Michael Niedermayer
a317af2deb
avcodec/pnmdec: Use unsigned for maxval rescaling
...
Fixes: signed integer overflow: 65535 * 55335 cannot be represented in type 'int'
Fixes: 21955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5669206981083136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 49459aca47michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
9161063248
avcodec/ivi: Clear got_p_frame before decoding a new frame using it
...
Fixes: assertion failure
Fixes: 21666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5706468994318336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1d633e6a0amichael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
b35b3dfc25
avcodec/dsddec: Check channels
...
Fixes: division by zero
Fixes: 21677/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_MSBF_fuzzer-5712547983654912
Fixes: 21751/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_LSBF_fuzzer-5197097180856320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2570a8777emichael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
9fd634161f
avcodec/xvididct: Fix integer overflow in idct_row()
...
Fixes: signed integer overflow: -1238335488 + -1003634688 cannot be represented in type 'int'
Fixes: 21649/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5112005765890048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 620236e4d2michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
d8a1e0a79e
avcodec/wmalosslessdec: Fix integer overflows in revert_inter_ch_decorr()
...
Fixes: signed integer overflow: -717241856 + -1434459904 cannot be represented in type 'int'
Fixes: 21405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5677143666458624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e9a4c4fe99michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
40a039fee4
avformat/mpegenc: Fix integer overflow with AV_NOPTS_VALUE
...
Fixes: signed integer overflow: -9223372036854775808 - 45000 cannot be represented in type 'long'
Fixes: ticket8187
Found-by: Suhwan
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9874815b1amichael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
104e38464b
avformat/aadec: Check toc_size to contain the minimum to demuxer uses
...
Fixes: out of array access
Fixes: stack-buffer-overflow-READ-0x0831fff1
Found-by: GalyCannon <galycannon@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit daa2482871michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Dale Curtis
832ae51f9b
avformat/mov: Don't allow negative sample sizes.
...
Signed-off-by: Dale Curtis <dalecurtis@chromium.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2d8d554f15michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Vitaly Buka
72a8f82844
mpeg4videoenc: Don't crash with -fsanitize=bounds
...
Also the patch makes this code consistent with mpeg4videodec.c
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f163d30de2michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
0c914ee968
avcodec/binkaudio: Fix 2Ghz sample_rate
...
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 19950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_DCT_fuzzer-5765514337189888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: Paul
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f603d10b1emichael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
40e54383a2
avcodec/adpcm: Fix integer overflow in ADPCM THP
...
The reference (thp.txt) uses floats so wrap around would seem incorrect.
Fixes: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'
Fixes: 20658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_THP_fuzzer-5646302555930624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b12b05374fmichael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
f8da048589
avcodec/ralf: Check num_blocks before use
...
Fixes: out of array access
Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5739471895265280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f0c0471075michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
2a9ed44fe2
avcodec/utvideodec: Fix integer overflow in decode_plane()
...
Fixes: signed integer overflow: 2147483594 + 142 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-5658568101724160
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 876cfa67f3michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
186599c86f
avcodec/ralf: Fix integer overflow in decode_block()
...
Fixes: signed integer overflow: 289082077 - -2003141111 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5196077752123392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0c4330847cmichael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
24f824af86
avcodec/nuv: widen buf_size type
...
Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5740176118906880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1ac106bf56michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
8970824856
avcodec/g729postfilter: Clip gain before scaling with AGC_FAC1
...
The fixed point integer reference specifies the multiplication used
to have 16bit input and clips so we need to clip the input
The floating point implementation does not seem to do that.
Fixes: signed integer overflow: 6317568 * 410 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5700189272932352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 82d4c7b95emichael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
8880343974
avformat/thp: Require a video stream
...
The demuxer code assumes the existence of a video stream
Fixes: assertion failure
Fixes: 21512/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5699660783288320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 97c78caf3emichael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
eb9e718078
avformat/mpeg: Decrease score by 1 for files with very little valid data
...
Fixes: 8233/PPY6574574605_cut.mp3
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 20f7b4dfc9michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
8a359e077f
avcodec/pngdec: Check length in fdAT
...
Fixes: 21089/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5135981419429888
Fixes: out of array read
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 79e5c2ee2bmichael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
e060f917f2
avcodec/g2meet: Check tile_width in epic_jb_decode_tile()
...
Fixes: out of array access
Fixes: 21469/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5199357982015488
Alternatively the arrays can be made bigger or the index can be clipped.
In case a real file with such huge tiles exist we ask the user to upload it.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5501bb28ddmichael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
189d849aa5
avcodec/vp9dsp_template: Fix integer overflows in idct32_1d()
...
Fixes: signed integer overflow: -193177 * 11585 cannot be represented in type 'int'
Fixes: 20557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5704852816789504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e16e3e63f0michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
1c200201cd
libavcodec/wmalosslessdec: prevent sum of positive numbers from becoming negative
...
Fixes: left shift of negative value -8321365
Fixes: 20506/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-4798062906310656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 62e4003780michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
b055fa4b1c
avcodec/txd: Check for input size against the header size.
...
Fixes: Timeout (21sec -> 80ms)
Fixes: 20673/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TXD_fuzzer-5177453863763968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aeb4e43584michael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Michael Niedermayer
54ec335e83
avcodec/svq1dec: Check that there is data left after the header
...
Fixes: Timeout (21sec -> 255ms)
Fixes: 20709/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ1_fuzzer-5085075089915904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 55e344ee5amichael@niedermayer.cc >
2020-07-05 12:43:08 +02:00
Zhao Zhili
7db4f36291
avformat/mov: fix memleaks
...
Fix two cases of memleaks:
1. The leak of dv_demux
2. The leak of dv_fctx upon dv_demux allocate failure
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit f3dc38a186andreas.rheinhardt@gmail.com >
2020-07-01 16:43:20 +02:00
Andreas Rheinhardt
af773c60d6
libavformat/mov: Fix memleaks when demuxing DV audio
...
The code for demuxing DV audio predates the introduction of refcounted
packets and when the latter was added, changes to the former were
forgotten. This meant that when avpriv_dv_produce_packet initialized the
packet containing the AVBufferRef, the AVBufferRef as well as the
underlying AVBuffer leaked; the actual packet data didn't leak: They
were directly freed, but not via their AVBuffer's free function.
https://samples.ffmpeg.org/ffmpeg-bugs/trac/ticket4671/dir1.tar.bz2
contains samples for this (enable_drefs needs to be enabled for them).
Moreover, errors in avpriv_dv_produce_packet were ignored; this has been
changed, too.
Furthermore, in the hypothetical scenario that the track has a palette,
this would leak, too, so reorder the code so that the palette code
appears after the DV audio code.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 61f5c6ab06andreas.rheinhardt@gmail.com >
2020-07-01 16:43:13 +02:00
Andreas Rheinhardt
1662f9bb1c
libavcodec/libvpxenc: Don't free user-provided AVPacket
...
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 26b4509690
2020-05-23 21:38:49 +02:00
Andreas Rheinhardt
49a9b454b3
avcodec/libopusenc: Don't free user-provided AVPacket
...
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit b803993b6d
2020-05-23 21:38:21 +02:00
Michael Niedermayer
f93e026b64
libavformat/Makefile: Fix build issues with async test
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-04-24 13:48:04 +02:00
Michael Niedermayer
9f52eb5fce
Changelog: Update for 2.8.16
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-04-24 01:17:24 +02:00
Michael Niedermayer
a1c51c0713
avcodec/hevc_mp4toannexb_bsf: Check nalu_size
...
Fixes: Timeout (29sec -> 5ms)
Fixes: 20237/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_MP4TOANNEXB_fuzzer-5165615044362240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ae2537f53emichael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
56774297bb
avcodec/iff: Check length before memcpy() in decode_deep_rle32()
...
Fixes: out of array read
Fixes: 20796/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5111364702175232.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b4a33387cbmichael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
0516f88c76
avcodec/iff: Fix invalid pointer intermediates in decode_deep_rle32()
...
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bc41a29a5amichael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
9a636c5a76
avcodec/rv40dsp: Fix integer overflows in rv40_weight_func_*()
...
Fixes: signed integer overflow: 40550400 * 128 cannot be represented in type 'int'
Fixes: 20331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV40_fuzzer-5676685725007872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 13171ad2e3michael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
d0d0962a8b
avcodec/ac3dec_fixed: Fix several invalid left shifts in scale_coefs()
...
Fixes: left shift of negative value -14336
Fixes: 20298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-5675484201615360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8e30502abemichael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
f983115644
avcodec/flac_parser: Do not lose header count in find_headers_search()
...
Fixes: Timeout
Fixes: out of array access
Fixes: 20274/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-5649631988154368
Fixes: 19275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-5757535722405888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 55f9683cf6michael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
9a82db1ce9
avcodec/audiodsp: Fix integer overflow in scalarproduct_int16_c()
...
Fixes: signed integer overflow: 2145417478 + 76702564 cannot be represented in type 'int'
Fixes: 20313/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5734487724130304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit abb5762e98michael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
b4ac197257
avformat/oggdec: Check for EOF after page header
...
Fixes: Infinite loop
Fixes: Ticket8594
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f1589be9fdmichael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
1ff19987be
swscale/yuv2rgb: Fix vertical dither offset with slices
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit be3c29e379michael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
e6dcdee170
avcodec/dpcm: clip exponent into supported range in XAN DPCM
...
Fixes: shift exponent 32 is too large for 32-bit type 'int'
Fixes: 21200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_DPCM_fuzzer-5754704894361600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov <anton@khirnov.net >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 20ade59d96michael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
da076d4aa2
avcodec/flacdsp_template: Fix invalid shifts in decorrelate
...
Fixes: left shift of negative value -2
Fixes: 20303/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-5096829297623040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3935c891e9michael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
e0916c7fb5
avcodec/xvididct: Fix integer overflow in MULT()
...
Fixes: signed integer overflow: 23170 * 95058 cannot be represented in type 'int'
Fixes: 20295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5800212870463488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7ccb576191michael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
834c9968a0
avcodec/ffwavesynth: Correct undefined overflow of PINK_UNIT
...
Fixes: signed integer overflow: 9223372036854775775 + 128 cannot be represented in type 'long'
Fixes: 20054/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5686385113825280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 187161d62fmichael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
4359dddb72
swscale/output: Fix integer overflow in yuv2rgb_write_full() with out of range input
...
Fixes: signed integer overflow: 1169365504 + 981452800 cannot be represented in type 'int'
Fixes: ticket8293
Found-by: Suhwan
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e057e83a4fmichael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
John Rummell
1881989f2f
libavformat/amr.c: Check return value from avio_read()
...
If the buffer doesn't contain enough bytes when reading a stream,
fail rather than continuing on with initialized data. Caught by
Chromium fuzzeras (crbug.com/1065731).
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5b967f56b6michael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
John Rummell
01e696609b
libavformat/mov.c: Free aes_decrypt to avoid leaking memory
...
Found by Chromium fuzzers (crbug.com/1057205).
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ad91cf1f2fmichael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
John Rummell
e11e62a80a
libavformat/oggdec.c: Check return value from avio_read()
...
If the buffer doesn't contain enough bytes when reading a stream,
fail rather than continuing on with unitialized data. Caught by
Chromium fuzzers (crbug.com/1054229).
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b7c67b1ae3michael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
e1430e1e2b
avformat/asfdec_f: Fix overflow check in get_tag()
...
Fixes: signed integer overflow: 2 * 1210064928 cannot be represented in type 'int'
Fixes: 20873/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5761116909338624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov <anton@khirnov.net >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c8140fe732michael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
a31fc54c6c
avformat/nsvdec: Fix memleaks on errors while reading the header
...
Fixes: memleaks
Fixes: 21084/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5655975492321280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 96c0469455michael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
Michael Niedermayer
c00a5fc71f
avcodec/ffwavesynth: Fix integer overflow in computation of ddphi
...
Fixes: signed integer overflow: 1302123111085380114 - -8319005078741256972 cannot be represented in type 'long'
Fixes: 20991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5148554161291264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c85bf16318michael@niedermayer.cc >
2020-04-23 21:29:01 +02:00
