ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	a4bd19c53a	avcodec/truemotion2: Fix 2 integer overflows in tm2_update_block() Fixes: signed integer overflow: -2147483648 + -1 cannot be represented in type 'int' Fixes: 14107/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5694078680825856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f4a1b8d409`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	7a5f875e98	avcodec/aacdec_fixed: Fix undefined shift in noise_scale() Fixes: 13655/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5120559430500352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8ea211ab79`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	37b2a19afa	avutil/avstring: Fix bug and undefined behavior in av_strncasecmp() The function in case of n=0 would read more bytes than 0. The end pointer could be beyond the allocated space, which is undefined. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6f0e9a8634`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	ef7bef2ba4	avformat/aadec: Check for scanf() failure Fixes: use of uninitialized variables Fixes: blank.aa Found-by: Chamal De Silva <chamal.desilva@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ed188f6dcd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	aa152bcaec	avcodec/ccaption_dec: Add a blank like at the end to avoid rollup reading from outside Fixes: index 20 out of bounds for type 'const char *[4][128]' Fixes: 14367/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CCAPTION_fuzzer-5718819672162304 Reviewed-by: Paul B Mahol <onemda@gmail.com> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f17e8e90bb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	89b9c72862	avcodec/ivi: Move buffer/block end check to caller of ivi_dc_transform() Fixes: assertion failure Fixes: 14078/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5760571284127744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `110dce9633`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	059f291aaf	avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation It seems the specification does not limit the value to 32bit Fixes: signed integer overflow: -109611143 * 24 cannot be represented in type 'int' Fixes: 13477/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5648337460527104 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `837820f385`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	12e4877ae2	avcodec/truemotion2: Fix integer overflow in tm2_decode_blocks() Fixes: signed integer overflow: 255 + 2147483634 cannot be represented in type 'int' Fixes: 13472/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5712444142387200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0ad0533e91`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	4bc3382780	avcodec/hevcdec: Avoid only partly skiping duplicate first slices Fixes: NULL pointer dereference and out of array access Fixes: 13871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5746167087890432 Fixes: 13845/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5650370728034304 This also fixes the return code for explode mode Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `54655623a8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Carl Eugen Hoyos	8d3764a54d	lavc/bmp: Avoid a heap buffer overwrite for 1bpp input. Found by Mingi Cho, Seoyoung Kim, and Taekyoung Kwon of the Information Security Lab, Yonsei University. (cherry picked from commit `1e34014010`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	0b93f59318	avcodec/truemotion2: Fix integer overflow in tm2_null_res_block() Fixes: signed integer overflow: 1111638592 - -2122219136 cannot be represented in type 'int' Fixes: 13441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5732769815068672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1223696c72`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	ce5fb015ac	avcodec/dfa: Check the chunk header is not truncated Fixes: Timeout (11sec -> 3sec) Fixes: 13218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-5661074316066816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f20760fadb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	f8cb091b6e	avcodec/dvbsubdec: Check object position Reference: ETSI EN 300 743 V1.2.1 7.2.2 Region composition segment Fixes: Timeout Fixes: 13325/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5143979392237568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a8c5ae4511`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	d3423fb7d4	avcodec/cdgraphics: Use ff_set_dimensions() Fixes: Timeout (17 sec -> 65 milli sec) Fixes: 13264/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5711167941509120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9a9f0e239c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	6e926090d3	avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes Fixes: Timeout (27 sec -> 39 milli sec) Fixes: 13151/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5717536023248896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b819472995`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	9a5150b40c	avcodec/aic: Check remaining bits in aic_decode_coeffs() Fixes: Timeout (78 seconds -> 2 seconds) Fixes: 13186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5639516533030912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `951bb7632f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	1ca27e5215	avcodec/bethsoftvideo: Check block_type Fixes: Timeout (17 seconds -> 1 second) Fixes: 13184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BETHSOFTVID_fuzzer-5711446296494080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b8ecadec05`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	4797b6092d	avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int() Fixes: runtime error: signed integer overflow: 2147483598 + 128 cannot be represented in type 'int' Fixes: 12926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5705100733972480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4801eea0d4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	d555be4ba5	avcodec/error_resilience: Use a symmetric check for skipping MV estimation This speeds up the testcase by a factor of 4 Fixes: Timeout Fixes: 13100/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5767533905313792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e4289cb253`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	1911fdb7b8	avcodec/mlpdec: Insuffient typo Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fc32e08941`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	da696f9966	avcodec/jvdec: Check available input space before decode8x8() Fixes: Timeout (78 sec -> 15 millisec) Fixes: 13147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JV_fuzzer-5727107827630080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `61523683c5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	8dde01b57b	avformat/webmdashenc: Check id in adaption_sets Fixes: out of array access Found-by: Wenxiang Qian Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b687b549aa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Wenxiang Qian	423319d157	avformat/http: Fix Out-of-Bounds access in process_line() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `85f91ed760`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Wenxiang Qian	7426a7c958	avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a142ffdcae`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
chcunningham	4123064b5f	avformat/mov.c: require tfhd to begin parsing trun Detecting missing tfhd avoids re-using tfhd track info from the previous moof. For files with multiple tracks, this may make a mess of the avindex and fragindex, which can later trigger av_assert0 in mov_read_trun(). Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3ea87e5d9e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	5f0699d39a	avcodec/pgssubdec: Check for duplicate display segments In such a duplication the previous gets overwritten and leaks Fixes: memleak Fixes: 12510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGSSUB_fuzzer-5694439226343424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e35c3d887b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	61894a612b	avformat/rtsp: Check number of streams in sdp_parse_line() Fixes: OOM Found-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `497c9b0cce`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	90fbb18a7c	avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect() Fixes: Infinite loop Found-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0b50f27635`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	54c01b6f94	avcodec/fic: Check that there is input left in fic_decode_block() Fixes: Timeout Fixes: 12450/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5661984622641152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `db1c4acd02`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	af857cb62f	avutil/mem: Optimize fill32() by unrolling and using 64bit Reviewed-by: Marton Balint <cus@passwd.hu> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `12b1338be3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
James Almer	d9590afafc	configure: bump year Happy new year! (cherry picked from commit `3209d7b393`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	1e41754792	avcodec/4xm: Fix returned error codes Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `07607a1db8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	415dd357af	avcodec/mjpegbdec: Fix some misplaced {} and spaces Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `11a8d2ccab`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
David Bryant	12dcf732ff	avformat/wvdec: detect and error out on WavPack DSD files Not currently supported. (cherry picked from commit `db109373d8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
gxw	a7f94ae583	avcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa The AV_INPUT_BUFFER_PADDING_SIZE has been increased to 64, but the value is still 32 in function ff_hevc_sao_edge_filter_8_msa. So, use AV_INPUT_BUFFER_PADDING_SIZE directly. Also, use MAX_PB_SIZE directly instead of 64. Fate tests passed. Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f652c7a45c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	75c53cf09e	avcodec/fic: Fail on invalid slice size/off Fixes: Timeout Fixes: 11486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5677133863583744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `30a7a81cdc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	6cc642cafa	postproc/postprocess_template: Avoid using %4 for the threshold compare This avoids problems if %4 is the stack pointer the constraints do not allow %4 to be the stack pointer but gcc 9 may no longer support specifying such constraints Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4325527e1c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:47 +01:00
Michael Niedermayer	01b179f39b	avcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan() Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ea30ac1e40`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 15:45:24 +01:00
chcunningham	68be54dfbe	lavf/id3v2: fail read_apic on EOF reading mimetype avio_read may return EOF, leaving the mimetype array unitialized. fail early when this occurs to avoid using the array in an unitialized state. Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ee1e39a576`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 15:45:24 +01:00
Michael Niedermayer	8381cbf692	avformat/nutenc: Document trailer index assert better Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3a95b73abc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 15:45:24 +01:00
chcunningham	acd49222eb	lavf/mov: ensure only one tkhd per trak Chromium fuzzing produced a whacky file with extra tkhds. This caused an AVStream that was already in use to be corrupted by assigning it a new id, which blows up later in mov_read_trun because the MOVFragmentStreamInfo.index_entry now points OOB. Reviewed-by: Baptiste Coudurier <baptiste.coudurier@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c9f7b6f7a9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 15:45:24 +01:00
Michael Niedermayer	b3dab0f894	avcodec/msvideo1: Check for too small dimensions Such low resolution would result in empty output as a minimum of 4x4 is needed We could also check for multiple of 4 dimensions but that is not needed Fixes: Timeout Fixes: 11191/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSVIDEO1_fuzzer-5739529588178944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `953bd58861`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 15:45:24 +01:00
Michael Niedermayer	d6b647e221	avcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size Frames that small are not valid and of limited use for error concealment, while being very computationally intensive to process. Fixes: Timeout Fixes: 11168/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5733782032744448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d6f4341522`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 15:45:24 +01:00
Michael Niedermayer	b84cda4b63	avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size Frames that small are not valid and of limited use for error concealment, while being very computationally intensive to process. Fixes: Timeout Fixes: 11318/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSMPEG4V1_fuzzer-5710884555456512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `09ec182864`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 15:45:24 +01:00
Michael Niedermayer	c78d5c9ce9	avcodec/truemotion2: fix integer overflows in tm2_low_chroma() Fixes: 11295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-4888953459572736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2ae39d7956`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 15:45:24 +01:00
Mark Harris	266b784bb3	avutil/mem: Fix invalid use of av_alloc_size The alloc_size attribute is valid only on functions that return a pointer. GCC 9 (not yet released) warns about invalid usage: ./libavutil/mem.h:342:1: warning: 'alloc_size' attribute ignored on a function returning int' [-Wattributes] 342 \| av_alloc_size(2, 3) int av_reallocp_array(void *ptr, size_t nmemb, size_t size); \| ^~~~~~~~~~~~~ Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4361293fcf`)	2019-07-23 01:21:55 -03:00
James Almer	88588a24e9	avcodec/hevcdec: decode at most one slice reporting being the first in the picture Fixes deadlocks when decoding packets containing more than one of the aforementioned slices when using frame threads. Tested-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `70c8c8a818`)	2019-03-20 22:41:29 -03:00
Paul B Mahol	8abdfe8392	avfilter/af_silenceremove: fix possible crash if supplied duration is negative Signed-off-by: Paul B Mahol <onemda@gmail.com> Fixes ticket #7697. (cherry picked from commit `2d1594a8d6`)	2019-01-25 00:56:50 +01:00
Michael Niedermayer	3ae8a4cf06	avcodec/pngdec: Check compression method method 0 (inflate/deflate) is the only specified in the specification and the only supported Fixes: Timeout Fixes: 10976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-5729372588736512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1f99674ddd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-11-16 18:24:34 +01:00
Michael Niedermayer	0728911951	avcodec/shorten: Fix integer overflow with offset Fixes: signed integer overflow: -1625810908 - 582229060 cannot be represented in type 'int' Fixes: 10977/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5732602018267136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2f888771cd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-11-16 13:18:26 +01:00

1 2 3 4 5 ...

76044 Commits