Michael Niedermayer
7d075c5f33
avformat/aviobuf: Delay buffer downsizing until asserts are met
...
Fixes: Assertion failure
Fixes: 15151/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5757079496687616
Fixes: 15205/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5767573242642432
May fix: Ticket7094
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0334632d5cmichael@niedermayer.cc >
2019-06-30 18:48:42 +02:00
Michael Niedermayer
b5d6b509b1
avcodec/fitsdec: Check data_min/max
...
Fixes: division by 0
Fixes: 15206/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5657260212092928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eb82d19f03michael@niedermayer.cc >
2019-06-30 14:41:51 +02:00
Michael Niedermayer
f3bfb07179
avcodec/m101: Fix off be 2 error
...
Fixes: out of array read
Fixes: 15263/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_M101_fuzzer-5728999453491200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 89b96900famichael@niedermayer.cc >
2019-06-29 20:43:54 +02:00
Michael Niedermayer
423d0bbc55
avcodec/qdm2: Move fft_order check up
...
This avoids undefined computations with unchecked values
Fixes: shift exponent -21 is negative
Fixes: 15262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5651261753393152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8d8b8c4ac6michael@niedermayer.cc >
2019-06-29 20:42:20 +02:00
Michael Niedermayer
1aa0c2a06f
avcodec/libvorbisdec: Check extradata size
...
Fixes: out of array read
Fixes: 15261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_fuzzer-5764908467093504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cf3c245566michael@niedermayer.cc >
2019-06-29 20:32:43 +02:00
Michael Niedermayer
5b8bce805c
avformat/vqf: Check header_size
...
Fixes: 15271/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5735262606327808
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7c30ff3888michael@niedermayer.cc >
2019-06-29 20:32:14 +02:00
Michael Niedermayer
7daa138f68
avcodec/atrac9dec: Check q_unit_cnt in parse_band_ext()
...
Fixes: global-buffer-overflow
Fixes: 15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fb4a4557d1michael@niedermayer.cc >
2019-06-29 20:30:30 +02:00
Michael Niedermayer
3d1903acfe
avcodec/atrac9dec: Check that the reused block has succeeded initilization
...
Fixes: global-buffer-overflow
Fixes: 15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ac9af7e9a5michael@niedermayer.cc >
2019-06-29 19:36:02 +02:00
Michael Niedermayer
6872daee87
Update for 4.1.4
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2019-06-27 19:52:20 +02:00
Michael Niedermayer
1603661523
avcodec/utils: Check bits_per_coded_sample
...
This avoids the need for each decoder separately having to handle this case
Fixes: shift exponent -100663046 is negative
Fixes: out of array access
Fixes: 15270/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5727829913763840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d33414d2admichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
297c5c26cd
avcodec/videodsp_template: Fix overflow of addition
...
Fixes: addition of unsigned offset to 0x7f56fc26a9b6 overflowed to 0x7f56fc26a8be*
Fixes: clusterfuzz-testcase-minimized-mediasource_MP4_AVC1_pipeline_integration_fuzzer-4917949056679936
Reported-by: Matt Wolenetz <wolenetz@google.com >
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 247a1de7f7michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
9ede5cab3a
avcodec/alsdec: Fix invalid shift in multiply()
...
Fixes: shift exponent -24 is negative
Fixes: 15292/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5768533318828032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f30be1ec98michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
c434a043ac
avcodec/ffwavesynth: Check ts_end - ts_start for overflow
...
Fixes: signed integer overflow: 2314885530818453536 - -8926099139098304480 cannot be represented in type 'long'
Fixes: 15259/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5764366093254656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2db7a3bc4amichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
92140d7b24
avcodec/vc1dsp: Avoid undefined shifts in vc1_v_s_overlap_c / vc1_h_s_overlap_c
...
Fixes: left shift of negative value -13
Fixes: 15260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5702076048343040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 507ca66ee4michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
1b4b738033
avcodec/tta: Fix undefined shift
...
Fixes: left shift of negative value -4483
Fixes: 15256/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5738691617619968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ebccd2f778michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
d00e33ed3a
avcodec/qdmc: Fix integer overflows in PRNG
...
Fixes: signed integer overflow: 214013 * 2531011 cannot be represented in type 'int'
Fixes: 15254/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDMC_fuzzer-5698137026461696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2921b45a38michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
9b8a58fa78
avcodec/bintext: Check font height
...
Fixes: division by zero
Fixes: 15257/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINTEXT_fuzzer-5757352881422336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bfb58bdd70michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
d08d4b1066
avcodec/binkdsp: Fix integer overflows in idct
...
Fixes: signed integer overflow: 3784 * 682038 cannot be represented in type 'int'
Fixes: 15265/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5088311799971840
Fixes: 15268/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5666502344179712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7a072fbcc4michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
9a68341e9e
avcodec/bink: Fix integer overflow in unquantize_dct_coeffs()
...
Fixes: signed integer overflow: -3447 * 2883584 cannot be represented in type 'int'
Fixes: 15265/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5088311799971840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 62ad08cef9michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
da081ecf69
avcodec/motionpixels: Check for vlc error in mp_get_vlc()
...
Fixes: 15246/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5168534407086080
Fixes: runtime error: index -1 out of bounds for type 'HuffCode [16]'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 930cdef80amichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
479b70d2f8
avcodec/loco: Limit lossy parameter so it is sane and does not overflow
...
Fixes: 15248/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5087440458481664
Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ce3b0b9066michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
65e1440140
avformat/mov: Set fragment.found_tfhd only after TFHD has been parsed
...
Fixes: Assertion failure
Fixes: crbug971646.mp4
Reported-by: Matt Wolenetz <wolenetz@google.com >
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 696312c487michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
529a719a25
avcodec/xpmdec: Do not use context dimensions as temporary variables
...
Fixes: Integer overflow
Fixes: 15134/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5722635939348480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5ea7f20500michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
c0e3f54ec0
avcodec/fitsdec: Fix division by 0 in size check
...
Fixes: division by zero
Fixes: 15210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5746033243455488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 07ffe94c17michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
26605408f1
avcodec/aacpsdsp_template: Fix integer overflow in ps_hybrid_analysis_c()
...
Fixes: signed integer overflow: -1539565182 + -798086761 cannot be represented in type 'int'
Fixes: 14807/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-564925382682214
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f8f5668df5michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
ef73b0da2d
avcodec/truemotion2: Fix integer overflow in last loop in tm2_update_block()
...
Fixes: signed integer overflow: -1727985666 - 538976288 cannot be represented in type 'int'
Fixes: 15031/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5100228035739648
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3aecd01704michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
8ba9b195e7
avcodec/iff: finetune the palette size check in the mask case
...
Fixes: out of array access
Fixes: 15381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5668057826983936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0f9789c8e3michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
4d2343825c
avcodec/iff: Fix mask_buf / mask_palbuf leak
...
Fixes: 15372/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5708881759567872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 92e8db532cmichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
45d3ba9e5f
avformat/icodec: Free ico->images on error paths
...
Fixes: 15116/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5715173567889408
Fixes: memleak
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 54918b5116michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
0789b6295b
avformat/wsddec: Fix undefined shift
...
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15123/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5738039235575808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 112eb17a2bmichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
a56b96a3da
avcodec/fmvc: Check if header fields are available before allocating the image
...
Fixes: Timeout (15sec -> 0.5sec)
Fixes: 14846/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FMVC_fuzzer-5068322120400896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 561cc161camichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
6e26b1b0b1
avcodec/bink: Reorder operations in init to avoid memleak on error
...
Fixes: Direct leak of 536 byte(s) in 1 object(s)
Fixes: 15266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5629530426834944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2603f25d32michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
f487aa964b
avformat/wtvdec: Avoid (32bit signed) sectors
...
Fixes: left shift of negative value -14614752
Fixes: 15174/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5670543606415360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit dd357d76e5michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
0ccdabffd7
avcodec/bitstream: Check for more conflicting codes in build_table()
...
Fixes: out of array read
Fixes: 14563/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5646451545210880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a7e3b271fcmichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
ec23fe0fd9
avcodec/bitstream: Check for integer code truncation in build_table()
...
Fixes: out of array read
Fixes: 14563/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5646451545210880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e78b0f8374michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
837e9e8898
avformat/sbgdec: Fixes integer overflow in str_to_time() with hours
...
Fixes: signed integer overflow: 904444 * 3600 cannot be represented in type 'int'
Fixes: 15113/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5764083346833408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2a0f23b9d6michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
e73ef454e8
avformat/vpk: Check offset for validity
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aa003019abmichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
a2ebfb6afe
avformat/vpk: Fix integer overflow in samples_per_block computation
...
Fixes: signed integer overflow: 84026453 * 28 cannot be represented in type 'int'
Fixes: 15111/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5675630072430592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8c6c4129b4michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
1a022c66c8
avcodec/mjpegdec: Check for non ls PAL8
...
Fixes: Null-dereference READ in av_malloc
Fixes: 15002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5643474625363968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 442375fee7michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
c4a14a6303
avcodec/interplayvideo: check decoding_map_size with video_data_size
...
Fixes: Timeout (90543 ms -> 59 ms)
Fixes: 14721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_VIDEO_fuzzer-5697492148027392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 914d6a7c1amichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
66cbac4a0b
avcodec/h264_parse: Use 64bit for expectedpoc and expected_delta_per_poc_cycle
...
Fixes: signed integer overflow: -2142516591 + -267814575 cannot be represented in type 'int'
Fixes: 14450/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5716105319940096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4896fa18admichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
f021c40c30
avcodec/mss4: Check input size against skip bits
...
Fixes: Timeout (17sec -> 20ms)
Fixes: 14615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MTS2_fuzzer-5093007763701760
Fixes: 14797/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MTS2_fuzzer-5651696119709696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0fef412dffmichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
43afeaa086
avcodec/dxv: Check op_offset in dxv_decompress_cocg()
...
Fixes: signed integer overflow: -2147483648 - 12 cannot be represented in type 'int'
Fixes: 14732/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5735273129836544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8e520843ddmichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
04c3e3d4e2
avcodec/diracdec: Fix integer overflow in global_mv()
...
Fixes: signed integer overflow: 16384 * 196607 cannot be represented in type 'int'
Fixes: 14810/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5091232683917312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a99ffb5bb4michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
eed8561f7c
avcodec/vmnc: Check available space against chunks before reget_buffer()
...
Fixes: Timeout (16sec -> 60ms)
Fixes: 14673/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMNC_fuzzer-5640217517621248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 279d9a84afmichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
5fbc6dcdcc
avcodec/aacdec_template: skip apply_tns() if max_sfb is 0 (from previous header decode failure)
...
Fixes: NULL pointer dereference
Fixes: 14723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5654612436058112
Fixes: 14724/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5712607111020544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cf3156e762michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
42245d49a4
avcodec/aacdec_fixed: Handle more extreem cases in noise_scale()
...
Its unclear if these cases have any relevance in real files
Fixes: shift exponent -2 is negative
Fixes: 14489/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5681941631729664
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3d14663f83michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
11f5eb0f16
avcodec/aacdec_template: Merge 3 #ifs related to noise handling
...
Fewer #if and fewer lines
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bc33c99d56michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
a527b49cb9
avcodec/aacdec_fixed: ssign seems always -1 in noise_scale(), simplify
...
(cherry picked from commit 3d5863d739michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
3760f17e9b
avformat/mp3enc: Avoid SEEK_END as it is unsupported
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bf3ee6a130michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
