highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
98,446 Commits 36 Branches 392 Tags
6918d1281cef12f17171242f3536ce00a8d1cdcc
Commit Graph

98446 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
112f518595 avformat/mvi: Check count for overflow 
Fixes: left shift of 21378748 by 10 places cannot be represented in type 'int'
Fixes: 26449/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5680463374712832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a413ed9863)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
5e880774dc avcodec/magicyuv: Check slice size before reading flags and pred 
Fixes: heap-buffer-overflow
Fixes: 26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0dc42147b6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
fee0e0ddbf avformat/asfdec_f: Check for negative ext_len 
Fixes: Infinite loop
Fixes: 26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016
Fixes: 26377/clusterfuzz-testcase-minimized-ffmpeg_dem_TY_fuzzer-4838195726123008
Fixes: 26384/clusterfuzz-testcase-minimized-ffmpeg_dem_G729_fuzzer-5173450337157120
Fixes: 26396/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_S24BE_fuzzer-5071092206796800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 209b9ff5c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
e3f8b914d1 avformat/bethsoftvid: Check image dimensions before use 
Fixes: signed integer overflow: 55255 * 53207 cannot be represented in type 'int'
Fixes: 26387/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS2_fuzzer-5684222226071552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 50b29f081e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
bbb50c5d0b avformat/genh: Check block_align for how it will be used in SDX2_DPCM 
Fixes: signed integer overflow: 19922944 * 1024 cannot be represented in type 'int'
Fixes: 26402/clusterfuzz-testcase-minimized-ffmpeg_dem_VMD_fuzzer-5745470053548032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c95b47e18f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
5e76c6e1a6 avformat/au: Check for EOF in au_read_annotation() 
Fixes: Timeout (too looong -> 1 ms)
Fixes: 26366/clusterfuzz-testcase-minimized-ffmpeg_dem_SDX_fuzzer-5655584843759616
Fixes: 26391/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-5484026133217280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e680d50eb4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
c486ec5d0b avformat/vividas: Check for zero v_size 
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26482/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-4905102324006912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c7a5face77)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
837477a755 avformat/segafilm: Do not assume AV_CODEC_ID_NONE is 0 
Suggested-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d34e4904cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
7da5efcf70 avformat/segafilm: Check that there is a stream 
Fixes: assertion failure
Fixes: 26472/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5759751591559168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0d7fd269b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
f75b43d10c avformat/wtvdec: Check dir_length 
Fixes: Infinite loop
Fixes: 26445/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5125558331244544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1868cb7316)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
0a0976cf82 avformat/ffmetadec: finalize AVBPrint on errors 
Fixes: memleak
Fixes: 26450/clusterfuzz-testcase-minimized-ffmpeg_dem_FFMETADATA_fuzzer-6249850443923456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a927128617)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
5872cf02ab avcodec/decode/ff_get_buffer: Check for overflow in FFALIGN() 
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 26218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5734075396259840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 939b72b02e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
554f1133c3 avcodec/exr: Check limits to avoid overflow in delta computation 
Fixes: signed integer overflow: 553590816 - -2145378049 cannot be represented in type 'int'
Fixes: 26315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5938755121446912
Fixes: 26340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5644316208529408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6910e0f4e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
e78b6c0c2f avformat/boadec: Check that channels and block_align are set 
Fixes: Infinite loop
Fixes: 26381/clusterfuzz-testcase-minimized-ffmpeg_dem_BOA_fuzzer-5745789089087488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 44ff5a1bff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
c9ce260b3d avformat/asfdec_f: Check name_len for overflow 
Fixes: signed integer overflow: -1172299744 * 2 cannot be represented in type 'int'
Fixes: 26258/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5672758488596480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0d088a47ca)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
2abb7d1bcd avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct() 
Fixes: signed integer overflow: 241173056 + 1953511200 cannot be represented in type 'int'
Fixes: 26086/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5068366420901888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d198362839)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
cc2da17f86 avformat/sbgdec: Check for timestamp overflow in parse_time_sequence() 
Fixes: signed integer overflow: 3458015007900000256 + 6425686373040000000 cannot be represented in type 'long'
Fixes: 26430/clusterfuzz-testcase-minimized-ffmpeg_dem_BRSTM_fuzzer-5761175004119040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 685ed1cbd1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
5b115c2cbe avcodec/aacdec_fixed: Limit index in vector_pow43() 
Fixes: out of array access
Fixes: 26087/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5724825462767616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f83a53638)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
2434d2452f avformat/kvag: Fix integer overflow in bitrate computation 
Fixes: signed integer overflow: 1077952576 * 4 cannot be represented in type 'int'
Fixes: 26152/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5674758518341632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ac87a2c34)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
7bc2176c4d avcodec/h264_slice: fix undefined integer overflow with POC in error concealment 
Alternatively the POC could be changed to 64bit. the large values seem to be within what is allowed.

Fixes: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int'
Fixes: 26076/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5711127201447936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 182d7a7427)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
69d0cd7883 avformat/rmdec: sanity check coded_framesize 
Fixes: signed integer overflow: -14671840 * 8224 cannot be represented in type 'int'
Fixes: 24793/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5101884323659776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aee8477c6b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
9b6d73a9ae avformat/flvdec: Check for EOF in amf_parse_object() 
Fixes: Timeout (too long -> 1ms)
Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 33624f4f2e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
a3493e100d avcodec/mv30: Fix multiple integer overflows 
Fixes: signed integer overflow: -895002 * 2400 cannot be represented in type 'int'
Fixes: 26052/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5431812577558528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 77cdc68479)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
519e629adf avcodec/smacker: Check remaining bits in SMK_BLK_FULL 
Fixes: out of array access
Fixes: 26047/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5083031667474432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 42ded4d1e6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
9165de3463 avcodec/cook: Check subpacket index against max 
Fixes: off by 1 error
Fixes: index 5 out of bounds for type 'COOKSubpacket [5]'
Fixes: 25772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5762459498184704.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a2a7604da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
8bf2eb013c avcodec/utils: Check for overflow with ATRAC* in get_audio_frame_duration() 
Fixes: signed integer overflow: 1024 * 13129048 cannot be represented in type 'int'
Fixes: 26378/clusterfuzz-testcase-minimized-ffmpeg_dem_CODEC2RAW_fuzzer-5634018353348608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01bb12f883)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
04d263f395 avcodec/hevcpred_template: Fix diagonal chroma availability in 4:2:2 edge case in intra_pred 
Fixes: pixel decode issue.ts
Fixes: raw frame.hevc

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3fbf873792)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
4fed6eade3 avformat/icodec: Change order of operations to avoid NULL dereference 
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3300f5c133)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
29bc0b5986 avcodec/exr: Fix overflow with many blocks 
Fixes: signed integer overflow: 1073741827 * 8 cannot be represented in type 'int'
Fixes: 25621/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6304841641754624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7265b7d904)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
8d8357df19 avcodec/vp9dsp_template: Fix integer overflows in idct16_1d() 
Fixes: signed integer overflow: -190760 * 11585 cannot be represented in type 'int'
Fixes: 25471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5743354917421056

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 394e8bb385)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
9514228b3d avcodec/ansi: Check initial dimensions 
Fixes: Timeout (minutes to less than 1sec)
Fixes: 25682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ANSI_fuzzer-6320712032452608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 949f0a6be9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
5e42ad856b avcodec/hevcdec: Check slice_cb_qp_offset / slice_cr_qp_offset 
Fixes: signed integer overflow: 29 + 2147483640 cannot be represented in type 'int'
Fixes: 25413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5697909331591168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 106f11f68a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
8c7d818ab1 avcodec/sonic: Check for overread 
Fixes: Timeout (too long -> 1.3 sec)
Fixes: 24358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5107284099989504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eeabdef1bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
d6f7578b7d avformat/subviewerdec: fail on AV_NOPTS_VALUE 
Such values are not supported by ff_subtitles_queue*

Fixes: signed integer overflow: 10 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 24193/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5714901855895552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b7f51428b1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
e2e2d9b66a avcodec/exr: Check line size for overflow 
Fixes: signed integer overflow: 570425356 * 6 cannot be represented in type 'int
Fixes: 25929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5099197739827200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b72cea446)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
ee69f64bdc avcodec/exr: Check xdelta, ydelta 
Fixes: assertion failure
Fixes: 25617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5648746061496320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6949df35d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
57e18185bf avcodec/celp_filters: Avoid invalid negation in ff_celp_lp_synthesis_filter() 
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 25675/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-4786580731199488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 11a6347f9e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
3dffbfac2c avcodec/takdsp: Fix negative shift in decorrelate_sf() 
Fixes: left shift of negative value -4
Fixes: 25723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6250580752990208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f54f53003)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
106103d7b5 avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420() 
Fixes: left shift of negative value -640
Fixes: 26044/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5631057602543616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3291d994b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
5f554b5c0f avformat/asfdec_f: Change order or operations slightly 
Fixes: signed integer overflow: 20 * 5184056935931942919 cannot be represented in type 'long'
Fixes: 25466/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4798660247552000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 686f015190)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
07c714e07b avformat/dxa: Use av_rescale() for duration computation 
Fixes: signed integer overflow: 8224000000 * 1629552639 cannot be represented in type 'long'
Fixes: 24908/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4658478506049536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c313089fbe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
0894fc6e66 avcodec/vc1_block: Fix integer overflow in ac value 
Fixes: signed integer overflow: 25488 * 87381 cannot be represented in type 'int'
Fixes: 24765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5108259565076480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3056e19e68)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
a3b4190ffb avcodec/mv30: Fix several integer overflows in idct_1d() 
Fixes: signed integer overflow: -1846510390 + -361755993 cannot be represented in type 'int'
Fixes: 23941/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5654696631730176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ddf2ba5497)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
10b26c55d1 avformat/iff: Check data_size not overflowing int64 
Fixes: Infinite loop
Fixes: 25844/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5660803318153216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 24352ca792)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
a5ff3de86e avcodec/dxtory: Fix negative shift in dx2_decode_slice_410() 
Fixes: left shift of negative value -768
Fixes: 25574/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-6012596027916288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit abebd87764)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
e652893c04 avcodec/sonic: Check channels before deallocating 
Fixes: heap-buffer-overflow
Fixes: 25744/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5172961169113088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f249981976)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
f29a6a499a avformat/vividas: Check for EOF in first loop in track_header() 
Fixes: timeout (243sec -> a few ms)
Fixes: 25716/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5764093666131968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7170d342e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
e3508f371e avformat/wvdec: Check rate for overflow 
Fixes: signed integer overflow: 6000 * -2147483648 cannot be represented in type 'int'
Fixes: 25700/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6578316302352384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 688c1175ba)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
d0cb1eb925 avcodec/ansi: Check nb_args for overflow 
Fixes: Integer overflow (no testcase)

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc0e776c9a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
282760537b avformat/wc3movie: Cleanup on wc3_read_header() failure 
Fixes: memleak
Fixes: 23660/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6007508031504384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b78860e769)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00