Michael Niedermayer
8a38efad42
avcodec/takdec: Fixes: integer overflow in AV_SAMPLE_FMT_U8P output
...
Fixes: runtime error: signed integer overflow: 2147483543 + 128 cannot be represented in type 'int'
Fixes: 2234/clusterfuzz-testcase-minimized-6266896041115648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 27c2006805michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
575ba21007
avcodec/jpeg2000dsp: Reorder operations in ict_int() to avoid 2 integer overflows
...
Fixes: runtime error: signed integer overflow: 58065 * 51981 cannot be represented in type 'int'
Fixes: 2271/clusterfuzz-testcase-minimized-5778297776504832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c746f92a8emichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
2d0fd04f16
avcodec/hevcpred_template: Fix left shift of negative value
...
Fixes: runtime error: left shift of negative value -1
Fixes: 2250/clusterfuzz-testcase-minimized-5693382112313344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c94326c1fcmichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
10dc2c48ed
avcodec/hevcdec: Fix signed integer overflow in decode_lt_rps()
...
Fixes: runtime error: signed integer overflow: 2147483647 + 6 cannot be represented in type 'int'
Fixes: 2263/clusterfuzz-testcase-minimized-4800359627227136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1edbf5e20cmichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
d51d7b0971
avcodec/jpeg2000dec: Check nonzerobits more completely
...
Fixes: runtime error: shift exponent 36 is too large for 32-bit type 'int'
Fixes: 2239/clusterfuzz-testcase-minimized-5639766592716800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit dfb61ea263michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
37c77f74c2
avcodec/shorten: Sanity check maxnlpc
...
Fixes OOM
Fixes: 2131/clusterfuzz-testcase-minimized-4718045157130240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e77ddd31a8michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
cfaa5affad
avcodec/truemotion2: Move skip computation after checks
...
Fixes: runtime error: signed integer overflow: 630067357 * 4 cannot be represented in type 'int'
Fixes: 2233/clusterfuzz-testcase-minimized-5943031318446080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3c716682a8michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
3e6b7d5802
avcodec/jpeg2000: Fixes integer overflow in ff_jpeg2000_ceildivpow2()
...
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 2231/clusterfuzz-testcase-minimized-4565181982048256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e3fadc57c5michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
2d7e26277a
avcodec/hevcdec: Check nb_sps
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bc40674462michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
8d0c353b73
avcodec/hevc_refs: Check nb_refs in add_candidate_ref()
...
Fixes: runtime error: index 16 out of bounds for type 'int [16]'
Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1cb4ef526dmichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
5d609474f3
avcodec/mpeg4videodec: Check sprite delta upshift against overflowing.
...
Fixes: runtime error: signed integer overflow: -268386304 * 16 cannot be represented in type 'int'
Fixes: 2204/clusterfuzz-testcase-minimized-5616756909408256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 12245ab1f6michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
c19fd27248
avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 case
...
Fixes: runtime error: signed integer overflow: 131072 + 2147352576 cannot be represented in type 'int'
Fixes: 2192/clusterfuzz-testcase-minimized-5370387988742144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0a87be404amichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
fe3fcc551d
avcodec/aacsbr_fixed: Check shift in sbr_hf_assemble()
...
Fixes: runtime error: shift exponent -10 is negative
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d1992448d3michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
fc5bbdf2c5
avcodec/sbrdsp_fixed: Return an error from sbr_hf_apply_noise() if operations are impossible
...
Fixes: 1775/clusterfuzz-testcase-minimized-5330288148217856
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d549f026d8michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
3a3c32ea1f
avcodec/jpeg2000dwt: Fix runtime error: left shift of negative value -123
...
Fixes: 2208/clusterfuzz-testcase-minimized-5976593765761024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d24043e1a2michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
562690a7f7
avcodec/wavpack: Fix runtime error: signed integer overflow: 1886191616 + 277872640 cannot be represented in type 'int'
...
Fixes: 2181/clusterfuzz-testcase-minimized-6314784322486272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c996374d4dmichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
afc6d2242c
avcodec/snowdec: Fix runtime error: left shift of negative value -1
...
Fixes: 2197/clusterfuzz-testcase-minimized-6010716676947968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2e44126363michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
7927112377
avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1297616
...
Fixes: 2195/clusterfuzz-testcase-minimized-4736721533009920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6d499ecef9michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
427ee58d61
avcodec/tiff: Fix leak of geotags[].val
...
Fixes: 2176/clusterfuzz-testcase-minimized-5908197216878592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 22a25ab389michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
9f5ada6880
avcodec/ra144: Fix runtime error: signed integer overflow: -2200 * 1033073 cannot be represented in type 'int'
...
Fixes: 2175/clusterfuzz-testcase-minimized-5809657849315328
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 71da0a5c97michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
4f2aaccff0
avcodec/flicvideo: Fix runtime error: signed integer overflow: 4864 * 459296 cannot be represented in type 'int'
...
Fixes: 2174/clusterfuzz-testcase-minimized-5739234533048320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 90e8317b3bmichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
f263c4687f
avcodec/cfhd: Check band parameters before storing them
...
Fixes out of array read
Fixes: 2169/clusterfuzz-testcase-minimized-5688641642823680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 54aaadf648michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
26afadbd29
avcodec/indeo4: Check remaining data in Pic hdr extension parsing code
...
Fixes: Timeout
Fixes: 2115/clusterfuzz-testcase-minimized-6594111748440064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a3b5b60bdfmichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
cd16f4cf4b
avcodec/ac3dec_fixed: Fix multiple runtime error: signed integer overflow: -39271008 * 59 cannot be represented in type 'int'
...
Fixes: 2113/clusterfuzz-testcase-minimized-6510704959946752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4e3ab1a5c1michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
faa104541d
avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 53098 * 40448 cannot be represented in type 'int'
...
Fixes: 2106/clusterfuzz-testcase-minimized-6136503639998464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 18bca25adbmichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
fb1d3fb1e5
avcodec/pafvideo: Fix assertion failure
...
Fixes: 2100/clusterfuzz-testcase-minimized-4522961547558912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c4360559eemichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
e8aa646e4a
avcodec/takdec: Fix multiple runtime error: signed integer overflow: 637072 * 4096 cannot be represented in type 'int'
...
Fixes: 2079/clusterfuzz-testcase-minimized-5345861779324928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e4efd41b83michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
79f0677332
avcodec/mjpegdec: Check that reference frame matches the current frame
...
Fixes: out of array read
Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4705edbbb9michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
42b26b41a4
avcodec/tiff: Avoid loosing allocated geotag values
...
Fixes memleak
Fixes: 2076/clusterfuzz-testcase-minimized-6542640243802112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d7cbeab4c1michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
bcf63142d1
avcodec/cavs: Fix runtime error: signed integer overflow: -12648062 * 256 cannot be represented in type 'int'
...
Fixes: 2067/clusterfuzz-testcase-minimized-5578430902960128
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1e6ee86d92michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
e0a3b8670d
avformat/hls: Check local file extensions
...
This reduces the attack surface of local file-system
information leaking.
It prevents the existing exploit leading to an information leak. As
well as similar hypothetical attacks.
Leaks of information from files and symlinks ending in common multimedia extensions
are still possible. But files with sensitive information like private keys and passwords
generally do not use common multimedia filename extensions.
It does not stop leaks via remote addresses in the LAN.
The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder becomes sensitive as well.
The only obvious solution is to prevent access to sensitive information. Or to
disable hls or possibly some of its feature. More complex solutions like
checking the path to limit access to only subdirectories of the hls path may
work as an alternative. But such solutions are fragile and tricky to implement
portably and would not stop every possible attack nor would they work with all
valid hls files.
Developers have expressed their dislike / objected to disabling hls by default as well
as disabling hls with local files. There also where objections against restricting
remote url file extensions. This here is a less robust but also lower
inconvenience solution.
It can be applied stand alone or together with other solutions.
limiting the check to local files was suggested by nevcairiel
This recommits the security fix without the author name joke which was
originally requested by Nicolas.
Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 189ff42196michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
6f49b9a688
avcodec/qdrw: Fix null pointer dereference
...
The RGB555 PACKBITSRGN case tries to read a palette, if such
palette is actually stored then it accesses a null pointer.
All 16bit samples i could find use DIRECTBITSRGN.
Fixes: 2065/clusterfuzz-testcase-minimized-6298930457346048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 46b865ea9fmichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
1f4da7c384
avutil/softfloat: Fix sign error in and improve documentation of av_int2sf()
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6019d721d4michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
278b8d18ad
avcodec/hevc_ps: Fix runtime error: index 32 out of bounds for type 'uint8_t [32]'
...
Fixes: 2010/clusterfuzz-testcase-minimized-6209288450080768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 29808fff33michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
0ad5a36b8b
avcodec/dxv: Check remaining bytes in dxv_decompress_raw()
...
Fixes: Timeout
Fixes: 2006/clusterfuzz-testcase-minimized-5766515037044736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eb50492270michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
e04d3aadc0
avcodec/pafvideo: Check packet size and frame code before ff_reget_buffer()
...
Fixes 1745/clusterfuzz-testcase-minimized-6160693365571584
Fixes: Timeout
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit faa5a2181dmichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
80d39a5bb3
avcodec/ac3dec_fixed: Fix runtime error: left shift of 419 by 23 places cannot be represented in type 'int'
...
Fixes: 1352/clusterfuzz-testcase-minimized-5757565017260032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 136ce8baa4michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
6af15d2d89
avformat/options: log filename on open
...
The loglevel is choosen so that the main filename and any images of
multi image sequences are shown only at debug level to avoid
clutter.
This makes exploits in playlists more visible. As they would show
accesses to private/sensitive files
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 53e0d5d724michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
cc6eec316e
avcodec/aacps: Fix runtime error: left shift of 1073741824 by 1 places cannot be represented in type 'INTFLOAT' (aka 'int')
...
Fixes: 2005/clusterfuzz-testcase-minimized-5744226438479872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9faf098163michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
3ecefcabe0
avcodec/wavpack: Fix runtime error: shift exponent 32 is too large for 32-bit type 'int'
...
Fixes: 1967/clusterfuzz-testcase-minimized-5757031199801344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8b3e580b7fmichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
4007ba9833
avcodec/wavpack: Fix runtime error: signed integer overflow: 2013265955 - -134217694 cannot be represented in type 'int'
...
Fixes: 1922/clusterfuzz-testcase-minimized-5561194112876544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a47273c803michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
89b2e25e13
avcodec/cinepak: Check input packet size before frame reallocation
...
Reduces time spend decoding 1917/clusterfuzz-testcase-minimized-5023221273329664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e47057e932michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
317690375e
avcodec/hevc_ps: Fix runtime error: signed integer overflow: 2147483628 + 256 cannot be represented in type 'int'
...
Fixes: 1909/clusterfuzz-testcase-minimized-6732072662073344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6726328f79michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
6ad05cbad1
avcodec/ra144: Fixes runtime error: signed integer overflow: 7160 * 327138 cannot be represented in type 'int'
...
Fixes: 1908/clusterfuzz-testcase-minimized-5392712477966336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 08cb69e870michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
4911902c6f
avcodec/pnm: Use ff_set_dimensions()
...
Fixes: OOM
Fixes: 1906/clusterfuzz-testcase-minimized-4599315114754048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a1c0d1d906michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
2a55e8bda9
avcodec/cavsdec: Fix runtime error: signed integer overflow: 59 + 2147483600 cannot be represented in type 'int'
...
Fixes: 1903/clusterfuzz-testcase-minimized-5359318167715840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 58f8cd4ac5michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
39c729c375
avformat/avidec: Limit formats in gab2 to srt and ass/ssa
...
This prevents part of one exploit leading to an information leak
Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5d849b149michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
276eae8adc
avcodec/acelp_pitch_delay: Fix runtime error: value 4.83233e+39 is outside the range of representable values of type 'float'
...
Fixes: 1902/clusterfuzz-testcase-minimized-4762451407011840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 87bddba43bmichael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
ea70971cbe
avcodec/wavpack: Check float_shift
...
Fixes: runtime error: shift exponent 40 is too large for 32-bit type 'unsigned int'
Fixes: 1898/clusterfuzz-testcase-minimized-5970744880136192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4020b009d1michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
Michael Niedermayer
64168825de
avcodec/wavpack: Fix runtime error: signed integer overflow: 24 * -2147483648 cannot be represented in type 'int'
...
Fixes: 1894/clusterfuzz-testcase-minimized-4716739789062144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d90c5bf105michael@niedermayer.cc >
2017-06-18 16:05:23 +02:00
