highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
98,272 Commits 36 Branches 392 Tags
9165de3463c31197cbfbd40afc3f8795750fefe6
Commit Graph

98272 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
9165de3463 avcodec/cook: Check subpacket index against max 
Fixes: off by 1 error
Fixes: index 5 out of bounds for type 'COOKSubpacket [5]'
Fixes: 25772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5762459498184704.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a2a7604da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
8bf2eb013c avcodec/utils: Check for overflow with ATRAC* in get_audio_frame_duration() 
Fixes: signed integer overflow: 1024 * 13129048 cannot be represented in type 'int'
Fixes: 26378/clusterfuzz-testcase-minimized-ffmpeg_dem_CODEC2RAW_fuzzer-5634018353348608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01bb12f883)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
04d263f395 avcodec/hevcpred_template: Fix diagonal chroma availability in 4:2:2 edge case in intra_pred 
Fixes: pixel decode issue.ts
Fixes: raw frame.hevc

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3fbf873792)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
4fed6eade3 avformat/icodec: Change order of operations to avoid NULL dereference 
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3300f5c133)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
29bc0b5986 avcodec/exr: Fix overflow with many blocks 
Fixes: signed integer overflow: 1073741827 * 8 cannot be represented in type 'int'
Fixes: 25621/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6304841641754624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7265b7d904)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
8d8357df19 avcodec/vp9dsp_template: Fix integer overflows in idct16_1d() 
Fixes: signed integer overflow: -190760 * 11585 cannot be represented in type 'int'
Fixes: 25471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5743354917421056

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 394e8bb385)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
9514228b3d avcodec/ansi: Check initial dimensions 
Fixes: Timeout (minutes to less than 1sec)
Fixes: 25682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ANSI_fuzzer-6320712032452608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 949f0a6be9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
5e42ad856b avcodec/hevcdec: Check slice_cb_qp_offset / slice_cr_qp_offset 
Fixes: signed integer overflow: 29 + 2147483640 cannot be represented in type 'int'
Fixes: 25413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5697909331591168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 106f11f68a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
8c7d818ab1 avcodec/sonic: Check for overread 
Fixes: Timeout (too long -> 1.3 sec)
Fixes: 24358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5107284099989504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eeabdef1bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
d6f7578b7d avformat/subviewerdec: fail on AV_NOPTS_VALUE 
Such values are not supported by ff_subtitles_queue*

Fixes: signed integer overflow: 10 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 24193/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5714901855895552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b7f51428b1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
e2e2d9b66a avcodec/exr: Check line size for overflow 
Fixes: signed integer overflow: 570425356 * 6 cannot be represented in type 'int
Fixes: 25929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5099197739827200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b72cea446)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
ee69f64bdc avcodec/exr: Check xdelta, ydelta 
Fixes: assertion failure
Fixes: 25617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5648746061496320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6949df35d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
57e18185bf avcodec/celp_filters: Avoid invalid negation in ff_celp_lp_synthesis_filter() 
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 25675/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-4786580731199488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 11a6347f9e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
3dffbfac2c avcodec/takdsp: Fix negative shift in decorrelate_sf() 
Fixes: left shift of negative value -4
Fixes: 25723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6250580752990208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f54f53003)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
106103d7b5 avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420() 
Fixes: left shift of negative value -640
Fixes: 26044/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5631057602543616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3291d994b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
5f554b5c0f avformat/asfdec_f: Change order or operations slightly 
Fixes: signed integer overflow: 20 * 5184056935931942919 cannot be represented in type 'long'
Fixes: 25466/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4798660247552000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 686f015190)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
07c714e07b avformat/dxa: Use av_rescale() for duration computation 
Fixes: signed integer overflow: 8224000000 * 1629552639 cannot be represented in type 'long'
Fixes: 24908/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4658478506049536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c313089fbe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
0894fc6e66 avcodec/vc1_block: Fix integer overflow in ac value 
Fixes: signed integer overflow: 25488 * 87381 cannot be represented in type 'int'
Fixes: 24765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5108259565076480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3056e19e68)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
a3b4190ffb avcodec/mv30: Fix several integer overflows in idct_1d() 
Fixes: signed integer overflow: -1846510390 + -361755993 cannot be represented in type 'int'
Fixes: 23941/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5654696631730176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ddf2ba5497)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
10b26c55d1 avformat/iff: Check data_size not overflowing int64 
Fixes: Infinite loop
Fixes: 25844/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5660803318153216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 24352ca792)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
a5ff3de86e avcodec/dxtory: Fix negative shift in dx2_decode_slice_410() 
Fixes: left shift of negative value -768
Fixes: 25574/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-6012596027916288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit abebd87764)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
e652893c04 avcodec/sonic: Check channels before deallocating 
Fixes: heap-buffer-overflow
Fixes: 25744/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5172961169113088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f249981976)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
f29a6a499a avformat/vividas: Check for EOF in first loop in track_header() 
Fixes: timeout (243sec -> a few ms)
Fixes: 25716/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5764093666131968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7170d342e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
e3508f371e avformat/wvdec: Check rate for overflow 
Fixes: signed integer overflow: 6000 * -2147483648 cannot be represented in type 'int'
Fixes: 25700/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6578316302352384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 688c1175ba)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
d0cb1eb925 avcodec/ansi: Check nb_args for overflow 
Fixes: Integer overflow (no testcase)

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc0e776c9a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
282760537b avformat/wc3movie: Cleanup on wc3_read_header() failure 
Fixes: memleak
Fixes: 23660/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6007508031504384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b78860e769)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
9487575d53 avformat/wc3movie: Move wc3_read_close() up 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c635f2ce6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
0263257062 avcodec/tiff: Fix default white level 
According to the spec bits per sample should be used

Fix invalid shift with bpp=32
Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int'
Fixes: 23507/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4815432665268224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d54c24acde)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
0874afcfce avcodec/diracdsp: Fix integer anomaly in dequant_subband_* 
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 23760/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-604209011412172

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca3c6c981a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
253092e345 avutil/fixed_dsp: Fix integer overflows in butterflies_fixed_c() 
Fixes: signed integer overflow: 0 - -2147483648 cannot be represented in type 'int'
Fixes: 23646/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5480991098667008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a02ae49c2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
604e27a614 avcodec/mv30: Check remaining mask in decode_inter() 
Fixes: timeout (too long -> 4sec)
Fixes: 25129/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5642089713631232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 142ae27b1d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
a119416654 avcodec/wmalosslessdec: Check remaining space before padding and channel residue 
Fixes: Timeout (1101sec -> 0.4sec)
Fixes: 24491/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5725337036783616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c467adf3bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
31f9d1ec36 avformat/cdg: Fix integer overflow in duration computation 
Fixes: signed integer overflow: 8398407 * 300 cannot be represented in type 'int'
Fixes: 23914/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4702539290509312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa8935b395)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
eb4301d5f8 avcodec/mpc: Fix multiple numerical overflows in ff_mpc_dequantize_and_synth() 
Fixes: -2.4187e+09 is outside the range of representable values of type 'int'
Fixes: signed integer overflow: -14512205 + -2147483648 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Fixes: 23528/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2b9f39689a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
2f6054d297 avcodec/agm: Fix off by 1 error in decode_inter_plane() 
Fixes: Regression since 1f20969457
Found-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6d71a25cc4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
f808f6ccf2 avformat/electronicarts: Check if there are any streams 
Fixes: Assertion failure (invalid stream index)
Fixes: 25120/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6565251898933248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 39a98623ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
8fad1a2802 avcodec/ffwavesynth: Fix integer overflow in wavesynth_synth_sample / WS_SINE 
Fixes: signed integer overflow: -1429092 * -32596 cannot be represented in type 'int'
Fixes: 24419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5157849974702080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a0da95df77)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
bc3fa06732 avcodec/vp9dsp_template: Fix integer overflow in iadst8_1d() 
Fixes: signed integer overflow: 998938090 + 1169275991 cannot be represented in type 'int'
Fixes: 23411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-4644692330545152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d182d8f10c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
a1c92826eb avformat/avidec: Fix io_fsize overflow 
Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long'
Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf0c700b0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
810103bb2f avcodec/cfhd: Check transform type 
Fixes: out of array access
Fixes: 24823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4855119863349248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 659658d08b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
8362cc45ef avcodec/tiff: Check jpeg context against jpeg frame parameters 
Fixes: out of array access
Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b9ea493afe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
4b8bb69f55 avcodec/tiff: Restrict tag order based on specification 
"The entries in an IFD must be sorted in ascending order by Tag. Note that this is
 not the order in which the fields are described in this document."

This way various dimensions, sample and bit sizes cannot be changed at
arbitrary times which reduces the potential for bugs.
The tag reading code also on various places assumes that numerically previous
tags have already been parsed, so this needs to be enforced one way or another.

If this commit causes problems with real world files which are not easy to fix
then some other form of checks are needed to ensure the various dependencies
in the tag reading are not violated.

Fixes: out of array access
Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad29f9e47c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
2e3de433c7 avcodec/tiff: Avoid abort with DNG RAW TIFF with YA8 
Fixes: Assertion failure
Fixes: 24707/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5179910197608448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca47402a06)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
b31916c313 avcodec/tiff: Check the linearization table size 
Fixes: out of array access
Fixes: 24604/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4843529818603520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7577f8332a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
ae3afef8c8 avformat/siff: Reject audio packets without audio stream 
Fixes: Assertion failure
Fixes: 24612/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6600899842277376.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8931c55789)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
dfa3c6d49f avformat/mpeg: Check avio_read() return value in get_pts() 
Found-by: Thierry Foucu <tfoucu@gmail.com>
Fixes: Use-of-uninitialized-value
Reviewed-by: Thierry Foucu <tfoucu@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e8a88a16f7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
100a7db078 avcodec/tiff: Check bpp/bppcount for 0 
Fixes: division by zero
Fixes: 24253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6250318007107584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be090da25f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
2213582169 avcodec/snowdec: Sanity check hcoeff 
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 24011/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5486376610168832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d51d569cf6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
f7b28fc9ce avformat/mov: Check comp_brand_size 
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 24457/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5760093644390400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ffa6072fc7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00
Michael Niedermayer
c017516140 avformat/ape: Error out in case of EOF in the header 
Fixes: OOM
Fixes: 24375/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6216862443241472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a6df1fd5e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:20 +01:00