ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	807bcc9a1e	avcodec/iff: Fix off by x error Fixes: out of array access Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `51225dee0a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	c25bfbe37d	avcodec/wmalosslessdec: Check block_align maximum Fixes: Assertion failure Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `314d10f7a6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	9942728b61	avcodec/loco: Fix signed integer overflow in loco_get_rice() Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `aa88cdfd90`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	e646196645	avformat/thp: Check fps Fixes: division by zero Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0e15b01b4e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	2fb4e8f70a	avformat/mpl2dec: Fix integer overflow with duration Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long' Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9a42a67c5c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	1f110be565	avcodec/mpeg12dec: remove outdated comments Found-by: Kieran Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `48de8f5816`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	c8927529d0	avcodec/snowdec: Avoid integer overflow with huge qlog Fixes: integer overflow Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `38fbf33c72`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Dale Curtis	742040a722	avformat/mov: Check if DTS is AV_NOPTS_VALUE in mov_find_next_sample(). Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bf446711bc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	7d1f349590	avcodec/mpeg12dec: Fix got_output This makes got_output consistent with the code in slice_end() which sets the output in slice_end() if (s->pict_type == AV_PICTURE_TYPE_B \|\| s->low_delay) { int ret = av_frame_ref(pict, s->current_picture_ptr->f); ... } else { Fixes: assertion failure Fixes: 22178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5664234440753152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4f33a9803a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	f167247ded	avformat/4xm: Cleanup on GET_LIST_HEADER() failure Fixes: memleak Fixes: 23142/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5932860820422656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a5313ce654`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	780b721022	avcodec/lzf: Consider the needed size in reallocation Fixes: NULL pointer dereference Fixes: 22381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5659879921680384.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `292b9b93a5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	b25d00f6a1	avformat/mlvdec: fail reading a packet with 0 streams Fixes: NULL pointer dereference Fixes: 22604/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5667739074297856.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5bd5c31087`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	0a8b2def0a	avformat/thp: Check compcount Fixes: out of array access Fixes: 22520/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5100297658826752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1ba8484559`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	79ca86c1ec	avcodec/adpcm: XA: Check shift similar to filter Fixes: negative shift Fixes: 22499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5765452130418688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6d96bae9c4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	f3dca389bc	avcodec/huffyuvdec: Test vertical coordinate more often Fixes: out of array access Fixes: 22892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5135996772679680.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a1223ddc56`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	14fe71f5dc	avcodec/hq_hqa: Check info size Fixes: assertion failure Fixes: 21079/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5737046523248640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cf28521fee`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	9f1cb0b890	avcodec/wmalosslessdec: Fix integer overflow in mclms_predict() Fixes: signed integer overflow: 2147483636 + 2048 cannot be represented in type 'int' Fixes: 22016/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5109395618004992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c42ed06695`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	63d5023257	avcodec/vp9dsp_template: Fix integer overflow(s) in iadst16_1d() Fixes: signed integer overflow: 1080285923 - -1130879337 cannot be represented in type 'int' Fixes: 22002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-6260237310099456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `071e293723`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	50c508ef65	avcodec/h264dec: Disable forced small_padding on flag2 fast Fixes: 20978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5746381832847360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	eda5c5e5fe	avformat/oggparsevorbis: Error out on double init of vp Fixes: memleak Fixes: 19949/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5743636058210304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2a3bbc0086`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	65cfae33e2	avcodec/pnmdec: Use unsigned for maxval rescaling Fixes: signed integer overflow: 65535 * 55335 cannot be represented in type 'int' Fixes: 21955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5669206981083136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `49459aca47`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	0c903ef05a	avcodec/ivi: Clear got_p_frame before decoding a new frame using it Fixes: assertion failure Fixes: 21666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5706468994318336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1d633e6a0a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	a24bbffebe	avcodec/dsddec: Check channels Fixes: division by zero Fixes: 21677/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_MSBF_fuzzer-5712547983654912 Fixes: 21751/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_LSBF_fuzzer-5197097180856320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2570a8777e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	0fdaecd8f0	avcodec/xvididct: Fix integer overflow in idct_row() Fixes: signed integer overflow: -1238335488 + -1003634688 cannot be represented in type 'int' Fixes: 21649/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5112005765890048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `620236e4d2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:45 +02:00
Michael Niedermayer	221afdfc91	avcodec/wmalosslessdec: Fix integer overflows in revert_inter_ch_decorr() Fixes: signed integer overflow: -717241856 + -1434459904 cannot be represented in type 'int' Fixes: 21405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5677143666458624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e9a4c4fe99`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	6085934f8f	avformat/mpegenc: Fix integer overflow with AV_NOPTS_VALUE Fixes: signed integer overflow: -9223372036854775808 - 45000 cannot be represented in type 'long' Fixes: ticket8187 Found-by: Suhwan Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9874815b1a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	bdc4815b26	avformat/swfenc: Fix integer overflow in frame rate handling Fixes: signed integer overflow: 30000299 * 256 cannot be represented in type 'int' Fixes: ticket8184 Found-by: Suhwan Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `31f956acad`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	b0037e9ee5	avformat/aadec: Check toc_size to contain the minimum to demuxer uses Fixes: out of array access Fixes: stack-buffer-overflow-READ-0x0831fff1 Found-by: GalyCannon <galycannon@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `daa2482871`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	5bfafe838e	avcodec/cbs_h265_syntax_template: Limit num_long_term_pics more strictly The limit is based on hevcdec.c Fixes: 20854/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-5160442882424832 Fixes: out of array access Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `435fa373d1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Dale Curtis	2b20b1d2ab	avformat/mov: Don't allow negative sample sizes. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2d8d554f15`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Vitaly Buka	2a5cc5d601	mpeg4videoenc: Don't crash with -fsanitize=bounds Also the patch makes this code consistent with mpeg4videodec.c Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f163d30de2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	92961de9da	avformat/mpegts: Shuffle avio_seek This avoids accessing an old, no longer valid buffer. Fixes: out of array access Fixes: crash_audio-2020 Found-by: le wu <shoulewoba@gmail.com> Reviewed-by: Marton Balint <cus@passwd.hu> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cd74af1416`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	619594d2a0	avcodec/binkaudio: Fix 2Ghz sample_rate Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 19950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_DCT_fuzzer-5765514337189888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Suggested-by: Paul Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f603d10b1e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	3594573f0a	avcodec/adpcm: Fix integer overflow in ADPCM THP The reference (thp.txt) uses floats so wrap around would seem incorrect. Fixes: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int' Fixes: 20658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_THP_fuzzer-5646302555930624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b12b05374f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	242bbbcd70	avcodec/ralf: Check num_blocks before use Fixes: out of array access Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5739471895265280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f0c0471075`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	535a88034e	avcodec/iff: Test video_size being non zero Fixes: Out of array access Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5658548592967680 Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723561177382912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a035fd88ae`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	1b981fc9e8	avcodec/utvideodec: Fix integer overflow in decode_plane() Fixes: signed integer overflow: 2147483594 + 142 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-5658568101724160 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `876cfa67f3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	24122adc5f	avcodec/ttadsp: Fix several integer overflows in tta_filter_process_c() Fixes: signed integer overflow: 1931744255 + 252497024 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5763348114440192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8627885172`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	ff893fe610	avcodec/ralf: Fix integer overflow in decode_block() Fixes: signed integer overflow: 289082077 - -2003141111 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5196077752123392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0c4330847c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	16aab4f595	avcodec/nuv: widen buf_size type Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5740176118906880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1ac106bf56`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	1d2aedea01	avcodec/iff: Fix several integer overflows Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int32_t' (aka 'int') Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5764066459254784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7a92147f87`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	3f686f6a7d	avcodec/g729postfilter: Clip gain before scaling with AGC_FAC1 The fixed point integer reference specifies the multiplication used to have 16bit input and clips so we need to clip the input The floating point implementation does not seem to do that. Fixes: signed integer overflow: 6317568 * 410 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5700189272932352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `82d4c7b95e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	3ee001de6f	avcodec/alac: Fix integer overflow with 24/20bps samples Fixes: signed integer overflow: 1020048 * 4096 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5753877751660544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `22e51e95ac`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	033ecda2f2	avcodec/dstdec: Check sample rate Fixes: out of array access Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5735812071424000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5727b1f13f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	6fd2a2ba41	avformat/thp: Require a video stream The demuxer code assumes the existence of a video stream Fixes: assertion failure Fixes: 21512/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5699660783288320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `97c78caf3e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	deabf2bdad	avformat/mpeg: Decrease score by 1 for files with very little valid data Fixes: 8233/PPY6574574605_cut.mp3 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `20f7b4dfc9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	ad27c7c850	avcodec/pngdec: Check length in fdAT Fixes: 21089/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5135981419429888 Fixes: out of array read Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `79e5c2ee2b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	91e39dd6f3	avcodec/g2meet: Check tile_width in epic_jb_decode_tile() Fixes: out of array access Fixes: 21469/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5199357982015488 Alternatively the arrays can be made bigger or the index can be clipped. In case a real file with such huge tiles exist we ask the user to upload it. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5501bb28dd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	0678c4d350	avcodec/hapdec: Check tex_size more strictly and before using it Fixes: OOM Fixes: 20774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5678608951803904 Fixes: 20956/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5713643025203200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `81fe316ad9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00
Michael Niedermayer	0f4944512f	avcodec/vp9dsp_template: Fix integer overflows in idct32_1d() Fixes: signed integer overflow: -193177 * 11585 cannot be represented in type 'int' Fixes: 20557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5704852816789504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e16e3e63f0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-01 13:33:44 +02:00

1 2 3 4 5 ...

91586 Commits