Michael Niedermayer
fa65598309
avformat/asfdec: Fix DoS in asf_build_simple_index()
...
Fixes: Missing EOF check in loop
No testcase
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit afc9c683edmichael@niedermayer.cc >
2018-01-31 22:56:14 +01:00
Michael Niedermayer
dc4ef664ab
avformat/mov: Fix DoS in read_tfra()
...
Fixes: Missing EOF check in loop
No testcase
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9cb4eb7728michael@niedermayer.cc >
2018-01-31 22:56:14 +01:00
Michael Niedermayer
812e06cc82
avcodec/dirac_dwt: Fix multiple overflows in 9/7 lifting
...
Fixes: runtime error: signed integer overflow: 1073901567 + 1073901567 cannot be represented in type 'int'
Fixes: 3124/clusterfuzz-testcase-minimized-454643435752652
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f71cd44147michael@niedermayer.cc >
2018-01-31 22:56:14 +01:00
James Almer
a1433196b8
avformat/libssh: check the user provided a password before trying to use it
...
Fixes ticket #6413
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 8ddb6820bd
2018-01-11 10:42:34 -03:00
Michael Niedermayer
7f0359f05e
Changelog: Update
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2017-09-02 02:16:08 +02:00
孙浩(晓黑)
d686026507
avformat/mxfdec: Fix Sign error in mxf_read_primer_pack()
...
Fixes: 20170829B.mxf
Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com >
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9d00fb9d70michael@niedermayer.cc >
2017-09-01 03:20:54 +02:00
孙浩(晓黑)
accf7d34a8
avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array()
...
Fixes: 20170829A.mxf
Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com >
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 900f39692cmichael@niedermayer.cc >
2017-09-01 03:04:25 +02:00
孙浩(晓黑)
5b3986023b
avformat/nsvdec: Fix DoS due to lack of eof check in nsvs_file_offset loop.
...
Fixes: 20170829.nsv
Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com >
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c24bcb5536michael@niedermayer.cc >
2017-09-01 03:03:44 +02:00
Michael Niedermayer
74429912dc
avcodec/snowdec: Fix integer overflow in decode_subband_slice_buffered()
...
Fixes: runtime error: signed integer overflow: 267 * 8388608 cannot be represented in type 'int'
Fixes: 2743/clusterfuzz-testcase-minimized-5820652076400640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 732f976456michael@niedermayer.cc >
2017-08-29 21:21:06 +02:00
Michael Niedermayer
1a5b9b3b8e
avcodec/hevc_ps: Fix undefined shift in pcm code
...
Fixes: runtime error: shift exponent -1 is negative
Fixes: 3091/clusterfuzz-testcase-minimized-6229767969832960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2a83866c9fmichael@niedermayer.cc >
2017-08-29 21:20:50 +02:00
Michael Niedermayer
2ff2402c65
avcodec/sbrdsp_fixed: Fix undefined overflows in autocorrelate()
...
Fixes: runtime error: signed integer overflow: 8903997421129740175 + 354481484684609529 cannot be represented in type 'long'
Fixes: 2045/clusterfuzz-testcase-minimized-6751255865065472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eefb68c9c3michael@niedermayer.cc >
2017-08-28 01:44:23 +02:00
Michael Niedermayer
6b004e23d7
avformat/mvdec: Fix DoS due to lack of eof check
...
Fixes: loop.mv
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f05e2e2dcmichael@niedermayer.cc >
2017-08-28 01:43:29 +02:00
孙浩 and 张洪亮(望初)
1720050ae6
avformat/rl2: Fix DoS due to lack of eof check
...
Fixes: loop.rl2
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 96f24d1beemichael@niedermayer.cc >
2017-08-28 01:43:04 +02:00
孙浩 and 张洪亮(望初)
c70fdd9948
avformat/cinedec: Fix DoS due to lack of eof check
...
Fixes: loop.cine
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7e80b63ecdmichael@niedermayer.cc >
2017-08-28 01:42:24 +02:00
孙浩 and 张洪亮(望初)
6904464301
avformat/asfdec: Fix DoS due to lack of eof check
...
Fixes: loop.asf
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7f9ec5593emichael@niedermayer.cc >
2017-08-28 01:42:00 +02:00
Michael Niedermayer
498e07daa1
avformat/hls: Fix DoS due to infinite loop
...
Fixes: loop.m3u
The default max iteration count of 1000 is arbitrary and ideas for a better solution are welcome
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Previous version reviewed-by: Steven Liu <lingjiujianke@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7ec414892dmichael@niedermayer.cc >
2017-08-28 01:41:37 +02:00
Michael Niedermayer
bc57c79970
Update for FFmpeg 2.8.13
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2017-08-24 14:42:03 +02:00
Michael Niedermayer
49839ae013
ffprobe: Fix NULL pointer handling in color parameter printing
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 351e28f9a7michael@niedermayer.cc >
2017-08-24 12:49:30 +02:00
Michael Niedermayer
c1a9f5675b
ffprobe: Fix null pointer dereference with color primaries
...
Found-by: AD-lab of venustech
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 837cb4325bmichael@niedermayer.cc >
(cherry picked from commit b2c39fcc3c0749490dc93bca80f56724878b55fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2017-08-24 12:28:16 +02:00
Michael Niedermayer
ae37bbef43
avcodec/hevc_ps: Check delta_pocs in ff_hevc_decode_short_term_rps()
...
Fixes: integer overflow
Fixes: 2893/clusterfuzz-testcase-minimized-5809330567774208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2b44dcbc44michael@niedermayer.cc >
2017-08-24 12:10:33 +02:00
Vitaly Buka
eaf231544f
avformat/aviobuf: Fix signed integer overflow in avio_seek()
...
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow
Signed-off-by: Vitaly Buka <vitalybuka@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eca2a49716michael@niedermayer.cc >
2017-08-24 12:08:07 +02:00
Vitaly Buka
05fc22f9f6
avformat/mov: Fix signed integer overflows with total_size
...
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow
Signed-off-by: Vitaly Buka <vitalybuka@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4a404cb5b9michael@niedermayer.cc >
2017-08-24 12:03:52 +02:00
Michael Niedermayer
cab75cde01
avcodec/aacdec_template: Fix running cleanup in decode_ics_info()
...
Fixes: out of array read
Fixes: 2873/clusterfuzz-testcase-minimized-5924145713905664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Previous version reviewed-by: Alex Converse <alex.converse@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6f03ffb47dmichael@niedermayer.cc >
2017-08-23 04:03:16 +02:00
Michael Niedermayer
079849f40c
avcodec/me_cmp: Fix crashes on ARM due to misalignment
...
Adds a diff_pixels_unaligned()
Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872503
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bc488ec28amichael@niedermayer.cc >
2017-08-21 23:27:35 +02:00
Michael Niedermayer
0b37ae2ae4
avcodec/fic: Fixes signed integer overflow
...
Fixes: runtime error: signed integer overflow: 1037142357 + 1227025305 cannot be represented in type 'int'
Fixes: 3024/clusterfuzz-testcase-minimized-5885660323905536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0c9d5b015cmichael@niedermayer.cc >
2017-08-21 23:27:35 +02:00
Michael Niedermayer
7829a712bb
avcodec/snowdec: Fix off by 1 error
...
Fixes: runtime error: index 4 out of bounds for type 'int8_t [4]'
Fixes: 3023/clusterfuzz-testcase-minimized-6421736130084864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d132683dddmichael@niedermayer.cc >
2017-08-21 23:27:35 +02:00
Michael Niedermayer
b463a03476
avcodec/diracdec: Check perspective_exp and zrs_exp.
...
Fixes: undefined shift
Fixes: runtime error: shift exponent 264 is too large for 32-bit type 'int'
Fixes: 2860/clusterfuzz-testcase-minimized-4672811689836544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1e6cab8745michael@niedermayer.cc >
2017-08-17 00:27:32 +02:00
Michael Niedermayer
96cf249751
avcodec/mpeg4videodec: Clear mcsel before decoding an image
...
Fixes: runtime error: signed integer overflow: 2146467840 + 1032192 cannot be represented in type 'int'
Fixes: 2826/clusterfuzz-testcase-minimized-5901511613743104
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7735ed2974michael@niedermayer.cc >
2017-08-13 01:07:21 +02:00
Michael Niedermayer
30a2c1a1b8
avcodec/dirac_dwt: Fixes integer overflows in COMPOSE_DAUB97*
...
Fix multiple: runtime error: signed integer overflow: 6497 * 3409630 cannot be represented in type 'int'
Fixes: 2819/clusterfuzz-testcase-minimized-4743700301217792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5380f9c1cmichael@niedermayer.cc >
2017-08-08 19:38:10 +02:00
Michael Niedermayer
5f44aa14dd
avcodec/aacdec_fixed: fix invalid shift in predict()
...
Fixes: runtime error: shift exponent -2 is negative
Fixes: 2818/clusterfuzz-testcase-minimized-5062943676825600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1e443051b2michael@niedermayer.cc >
2017-08-08 19:37:43 +02:00
Michael Niedermayer
f236601e29
avcodec/h264_slice: Fix overflow in slice offset
...
Fixes: runtime error: signed integer overflow: 1610612736 * 2 cannot be represented in type 'int'
Fixes: 2817/clusterfuzz-testcase-minimized-5289691240726528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1f53bde6d8michael@niedermayer.cc >
2017-08-08 19:37:25 +02:00
Steven Siloti
f0f45d8404
avformat/utils: fix memory leak in avformat_free_context
...
The pointer to the packet queue is stored in the internal structure
so the queue needs to be flushed before internal is freed.
Signed-off-by: Steven Siloti <ssiloti@bittorrent.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 949debd1d1michael@niedermayer.cc >
2017-08-05 23:25:05 +02:00
Michael Niedermayer
9d0eb81cb8
avcodec/dirac_dwt: Fix multiple integer overflows in COMPOSE_DD97iH0()
...
Fixes: runtime error: signed integer overflow: 9 * 335544320 cannot be represented in type 'int'
Fixes: 2739/clusterfuzz-testcase-minimized-6737297955356672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bf8ab72ae9michael@niedermayer.cc >
2017-07-29 19:13:21 +02:00
Michael Niedermayer
95bbbbd14e
avcodec/diracdec: Fix integer overflow in divide3()
...
Fixes: runtime error: signed integer overflow: -1073746548 * 21845 cannot be represented in type 'int'
Fixes: 2729/clusterfuzz-testcase-minimized-5902915464069120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c0220c768cmichael@niedermayer.cc >
2017-07-29 14:23:26 +02:00
Michael Niedermayer
406d9fdd13
avcodec/takdec: Fix integer overflow in decode_subframe()
...
Fixes: runtime error: signed integer overflow: -536870912 - 1972191120 cannot be represented in type 'int'
Fixes: 2711/clusterfuzz-testcase-minimized-4975142398590976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2c630d159fmichael@niedermayer.cc >
2017-07-29 14:18:36 +02:00
Michael Niedermayer
8f9cbb3b7e
avformat/rtmppkt: Convert ff_amf_get_field_value() to bytestream2
...
Fixes: out of array accesses
Found-by: JunDong Xie of Ant-financial Light-Year Security Lab
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ffcc82219cmichael@niedermayer.cc >
2017-07-29 14:17:59 +02:00
Michael Niedermayer
b566ab49ca
avformat/rtmppkt: Convert ff_amf_tag_size() to bytestream2
...
Fixes: out of array accesses
Fixes: crash-9238fa9e8d4fde3beda1f279626f53812cb001cb-SEGV
Found-by: JunDong Xie of Ant-financial Light-Year Security Lab
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 08c073434emichael@niedermayer.cc >
2017-07-29 04:49:47 +02:00
Michael Niedermayer
58ce199aba
avcodec/hevc_ps: fix integer overflow in log2_parallel_merge_level_minus2
...
Fixes: runtime error: signed integer overflow: -2147483647 - 2 cannot be represented in type 'int'
Fixes: 2702/clusterfuzz-testcase-minimized-4511932591636480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 74c1c22d7fmichael@niedermayer.cc >
2017-07-26 17:25:20 +02:00
Michael Niedermayer
490b6599bb
avformat/oggparsecelt: Do not re-allocate os->private
...
Fixes: double free
Fixes: clusterfuzz-testcase-minimized-5080550145785856
Found-by: ClusterFuzz
Reviewed-by: Nicolas George <george@nsup.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7140761481michael@niedermayer.cc >
2017-07-26 00:22:55 +02:00
Michael Niedermayer
91442fdc1c
avcodec/aacps: Fix multiple integer overflow in map_val_34_to_20()
...
Fixes: avcodec/aacps.c:511:40: runtime error: signed integer overflow: 1509077651 + 758068176 cannot be represented in type 'int'
Fixes: 2678/clusterfuzz-testcase-minimized-4702787684270080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0764fe1d09michael@niedermayer.cc >
2017-07-26 00:14:04 +02:00
Michael Niedermayer
56e2ec0e9f
avcodec/aacdec_fixed: fix: left shift of negative value -1
...
Fixes: 2699/clusterfuzz-testcase-minimized-5631303862976512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2dfb8c4178michael@niedermayer.cc >
2017-07-26 00:11:56 +02:00
Brice Waegeneire
061be75481
doc/filters: typo in frei0r
...
Signed-off-by: Brice Waegeneire <brice.wge@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6a6eec485dmichael@niedermayer.cc >
2017-07-23 15:01:05 +02:00
Michael Niedermayer
1b1abf077d
avcodec/aacdec_template (fixed point): Check gain in decode_cce() to avoid undefined shifts later
...
Fixes: runtime error: shift exponent 47 is too large for 32-bit type 'int'
Fixes: 2581/clusterfuzz-testcase-minimized-4681474395602944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2886142e0cmichael@niedermayer.cc >
2017-07-19 04:03:11 +02:00
Michael Niedermayer
a84ed3d011
avcodec/mjpegdec: Clip DC also on the negative side.
...
Fixes: runtime error: signed integer overflow: -16711425 + -2130772346 cannot be represented in type 'int'
Fixes: 2533/clusterfuzz-testcase-minimized-5372857678823424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c28f648b19michael@niedermayer.cc >
2017-07-19 03:48:01 +02:00
Michael Niedermayer
080d6de9df
avcodec/aacps (fixed point): Fix multiple signed integer overflows
...
Fixes: runtime error: signed integer overflow: 1421978265 - -1810326882 cannot be represented in type 'int'
Fixes: 2527/clusterfuzz-testcase-minimized-5260915396050944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 80b9e40b6fmichael@niedermayer.cc >
2017-07-19 03:47:46 +02:00
Michael Niedermayer
82ba7646c2
avcodec/sbrdsp_fixed: Fix integer overflow in sbr_hf_apply_noise()
...
Fixes: runtime error: signed integer overflow: -2049425300 + -117591631 cannot be represented in type 'int'
Fixes: part of 2096/clusterfuzz-testcase-minimized-4901566068817920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2061de8a3fmichael@niedermayer.cc >
2017-07-19 03:39:54 +02:00
Michael Niedermayer
610bd59522
avcodec/wavpack: Fix invalid shift
...
Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 2377/clusterfuzz-testcase-minimized-6108505935183872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c07af72098michael@niedermayer.cc >
2017-07-19 02:50:35 +02:00
Michael Niedermayer
a5e969dd28
avcodec/hevc_ps: Fix integer overflow with beta/tc offsets
...
Fixes: runtime error: signed integer overflow: 2113929216 * 2 cannot be represented in type 'int'
Fixes: 2422/clusterfuzz-testcase-minimized-5242114713583616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit de54a37c1dmichael@niedermayer.cc >
2017-07-19 02:50:01 +02:00
Michael Niedermayer
f6954a1482
avcodec/vb: Check vertical GMC component before multiply
...
Fixes: runtime error: signed integer overflow: 8224 * 663584 cannot be represented in type 'int'
Fixes: 2393/clusterfuzz-testcase-minimized-6128334993883136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bc6ab72bc7michael@niedermayer.cc >
2017-07-19 02:48:40 +02:00
Michael Niedermayer
a6e90e5998
avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()
...
Fixes: runtime error: signed integer overflow: -163654656 * 256 cannot be represented in type 'int'
Fixes: 2367/clusterfuzz-testcase-minimized-4648678897745920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ea5366670emichael@niedermayer.cc >
2017-07-19 02:45:52 +02:00
