ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	e0a08c833d	avformat/oggparseogm: Fix undefined shift in ogm_packet() Fixes: shift exponent 48 is too large for 32-bit type 'int' Fixes: Chromium bug 786793 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `010b7b30b7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	8cf7205a72	avformat/avidec: Fix integer overflow in cum_len check Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long' Fixes: Chromium bug 791237 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `06e092e781`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	42bd425205	avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE Fixes: Chromium bug 795653 Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long' Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `02ecda4aba`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	e89d8ed7cb	avformat/utils: Fix integer overflow of fps_first/last_dts Fixes: runtime error: signed integer overflow: 7738135736989908991 - -7898362169240453118 cannot be represented in type 'long' Fixes: Chromium bug 796778 Reported-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1b1362e408`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	fef832c188	avformat/oggdec: Fix metadata memleak on multiple headers Fixes: Chromium bug 800123 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `da069e9c68`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	6daa205cd3	libavformat/oggparsevorbis: Fix memleak on multiple headers Fixes: Chromium bug 800123 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3934aa495d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	e908a595db	avcodec/truemotion2rt: Check input buffer size Fixes: Timeout Fixes: 6250/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2RT_fuzzer-5479814011027456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8b5c29b6c2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	c3e774784b	avcodec/g2meet: Check tile dimensions with av_image_check_size2() Fixes: OOM Fixes: 6216/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-4983807968018432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3981fb8d2a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	4d45d5b606	avcodec/exr: fix invalid shift in unpack_14() Fixes: 6154/clusterfuzz-testcase-minimized-5762231061970944 Fixes: runtime error: shift exponent 63 is too large for 32-bit type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `49062a9017`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	5909508e8d	avcodec/bintext: sanity check dimensions Fixes: Timeout Fixes: 6277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XBIN_fuzzer-6047202288861184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `090c0abff9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	bafb13dc0f	avcodec/utvideodec: Check subsample factors Fixes: Out of array read Fixes: heap_poc Found-by: GwanYeong Kim <gy741.kim@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7414d0bda7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	bcc6d40928	avcodec/smc: Check input packet size Fixes: Timeout Fixes: 6261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-5811309653262336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0293663483`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	f3562ee6fc	avcodec/cavsdec: Check alpha/beta offset Fixes: Integer overflow Fixes: 6183/clusterfuzz-testcase-minimized-6269224436629504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ae2eb04648`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	b9d5b1f05d	avcodec/diracdec: Fix integer overflow in mv computation Fixes: signed integer overflow: -2072 + -2147483646 cannot be represented in type 'int' Fixes: 6097/clusterfuzz-testcase-minimized-5034145253163008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `47e65ad63b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	4018d8586f	avcodec/h264_parse: Clear invalid chroma weights in ff_h264_pred_weight_table() Fixes: 6037/clusterfuzz-testcase-minimized-5030249784934400 Fixes: signed integer overflow: 256 * 16992036 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `85c85fffff`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	b172815c3c	avcodec/aacdec_templat: Fix integer overflow in apply_ltp() Fixes: signed integer overflow: -1625276744 + -1041893960 cannot be represented in type 'int' Fixes: 5948/clusterfuzz-testcase-minimized-5791479856365568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `33fe17bdc8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	1a387f1ce6	avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53() Fixes: 5918/clusterfuzz-testcase-minimized-5120505435652096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `793347a545`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	205689ae8a	avcodec/diracdec: Use int64 in global mv to prevent overflow Fixes: runtime error: signed integer overflow: 361 * -6295541 cannot be represented in type 'int' Fixes: 5911/clusterfuzz-testcase-minimized-6450382197751808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cbcbefdc3b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	af5c12c029	avcodec/dxtory: Remove code that corrupts dimensions Fixes: Timeout Fixes: 5796/clusterfuzz-testcase-minimized-5206729085157376 Does someone have a valid sample that triggers this path ? Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3748746a4d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	93a16aebf2	avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i() Fixes: 5894/clusterfuzz-testcase-minimized-5315325420634112 Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `647fa49495`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	37cd7f3375	avcodec/hevcdec: Check luma/chroma_log2_weight_denom Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int' Fixes: 5888/clusterfuzz-testcase-minimized-5634701067812864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f82dd4c09b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	1a4f8de03d	avcodec/jpeg2000dec: Use av_image_check_size2() Fixes: OOM Fixes: 5733/clusterfuzz-testcase-minimized-4906757966004224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `01370b31ac`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	2a85ead5a3	avcodec/vp8: Check for bitstream end before vp7_fade_frame() Fixes: Timeout Fixes: 5653/clusterfuzz-testcase-5497680018014208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `de675648ce`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	659a23e89f	avcodec/exr: Check remaining bits in last get code loop Fixes: runtime error: shift exponent -7 is negative Fixes: 3902/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6081926122176512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dd8351b118`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	519d48c861	avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c() Fixes: 5567/clusterfuzz-testcase-minimized-5769966247739392 Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ab6f571ef7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	878fc42a90	avcodec/h264_cabac: Tighten allowed coeff_abs range Fixes: integer overflows Reported-by: "Xiaohan Wang (王消寒)" <xhwang@chromium.org> Based on limits in "8.5 Transform coefficient decoding process and picture construction process prior to deblocking filter process" Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f26a63c4ee`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Xiaohan Wang	e8fb74c0c9	avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc() When ff_h264_decode_mb_cavlc() failed due to wrong sl->qscale values, e.g. dquant out of range, set the qscale to be a valid value before returning -1 and exiting the function. The qscale value can be used later e.g. in loop filter. BUG=806122 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `71f39de2a5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	76a886dae3	avcodec/vp3: Error out on invalid num_coeffs in unpack_vlcs() This fixes a hypothetical integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f2318aee8c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	f03616d2a4	avcodec/mpeg4videodec: Ignore multiple VOL headers Fixes: Ticket7005 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `63a4bdbf3b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	0df3ad79c7	avcodec/vp3: Check eob_run Fixes: out of array access Fixes: 5919/clusterfuzz-testcase-minimized-5859311382167552 Fixes: special case for theora (untested due to lack of sample) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `570023eab3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	65fc03589f	avcodec/pafvideo: Check allocated frame size Fixes: OOM Fixes: 5549/clusterfuzz-testcase-minimized-5390553567985664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `66acb63028`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	55e6c6b5fe	avcodec/scpr: Fix reading a pixel before the first Fixes: 5540/clusterfuzz-testcase-minimized-6122458273808384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0fb33a8289`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Nekopanda	66881cf2b5	avcodec/mpeg2dec: Fix field selection for skipped macroblocks For B field pictures, the spec says, > The prediction shall be made from the field of the same parity as the field being predicted. I did it. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8b154cb3e9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	838d02fcff	avcodec/huffyuvdec: Check input buffer size Fixes: Timeout Fixes: 5487/clusterfuzz-testcase-4696837035393024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `08c220d26c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	0322f78177	avcodec/utvideodec: Fix bytes left check in decode_frame() Fixes: out of array read Fixes: poc-2017.avi Found-by: GwanYeong Kim <gy741.kim@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `118e1b0b33`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	4d4656e8cd	avcodec/wavpack: Fix integer overflow in FFABS Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 5396/clusterfuzz-testcase-minimized-6558555529281536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8e50bd61e4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	a97335b1b3	avcodec/aacsbr_fixed: Fix overflows in rounding in sbr_hf_assemble() Fixes: runtime error: signed integer overflow: 2052929346 + 204817098 cannot be represented in type 'int' Fixes: 5275/clusterfuzz-testcase-minimized-5367635958038528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b1bef755f6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	d07a0ae1af	avcodec/exr: Fix memleaks in decode_header() Fixes: 4793/clusterfuzz-testcase-minimized-5707366629638144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0a2560a977`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	55f9c21363	avcodec/dirac_dwt: Fix several integer overflows Fixes: runtime error: signed integer overflow: -2146071175 + -268479557 cannot be represented in type 'int' Fixes: 5237/clusterfuzz-testcase-minimized-4569895275593728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fe1e6c06d0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	38384cdd99	avcodec/indeo5: Do not leave frame_type set to an invalid value Fixes: null pointer dereference Fixes: 5264/clusterfuzz-testcase-minimized-4621956621008896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2ff9f17851`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	4019c2a67c	avcodec/hevc_ps: Check log2_sao_offset_scale_* Fixes: 4868/clusterfuzz-testcase-minimized-6236542906400768 Fixes: runtime error: shift exponent 126 is too large for 32-bit type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4a75a75c62`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Aman Gupta	bb5748ec9d	avcodec/hevc_ps: extract SPS fields required for hvcC construction Signed-off-by: Aman Gupta <aman@tmm1.net> Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	90cfaff0bb	avcodec/mpeg4videodec: Avoid possibly aliasing violating casts Found-by: kierank Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d4967c04e0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	093c80747b	avcodec/get_bits: Document the return code of get_vlc2() Found-by: kierank Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4a94ff4ccd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	61a911d007	avcodec/mpeg4videodec: Check mb_num also against 0 The spec implies that 0 is invalid in addition to the existing checks Found-by: <kierank> Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `05f4703a16`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	d74839d793	avfilter/vf_transpose: Fix used plane count. Fixes out of array access Fixes: poc.mp4 Found-by: GwanYeong Kim <gy741.kim@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c6939f65a1`) (cherry picked from commit `3f621455d6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	aec30d0da9	avcodec/hevc_cabac: Check prefix so as to avoid invalid shifts in coeff_abs_level_remaining_decode() I suspect that this can be limited tighter, but i failed to find anything in the spec that would confirm that. Fixes: 4833/clusterfuzz-testcase-minimized-5302840101699584 Fixes: runtime error: left shift of 134217730 by 4 places cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a026a3efae`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	dbe356a009	avcodec/mjpegdec: Fix integer overflow in DC dequantization Fixes: runtime error: signed integer overflow: -65535 * 65312 cannot be represented in type 'int' Fixes: 4900/clusterfuzz-testcase-minimized-5769019744321536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1bfc1aa004`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	ce82d4722b	avcodec/dxtory: Fix bits left checks Fixes: Timeout Fixes: 4863/clusterfuzz-testcase-6347354178322432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6e1a167c55`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00
Michael Niedermayer	fb27cebc93	avcodec/hevc_cabac: Move prefix check in coeff_abs_level_remaining_decode() down Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `94d4237a7a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-04-13 00:35:15 +02:00

1 2 3 4 5 ...

85783 Commits