ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	7f79bf7aab	avcodec/bink: Avoid undefined out of array end pointers in binkb_decode_plane() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ea9deafd3b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-25 22:49:41 +01:00
Michael Niedermayer	93fca785fa	avcodec/bink: Fix off by 1 error in ref end Fixes: out of array access Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6657932926517248 Alterantivly to this it is possibly to allocate a bigger array Note: oss-fuzz assigned this issue to a unrelated theora bug so the bug number matches that Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `49487045dd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-25 22:48:43 +01:00
Michael Niedermayer	8c42983543	avcodec/utils: Ensure linesize for SVQ3 Fixes: Assertion block_w * sizeof(uint8_t) <= ((buf_linesize) >= 0 ? (buf_linesize) : (-(buf_linesize)) Fixes: 54861/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5352418248622080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4eef658ca5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-25 21:53:04 +01:00
Michael Niedermayer	541d985362	avcodec/utils: allocate a line more for VC1 and WMV3 Fixes: out of array read on 32bit Fixes: 54857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5840588224462848 The chroma MC code reads over the currently allocated frame. Alternative fixes would be allocating a few bytes more at the end instead of a whole line extra or to adjust the threshold where the edge emu code is activated Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `01636a63d4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-25 21:40:16 +01:00
Michael Niedermayer	2ea1da51d1	avcodec/videodsp_template: Adjust pointers to avoid undefined pointer things Fixes: subtraction of unsigned offset from 0xf6602770 overflowed to 0xf6638c80 Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-495074400600064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f0150cd41c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-25 21:39:31 +01:00
Michael Niedermayer	853a19bc8f	avcodec/pngdec: Check deloco index more exactly Fixes: out of array access: Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-6716193709096960 Alternatively it should be possible to limit this to 3 plane RGB 8 /16bit to ensure the size is what it should be Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d5bae70406`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-25 21:20:50 +01:00
Michael Niedermayer	8094b11411	avcodec/ffv1dec: Check that num h/v slices is supported Fixes: out of array access Fixes: 55597/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-4898293416329216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8ead0ae68e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-25 21:08:55 +01:00
Michael Niedermayer	3a2f0caf9f	avformat/mov: Check samplesize and offset to avoid integer overflow Fixes: signed integer overflow: 9223372036854775584 + 536870912 cannot be represented in type 'long' Fixes: 55844/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-510613920664780 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `53c1f5c2e2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-25 20:46:58 +01:00
Michael Niedermayer	fb00252e62	avcodec/pictordec: Remove mid exit branch This causes the RLE decoder to exit before applying the last RLE run All images i tested with are unchanged, this makes the special case for handling the last run unused for non truncated images. Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `88f0e05c72`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-22 19:49:29 +01:00
Michael Niedermayer	34e18aecf7	avcodec/utils: use 32pixel alignment for bink bink supports 16x16 blocks in chroma planes thus we need to allocate enough. Fixes: out of array access Fixes: 55026/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6013915371012096 Reviewed-by: Peter Ross <pross@xvid.org> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b95b2c8492`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-22 01:03:43 +01:00
Michael Niedermayer	de770beba9	avcodec/012v: Order operations for odd size handling Fixes: out of array access Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZERO12V_fuzzer-6714182078955520.fuzz Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZERO12V_fuzzer-6698145212137472.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4d42d82563`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-22 01:02:23 +01:00
Michael Niedermayer	a1ac2c9dbc	avcodec/eatgq: : Check index increments in tgq_decode_block() Fixes: out of array access Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGQ_fuzzer-6743211456724992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e7755b433e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-22 00:44:41 +01:00
Michael Niedermayer	bdcb592aec	avcodec/sunrast: Fix maplength check Fixes: out of bounds read Found-by: Ibrahim Mohamed <ielsayed@meta.com> Reviewed-by; Ibrahim Mohamed <ielsayed@meta.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f8a2a65078`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 23:53:45 +01:00
Michael Niedermayer	782c45cf25	avcodec/wavpack: Avoid undefined shift in get_tail() Fixes: left shift of 1208485947 by 1 places cannot be represented in type 'int' Fixes: 54058/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5827521084260352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8374a747af`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 23:44:08 +01:00
Michael Niedermayer	1c89a13219	avformat/id3v2: Check taglen in read_uslt() Fixes: Timeout (read mostly the same data repeatly) Fixes: 52457/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-6610706313379840 Fixes: 53098/clusterfuzz-testcase-minimized-ffmpeg_dem_SOL_fuzzer-6481382981632000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a798af91d7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 23:37:23 +01:00
Michael Niedermayer	83a4442704	avcodec/ffv1dec: restructure slice coordinate reading a bit Fixes: signed integer overflow: -1094995528 * 8224 cannot be represented in type 'int' Fixes: 53508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-474551033462784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `74b6ac7ebb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 23:31:26 +01:00
Michael Niedermayer	fd29b03814	avcodec/mlpdec: Check max matrix instead of max channel in noise check This is a regression since: `adaa06581c` Before this, max_channel and max_matrix_channel where compared for equality Fixes: out of array access Fixes: 53340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-514959011885875 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `aa79560de5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:42:09 +01:00
Michael Niedermayer	dcc369b8f5	swscale/input: Use more unsigned intermediates Same principle as previous commit, with sufficiently huge rgb2yuv table values this produces wrong results and undefined behavior. The unsigned produces the same incorrect results. That is probably ok as these cases with huge values seem not to occur in any real use case. Fixes: signed integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ba209e3d51`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:37:18 +01:00
Michael Niedermayer	b4a814e974	avcodec/alsdec: The minimal block is at least 7 bits Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5280947fb6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:31:20 +01:00
Michael Niedermayer	13b184c066	avformat/replaygain: avoid undefined / negative abs Fixes: signed integer overflow: -2147483648 * 100000 cannot be represented in type 'int' Fixes: 52060/clusterfuzz-testcase-minimized-ffmpeg_dem_MP3_fuzzer-5131616708329472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2532b20b17`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:30:47 +01:00
Michael Niedermayer	e96d890ed0	avcodec/ffv1dec: Fail earlier if prior context is corrupted Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4df91e2215`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:27:27 +01:00
Michael Niedermayer	dc8ad5cbcd	Update for FFmpeg 2.8.21 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> n2.8.21	2022-10-28 21:48:45 +02:00
Michael Niedermayer	62dfe4f411	avformat/rmdec: check tag_size Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2cb7ee8a36`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	7280495991	avformat/nutdec: Check fields Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2c146406ea`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	f534619700	avformat/cafdec: Check that nb_frasmes fits within 64bit Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d4bb4e3759`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	3503a45d98	avformat/asfdec_o: Limit packet offset avoids overflows with it Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136 Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `736e9e69d5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	fe862271a4	avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d0349c9929`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	1ccd4a9eac	avformat/icodec: Check nb_pal Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `db73ae0dc1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	295c6a910d	avformat/aiffdec: Check block_duration Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1c2b6265c8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	4274c24665	avcodec/apedec: Fix integer overflow in filter_3800() Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296 Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f05247f6a4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	d4cb28f0cf	avcodec/tta: Check 24bit scaling for overflow Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3993345f91`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	5d4b0b77f6	libavformat/hls: Free keys Fixes: memleak Fixes: 50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu <lingjiujianke@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d32a9f3137`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	5681fa5b14	avcodec/bink: disallow odd positioned scaled blocks Fixes: out of array access Fixes: 47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b14104a637`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	998111d4c1	avformat/asfdec_o: limit recursion depth in asf_read_unknown() The threshold of 5 is arbitrary, both smaller and larger should work fine Fixes: Stack overflow Fixes: 50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1f1a368169`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	afd3c64c0f	doc/git-howto.texi: Document commit signing Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ced0dc807e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	7a9fd7a2ca	libavcodec/8bps: Check that line lengths fit within the buffer Fixes: Timeout Fixes: undefined pointer arithmetic Fixes: 50330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5436287485607936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2316d5ec1a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	a87ad0dba0	libavformat/iff: Check for overflow in body_end calculation Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 cannot be represented in type 'long' Fixes: 50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bcb4690304`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	09647fc78c	avcodec/h263dec: Sanity check against minimal I/P frame size Fixes: Timeout Fixes: 49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ca4ff9c21c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	d76c807333	MAINTAINERS: Add ED25519 key for signing my commits in the future Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `05225180be`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	b8c670c10c	avcodec/hevc_filter: copy_CTB() only within width&height Fixes: out of array access Fixes: 49271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5424984922652672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `009ef35d38`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	e6f9ae27ca	avformat/flvdec: Check for EOF in index reading Fixes: Timeout Fixes: 47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ceff5d7b74`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	4228a66bef	avformat/nutdec: Check get_packetheader() in mainheader Fixes; Timeout Fixes: 48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b5de084aa6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	7593a9aa21	avformat/asfdec_f: Use 64bit for packet start time Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 49014/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6314973315334144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8ed78486fc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	380ac5826d	avcodec/lagarith: Check dst/src in zero run code Fixes: out of array access Fixes: 48799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-4764457825337344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9450f75974`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	c2b4ce6875	avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c() Fixes: signed integer overflow: 2147483645 + 16 cannot be represented in type 'int' Fixes: 46993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4759025234870272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1537f40516`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	4536262900	avformat/rtsp: break on unknown protocols This function needs more cleanup and it lacks error handling Fixes: use of uninitialized memory Fixes: CID700776 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `73c0fd27c5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	b67955889c	avcodec/hevcdsp_template: stay within tables in sao_band_filter() Fixes: out of array read Fixes: 47875/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5719393113341952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9c5250a561`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	985803bbb7	avcodec/qpeldsp: copy less for the mc0x cases Fixes: out of array access Fixes: 47936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5745039940124672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e690d4edf5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	ca7078dd24	avcodec/wnv1: Check for width =1 The decoder only outputs pixels for width >1 images, fail early Fixes: Timeout Fixes: 48298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WNV1_fuzzer-6198626319204352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d98d5a436a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00
Michael Niedermayer	07350dede5	avformat/sctp: close socket on errors This is untested as i have no testcase Fixes: CID1302709 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c9a2996544`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +02:00

1 2 3 4 5 ...

76736 Commits