ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	428c542b45	avcodec/nuv: widen buf_size type Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5740176118906880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1ac106bf56`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	240b5f73f1	avcodec/iff: Fix several integer overflows Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int32_t' (aka 'int') Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5764066459254784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7a92147f87`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	dd83573043	avcodec/g729postfilter: Clip gain before scaling with AGC_FAC1 The fixed point integer reference specifies the multiplication used to have 16bit input and clips so we need to clip the input The floating point implementation does not seem to do that. Fixes: signed integer overflow: 6317568 * 410 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5700189272932352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `82d4c7b95e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	5325e60e47	avcodec/alac: Fix integer overflow with 24/20bps samples Fixes: signed integer overflow: 1020048 * 4096 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5753877751660544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `22e51e95ac`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	f65d68abd9	avcodec/dstdec: Check sample rate Fixes: out of array access Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5735812071424000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5727b1f13f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	5cdbb2a977	avformat/thp: Require a video stream The demuxer code assumes the existence of a video stream Fixes: assertion failure Fixes: 21512/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5699660783288320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `97c78caf3e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	e81e27ffd0	avformat/mpeg: Decrease score by 1 for files with very little valid data Fixes: 8233/PPY6574574605_cut.mp3 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `20f7b4dfc9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	d303f28c57	avcodec/pngdec: Check length in fdAT Fixes: 21089/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5135981419429888 Fixes: out of array read Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `79e5c2ee2b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	9e8e8a630e	avcodec/g2meet: Check tile_width in epic_jb_decode_tile() Fixes: out of array access Fixes: 21469/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5199357982015488 Alternatively the arrays can be made bigger or the index can be clipped. In case a real file with such huge tiles exist we ask the user to upload it. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5501bb28dd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	35af336ccb	avcodec/hapdec: Check tex_size more strictly and before using it Fixes: OOM Fixes: 20774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5678608951803904 Fixes: 20956/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5713643025203200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `81fe316ad9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	ff3b195470	avcodec/vp9dsp_template: Fix integer overflows in idct32_1d() Fixes: signed integer overflow: -193177 * 11585 cannot be represented in type 'int' Fixes: 20557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5704852816789504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e16e3e63f0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	f5d9e8af89	avcodec/alacdsp: Fix invalid shift in append_extra_bits() Fixes: left shift of negative value -1 Fixes: 21390/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-6242539519868928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `49ae034b42`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	4f0893fefa	libavcodec/wmalosslessdec: prevent sum of positive numbers from becoming negative Fixes: left shift of negative value -8321365 Fixes: 20506/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-4798062906310656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `62e4003780`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	2d7a83457e	avcodec/dstdec: Fix integer overflow in read_table() Fixes: signed integer overflow: -16 * 134217879 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5639509530378240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2d465a401d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	778965d30d	avcodec/txd: Check for input size against the header size. Fixes: Timeout (21sec -> 80ms) Fixes: 20673/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TXD_fuzzer-5177453863763968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `aeb4e43584`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	33440bd53b	avcodec/svq1dec: Check that there is data left after the header Fixes: Timeout (21sec -> 255ms) Fixes: 20709/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ1_fuzzer-5085075089915904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `55e344ee5a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	231a5e4528	avcodec/cbs_h265_syntax_template: Check num_negative/positive_pics when inter_ref_pic_set_prediction_flag is set Fixes: out of array access Fixes: 20446/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-5707770718584832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `588114cea4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	7dc86d9a4d	avcodec/intrax8: Check for end of bitstream in ff_intrax8_decode_picture() Fixes: Timeout (105sec -> 1sec) Fixes: 20479/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5769846937878528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0a9ccc2514`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	1e7bbb3600	avcodec/hevc_mp4toannexb_bsf: Check nalu_size Fixes: Timeout (29sec -> 5ms) Fixes: 20237/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_MP4TOANNEXB_fuzzer-5165615044362240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ae2537f53e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	fc559ce561	avcodec/iff: Check length before memcpy() in decode_deep_rle32() Fixes: out of array read Fixes: 20796/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5111364702175232.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b4a33387cb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	fac6bc92f7	avcodec/iff: Fix invalid pointer intermediates in decode_deep_rle32() Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bc41a29a5a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	d55c05368f	avcodec/pngdec: Pass ret from decode_iccp_chunk() Found while reviewing a patch fixing a similar issue Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4c7bcaa385`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	b7124ca342	avcodec/rv40dsp: Fix integer overflows in rv40_weight_func_() Fixes: signed integer overflow: 40550400 128 cannot be represented in type 'int' Fixes: 20331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV40_fuzzer-5676685725007872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `13171ad2e3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	a5ff87551d	avcodec/ac3dec_fixed: Fix several invalid left shifts in scale_coefs() Fixes: left shift of negative value -14336 Fixes: 20298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-5675484201615360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8e30502abe`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	9494b1bc91	avcodec/flac_parser: Do not lose header count in find_headers_search() Fixes: Timeout Fixes: out of array access Fixes: 20274/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-5649631988154368 Fixes: 19275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-5757535722405888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `55f9683cf6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	cde8c90a3d	avcodec/audiodsp: Fix integer overflow in scalarproduct_int16_c() Fixes: signed integer overflow: 2145417478 + 76702564 cannot be represented in type 'int' Fixes: 20313/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5734487724130304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `abb5762e98`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	cfc2633c75	avcodec/cbs_jpeg_syntax_template: Check array index in huffman_table() Fixes: index 224 out of bounds for type 'uint8_t [224]' Fixes: 21534/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-6291612167831552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `18f5256c0d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	20283b395e	avcodec/cbs_jpeg_syntax_template: Check table index before use in dht() Fixes: out of array access Fixes: 21515/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5766121576988672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d31862c2b1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	a99bcee917	avformat/oggdec: Check for EOF after page header Fixes: Infinite loop Fixes: Ticket8594 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f1589be9fd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	e55bcedae9	swscale/yuv2rgb: Fix vertical dither offset with slices Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `be3c29e379`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	64f6581129	avcodec/dpcm: clip exponent into supported range in XAN DPCM Fixes: shift exponent 32 is too large for 32-bit type 'int' Fixes: 21200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_DPCM_fuzzer-5754704894361600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `20ade59d96`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	01167ee6d5	avcodec/flacdsp_template: Fix invalid shifts in decorrelate Fixes: left shift of negative value -2 Fixes: 20303/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-5096829297623040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3935c891e9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	092f21af2b	avcodec/xvididct: Fix integer overflow in MULT() Fixes: signed integer overflow: 23170 * 95058 cannot be represented in type 'int' Fixes: 20295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5800212870463488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7ccb576191`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	e5f325a1dd	avcodec/ffwavesynth: Correct undefined overflow of PINK_UNIT Fixes: signed integer overflow: 9223372036854775775 + 128 cannot be represented in type 'long' Fixes: 20054/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5686385113825280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `187161d62f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	f49374b47d	avcodec/cbs_h264_syntax_template: fix off by 1 error with slice_group_change_cycle Fixes: assertion failure Fixes: 20390/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_REDUNDANT_PPS_fuzzer-5683400772157440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `741565a1e6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	0a308576bf	swscale/output: Fix integer overflow in yuv2rgb_write_full() with out of range input Fixes: signed integer overflow: 1169365504 + 981452800 cannot be represented in type 'int' Fixes: ticket8293 Found-by: Suhwan Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e057e83a4f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:24 +02:00
Michael Niedermayer	4cdf6dc908	swscale/output: Fix integer overflow in alpha computation in yuv2gbrp16_full_X_c() Fixes: signed integer overflow: 524280 * 4432 cannot be represented in type 'int' Fixes: ticket8322 Found-by: Suhwan Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `49ba1879ad`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
John Rummell	a09b223cd2	libavformat/amr.c: Check return value from avio_read() If the buffer doesn't contain enough bytes when reading a stream, fail rather than continuing on with initialized data. Caught by Chromium fuzzeras (crbug.com/1065731). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5b967f56b6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
John Rummell	7f8e9d9b77	libavformat/mov.c: Free aes_decrypt to avoid leaking memory Found by Chromium fuzzers (crbug.com/1057205). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ad91cf1f2f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
John Rummell	cd655e4c0d	libavformat/oggdec.c: Check return value from avio_read() If the buffer doesn't contain enough bytes when reading a stream, fail rather than continuing on with unitialized data. Caught by Chromium fuzzers (crbug.com/1054229). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b7c67b1ae3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	12a53bf673	avformat/asfdec_f: Fix overflow check in get_tag() Fixes: signed integer overflow: 2 * 1210064928 cannot be represented in type 'int' Fixes: 20873/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5761116909338624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c8140fe732`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	dee744a8c4	avformat/nsvdec: Fix memleaks on errors while reading the header Fixes: memleaks Fixes: 21084/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5655975492321280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `96c0469455`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	e121488dc8	avcodec/ffwavesynth: Fix integer overflow in computation of ddphi Fixes: signed integer overflow: 1302123111085380114 - -8319005078741256972 cannot be represented in type 'long' Fixes: 20991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5148554161291264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c85bf16318`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	a3a3730b54	avcodec/cbs_jpeg: Check length for SOS Fixes: out of array access Fixes: 19734/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5673507031875584 Fixes: 19353/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5703944462663680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1812352d76`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	8640db14e7	avcodec/adpcm: Fix invalid shift in AV_CODEC_ID_ADPCM_PSX Fixes: left shift of negative value -1 Fixes: 20859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_PSX_fuzzer-5720391507247104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0a11ef68f0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	b66f444683	avcodec/mpeg12dec: Fix invalid shift in mpeg2_fast_decode_block_intra() Fixes: left shift of negative value -695 Fixes: 19232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5702856963522560 Fixes: 19555/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5741218147598336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c40df2166c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Andreas Rheinhardt	73374013ff	avcodec/cbs_h2645: Treat slices without data as invalid Slices that end after their header (meaning slices after the header without any data before the rbsp_stop_one_bit or possibly without any rbsp_stop_one_bit at all) are invalid and are now dropped. This ensures that one doesn't run into two asserts in cbs_h2645_write_slice_data(). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Fixes: 19629/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5676822528524288 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `66fac1ff7c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Andreas Rheinhardt	107345d0a1	avcodec/cbs_h2645: Remove dead code to delete trailing zeroes Trailing zeroes are already discarded when splitting a fragment, which makes the code to remove them when decomposing slices dead code. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8f701932b3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	f94ca27470	avcodec/cbs_av1_syntax_template: Set seen_frame_header only after successfull uncompressed_header() Fixes: assertion failure Fixes: 19301/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_MERGE_fuzzer-5743212006473728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a2e4879432`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	c5419a53ac	avcodec/mpegaudioenc_template: fix invalid shift of sample Fixes: Ticket8010 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a2c97a8342`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00

1 2 3 4 5 ...

93185 Commits