highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
93,185 Commits 36 Branches 392 Tags
5a86c28a73a39a200310b1fee47be7ad78795599
Commit Graph

93185 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
eb64c10a4b avcodec/motion_est_template: Fix invalid shifts in no_sub_motion_search() 
Fixes: Ticket8167

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e13eee37ee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
1170ec748b libavformat/avienc: Check bits per sample for PAL8 
Fixes: assertion failure
Fixes: Ticket 8172

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3595878281)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
6faa32dd6c avformat/mpegts: Improve the position determination for avpriv_mpegts_parse_packet() 
Fixes: assertion failure
Fixes: Ticket 8005

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e5bb48ae59)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
59a4a990fc avcodec/magicyuv: Check that there are enough lines for interlacing to be possible 
Fixes: out of array access
Fixes: 20763/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5759562508664832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f8a0e9f9f7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
366929ab4e avformat/mvdec: Check stream numbers 
Fixes: null pointer dereference
Fixes: 20768/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5638648978735104.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 618a9bea65)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
a7dabc18ea avcodec/pcm: Fix invalid shift in AV_CODEC_ID_PCM_LXF 
Fixes: left shift of 233 by 24 places cannot be represented in type 'int'
Fixes: 20736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_LXF_fuzzer-4829212685107200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 051d11f659)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
4e2dd06d27 avcodec/qdm2: Check fft_coefs_index 
Fixes: out of array access
Fixes: 20660/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5658290216501248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9fc73bf022)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
31098af56d avformat/utils: Fix integer overflow with complex time bases in avformat_find_stream_info() 
Fixes: signed integer overflow: 2045163756 * 2 cannot be represented in type 'int'
Fixes: Ticket5132

Found-by: tsmith
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f3d8f517db)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
4b7a304b6e avformat/avidec: Avoid integer overflow in NI switch check 
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
Fixes: Ticket8149

Found-by: Suhwan
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 347920ca21)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
6a300f6a90 fftools/ffmpeg: Fix integer overflow in duration computation in seek_to_start() 
Fixes: signed integer overflow: -9223372036854775808 - 9223372036854775807 cannot be represented in type 'long'
Fixes: Ticket8142

Found-by: Suhwan
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f4ad33d96)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
555d2ab5a5 avfilter/vf_aspect: Fix integer overflow in compute_dar() 
Fixes: signed integer overflow: 1562273630 * 17 cannot be represented in type 'int'
Fixes: Ticket8323

Found-by: Suhwan
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c0ca0f244)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
55f147c2ba avcodec/apedec: Fix invalid shift with 24 bps 
Fixes: left shift of negative value -463
Fixes: 20542/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5688714435231744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8e27867229)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Dale Curtis
b89759ea54 avformat/utils: Fix undefined behavior in ff_configure_buffers_for_index() 
When e2_pts == INT64_MIN and e1_pts >= 0 the calculation of
e2_pts - e1_pts will overflow an int64_t.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f15007afa9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
27db9c8288 avcodec/dpcm: Fix integer overflow in AV_CODEC_ID_GREMLIN_DPCM 
Fixes: signed integer overflow: -2147479324 + -32568 cannot be represented in type 'int'
Fixes: 20103/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GREMLIN_DPCM_fuzzer-5667667579240448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b1aecad9ea)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
52b9e7f530 avcodec/wmalosslessdec: Fix integer overflow with sliding in padding bits 
Fixes: signed integer overflow: -53716100 * 256 cannot be represented in type 'int'
Fixes: 20143/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5716604000403456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b8a0be9352)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
3653108a5c avcodec/wmalosslessdec: Fix loop in revert_acfilter() 
Fixes: out of array read
Fixes: 20059/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5691776237305856

No testcase except the fuzzed one.

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5584c0bb94)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
c4dccb509d avcodec/lagarith: Sanity check scale 
A value of 24 and above can collaps the range to 0 which would not work.

Fixes: Timeout (75sec -> 21sec)
Fixes: 18707/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-5708950892969984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fb3855342b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
d75d754b84 avcodec/apedec: Fix integer overflows in predictor_decode_mono_3950() 
Fixes: signed integer overflow: -2147407150 + -1871606 cannot be represented in type 'int'
Fixes: 18702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679095417667584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eb64a5c6f9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
9f30a1694c avcodec/ralf: Fix integer overflow in apply_lpc() 
Fixes: signed integer overflow: 2147482897 + 2048 cannot be represented in type 'int'
Fixes: 19240/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5743240326414336
Fixes: 19869/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5150136636538880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fd313d8cf8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
af1bfe5bc3 avcodec/dca_lbr: Fix some error codes and error passing 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bfea054a75)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
9f30473846 avcodec/wmavoice: Fix rounding and integer anomalies in calc_input_response() 
Fixes: out of array access
Fixes: inf is outside the range of representable values of type 'int'
Fixes: signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long'
Fixes: 19316/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5677369365102592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38d3758444)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
20c0ea160e avcodec/wmavoice: sanity check block_align 
This limit is roughly based on the bitreader limit, its likely a much tighter limit
could be used

Fixes: left shift of 1965039647 by 1 places cannot be represented in type 'int'
Fixes: 19545/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5695391899320320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6847e22c8c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
958db2c438 avcodec/pcm: Fix invalid shift in pcm_decode_frame for LXF 
Fixes: left shift of 32 by 28 places cannot be represented in type 'int'
Fixes: 19472/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_LXF_fuzzer-5704364320096256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 985d3666f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
bc77d29d9e avcodec/snappy: Sanity check bytestream2_get_levarint() 
Fixes: left shift of 79 by 28 places cannot be represented in type 'int'
Fixes: 20202/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5719004081815552
Fixes: 20219/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5641738677125120
Fixes: 20389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5680721517871104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be54da2117)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
5e83098085 avcodec/mlpdsp: Fix a invalid shift in ff_mlp_rematrix_channel() 
Fixes: left shift of negative value -2
Fixes: 20305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5677196618498048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Jai Luthra <me@jailuthra.in>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fcc9f13717)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
51c084bf72 avcodec/avdct: Clear IDCTDSPContext context 
Fixes use of uninitialized variable and segfault

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b82825eba8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
9ed9c8cc51 avcodec/x86/diracdsp: Fix high bits on Windows x86_64 
Found-by: james
(cherry picked from commit 24af459d1e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
e1146c8b72 avformat/mov: Check STCO location 
Fixes: bypassing of checks and assertion failure
Fixes: asan_1003879.mp4

Found-by: Clusterfuzz + asan
Reported-by: Thomas Guilbert <tguilbert@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1cd4184020)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
862c0048ec avcodec/wmalosslessdec: Fix multiple integer overflows 
Fixes: left shift of 3329 by 20 places cannot be represented in type 'int'
Fixes: signed integer overflow: -199378355 + -1948950833 cannot be represented in type 'int'
Fixes: 19837/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5752565837070336
Fixes: 19839/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5767483265122304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 422202516c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
109cab1487 avcodec/apedec: Fix undefined integer overflow in decode_array_0000() 
Fixes: signed integer overflow: -2143289344 - 6246400 cannot be represented in type 'int'
Fixes: 19239/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5173755680915456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a3655bb02c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
b7c2f4d298 avcodec/smacker: Check space before decoding type 
Fixes: Timeout (232sec -> 280ms)
Fixes: 19682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5654129649385472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f5c18da59)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
3f42af0342 avcodec/rawdec: Use linesize in b64a 
Fixes: out of array access
Fixes: 19750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RAWVIDEO_fuzzer-5074834119983104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2b5b9d5dac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
57278dac15 avcodec/iff: Over-allocate ham_palbuf for HAM6 IFF-PBM 
IFF-PBM-HAM6 can read out of array without this overallocation
Fixes: Out of array read
Fixes: 19752/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5675331403120640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8652f4e7a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
e1bea6d412 avcodec/x86/diracdsp: Fix incorrect src addressing in dequant_subband_32() 
Fixes: Segfault (not reproducable with asm, which made this hard to debug)
Fixes: decoding errors
Fixes: 19854/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5729372837511168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0694b60b7b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
7a7be53ac5 avfilter/vf_find_rect: Remove assert 
A score of 0 is possible
Fixes: Ticket8500

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dfc4714886)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
b7b8aeef13 avfilter/vf_find_rect: Increase worst case score 
score could be 1.0 which lead to uninitialized values

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ff2474e02)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
cfd165dda7 swscale/input: Fix several invalid shifts related to rgb2yuv constants 
Fixes: Invalid shifts
Fixes: #8140
Fixes: #8146

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d48e510124)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
f541744f73 swscale/output: Fix several invalid shifts in yuv2rgb_full_1_c_template() 
Fixes: Invalid shifts
Fixes: #8320

Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b7f97532b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
0ec11133d9 swscale/swscale: Fix several invalid shifts related to vChrDrop 
Fixes: Invalid shifts
Fixes: #8166
Fixes: filter-crop_scale_vflip FATE-test

Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a6ca22c118)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
88326e29dc avcodec/hevc_mp4toannexb_bsf: check that nalu size doesnt overflow 
Fixes: Out of array access
Fixes: 19299/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_MP4TOANNEXB_fuzzer-5169193398042624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8ceb2a72f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
a0d0e9b245 avcodec/hevc_mp4toannexb_bsf: Avoid NULL memcpy() 
Fixes: invalid memcpy use
Fixes: 19299/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_MP4TOANNEXB_fuzzer-5169193398042624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1e23b5a706)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
831ac9ad46 avcodec/cbs_av1: Check leb128 values read 
"It is a requirement of bitstream conformance that the value returned from the leb128 parsing process is less than or equal
to (1 << 32) - 1."

Fixes: assertion failure
Fixes: 19293/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5749508361420800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a70d836364)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
623ecb2ec8 avcodec/wmalosslessdec: move channel check up 
Fixes: out of array access
Fixes: 2nd part of 18429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-6210814364614656

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 891bcc4acc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
94a1280fb0 avcodec/cbs_h2645: Skip all 0 NAL units 
Fixes: assertion failure
Fixes: 19286/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_REDUNDANT_PPS_fuzzer-5707990724509696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 285138ef14)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
7be077fcf8 avcodec/adpcm: Fix overflow in FFABS() IMA_EA_EACS 
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 19235/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_EA_EACS_fuzzer-5680878952382464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 794352ae9d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
b36592ce07 avcodec/alac: Fix integer overflow in LPC coefficient adaption 
Fixes: signed integer overflow: 267693597 * 10 cannot be represented in type 'int'
Fixes: 19237/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5755407700328448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6a865cec5e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
84048cf37f avcodec/g729postfilter: Optimize out overflowing multiplication from apply_tilt_comp() 
Fixes: signed integer overflow: -1114392282 * 2 cannot be represented in type 'int'
Fixes: 19236/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5741678938030080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0bd5fa43d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
fabd42043a avcodec/vc1dec: Check field_mode for sprites 
Fixes: Out of array read
Fixes: 19263/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5389219325542400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 32fb919836)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
f2a0bde8f3 avcodec/vc1dec: Limit bits by the actual bitstream size 
Fixes: Timeout (350 ->19sec)
Fixes: 19249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6566896438870016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c56a52a82c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00
Michael Niedermayer
f061fe9aa1 avcodec/vmdaudio: Check block_align more 
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 19788/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-5743379690553344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06f6857b54)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:23 +02:00