Michael Niedermayer
7d58def70a
avcodec/apedec: Fix 2 integer overflows in filter_3800()
...
Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int'
Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 33feb527ffmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
baefa5385e
avcodec/xpmdec: Move allocations down after more error checks
...
Fixes: Timeout
Fixes: 37035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5142718576721920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e58692837cmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
34aad02457
avcodec/argo: Move U, fix shift
...
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 37249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5754862984888320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 26659fe53emichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
3d5f361290
avformat/mov: Check dts for overflow in mov_read_trun()
...
Fixes: signed integer overflow: 9223372034248226491 + 3275247799 cannot be represented in type 'long'
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-4538729166077952
Reported-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4de4bc06fdmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
e64b4a75bd
avformat/avidec: Use 64bit for frame number in odml index parsing
...
Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int'
Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a4c98c507emichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
fa4ac6b43a
avcodec/mjpegbdec: Skip SOS on AVDISCARD_ALL as does mjpeg
...
Fixes: NULL pointer dereference
Fixes: 36342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-4579188072906752
Fixes: 36344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-5049579300061184
Fixes: 36345/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-5301149845553152
Fixes: 36374/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-6056312352931840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 104a8399aemichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
af8de920b7
avcodec/mjpegdec: Check for bits left in mjpeg_decode_scan_progressive_ac()
...
Fixes: Timeout
Fixes: 36262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4969052454912000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 909faca929michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
maryam ebrahimzadeh
fb993619d1
avformat/adtsenc: return value check for init_get_bits in adts_decode_extradata
...
As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary.
'buf' is part of 'AVPacket pkt'.
replace init_get_bits with init_get_bits8.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9ffa49496dmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
671e182cc4
avcodec/webp: Check available space in loop in decode_entropy_coded_image()
...
Fixes: Timeout
Fixes: 35401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5714401821851648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5e00eab611michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
fa6d6cc810
avcodec/h264dec: use picture parameters in ff_print_debug_info2()
...
Fixes: out of array read
Fixes: 36341/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6737583085322240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 65892516d5michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
82fe7775a8
avcodec/vc1dec: ff_print_debug_info() does not support WMV3 field_mode
...
Fixes: out of array read
Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c59b5e3d1emichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
4254dbe20f
avcodec/frame_thread_encoder: Free AVCodecContext structure on error during init
...
Fixes: MemLeak
Fixes: 8281
Fixes: PoC_option158.jpg
Fixes: CVE-2020-22037
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7bba0dd638michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
f6f682f5aa
avcodec/faxcompr: Check for end of input in cmode == 1 in decode_group3_2d_line()
...
Fixes: Infinite loop
Fixes: 35591/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4503764022198272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f803635c4fmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
674adf0a02
avcodec/vc1dec: Disable error concealment for *IMAGE
...
The existing error concealment makes no sense for the image formats, they
use transformed source images which is different from keyframe + MC+difference
for which the error concealment is designed.
Of course feel free to re-enable this if you have a case where it works and
improves vissual results
Fixes: Timeout
Fixes: 36234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6300306743885824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 643b2d49bfmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
f25834ab07
avcodec/sbrdsp_fixed: Fix negation overflow in sbr_neg_odd_64_c()
...
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 35593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5182217725804544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8f2856a1damichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
725a0446b4
avcodec/argo: Check for even dimensions
...
Fixes: reading over the end
Fixes: 36346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5366943107383296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c2f5e9ff3cmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
88264f84c9
avformat/wtvdec: Check for EOF before seeking back in parse_media_type()
...
Fixes: Infinite loop
Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 89505d38demichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
58477f42a2
avformat/mpc8: Check first keyframe position for overflow
...
Fixes: signed integer overflow: 9223372036854775791 + 18 cannot be represented in type 'long'
Fixes: 36307/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-4917863877050368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2bbef69b0bmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
fbf576417a
avcodec/exr: Check ac_count
...
Fixes: signed integer overflow: -9223372036854775808 * 2 cannot be represented in type 'long long'
Fixes: 36244/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6090656186499072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9bc32d7c4bmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
8a3eb4498b
avformat/wavdec: Use 64bit in new_pos computation
...
Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9b57d2f0a9michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
3a18a6acc4
avformat/sbgdec: Check for overflow in timestamp preparation
...
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9dbed90840michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
a09127eacd
avformat/dsicin: Check packet size for overflow
...
Fixes: signed integer overflow: 24672 + 2147483424 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSICIN_fuzzer-6731325979623424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9d1c47ec03michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
70fa5522c7
avformat/dsfdec: Change order of operations in bitrate computation
...
Fixes: signed integer overflow: 538976288 * 67372036 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6751696819716096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5e38eff284michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
6d86416c92
avformat/bfi: check nframes
...
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6737028768202752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b4e77dfca1michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
f89b52fbca
avformat/avidec: fix position overflow in avi_load_index()
...
Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 527821a2ddmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
622b48d1fb
avformat/asfdec_f: Check sizeX against padding
...
Fixes: signed integer overflow: 2147483607 + 64 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6753897878257664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f034c2e36amichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
6666313248
avformat/aiffdec: Check for size overflow in header parsing
...
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bae2e19777michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
3a67e33368
avcodec/aaccoder: Add minimal bias in search_for_ms()
...
Fixes: floating point division by 0
Fixes: Ticket8218
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 75a099fc73michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
da9e84fabd
avformat/mov: Fix incorrect overflow detection in mov_read_sidx()
...
Fixes: signed integer overflow: 9223372036854775807 + 1442840321 cannot be represented in type 'long'
Fixes: 33670/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644379491106816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 200406d930michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
890a801468
avformat/mov: Avoid undefined overflow in time_offset calculation
...
Fixes: signed integer overflow: 8511838621821575200 - -3954125146725285889 cannot be represented in type 'long'
Fixes: 33414/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6610119325515776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7666d588bamichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
ebc5ea216f
avfilter/af_drmeter: Check that there is data
...
Fixes: floating point division by 0
Fixes: -nan is outside the range of representable values of type 'int'
Fixes: Ticket8307
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f49fa6abemichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
c7ac580288
avfilter/vf_fftdnoiz: Use lrintf() in export_row8()
...
Fixes: 1.04064e+10 is outside the range of representable values of type 'int'
Fixes: Ticket 8279
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1f21349d20michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
433d93a3b6
avfilter/vf_mestimate: Check b_count
...
Fixes: left shift of negative value -1
Fixes: Ticket8270
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 06af6e101bmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
5334967a56
avformat/mov: do not ignore errors in mov_metadata_hmmt()
...
Fixes: Timeout
Fixes: 35637/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6311060272447488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c52c99a18fmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
aa5b8c9590
avformat/mxfdec: Check size for shrinking
...
av_shrink_packet() takes int size, so size must fit in int
Fixes: out of array access
Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 65b862ab59michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
maryam ebr
46bbf194c4
avcodec/dnxhddec: check and propagate function return value
...
Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
crafted DNxHD data can cause unspecified impact.
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 7150f95756michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
b21120a924
swscale/slice: Fix wrong return on error
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7874d40f10michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
6a5d7fd8ad
avcodec/aacdec_template: Avoid some invalid values to be set by decode_audio_specific_config_gb()
...
Fixes: NULL pointer dereference
Fixes: decode_spectrum_and_dequant.mp4
Found-by: Rafael Dutra <rafael.dutra@cispa.de >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eaec4df63fmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
8da08ef1ff
swscale/slice: Check slice for allocation failure
...
Fixes: null pointer dereference
Fixes: alloc_slice.mp4
Found-by: Rafael Dutra <rafael.dutra@cispa.de >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 997f9cfc12michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
3b6f7601b7
avformat/matroskadec: Fix handling of huge default durations
...
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 343d950a4amichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
1196932f1c
avcodec/lpc: check for zero err in normalization in compute_lpc_coefs()
...
Fixes: floating point division by 0
Fixes: Ticket8213
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 70874e024amichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
09f47af747
avcodec/j2kenc: Check for av_strtok() failure
...
Fixes: CID1466601 Dereference null return value
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6a6a765fa4michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
35a2e71385
avformat/ftp: Check for av_strtok() failure
...
Fixes: CID1396258 Dereference null return value
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9d40782088michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
9f97a023d6
tools/cws2fws: Check read() for failure
...
Fixes: CID1452579 Argument cannot be negative
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0b3cdd7cc2michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
8f0d442434
avcodec/cpia: Fix missing src_size update
...
Fixes: out of array read
Fixes: 35210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5669199688105984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cea05864e6michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
7b5308045e
avcodec/exr: Better size checks
...
Fixes: signed integer overflow: 3530839700044513368 + 8386093932303352321 cannot be represented in type 'long long'
Fixes: 35182/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5398383270428672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 18b0dd0738michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
bb1d2cf898
avcodec/clearvideo: Check tile_size to be not too large
...
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 35023/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-6740166587842560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 11fac9613emichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
417bc2a5b0
avcodec/utils: Use 64bit for intermediate in AV_CODEC_ID_ADPCM_THP* duration calculation
...
Fixes: signed integer overflow: 486539264 * 14 cannot be represented in type 'int'
Fixes: 35281/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6068262742917120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 00ae9b77efmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
5f891809d7
avformat/aaxdec: Check avio_seek() in header reading
...
Fixes: Timeout
Fixes: 32450/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-4875522262827008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 602bbf71f6michael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
Michael Niedermayer
b49039b23e
avcodec/hevc_sei: Use get_bits_long() for time_offset_value
...
Fixes: assertion failure
Fixes: crash_1
Found-by: Thuan Pham <tpham.unimelb@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d866787dacmichael@niedermayer.cc >
2021-09-08 21:31:50 +02:00
