Michael Niedermayer
7af6fba145
Update for 3.3.7
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 01:54:06 +02:00
James Almer
3e3704da0c
avformat/utils: fix mixed declarations and code
...
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 31de45d20b
)
2018-04-13 01:20:14 +02:00
Michael Niedermayer
6de499caed
avcodec/mjpegdec: Check input buffer size.
...
Fixes: Timeout
Fixes: 6381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5665032743419904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8d381b57fd
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
41458534aa
avcodec/h264_slice: Fix integer overflow with last_poc
...
Fixes: signed integer overflow: 2147483646 - -2816 cannot be represented in type 'int'
Fixes: crbug 823145
Reported-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8c02cd8ca0
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
9b56e65e8c
avformat/mov: Fix extradata memleak
...
Fixes: crbug 822705
Reported-by: Matt Wolenetz <wolenetz@google.com >
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0a8133119c
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Matt Wolenetz
9b1a4da668
lavc/libopusdec: Allow avcodec_open2 to call .close
...
If there is a decoder initialization failure detected in avcodec_open2
after .init is called, allow graceful decoder .close to prevent leaking
libopus decoder allocations.
BUG=828526
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e43e97f0e0
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
c9452899db
avcodec/movtextdec: Check style_start/end
...
Limits based on 3GPP TS 26.245 V14.0.0
Fixes: Timeout
Fixes: 6377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5175929115508736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Philip Langdale <philipl@overt.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 249aca8f98
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
0e5946d5b2
avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble()
...
Fixes: runtime error: signed integer overflow: 2052929346 + 204817098 cannot be represented in type 'int'
This was missed in b1bef755f6
Fixes: 5275/clusterfuzz-testcase-minimized-5367635958038528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c837918f50
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
23f13130f1
libavcodec/rv34: error out earlier on missing references
...
Fixes visual corruption on seeking
Fixes: downloadTest_clip_24M.rmvb
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6cd81d68c5
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Hendrik Schreiber
30c26bb78f
swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering.
...
Removed +len1 in call to s->mix_2_1_f() as I found no logical explanation for it. After removal, problem was gone.
Signed-off-by: Hendrik Schreiber <hs@tagtraum.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 647fd4b829
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
ae2c159b87
avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed()
...
I was not able to reproduce this, this fix is based on just the fuzzer log.
Fixes: 4959/clusterfuzz-testcase-minimized-6035350934781952
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 197a4e8fee
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
1d3c141af4
avcodec/cscd: Error out when LZ* decompression fails
...
Fixes: Timeout
Fixes: 6304/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-5754772461191168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d52be5d4e9
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
heimdallr
3f949b7a64
avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list()
...
example:
AVPixelFormat pixFmts[] = { AV_PIX_FMT_RGB24, AV_PIX_FMT_RGBA };
int loss = 0;
AVPixelFormat best = avcodec_find_best_pix_fmt_of_list(pixFmts, AV_PIX_FMT_BGRA, 1, &loss);
best is AV_PIX_FMT_RGB24. But AV_PIX_FMT_RGBA is better.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 354b26a394
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
49336482fd
avfilter/vf_signature: use av_strlcpy()
...
Fixes: out of array access
Found-by: Kira <kira_cxy@foxmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 35eeff30ca
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
15d4dc0da1
avcodec/utvideodec: Set pro flag based on fourcc
...
This avoids mixing 8bit variants with pro and 10bit with non pro mode.
Fixes: out of array read
Fixes: poc_03_30.avi
Found-by: GwanYeong Kim <gy741.kim@gmail.com >
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 47b7c68ae5
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
d79b274acc
avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
...
Fixes: 2018_03_23_poc.wav
Found-by: GwanYeong Kim <gy741.kim@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ea15915b2d
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
769cb89738
avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables
...
Found-by: James Almer <jamrial@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5c75438b89
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
8a89cce372
avformat/mov: Move +1 in check to avoid hypothetical overflow in add_ctts_entry()
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eb60b9d3aa
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
899d40c17f
avcodec/get_bits: Make sure the input bitstream with padding can be addressed
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e529fe7633
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
a89b45b492
avformat/mov: Check STSC and remove invalid entries
...
Fixes assertion failure
Fixes: crbug 822547, crbug 822666 and crbug 823009
Affects: aark15sd_9A62E2FA.mp4
Found-by: ClusterFuzz
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9e67447a4f
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
5b586f0bc8
avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
...
Fixes: Timeout
Fixes: 6297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-4882404863901696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 939440ad1a
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
719b9b673c
avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
...
Fixes: Timeout
Fixes: 6297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-4882404863901696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8ee3265dbe
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
02bf1c617c
avcodec/wmalosslessdec: Reset num_saved_bits on error path
...
Fixes: NULL pointer dereference
Fixes: poc-201803.wav
Found-by: GwanYeong Kim <gy741.kim@gmail.com >
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 64c9ce0abc
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
edfe9ae63b
avformat/mov: Fix integer overflows related to sample_duration
...
Fixes: runtime error: signed integer overflow: -9166684017437101870 + -2495066639299164439 cannot be represented in type
Fixes: Chromium bug 791349
Reported-by: Matt Wolenetz <wolenetz@google.com >
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2f37082827
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
3a29fda42a
avformat/oggparsedaala: Do not adjust AV_NOPTS_VALUE
...
Fixes: potential signed integer overflow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f655ddfb47
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
e61cdbe271
avformat/oggparseogm: Check lb against psize
...
No testcase, this was found during code review
Found-by: Matt Wolenetz <wolenetz@google.com >
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3e7c847aaf
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
e0a08c833d
avformat/oggparseogm: Fix undefined shift in ogm_packet()
...
Fixes: shift exponent 48 is too large for 32-bit type 'int'
Fixes: Chromium bug 786793
Reported-by: Matt Wolenetz <wolenetz@google.com >
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 010b7b30b7
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
8cf7205a72
avformat/avidec: Fix integer overflow in cum_len check
...
Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long'
Fixes: Chromium bug 791237
Reported-by: Matt Wolenetz <wolenetz@google.com >
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 06e092e781
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
42bd425205
avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
...
Fixes: Chromium bug 795653
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
Reported-by: Matt Wolenetz <wolenetz@google.com >
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 02ecda4aba
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
e89d8ed7cb
avformat/utils: Fix integer overflow of fps_first/last_dts
...
Fixes: runtime error: signed integer overflow: 7738135736989908991 - -7898362169240453118 cannot be represented in type 'long'
Fixes: Chromium bug 796778
Reported-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1b1362e408
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
fef832c188
avformat/oggdec: Fix metadata memleak on multiple headers
...
Fixes: Chromium bug 800123
Reported-by: Matt Wolenetz <wolenetz@google.com >
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit da069e9c68
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
6daa205cd3
libavformat/oggparsevorbis: Fix memleak on multiple headers
...
Fixes: Chromium bug 800123
Reported-by: Matt Wolenetz <wolenetz@google.com >
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3934aa495d
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
e908a595db
avcodec/truemotion2rt: Check input buffer size
...
Fixes: Timeout
Fixes: 6250/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2RT_fuzzer-5479814011027456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8b5c29b6c2
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
c3e774784b
avcodec/g2meet: Check tile dimensions with av_image_check_size2()
...
Fixes: OOM
Fixes: 6216/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-4983807968018432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3981fb8d2a
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
4d45d5b606
avcodec/exr: fix invalid shift in unpack_14()
...
Fixes: 6154/clusterfuzz-testcase-minimized-5762231061970944
Fixes: runtime error: shift exponent 63 is too large for 32-bit type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 49062a9017
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
5909508e8d
avcodec/bintext: sanity check dimensions
...
Fixes: Timeout
Fixes: 6277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XBIN_fuzzer-6047202288861184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 090c0abff9
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
bafb13dc0f
avcodec/utvideodec: Check subsample factors
...
Fixes: Out of array read
Fixes: heap_poc
Found-by: GwanYeong Kim <gy741.kim@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7414d0bda7
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
bcc6d40928
avcodec/smc: Check input packet size
...
Fixes: Timeout
Fixes: 6261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-5811309653262336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0293663483
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
f3562ee6fc
avcodec/cavsdec: Check alpha/beta offset
...
Fixes: Integer overflow
Fixes: 6183/clusterfuzz-testcase-minimized-6269224436629504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ae2eb04648
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
b9d5b1f05d
avcodec/diracdec: Fix integer overflow in mv computation
...
Fixes: signed integer overflow: -2072 + -2147483646 cannot be represented in type 'int'
Fixes: 6097/clusterfuzz-testcase-minimized-5034145253163008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 47e65ad63b
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
4018d8586f
avcodec/h264_parse: Clear invalid chroma weights in ff_h264_pred_weight_table()
...
Fixes: 6037/clusterfuzz-testcase-minimized-5030249784934400
Fixes: signed integer overflow: 256 * 16992036 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 85c85fffff
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
b172815c3c
avcodec/aacdec_templat: Fix integer overflow in apply_ltp()
...
Fixes: signed integer overflow: -1625276744 + -1041893960 cannot be represented in type 'int'
Fixes: 5948/clusterfuzz-testcase-minimized-5791479856365568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 33fe17bdc8
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
1a387f1ce6
avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
...
Fixes: 5918/clusterfuzz-testcase-minimized-5120505435652096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 793347a545
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
205689ae8a
avcodec/diracdec: Use int64 in global mv to prevent overflow
...
Fixes: runtime error: signed integer overflow: 361 * -6295541 cannot be represented in type 'int'
Fixes: 5911/clusterfuzz-testcase-minimized-6450382197751808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cbcbefdc3b
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
af5c12c029
avcodec/dxtory: Remove code that corrupts dimensions
...
Fixes: Timeout
Fixes: 5796/clusterfuzz-testcase-minimized-5206729085157376
Does someone have a valid sample that triggers this path ?
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3748746a4d
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
93a16aebf2
avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i()
...
Fixes: 5894/clusterfuzz-testcase-minimized-5315325420634112
Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 647fa49495
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
37cd7f3375
avcodec/hevcdec: Check luma/chroma_log2_weight_denom
...
Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int'
Fixes: 5888/clusterfuzz-testcase-minimized-5634701067812864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f82dd4c09b
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
1a4f8de03d
avcodec/jpeg2000dec: Use av_image_check_size2()
...
Fixes: OOM
Fixes: 5733/clusterfuzz-testcase-minimized-4906757966004224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 01370b31ac
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
2a85ead5a3
avcodec/vp8: Check for bitstream end before vp7_fade_frame()
...
Fixes: Timeout
Fixes: 5653/clusterfuzz-testcase-5497680018014208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit de675648ce
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00
Michael Niedermayer
659a23e89f
avcodec/exr: Check remaining bits in last get code loop
...
Fixes: runtime error: shift exponent -7 is negative
Fixes: 3902/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6081926122176512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit dd8351b118
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-04-13 00:35:15 +02:00