Michael Niedermayer
a74d895bbd
avcodec/vp9dsp_template: Fix integer overflow in iadst8_1d()
...
Fixes: signed integer overflow: 998938090 + 1169275991 cannot be represented in type 'int'
Fixes: 23411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-4644692330545152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d182d8f10cmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
beb4bd4e3a
avformat/avidec: Fix io_fsize overflow
...
Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long'
Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cf0c700b0cmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
0ce90738fc
avcodec/cfhd: Check transform type
...
Fixes: out of array access
Fixes: 24823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4855119863349248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 659658d08bmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
71b1422ee9
avcodec/tiff: Restrict tag order based on specification
...
"The entries in an IFD must be sorted in ascending order by Tag. Note that this is
not the order in which the fields are described in this document."
This way various dimensions, sample and bit sizes cannot be changed at
arbitrary times which reduces the potential for bugs.
The tag reading code also on various places assumes that numerically previous
tags have already been parsed, so this needs to be enforced one way or another.
If this commit causes problems with real world files which are not easy to fix
then some other form of checks are needed to ensure the various dependencies
in the tag reading are not violated.
Fixes: out of array access
Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ad29f9e47cmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
73634e04f2
avformat/siff: Reject audio packets without audio stream
...
Fixes: Assertion failure
Fixes: 24612/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6600899842277376.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8931c55789michael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
cb667b6460
avformat/mpeg: Check avio_read() return value in get_pts()
...
Found-by: Thierry Foucu <tfoucu@gmail.com >
Fixes: Use-of-uninitialized-value
Reviewed-by: Thierry Foucu <tfoucu@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e8a88a16f7michael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
8ae6def1e0
avcodec/tiff: Check bpp/bppcount for 0
...
Fixes: division by zero
Fixes: 24253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6250318007107584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit be090da25fmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
f955b6efab
avcodec/snowdec: Sanity check hcoeff
...
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 24011/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5486376610168832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d51d569cf6michael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
c9a546aeda
avformat/mov: Check comp_brand_size
...
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 24457/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5760093644390400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ffa6072fc7michael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
185a720a4d
avcodec/alac: Check decorr_shift to avoid invalid shift
...
Later the decorrelate_stereo call is guarded by channels == 2
and non-zero decorr_left_weight. Make sure decorr_shift is in
the expected shift range for that case.
Fixes: shift exponent 128 is too large for 32-bit type 'int'
Fixes: 23860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5751138914402304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Alexander Strasser <eclipse7@gmx.net >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4333718b35michael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
fdaead7e23
avcodec/tdsc: Fix tile checks
...
Fixes: out of array access
Fixes: crash.asf
Found-by: anton listov <greyfarn7@yandex.ru >
Reviewed-by: anton listov <greyfarn7@yandex.ru >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 081e3001edmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
ed54e26463
avcodec/cbs_jpeg: Fix uninitialized end index in cbs_jpeg_split_fragment()
...
Fixes: Out of array read
Fixes: 24043/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5084566275751936.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4a10bc8f6fmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Timo Rothenpieler
c9f3835b2b
avcodec/cuviddec: backport extradata fixes
2020-10-01 21:51:44 +02:00
Timo Rothenpieler
05097aff47
avcodec/cuviddec: handle arbitrarily sized extradata
2020-09-30 14:07:58 +02:00
Błażej Szczygieł
03d6632f96
lavf/tls_gnutls: check for interrupt inside handshake loop
...
fixes #8080
Signed-off-by: Błażej Szczygieł <spaz16@wp.pl >
(cherry picked from commit 561ba15c97
2020-09-04 21:34:37 +03:00
Jan Ekström
1e7b385199
avformat/tls_schannel: immediately return decrypted data if available
...
Until now, we would have only attempted to utilize already decrypted
data if it was enough to fill the size of buffer requested, that could
very well be up to 32 kilobytes.
With keep-alive connections this would just lead to recv blocking
until rw_timeout had been reached, as the connection would not be
officially closed after each transfer. This would also lead to a
loop, as such timed out I/O request would just be attempted again.
By just returning the available decrypted data, keep-alive based
connectivity such as HLS playback is fixed with schannel.
(cherry picked from commit 6f8826e4aa
2020-09-04 19:04:55 +03:00
Jan Ekström
93d1993181
avformat/tls_schannel: always decrypt all received data
...
The dec_buf seems to be properly managed between read calls,
and we have no logic to decrypt before attempting socket I/O.
Thus - until now - such data would not be decrypted in case of
connections such as HTTP keep-alive, as the recv call would
always get executed first, block until rw_timeout, and then get
retried by retry_transfer_wrapper.
Thus - if data is received - decrypt all of it right away. This way
it is available for the following requests in case they can be
satisfied with it.
(cherry picked from commit 39977fff20
2020-09-04 19:04:06 +03:00
Andreas Rheinhardt
d359b750af
avformat/sdp: Fix potential write beyond end of buffer
...
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 5d91b7718eandreas.rheinhardt@gmail.com >
2020-07-10 21:31:39 +02:00
Andreas Rheinhardt
40e049856e
avformat/mm: Check for existence of audio stream
...
No audio stream is created unconditionally and if none has been created,
no packet with stream_index 1 may be returned. This fixes an assert in
ff_read_packet() in libavformat/utils reported in ticket #8782 .
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit ec59dc73f0andreas.rheinhardt@gmail.com >
2020-07-10 21:31:36 +02:00
Michael Niedermayer
f9f95ceebf
Changelog: update
2020-07-09 01:30:42 +02:00
Zhao Zhili
a06587b01a
avformat/mov: Fix unaligned read of uint32_t and endian-dependance in mov_read_default
...
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 806a4d5187michael@niedermayer.cc >
2020-07-07 21:05:23 +02:00
Michael Niedermayer
f9a7ca5911
Update for 4.2.4
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-07-07 20:39:24 +02:00
Michael Niedermayer
11c1e1d6d0
avcodec/apedec: Fix undefined integer overflow with 24bit
...
Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int'
Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9f7b252cdfmichael@niedermayer.cc >
2020-07-07 19:30:17 +02:00
Michael Niedermayer
b8f3879bcc
avcodec/loco: Fix integer overflow with large values from loco_get_rice()
...
Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int'
Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3ddc5e1f3cmichael@niedermayer.cc >
2020-07-07 19:29:23 +02:00
Michael Niedermayer
bcbfcf1300
avformat/smjpegdec: Check the existence of referred streams
...
Fixes: Assertion failure
Fixes: 23758/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5160954605338624.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 321ea59dacmichael@niedermayer.cc >
2020-07-07 19:28:29 +02:00
Michael Niedermayer
7d3da77756
avcodec/pnmdec: Fix misaligned reads
...
Found-by: "Steinar H. Gunderson" <steinar+ffmpeg@gunderson.no >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ea28ce9bc1michael@niedermayer.cc >
2020-07-06 01:50:33 +02:00
Michael Niedermayer
a957f43072
avcodec/scpr3: Fix out of array access with dectab
...
Fixes: 23721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5914074721550336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c8de8dfba6michael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
2cebde69e0
avcodec/dstdec: Replace AC overread check by sample rate check
...
Real files do skip coding 0 bits at the end, thus this kind of check
does not work reliable.
Fixes: Ticket 8770
Fixes: dst-256fs44-6ch-refdstencoder.dff
The samplerate is specified in ISO/IEC 14496-3:2005(E) as one of 3 fixed
values, this also can be used to limit the duration and avoid the timeout
This reverts commit f6df99dba11679f23bebmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
9fd30d0bdf
avutil/avsscanf: Add () to avoid integer overflow in scanexp()
...
Fixes: signed integer overflow: 2147483610 + 52 cannot be represented in type 'int'
Fixes: 23260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-5187871274434560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 42b28565aamichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
6fe28832a9
avformat/utils: reorder duration computation to avoid overflow
...
Fixes: signed integer overflow: 8 * 9223372036854774783 cannot be represented in type 'long'
Fixes: 23381/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4818340509122560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 10cc82c35bmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
3ea2cfe162
avcodec/pngdec: Check for fctl after idat
...
Fixes: out of array access
Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 65b1ba680fmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
57970c41f5
avformat/hls: Pass a copy of the URL for probing
...
The segments / url can be modified by the io read when reloading
This may be an alternative or additional fix for Ticket8673
as a further alternative the reload stuff could be disabled during
probing
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b5e39880fbmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Steven Liu
c00e881a45
avformat/hls: check segment duration value of EXTINF
...
fix ticket: 8673
set the default EXTINF duration to 1ms if duration is smaller than 1ms
Signed-off-by: Steven Liu <lq@chinaffmpeg.org >
(cherry picked from commit 9dfb19baeb
2020-07-05 01:47:57 +02:00
Michael Niedermayer
0c4fcdead8
avutil/common: Fix integer overflow in av_ceil_log2_c()
...
Fixes: left shift of 1913647649 by 1 places cannot be represented in type 'int'
Fixes: 23572/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5082619795734528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e409262837michael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
e02303282d
avcodec/wmalosslessdec: fix overflow with pred in revert_cdlms
...
Fixes: signed integer overflow: 2048 + 2147483646 cannot be represented in type 'int'
Fixes: 23538/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5227567073460224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 21598d711dmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
98ff949451
avformat/mvdec: Fix integer overflow with billions of channels
...
Fixes: signed integer overflow: 1394614304 * 2 cannot be represented in type 'int'
Fixes: 23491/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5697377020411904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b6fbbe08c3michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
a720e4d3c9
avformat/microdvddec: skip malformed lines without frame number.
...
Fixes: signed integer overflow: 1 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 23490/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5133490093031424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a8fb7612a9michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
774efe1ece
avformat/mxfdec: free duplicated utf16 strings
...
Fixes: memleak
Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744
Suggested-by: Marton Balint <cus@passwd.hu >
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0aa2768cb2michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
5fd3af45bc
avformat/4xm: Check that a video stream was created before returning packets for it
...
Fixes: assertion failure
Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c517c3f474michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
19d9c40647
avcodec/ffwavesynth: Avoid undefined operation on ts overflow
...
Alternatively these conditions could be treated as errors
Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long')
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 584d334afdmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
ee14b82ee0
avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
...
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int'
Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e361785ee0michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
7a00fd4964
avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c()
...
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int'
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c0dfe134bemichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
1a74a8078c
avcodec/sonic: Fix several integer overflows
...
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int'
Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 75d520e337michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
8c7a41b455
avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile
...
Fixes: out of array access
Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e53235f06cmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
17175055f8
avcodec/pixlet: Fix log(0) check
...
Fixes: passing zero to clz(), which is not a valid argument
Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bd0f81526dmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
3a8ae4f297
avcodec/iff: Fix off by x error
...
Fixes: out of array access
Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 51225dee0amichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
9641fcb355
avcodec/wmalosslessdec: Check block_align maximum
...
Fixes: Assertion failure
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 314d10f7a6michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
035d30ba17
avcodec/loco: Fix signed integer overflow in loco_get_rice()
...
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aa88cdfd90michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
4f92e48d5c
avformat/thp: Check fps
...
Fixes: division by zero
Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0e15b01b4emichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
374a18fbc8
avformat/mpl2dec: Fix integer overflow with duration
...
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9a42a67c5cmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
