ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	5dea535114	avcodec/sonic: Check e in get_symbol() Fixes: signed integer overflow: 1721520852 + 1721520852 cannot be represented in type 'int' Fixes: 18346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5709623893426176 Fixes: 18753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5663299131932672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `aea6755611`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	a1474a8304	avcodec/twinvqdec: Correct overflow in block align check Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int' Fixes: 19126/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TWINVQ_fuzzer-5687464110325760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4dc93ae3d7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	6583f572d1	avcodec/vc1dec: Fix "return -1" cases Reviewed-by: "mypopy@gmail.com" <mypopy@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `26f040bcb4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	9fbd7b65d7	avcodec/vc1dec: Free sprite_output_frame on error Fixes: memleaks Fixes: 19471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5688035714269184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3ee9240be3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	6c5be12e7c	avcodec/wmadec: Keep track of exponent initialization per channel Fixes: division by 0 Fixes: 19123/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5655493121146880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bf5c850b79`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	cda7dd2124	avcodec/iff: Check that video_size is large enough for the read parameters video is allocated before parameters like bpp are read. Fixes: out of array access Fixes: 19084/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5718556033679360 Fixes: 19465/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5759908398235648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f1b97f62f8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	d8e5d0264e	avcodec/adpcm: Clip predictor for APC Fixes: signed integer overflow: -2147483648 - 13 cannot be represented in type 'int' Fixes: 18893/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_APC_fuzzer-5630760442920960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9fe07908c3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	b84ab52628	avcodec/targa: Check colors vs. available space Fixes: Timeout (37sec -> 52ms) Fixes: 18892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TARGA_fuzzer-5739537854889984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `01593278ce`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	9645c0b322	avcodec/dstdec: Use get_ur_golomb_jpegls() Fixes: shift exponent -4 is negative Fixes: 17793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5766088435957760 Fixes: 18989/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5175008116867072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a76690c02b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	71c228d2b8	avcodec/wmavoice: Check remaining input in parse_packet_header() Fixes: Infinite loop Fixes: 18914/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5731902946541568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `19c41969b2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	3191aecdfa	avcodec/wmalosslessdec: Fix 2 overflows in mclms Fixes: signed integer overflow: 2038337026 + 109343477 cannot be represented in type 'int' Fixes: 18886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5673660505653248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `92455c8c65`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	5f820ffe81	avcodec/wmaprodec: Fixes integer overflow with 32bit samples Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 18860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5755223125786624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a9cc69c0d5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	9776bc1125	avcodec/adpcm: Fix invalid shift in xa_decode() Fixes: left shift of negative value -1 Fixes: 18859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5748474213040128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `50db30b47d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	18a6ff88ce	avcodec/wmalosslessdec: Fix several integer issues Fixes: shift exponent -1 is negative (and others) Fixes: 18852/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5660855295541248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ec3fe67074`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	699a6dddc7	avcodec/wmalosslessdec: Check that padding bits is not more than sample bits Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 18817/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5713317180211200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9d42826580`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	2309850cb9	avcodec/iff: Skip overflowing runs in decode_delta_d() Fixes: Timeout (107sec - 75ms> Fixes: 18812/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6295585225441280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `185f441ba2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	bbae90e2cb	avcodec/pnm: Check that the header is not truncated Fixes: Ticket8430 Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c94cb8d9b2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:08 +02:00
Michael Niedermayer	41fc3f3851	avcodec/mp3_header_decompress_bsf: Check sample_rate_index Fixes: out of array read Fixes: 19309/clusterfuzz-testcase-minimized-ffmpeg_BSF_MP3_HEADER_DECOMPRESS_fuzzer-5651002950942720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f064c7c449`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:08 +02:00
Michael Niedermayer	57c602ab24	avformat/rmdec: Initialize and sanity check offset in ivr_read_header() Fixes: signed integer overflow: -9223372036854775808 - 17 cannot be represented in type 'long' Fixes: 18768/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5674385247830016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7e665e4a81`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:08 +02:00
Michael Niedermayer	bc73f923e2	avcodec/apedec: Fix 2 integer overflows Fixes: signed integer overflow: 2119056926 - -134217728 cannot be represented in type 'int' Fixes: 18728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5747539563511808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6e15ba2d1f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:08 +02:00
Michael Niedermayer	081aa19ac9	avcodec/wmaprodec: Set packet_loss when we error out on a sanity check Fixes: left shift of negative value -34 Fixes: 18719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5642658173419520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a9cbd25d89`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:08 +02:00
Michael Niedermayer	47d0725b91	avcodec/wmaprodec: Check offset Fixes: index 33280 out of bounds for type 'float [32768]' Fixes: 18718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5635373899710464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5473c7825e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:08 +02:00
Michael Niedermayer	6d3a91c49d	avcodec/truemotion2: Fix 2 integer overflows in tm2_low_res_block() Fixes: signed integer overflow: 1778647621 + 574372924 cannot be represented in type 'int' Fixes: 18692/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-6248679635943424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `93d52a181e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:08 +02:00
Michael Niedermayer	63bad93076	avcodec/wmaprodec: Check if the channel sum of all internal contexts match the external Fixes: NULL pointer dereference Fixes: 18689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5715114640015360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `090ac57997`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:08 +02:00
Andreas Rheinhardt	a1a6336a58	libavcodec/libvpxenc: Don't free user-provided AVPacket Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `26b4509690`)	2020-05-23 20:43:23 +02:00
Andreas Rheinhardt	f7dc65d74f	libavcodec/libmp3lame: Don't free user-provided AVPacket Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `7e6941e185`)	2020-05-23 20:43:22 +02:00
Andreas Rheinhardt	b9aaa444e1	avcodec/libopusenc: Don't free user-provided AVPacket Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `b803993b6d`)	2020-05-23 20:43:22 +02:00
Andreas Rheinhardt	164bafe8b1	avformat/matroskadec: Fix default value of BlockAddID Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `dbc50f8a93`)	2020-04-03 21:57:34 +02:00
Michael Niedermayer	289a79d545	Changelog: update Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> n3.4.7	2019-12-01 18:24:40 +01:00
Michael Niedermayer	0b49c74fe1	avcodec/g729dec: require buf_size to be non 0 The 0 case was added with the support for multiple packets. It appears unintended and causes extra complexity and out of array accesses (though within padding) No testcase Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f64be9da4c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 18:00:10 +01:00
Michael Niedermayer	4d932eb66b	avcodec/alac: Fix integer overflow in lpc_prediction() with sign Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int' Fixes: 18643/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5672182449700864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7686ba1f14`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:55:30 +01:00
Michael Niedermayer	f4daf42c1a	avcodec/wmaprodec: Fix buflen computation in save_bits() Fixes: Assertion failure Fixes: 18630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5201588654440448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `589cb44498`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:54:56 +01:00
Michael Niedermayer	5b43aa7a80	avcodec/vc1_block: Fix integer overflow in AC rescaling in vc1_decode_i_block_adv() Fixes: signed integer overflow: 50176 * 262144 cannot be represented in type 'int' Fixes: 18629/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5182370286403584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0e010e489b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:54:30 +01:00
Michael Niedermayer	2f942ddf74	avcodec/vmdaudio: Check chunk counts to avoid integer overflow Fixes: signed integer overflow: 4 * 538976288 cannot be represented in type 'int' Fixes: 18622/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-5092166174507008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `47d963335e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:54:07 +01:00
Michael Niedermayer	0eff731d8d	avformat/mxfdec: Clear metadata_sets_count in mxf_read_close() This avoids problems if the function is called twice Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `13816a1d08`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:53:27 +01:00
Michael Niedermayer	db659cdf47	avcodec/nuv: Use ff_set_dimensions() Fixes: OOM Fixes: 18956/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5766505644163072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1ca978d636`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:53:01 +01:00
Michael Niedermayer	ed4f485353	avcodec/ffwavesynth: Fix integer overflow with pink_ts_cur/next Fixes: signed integer overflow: 6175076100092079360 - -5034989061050195840 cannot be represented in type 'long' Fixes: 18614/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5704508847423488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d82ab96e76`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:51:36 +01:00
Michael Niedermayer	6ce5379105	avcodec/ralf: Fix integer overflows with the filter coefficient in decode_channel() Fixes: signed integer overflow: 1145975808 - -1146173210 cannot be represented in type 'int' Fixes: 18616/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5121296757424128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `721624c2f6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:50:16 +01:00
Michael Niedermayer	a67d997ad7	avcodec/g729dec: Use 64bit and clip in scalar product The G729 reference decoder clips after each individual operation and keeps track if overflow occurred (in the fixed point implementation), this here is simpler and faster but not 1:1 the same what the reference does. Non fuzzed samples which trigger any such overflow are welcome, so the need and impact of different clipping solutions can be evaluated. Fixes: signed integer overflow: 1271483721 + 1073676289 cannot be represented in type 'int' Fixes: 18617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5137705679978496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bf9c4a1275`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:49:31 +01:00
Michael Niedermayer	3f18698652	avcodec/mxpegdec: Check for multiple SOF Fixes: Timeout (14sec -> 9ms) Fixes: 18598/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5726095261564928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `75b64e5aa3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:48:43 +01:00
Michael Niedermayer	9162df98e1	avcodec/nuv: Move comptype check up Fixes: Timeout (23sec -> 5ms) Fixes: 18517/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5753135536013312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1138cdecbe`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:47:53 +01:00
Michael Niedermayer	66e701af69	avcodec/wmavoice: Fix integer overflow in synth_frame() Fixes: left shift of negative value -3 Fixes: 18518/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-6560514359951360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cf323f4d38`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:47:07 +01:00
Michael Niedermayer	f3e553e36a	avcodec/rawdec: Check bits_per_coded_sample more pedantically for 16bit cases Fixes: shift exponent -14 is negative Fixes: 18335/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RAWVIDEO_fuzzer-5723267192586240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5634e20525`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:46:48 +01:00
Michael Niedermayer	650ce5047c	avutil/lfg: Correct index increment type to avoid undefined behavior Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 18333/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COMFORTNOISE_fuzzer-5668481831272448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6014bcf1b7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:45:46 +01:00
Michael Niedermayer	e2def5f382	avcodec/cngdec: Remove AV_CODEC_CAP_DELAY As is the decoder will never stop, it will cause an infinite loop. The RFC seems only to speak of non empty packets so endlessly generating noise from the last empty flush packets seems wrong. Fixes: infinite loop Fixes: 18333/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COMFORTNOISE_fuzzer-5668481831272448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `327a968817`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-01 17:44:36 +01:00
Michael Niedermayer	e5baac772c	Changelog: update Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-22 22:46:42 +01:00
Michael Niedermayer	b9735a0271	avcodec/iff: Move index use after check in decodeplane8() Fixes: index 9 out of bounds for type 'const uint64_t [8][256]' Fixes: 18409/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5767030560522240 Fixes: 18720/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5651995784642560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a1f8b36cc4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-21 23:44:49 +01:00
Michael Niedermayer	eabece8639	avcodec/atrac3: Check for huge block aligns The largest documented frame size = block align is 1024 bytes (https://wiki.multimedia.cx/index.php/ATRAC3) Without a limit this can allocate arbitrary memory and trigger OOM Fixes: OOM Fixes: 18337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3_fuzzer-5763861478637568 Fixes: 18556/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3AL_fuzzer-5646183334936576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f09151fff9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-21 23:44:21 +01:00
Michael Niedermayer	978aa2ae50	avcodec/ralf: use multiply instead of shift to avoid undefined behavior in decode_block() Fixes: left shift of negative value -249 Fixes: 18566/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5649394561187840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1b7d02642b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-21 23:43:52 +01:00
Michael Niedermayer	b385b34761	avcodec/wmadec: Require previous exponents for reuse Fixes: division by zero Fixes: 18474/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5764986962182144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c54b9fc42f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-21 23:43:14 +01:00

1 2 3 4 5 ...

88680 Commits