Commit Graph

85709 Commits

Author SHA1 Message Date
Michael Niedermayer
7af6fba145 Update for 3.3.7
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 01:54:06 +02:00
James Almer
3e3704da0c avformat/utils: fix mixed declarations and code
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 31de45d20b)
2018-04-13 01:20:14 +02:00
Michael Niedermayer
6de499caed avcodec/mjpegdec: Check input buffer size.
Fixes: Timeout
Fixes: 6381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5665032743419904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8d381b57fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
41458534aa avcodec/h264_slice: Fix integer overflow with last_poc
Fixes: signed integer overflow: 2147483646 - -2816 cannot be represented in type 'int'
Fixes: crbug 823145

Reported-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c02cd8ca0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
9b56e65e8c avformat/mov: Fix extradata memleak
Fixes: crbug 822705

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0a8133119c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Matt Wolenetz
9b1a4da668 lavc/libopusdec: Allow avcodec_open2 to call .close
If there is a decoder initialization failure detected in avcodec_open2
after .init is called, allow graceful decoder .close to prevent leaking
libopus decoder allocations.

BUG=828526

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e43e97f0e0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
c9452899db avcodec/movtextdec: Check style_start/end
Limits based on 3GPP TS 26.245 V14.0.0
Fixes: Timeout
Fixes: 6377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5175929115508736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 249aca8f98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
0e5946d5b2 avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble()
Fixes: runtime error: signed integer overflow: 2052929346 + 204817098 cannot be represented in type 'int'

This was missed in b1bef755f6
Fixes: 5275/clusterfuzz-testcase-minimized-5367635958038528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c837918f50)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
23f13130f1 libavcodec/rv34: error out earlier on missing references
Fixes visual corruption on seeking

Fixes: downloadTest_clip_24M.rmvb

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6cd81d68c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Hendrik Schreiber
30c26bb78f swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering.
Removed +len1 in call to s->mix_2_1_f() as I found no logical explanation for it. After removal, problem was gone.

Signed-off-by: Hendrik Schreiber <hs@tagtraum.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 647fd4b829)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
ae2c159b87 avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed()
I was not able to reproduce this, this fix is based on just the fuzzer log.
Fixes: 4959/clusterfuzz-testcase-minimized-6035350934781952

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 197a4e8fee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
1d3c141af4 avcodec/cscd: Error out when LZ* decompression fails
Fixes: Timeout
Fixes: 6304/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-5754772461191168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d52be5d4e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
heimdallr
3f949b7a64 avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list()
example:

AVPixelFormat pixFmts[] = { AV_PIX_FMT_RGB24, AV_PIX_FMT_RGBA };
int loss = 0;
AVPixelFormat best = avcodec_find_best_pix_fmt_of_list(pixFmts, AV_PIX_FMT_BGRA, 1, &loss);

best is AV_PIX_FMT_RGB24. But AV_PIX_FMT_RGBA is better.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 354b26a394)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
49336482fd avfilter/vf_signature: use av_strlcpy()
Fixes: out of array access

Found-by: Kira <kira_cxy@foxmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 35eeff30ca)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
15d4dc0da1 avcodec/utvideodec: Set pro flag based on fourcc
This avoids mixing 8bit variants with pro and 10bit with non pro mode.
Fixes: out of array read
Fixes: poc_03_30.avi

Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47b7c68ae5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
d79b274acc avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
Fixes: 2018_03_23_poc.wav
Found-by: GwanYeong Kim <gy741.kim@gmail.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea15915b2d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
769cb89738 avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables
Found-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5c75438b89)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
8a89cce372 avformat/mov: Move +1 in check to avoid hypothetical overflow in add_ctts_entry()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eb60b9d3aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
899d40c17f avcodec/get_bits: Make sure the input bitstream with padding can be addressed
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e529fe7633)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
a89b45b492 avformat/mov: Check STSC and remove invalid entries
Fixes assertion failure
Fixes: crbug 822547, crbug 822666 and crbug 823009

Affects: aark15sd_9A62E2FA.mp4

Found-by: ClusterFuzz
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e67447a4f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
5b586f0bc8 avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
Fixes: Timeout
Fixes: 6297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-4882404863901696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 939440ad1a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
719b9b673c avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
Fixes: Timeout
Fixes: 6297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-4882404863901696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8ee3265dbe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
02bf1c617c avcodec/wmalosslessdec: Reset num_saved_bits on error path
Fixes: NULL pointer dereference
Fixes: poc-201803.wav
Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 64c9ce0abc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
edfe9ae63b avformat/mov: Fix integer overflows related to sample_duration
Fixes: runtime error: signed integer overflow: -9166684017437101870 + -2495066639299164439 cannot be represented in type

Fixes: Chromium bug 791349

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f37082827)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
3a29fda42a avformat/oggparsedaala: Do not adjust AV_NOPTS_VALUE
Fixes: potential signed integer overflow

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f655ddfb47)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
e61cdbe271 avformat/oggparseogm: Check lb against psize
No testcase, this was found during code review

Found-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e7c847aaf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
e0a08c833d avformat/oggparseogm: Fix undefined shift in ogm_packet()
Fixes: shift exponent 48 is too large for 32-bit type 'int'
Fixes: Chromium bug 786793
Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 010b7b30b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
8cf7205a72 avformat/avidec: Fix integer overflow in cum_len check
Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long'
Fixes: Chromium bug 791237

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06e092e781)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
42bd425205 avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
Fixes: Chromium bug 795653
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 02ecda4aba)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
e89d8ed7cb avformat/utils: Fix integer overflow of fps_first/last_dts
Fixes: runtime error: signed integer overflow: 7738135736989908991 - -7898362169240453118 cannot be represented in type 'long'
Fixes: Chromium bug 796778
Reported-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b1362e408)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
fef832c188 avformat/oggdec: Fix metadata memleak on multiple headers
Fixes: Chromium bug 800123
Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit da069e9c68)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
6daa205cd3 libavformat/oggparsevorbis: Fix memleak on multiple headers
Fixes: Chromium bug 800123
Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3934aa495d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
e908a595db avcodec/truemotion2rt: Check input buffer size
Fixes: Timeout
Fixes: 6250/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2RT_fuzzer-5479814011027456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b5c29b6c2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
c3e774784b avcodec/g2meet: Check tile dimensions with av_image_check_size2()
Fixes: OOM
Fixes: 6216/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-4983807968018432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3981fb8d2a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
4d45d5b606 avcodec/exr: fix invalid shift in unpack_14()
Fixes: 6154/clusterfuzz-testcase-minimized-5762231061970944
Fixes: runtime error: shift exponent 63 is too large for 32-bit type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 49062a9017)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
5909508e8d avcodec/bintext: sanity check dimensions
Fixes: Timeout
Fixes: 6277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XBIN_fuzzer-6047202288861184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 090c0abff9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
bafb13dc0f avcodec/utvideodec: Check subsample factors
Fixes: Out of array read
Fixes: heap_poc

Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7414d0bda7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
bcc6d40928 avcodec/smc: Check input packet size
Fixes: Timeout
Fixes: 6261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-5811309653262336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0293663483)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
f3562ee6fc avcodec/cavsdec: Check alpha/beta offset
Fixes: Integer overflow
Fixes: 6183/clusterfuzz-testcase-minimized-6269224436629504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ae2eb04648)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
b9d5b1f05d avcodec/diracdec: Fix integer overflow in mv computation
Fixes: signed integer overflow: -2072 + -2147483646 cannot be represented in type 'int'
Fixes: 6097/clusterfuzz-testcase-minimized-5034145253163008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47e65ad63b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
4018d8586f avcodec/h264_parse: Clear invalid chroma weights in ff_h264_pred_weight_table()
Fixes: 6037/clusterfuzz-testcase-minimized-5030249784934400
Fixes: signed integer overflow: 256 * 16992036 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 85c85fffff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
b172815c3c avcodec/aacdec_templat: Fix integer overflow in apply_ltp()
Fixes: signed integer overflow: -1625276744 + -1041893960 cannot be represented in type 'int'
Fixes: 5948/clusterfuzz-testcase-minimized-5791479856365568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 33fe17bdc8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
1a387f1ce6 avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
Fixes: 5918/clusterfuzz-testcase-minimized-5120505435652096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 793347a545)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
205689ae8a avcodec/diracdec: Use int64 in global mv to prevent overflow
Fixes: runtime error: signed integer overflow: 361 * -6295541 cannot be represented in type 'int'
Fixes: 5911/clusterfuzz-testcase-minimized-6450382197751808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cbcbefdc3b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
af5c12c029 avcodec/dxtory: Remove code that corrupts dimensions
Fixes: Timeout
Fixes: 5796/clusterfuzz-testcase-minimized-5206729085157376

Does someone have a valid sample that triggers this path ?

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3748746a4d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
93a16aebf2 avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i()
Fixes: 5894/clusterfuzz-testcase-minimized-5315325420634112
Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 647fa49495)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
37cd7f3375 avcodec/hevcdec: Check luma/chroma_log2_weight_denom
Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int'
Fixes: 5888/clusterfuzz-testcase-minimized-5634701067812864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f82dd4c09b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
1a4f8de03d avcodec/jpeg2000dec: Use av_image_check_size2()
Fixes: OOM
Fixes: 5733/clusterfuzz-testcase-minimized-4906757966004224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01370b31ac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
2a85ead5a3 avcodec/vp8: Check for bitstream end before vp7_fade_frame()
Fixes: Timeout
Fixes: 5653/clusterfuzz-testcase-5497680018014208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit de675648ce)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00
Michael Niedermayer
659a23e89f avcodec/exr: Check remaining bits in last get code loop
Fixes: runtime error: shift exponent -7 is negative
Fixes: 3902/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6081926122176512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd8351b118)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-13 00:35:15 +02:00