias.wadman@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2c2d689c56`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	05ac7fdeeb	avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0 Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); Fixes: 6500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-4523620274536448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cb944fc7f1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	c071618ba6	avcodec/fic: Check available input space for cursor Fixes: out of array read Fixes: 6546/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-6317064647081984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cb2f7ea96b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	b367c23da1	avcodec/mpeg4videodec: Check bps (VOL header) before VOP for studio profile Fixes: runtime error: shift exponent -1 is negative Fixes: 7486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4977380939530240 Fixes: runtime error: index 36 out of bounds for type 'const uint8_t [32]' Fixes: 7566/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6536620682510336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b3a18511cc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	58a03420be	avcodec/g2meet: Check RGB upper limit Fixes: runtime error: left shift of 1876744317 by 16 places cannot be represented in type 'int' Fixes: 6799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5115274731716608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4dd2c8b9ea`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	cbe442048f	avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case Fixes: shift exponent 47 is too large for 32-bit type 'int' Fixes: 7955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6016721977606144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `652ba72ed3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	87e9f5e118	avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done Fixes: assertion failure Fixes: 7949/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-4819602782552064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a96c131eb5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	2cffce26a7	avcodec/g2meet: Change order of operations to avoid undefined behavior Fixes: signed integer overflow: 65280 * 196032 cannot be represented in type 'int' Fixes: 7279/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5977332473921536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0a47451458`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	c26e101654	avcodec/flac_parser: Fix infinite loop Fixes: crbug/827204 Reported-by: Frank Liberato <liberato@google.com> Reviewed-by: Frank Liberato <liberato@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `15a2e35e9e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	60e408f252	avcodec/mpeg4videodec: Split decode_studio_vol_header() out of decode_studiovisualobject() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `177133a0f4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	e61dcd2c86	avcodec/mpeg4videodec: Move decode_studiovisualobject() parsing in the branch for visual object parsing Fixes: runtime error: shift exponent -1 is negative Fixes: 7510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5024523356209152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e03bf251d8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	dd3914c5b5	avcodec/mpeg4video_parser: Avoid litteral 0x1B6, use named constant instead Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c0aa89eeee`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	90c4c076c7	avcodec/mpeg4video_parser: Fix incorrect spliting of MPEG-4 studio frames Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a47bd1cd1c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	d976855c00	avformat/m4vdec: Use the same constant names as libavcodec Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0f176bb8e0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	7bc5d49c60	avformat/m4vdec: Fix detection of raw MPEG-4 ES Studio Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `34dbdcfc20`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	36c4995428	avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED() Fixes: runtime error: signed integer overflow: 2147483637 + 128 cannot be represented in type 'int' Fixes: 6701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5358324934508544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6e95d80e6f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	57bb78d980	avcodec/wavpack: Fix integer overflow in wv_unpack_stereo() Fixes: runtime error: signed integer overflow: 2147483531 + 16384 cannot be represented in type 'int' Fixes: 6615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5165715515506688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `da038c07f0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	b2cb42f1c3	avcodec/error_resilience: Fix integer overflow in filter181() Fixes: runtime error: signed integer overflow: 197710 * 10923 cannot be represented in type 'int' Fixes: 7010/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5667127596941312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1c97035e3b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	fe7f2a77c7	avcodec/h263dec: Check slice_ret in mspeg4 slice loop Fixes infinite loop Fixes: 6858/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_MSMPEG4V3_fuzzer-4681563766784000 Fixes: 6890/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_WMV1_fuzzer-4756103142309888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `de841fbea7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00
Michael Niedermayer	9dfe36616f	avcodec/elsdec: Fix memleaks Fixes: 6798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5135899701542912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0bd0401336`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-15 22:31:13 +02:00

1 2 3 4 5 ...

90851 Commits