Michael Niedermayer
aa34d29b2e
avcodec/mpeg4videodec: Fix runtime error: left shift of negative value -2650
...
Fixes: 674/clusterfuzz-testcase-6713275880308736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 25e93aacc2michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
5d21cfb170
avcodec/eac3dec: Fix runtime error: left shift of negative value -3
...
Fixes: 672/clusterfuzz-testcase-5595018867769344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 87eb374970michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
842c0b9f59
avcodec/mpeg12dec: Fix runtime error: left shift of negative value -2
...
671/clusterfuzz-testcase-4990381827555328
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aff8cf18cbmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
be3852ab9b
avcodec/mpeg4videodec: Check the other 3 sprite points for intermediate overflows
...
This is not necessarily specific to fuzzed files
Fixes: Multiple integer overflows
Fixes: 656/clusterfuzz-testcase-6463814516080640
Fixes: 658/clusterfuzz-testcase-6691260146384896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 76ba09d182michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
025af5ccd1
avcodec/mpeg4videodec: Check sprite_offset in addition to shifts
...
Fixes: 651/clusterfuzz-testcase-5710668915277824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6871df02d9michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
706dd2331a
avcodec/mpeg4video: Fix runtime error: left shift of negative value
...
Fixes: 644/clusterfuzz-testcase-4726434209726464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6179dc8aa7michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
0ccc767a15
avcodec/ituh263dec: Fix runtime error: left shift of negative value -22
...
Fixes: 639/clusterfuzz-testcase-5143866241974272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 631f748491michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
e2b46de961
avcodec/rv40: Fix runtime error: left shift of negative value
...
Fixes: 630/clusterfuzz-testcase-6608718928019456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 956472a323michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
297b077b49
avcodec/h264_cabac: runtime error: signed integer overflow: 2147483647 + 14 cannot be represented in type 'int'
...
Fixes: 614/clusterfuzz-testcase-4931860079575040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 258763ad0emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
09dfcb857e
avcodec/mpeg4videodec: Fix runtime error: shift exponent -2 is negative
...
Fixes: 612/clusterfuzz-testcase-4707817137111040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aa2b75263emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
6be28e7545
avcodec/mjpegdec: Fix runtime error: left shift of negative value -507
...
Fixes: 611/clusterfuzz-testcase-5613455820193792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c91bdd4524michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
762bf27fcc
avcodec/eac3dec: Fix runtime error: left shift of negative value
...
Fixes: 610/clusterfuzz-testcase-4831030085156864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 067485b673michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
8161ebbcc3
avcodec/htmlsubtitles: Fix reading one byte beyond the array
...
Fixes: fuzz-2-ffmpeg_SUBTITLE_AV_CODEC_ID_SUBRIP_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 04bd1b38eemichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
3e6b3d20b2
avcodec/vp6: clear dimensions on failed resolution change in vp6_parse_header()
...
Fixes: 807/clusterfuzz-testcase-6470061042696192
Fixes null pointer dereference
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 967feea5ebmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
e1ebd54a26
avcodec/vp56: Reset have_undamaged_frame on resolution changes
...
Fixes: timeout in 758/clusterfuzz-testcase-4720832028868608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6e913f2129michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Thomas Guilbert
c73128381f
avcodec/vp8: Fix hang with slice threads
...
Fixes: 447860.webm
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9bbc73ae9fmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
cc08c44904
avcodec/vp8: Check for the bitstream end per MB in decode_mb_row_no_filter()
...
Fixes: timeout in 730/clusterfuzz-testcase-5265113739165696 (part 2 of 2)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1afd246960michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
9e0e1e3d54
avcodec/vp568: Check that there is enough data for ff_vp56_init_range_decoder()
...
Fixes: timeout in 730/clusterfuzz-testcase-5265113739165696 (part 1 of 2)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 55d7371fe0michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
4770ef8742
avcodec/vp8: remove redundant check
...
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5098a6f627michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
c098e99d06
avcodec/vp56: Require a correctly decoded frame before using vp56_conceal_mb()
...
Fixes timeout with 700/clusterfuzz-testcase-5660909504561152
Fixes timeout with 702/clusterfuzz-testcase-4553541576294400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2ce4f28431michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
de43cdb2f5
avcodec/vp3: Do not return random positive values but the buf size
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d8094a303bmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
b8b8e4f9eb
avcodec/vp8: Check for bitsteam end in decode_mb_row_no_filter()
...
Fixes timeout with 686/clusterfuzz-testcase-5853946876788736
this shortcuts (i.e. speeds up) the error and
return-to-user when decoding a truncated frame
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Previous version reviewed by: "Ronald S. Bultje" <rsbultje@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7b5ff7d573michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
4b1f14dcf5
avcodec/vp56: Factorize vp56_render_mb() out
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4c0139463cmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
d7d2a121a3
avcodec/vp3dsp: Fix multiple signed integer overflow: 46341 * 47523 cannot be represented in type 'int'
...
Fixes: 664/clusterfuzz-testcase-4917047475568640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2b8b7921c5michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
bf780cbd99
Add CHECK/SUINT code
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4614bf2cafe8d4eacc07michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
3dd0166bde
avcodec/mpeg12dec: Fix runtime error: left shift of negative value -1
...
Fixes: 764/clusterfuzz-testcase-6273034652483584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a720b854b0michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
11477cdba5
avcodec/vp56: Clear dimensions in case of failure in the middle of a resolution change
...
Similar code is used elsewhere in vp56 to force a more complete reinit in the future.
Fixes null pointer dereference
Fixes: 707/clusterfuzz-testcase-4717453097566208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4bed066377michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
47c30a60e6
avcodec/vp56: Implement very basic error concealment
...
This should fix the fate failure due to a truncated last frame.
Alternatively the frame could be dropped.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d34bf886e9michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
eaa6ac7ffd
avcodec/amrwbdec: Fix 2 runtime errors: left shift of negative value -1
...
Fixes: 669/clusterfuzz-testcase-4847965409640448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6bd79ba59fmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
891f354796
avcodec/pngdec: Fix runtime error: left shift of 152 by 24 places cannot be represented in type 'int'
...
Fixes: 666/clusterfuzz-testcase-6581447227867136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 310d2af319michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
1e301c21d7
avcodec/vp56: Fix sign typo
...
Fixes: 664/clusterfuzz-testcase-4917047475568640
The change to fate is due to a truncated last frames which is now detected as damaged.
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 513a349439michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
24a9a51e57
avcodec/mpegaudiodec_template: Correct return code on id3 tag discarding
...
Fixes: 665/clusterfuzz-testcase-4863789881098240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5d81616be3michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
1108c628ba
avcodec/rv34: Simplify and factor get_slice_offset() code
...
This also fixes several integer overflows by checking each value before
use.
Fixes: 662/clusterfuzz-testcase-4898131432964096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8696f25444michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
116120045b
avcodec/pictordec: Do not read more than nb_planes
...
Fixes undefined behavior
Fixes: 622/clusterfuzz-testcase-5745722022428672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 01d196a67dmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
ccce40356a
avcodec/srtdec: Fix signed integer overflow: 1811992524 * 384 cannot be represented in type 'int'
...
Fixes: 617/clusterfuzz-testcase-6413875723370496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c11d3634b0michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
508b8c3569
avcodec/pngdec: Check bit depth for validity
...
Fixes: runtime error: shift exponent 132 is too large for 32-bit type 'int'
Fixes: 609/clusterfuzz-testcase-4825202619842560
See 11.2.2 IHDR Image header
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4279613a26michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
edb15cce00
avcodec/mpeg12dec: Fix runtime error: left shift of negative value
...
Fixes: 608/clusterfuzz-testcase-603978286392934
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 706757d26dmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
5ee27f48d7
avcodec/wavpacl: Fix runtime error: left shift of negative value -1
...
Fixes: 607/clusterfuzz-testcase-5108792465293312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 12eebb845amichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
758258f567
avformat/http: Check for truncated buffers in http_connect()
...
Reported-by: SleepProgger <security@gnutp.com >
Reviewed-by: Steven Liu <lingjiujianke@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8fa18e042amichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Aaron Levinson
9cf601f87d
avformat/utils: free AVStream.codec properly in free_stream()
...
Fixes memory leaks.
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit b9d2005ea5
2017-05-11 21:18:07 -03:00
James Almer
65add3a818
avcodec/options: do a more thorough clean up in avcodec_copy_context()
...
Free coded_frame and coded_side_data to prevent potential leaks.
Reviewed-by: Aaron Levinson <alevinsn@aracnet.com >
Tested-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit cac8de2da5
2017-05-11 21:16:54 -03:00
James Almer
8d9f927078
avcodec/options: factorize avcodec_copy_context() cleanup code
...
Reviewed-by: Aaron Levinson <alevinsn@aracnet.com >
Tested-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 54a4c9b4e9
2017-05-11 21:16:28 -03:00
James Almer
49279d4cc2
avformat/concatdec: fix the h264 annexb extradata check
...
The start code can be either in the first three or four bytes.
(cherry picked from commit b4330a0e02
2017-05-11 21:12:12 -03:00
Mark Thompson
016064625f
hwcontext_vdpau: Fix missing subscripts
...
Also remove the redundant casts which were hiding the error here.
Fixes Ubuntu bug 1688735, reported by andysem.
(cherry picked from commit 7081620aca
2017-05-09 14:45:54 +02:00
Carl Eugen Hoyos
582c3d514a
lavf/flacdec: Return maximum score if the streaminfo header is valid.
...
Fixes ticket #6208 .
(cherry picked from commit 3733039610
2017-03-30 01:41:22 +02:00
Paul B Mahol
a60e665162
avcodec/dnxhd_parser: take into account compressed frame size and skip it
...
Fixes #6214 and vsynth1-dnxhd-720p-hr-lb.
Signed-off-by: Paul B Mahol <onemda@gmail.com >
(cherry picked from commit e1940d2458
2017-03-24 19:57:36 +01:00
James Almer
33978a49c0
avformat/apng: fix setting frame delay when max_fps is set to no limit
...
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 874eb012f7
2017-03-21 20:22:12 -03:00
James Almer
2bf28b9db6
swresample/resample: free existing ResampleContext on reinit
...
Fixes memleak.
Reviewed-by: wm4 <nfxjfg@googlemail.com >
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit db7a05dab0
2017-03-21 12:12:09 -03:00
James Almer
2d322bf3e9
swresample/resample: move resample_free() higher in the file
...
Also make it more readable while at it.
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 2a8a8a2e98
2017-03-21 12:11:57 -03:00
James Almer
36fff6c754
avformat/matroskaenc: don't write DisplayUnit with value Unknown on WebM files
...
Value 4 (Unknown) is for the time being part of the Matroska spec but not
supported by WebM
Addresses ticket #6176
(cherry picked from commit 1ad60e4e70
2017-02-21 21:18:07 -03:00
