ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	d1390a8670	avcodec/wavpack: Fix runtime error: signed integer overflow: 2013265955 - -134217694 cannot be represented in type 'int' Fixes: 1922/clusterfuzz-testcase-minimized-5561194112876544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a47273c803`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	653de8249d	avcodec/cinepak: Check input packet size before frame reallocation Reduces time spend decoding 1917/clusterfuzz-testcase-minimized-5023221273329664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e47057e932`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	041ad6d2bb	avcodec/hevc_ps: Fix runtime error: signed integer overflow: 2147483628 + 256 cannot be represented in type 'int' Fixes: 1909/clusterfuzz-testcase-minimized-6732072662073344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6726328f79`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	368aa6aac7	avcodec/ra144: Fixes runtime error: signed integer overflow: 7160 * 327138 cannot be represented in type 'int' Fixes: 1908/clusterfuzz-testcase-minimized-5392712477966336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `08cb69e870`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	9c0c749c33	avcodec/pnm: Use ff_set_dimensions() Fixes: OOM Fixes: 1906/clusterfuzz-testcase-minimized-4599315114754048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a1c0d1d906`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	b62a5c83fc	avcodec/cavsdec: Fix runtime error: signed integer overflow: 59 + 2147483600 cannot be represented in type 'int' Fixes: 1903/clusterfuzz-testcase-minimized-5359318167715840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `58f8cd4ac5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	bb7df22328	avformat/avidec: Limit formats in gab2 to srt and ass/ssa This prevents part of one exploit leading to an information leak Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a5d849b149`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	464288cc5e	avcodec/acelp_pitch_delay: Fix runtime error: value 4.83233e+39 is outside the range of representable values of type 'float' Fixes: 1902/clusterfuzz-testcase-minimized-4762451407011840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `87bddba43b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	3a56bbe001	avcodec/wavpack: Check float_shift Fixes: runtime error: shift exponent 40 is too large for 32-bit type 'unsigned int' Fixes: 1898/clusterfuzz-testcase-minimized-5970744880136192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4020b009d1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	9a92478556	avcodec/wavpack: Fix runtime error: signed integer overflow: 24 * -2147483648 cannot be represented in type 'int' Fixes: 1894/clusterfuzz-testcase-minimized-4716739789062144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d90c5bf105`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	8d1cd5fa08	avcodec/ansi: Fix frame memleak Fixes: 1892/clusterfuzz-testcase-minimized-4519341733183488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e091b9b3c7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	20b9b1fd77	avcodec/jpeg2000dec: Use ff_set_dimensions() Fixes: OOM Fixes: 1890/clusterfuzz-testcase-minimized-6329019509243904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f3da6fbff8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	bbc6bfae37	avcodec/truemotion2: Fix passing null pointer to memset() Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c901627918`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	b1777d92f9	avcodec/truemotion2: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c9e884f3d9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	33aed7bb76	avcodec/ra144: Fix runtime error: signed integer overflow: -2449 * 1398101 cannot be represented in type 'int' Fixes: 1885/clusterfuzz-testcase-minimized-5336328549957632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7c845450d2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	a7878fe247	avcodec/ra144: Fix runtime error: signed integer overflow: 11184810 * 404 cannot be represented in type 'int' Fixes: 1884/clusterfuzz-testcase-minimized-4637425835966464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4c472c5252`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	ba3bc22940	avcodec/aac_defines: Add missing () to AAC_HALF_SUM() macro Fixes: runtime error: shift exponent 1073741848 is too large for 32-bit type 'INTFLOAT' (aka 'int') Fixes: 1880/clusterfuzz-testcase-minimized-4900645322620928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `872bac8159`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	3fe7d4c403	avcodec/webp: Fixes null pointer dereference Fixes: 1470/clusterfuzz-testcase-minimized-5404421666111488 Fixes: 1472/clusterfuzz-testcase-minimized-5677426430443520 Fixes: 1875/clusterfuzz-testcase-minimized-5536474562822144 Approved-by: BBB Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `67020711b7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	5ee31596fa	avcodec/aacdec_fixed: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 1878/clusterfuzz-testcase-minimized-6441918630199296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6b9cb5d26a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	1d88ec2fb0	avcodec/snow: Fix runtime error: signed integer overflow: 1086573993 + 1086573994 cannot be represented in type 'int' Fixes: 1871/clusterfuzz-testcase-minimized-5719950331215872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b9c032ebc0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	65f38d1285	avcodec/jpeg2000: Fix runtime error: signed integer overflow: 4185 + 2147483394 cannot be represented in type 'int' Fixes: 1870/clusterfuzz-testcase-minimized-4686788029317120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `781f88bb26`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	0103b3ea92	avcodec/jpeg2000dec: Check tile offsets more completely Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9c1812491f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	7b1d93ce9c	avcodec/aacdec_fixed: Fix multiple runtime error: shift exponent 127 is too large for 32-bit type 'int' Fixes: 1851/clusterfuzz-testcase-minimized-5692607495667712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6c3a63fc3d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	19556586d5	avcodec/wnv1: More strict buffer size check This requires at least 25% of a picture to allocate and decode it Fixes: Timeout Fixes: 1845/clusterfuzz-testcase-minimized-5075974343360512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7f50c25124`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	8fbe1f634f	avcodec/libfdk-aacdec: Correct buffer_size parameter the timeDataSize argument to aacDecoder_DecodeFrame() seems undocumented and until 2016 04 (203e3f28fbebec7011342017fafc2a0bda0ce530) unused. after that commit libfdk-aacdec interprets it as size in sample units and memsets that on error. FFmpeg as well as others (like GStreamer) did interpret it as size in bytes Fixes: 1442/clusterfuzz-testcase-minimized-4540199973421056 (This requires recent libfdk to reproduce) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ca6776a993`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	492099f9c4	avcodec/sbrdsp_template: Fix: runtime error: signed integer overflow: 849815297 + 1315389781 cannot be represented in type 'int' Fixes: 1770/clusterfuzz-testcase-minimized-5285511235108864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7c36ee216f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	259582feaa	avcodec/ivi_dsp: Fix runtime error: left shift of negative value -2 Fixes: 1839/clusterfuzz-testcase-minimized-6238490993885184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `357f2316a0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Kevin Mark	fde04ca718	doc/filters: Clarify scale2ref example Signed-off-by: Kevin Mark <kmark937@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `114e871621`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	59436dc8f8	avcodec/mlpdec: Do not leave invalid values in matrix_out_ch[] on error Fixes: runtime error: index 12 out of bounds for type 'uint8_t [8]' Fixes: 1832/clusterfuzz-testcase-minimized-6574546079449088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ac8dfcbd89`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	50fb6addc9	avcodec/ra144dec: Fix runtime error: left shift of negative value -17 Fixes: 1830/clusterfuzz-testcase-minimized-5828293733384192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `53c0c637d3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	fc449d70cf	avformat/mux: Fix copy an paste typo Found-by: Roger Scott <rscott@grammatech.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1a36354698`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	6025edc0c7	avutil/internal: Do not enable CHECKED with DEBUG This avoids potential undefined behavior in debug mode while still allowing developers which want to check for potential additional overflows to do so by manually enabling this. Reviewed-by: wm4 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a44b3abb4c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	1341713550	avcodec/aacdec_fixed: Fix runtime error: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int' Fixes: 1825/clusterfuzz-testcase-minimized-6002833050566656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8e87d146d7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	5529a67817	avcodec/smc: Check remaining input Fixes: Timeout Fixes: 1818/clusterfuzz-testcase-minimized-5039166473633792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `356194fcb1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	345f296135	avcodec/jpeg2000dec: Fix copy and paste error Found-by: jamrial Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5782e0ba8c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	75d32ff24d	avcodec/jpeg2000dec: Check tile offsets Fixes: runtime error: signed integer overflow: 4096 - -2147483648 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `89325417e7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Max Justicz	87c13e4e88	avcodec/sanm: Fix uninitialized reference frames Fixes: poc.snm Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ca616b0f72`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	52e470097a	avcodec/jpeglsdec: Check get_bits_left() before decoding a picture Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4bc3008d04`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	5148395e86	avcodec/ivi_dsp: Fix multiple runtime error: left shift of negative value -71 Fixes: 1734/clusterfuzz-testcase-minimized-5385630815092736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8fb00b3e85`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	32ac3f1b1f	avcodec/mjpegdec: Fix runtime error: signed integer overflow: -32767 * 130560 cannot be represented in type 'int' Fixes: 1724/clusterfuzz-testcase-minimized-4842395432648704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `40fa6a2fa2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	dd373b4027	avcodec/aacdec_fixed: Fix runtime error: shift exponent 34 is too large for 32-bit type 'int' Fixes: 1721/clusterfuzz-testcase-minimized-4719352135811072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b5228e44c7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	8bc5e90bb2	avcodec/mpeg4videodec: Check for multiple VOL headers Fixes multiple: runtime error: signed integer overflow: 2147115008 + 413696 cannot be represented in type 'int' Fixes: 1723/clusterfuzz-testcase-minimized-5309409372667904 Fixes: 1727/clusterfuzz-testcase-minimized-5900685306494976 Fixes: 1737/clusterfuzz-testcase-minimized-5922321338466304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `efeb47fd5d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	5ceb27b0eb	avcodec/vmnc: Check location before use Fixes: runtime error: signed integer overflow: 65535 * 64256 cannot be represented in type 'int' Fixes: 1717/clusterfuzz-testcase-minimized-5491696676634624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ec2b76aab4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	ea4b807c0a	avcodec/takdec: Fix runtime error: signed integer overflow: 8192 * 524308 cannot be represented in type 'int' Fixes: 1630/clusterfuzz-testcase-minimized-6326111917047808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `955db41192`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	0155d1c1cb	avcodec/aac_defines: Fix: runtime error: left shift of negative value -2 Fixes: 1716/clusterfuzz-testcase-minimized-4691012196761600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c3547dcbc3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	45c9fe61d9	avcodec/takdec: Fix runtime error: left shift of negative value -63 Fixes: 1713/clusterfuzz-testcase-minimized-5791887476654080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d66193252b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	11e2bdd53e	avcodec/mlpdsp: Fix runtime error: signed integer overflow: -24419392 * 128 cannot be represented in type 'int' Fixes: 1711/clusterfuzz-testcase-minimized-5248503515185152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1d04fc94e1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	7d61e21953	avcodec/sbrdsp_fixed: fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: part of 1709/clusterfuzz-testcase-minimized-4513580554649600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `384508b2ff`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	88fabd8016	avcodec/aacsbr_fixed: Fix multiple runtime error: shift exponent 170 is too large for 32-bit type 'int' Fixes part of 1709/clusterfuzz-testcase-minimized-4513580554649600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6310fc714d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
James Almer	24d744cabe	avcodec/hevc_sei: fix amount of bits skipped when reading picture timing SEI message The code was skipping the entire reported SEI message size regardless of the amount of bits read. While in theory safe for NALU where the picture timing SEI message is alone or at the end as we're using the checked bitstream reader, it isn't in any other situation, where every SEI message in the NALU after the picture timing one would potentially fail to parse. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `f738140807`) Conflicts: libavcodec/hevc_sei.c	2017-05-19 23:38:04 -03:00

... 3 4 5 6 7 ...

75852 Commits