Timo Rothenpieler
7f0db52c53
avcodec/cuviddec: handle arbitrarily sized extradata
2020-09-30 14:14:30 +02:00
Błażej Szczygieł
3dd24b0f70
lavf/tls_gnutls: check for interrupt inside handshake loop
...
fixes #8080
Signed-off-by: Błażej Szczygieł <spaz16@wp.pl >
(cherry picked from commit 561ba15c97
2020-09-04 22:06:02 +03:00
Remita Amine
082dfc8bd5
lavf/tls_gnutls: retry gnutls_handshake on non fatal errors
...
fixes #7801
Signed-off-by: Remita Amine <remitamine@gmail.com >
(cherry picked from commit bc1749c6e4
2020-09-04 22:06:01 +03:00
Jan Ekström
dce15293da
avformat/tls_schannel: immediately return decrypted data if available
...
Until now, we would have only attempted to utilize already decrypted
data if it was enough to fill the size of buffer requested, that could
very well be up to 32 kilobytes.
With keep-alive connections this would just lead to recv blocking
until rw_timeout had been reached, as the connection would not be
officially closed after each transfer. This would also lead to a
loop, as such timed out I/O request would just be attempted again.
By just returning the available decrypted data, keep-alive based
connectivity such as HLS playback is fixed with schannel.
(cherry picked from commit 6f8826e4aa
2020-09-04 19:26:16 +03:00
Jan Ekström
0adddc08c6
avformat/tls_schannel: always decrypt all received data
...
The dec_buf seems to be properly managed between read calls,
and we have no logic to decrypt before attempting socket I/O.
Thus - until now - such data would not be decrypted in case of
connections such as HTTP keep-alive, as the recv call would
always get executed first, block until rw_timeout, and then get
retried by retry_transfer_wrapper.
Thus - if data is received - decrypt all of it right away. This way
it is available for the following requests in case they can be
satisfied with it.
(cherry picked from commit 39977fff20
2020-09-04 19:26:16 +03:00
Michael Niedermayer
918a41d40e
Changelog: update
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-07-05 00:31:07 +02:00
Andreas Rheinhardt
3df2eab778
avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input
...
The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit
is so big that it extends beyond the end of the input packet; it does so
only implicitly by using the checked version of the bytestream2 API.
But this has downsides compared to real checks: It can lead to huge
allocations (up to 2GiB) even when the input packet is just a few bytes.
And furthermore it leads to uninitialized data being output.
So add a check to error out early if it happens.
Also check directly whether there is enough data for the length field.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit ea1b71e82fandreas.rheinhardt@gmail.com >
2020-07-03 17:11:15 +02:00
Michael Niedermayer
fd43c6dc0e
Update for 4.1.6
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-07-03 17:03:14 +02:00
Michael Niedermayer
850bbc0f78
avcodec/dstdec: Replace AC overread check by sample rate check
...
Real files do skip coding 0 bits at the end, thus this kind of check
does not work reliable.
Fixes: Ticket 8770
Fixes: dst-256fs44-6ch-refdstencoder.dff
The samplerate is specified in ISO/IEC 14496-3:2005(E) as one of 3 fixed
values, this also can be used to limit the duration and avoid the timeout
This reverts commit f6df99dba11679f23bebmichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
7b3b3119d5
avformat/utils: reorder duration computation to avoid overflow
...
Fixes: signed integer overflow: 8 * 9223372036854774783 cannot be represented in type 'long'
Fixes: 23381/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4818340509122560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 10cc82c35bmichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
c095e870d8
avcodec/pngdec: Check for fctl after idat
...
Fixes: out of array access
Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 65b1ba680fmichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
7dc5dfad31
avformat/hls: Pass a copy of the URL for probing
...
The segments / url can be modified by the io read when reloading
This may be an alternative or additional fix for Ticket8673
as a further alternative the reload stuff could be disabled during
probing
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b5e39880fbmichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Steven Liu
c229e5e80f
avformat/hls: check segment duration value of EXTINF
...
fix ticket: 8673
set the default EXTINF duration to 1ms if duration is smaller than 1ms
Signed-off-by: Steven Liu <lq@chinaffmpeg.org >
(cherry picked from commit 9dfb19baeb
2020-07-03 12:10:24 +02:00
Michael Niedermayer
cb438cf889
avutil/common: Fix integer overflow in av_ceil_log2_c()
...
Fixes: left shift of 1913647649 by 1 places cannot be represented in type 'int'
Fixes: 23572/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5082619795734528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e409262837michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
55e76ddb7a
avcodec/wmalosslessdec: fix overflow with pred in revert_cdlms
...
Fixes: signed integer overflow: 2048 + 2147483646 cannot be represented in type 'int'
Fixes: 23538/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5227567073460224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 21598d711dmichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
2f0a00fb3d
avformat/mvdec: Fix integer overflow with billions of channels
...
Fixes: signed integer overflow: 1394614304 * 2 cannot be represented in type 'int'
Fixes: 23491/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5697377020411904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b6fbbe08c3michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
f62bbddde2
avformat/microdvddec: skip malformed lines without frame number.
...
Fixes: signed integer overflow: 1 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 23490/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5133490093031424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a8fb7612a9michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
1f7af6a946
avformat/mxfdec: free duplicated utf16 strings
...
Fixes: memleak
Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744
Suggested-by: Marton Balint <cus@passwd.hu >
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0aa2768cb2michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
0b124172d8
avformat/4xm: Check that a video stream was created before returning packets for it
...
Fixes: assertion failure
Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c517c3f474michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
1f64119c8a
avcodec/ffwavesynth: Avoid undefined operation on ts overflow
...
Alternatively these conditions could be treated as errors
Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long')
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 584d334afdmichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
0e5ac35745
avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
...
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int'
Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e361785ee0michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
0c0c9d15ce
avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c()
...
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int'
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c0dfe134bemichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
ba6fc75d5a
avcodec/sonic: Fix several integer overflows
...
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int'
Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 75d520e337michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
f1e0ca3709
avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile
...
Fixes: out of array access
Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e53235f06cmichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
b02ff15402
avcodec/pixlet: Fix log(0) check
...
Fixes: passing zero to clz(), which is not a valid argument
Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bd0f81526dmichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
99d2024b18
avcodec/iff: Fix off by x error
...
Fixes: out of array access
Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 51225dee0amichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
c15b6bfd79
avcodec/wmalosslessdec: Check block_align maximum
...
Fixes: Assertion failure
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 314d10f7a6michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
24fd6136df
avcodec/loco: Fix signed integer overflow in loco_get_rice()
...
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aa88cdfd90michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
d31345a880
avformat/thp: Check fps
...
Fixes: division by zero
Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0e15b01b4emichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
38af60a454
avformat/mpl2dec: Fix integer overflow with duration
...
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9a42a67c5cmichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
c5535532f8
avcodec/mpeg12dec: remove outdated comments
...
Found-by: Kieran
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 48de8f5816michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
86ae1ff10f
avcodec/snowdec: Avoid integer overflow with huge qlog
...
Fixes: integer overflow
Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 38fbf33c72michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Dale Curtis
f377de6413
avformat/mov: Check if DTS is AV_NOPTS_VALUE in mov_find_next_sample().
...
Signed-off-by: Dale Curtis <dalecurtis@chromium.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bf446711bcmichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
4fdf23df7d
avcodec/mpeg12dec: Fix got_output
...
This makes got_output consistent with the code in slice_end() which sets the output
in slice_end()
if (s->pict_type == AV_PICTURE_TYPE_B || s->low_delay) {
int ret = av_frame_ref(pict, s->current_picture_ptr->f);
...
} else {
Fixes: assertion failure
Fixes: 22178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5664234440753152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f33a9803amichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
a621600f66
avformat/4xm: Cleanup on GET_LIST_HEADER() failure
...
Fixes: memleak
Fixes: 23142/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5932860820422656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5313ce654michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
c3eaff820a
avcodec/lzf: Consider the needed size in reallocation
...
Fixes: NULL pointer dereference
Fixes: 22381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5659879921680384.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 292b9b93a5michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
e01d07c781
avformat/mlvdec: fail reading a packet with 0 streams
...
Fixes: NULL pointer dereference
Fixes: 22604/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5667739074297856.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5bd5c31087michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
be9e89efcd
avformat/thp: Check compcount
...
Fixes: out of array access
Fixes: 22520/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5100297658826752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1ba8484559michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
dd6147888c
avcodec/adpcm: XA: Check shift similar to filter
...
Fixes: negative shift
Fixes: 22499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5765452130418688
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6d96bae9c4michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
8935ae4395
avcodec/huffyuvdec: Test vertical coordinate more often
...
Fixes: out of array access
Fixes: 22892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5135996772679680.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a1223ddc56michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
011c9cfab1
avcodec/hq_hqa: Check info size
...
Fixes: assertion failure
Fixes: 21079/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5737046523248640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cf28521feemichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
9ff5fd6537
avcodec/wmalosslessdec: Fix integer overflow in mclms_predict()
...
Fixes: signed integer overflow: 2147483636 + 2048 cannot be represented in type 'int'
Fixes: 22016/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5109395618004992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c42ed06695michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
1ba97da44b
avcodec/vp9dsp_template: Fix integer overflow(s) in iadst16_1d()
...
Fixes: signed integer overflow: 1080285923 - -1130879337 cannot be represented in type 'int'
Fixes: 22002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-6260237310099456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 071e293723michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
6be68e6994
avcodec/h264dec: Disable forced small_padding on flag2 fast
...
Fixes: 20978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5746381832847360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
083e0314b5
avformat/oggparsevorbis: Error out on double init of vp
...
Fixes: memleak
Fixes: 19949/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5743636058210304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2a3bbc0086michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
d1eb5516bb
avcodec/pnmdec: Use unsigned for maxval rescaling
...
Fixes: signed integer overflow: 65535 * 55335 cannot be represented in type 'int'
Fixes: 21955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5669206981083136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 49459aca47michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
dad19158aa
avcodec/ivi: Clear got_p_frame before decoding a new frame using it
...
Fixes: assertion failure
Fixes: 21666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5706468994318336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1d633e6a0amichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
e7262c1f19
avcodec/dsddec: Check channels
...
Fixes: division by zero
Fixes: 21677/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_MSBF_fuzzer-5712547983654912
Fixes: 21751/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_LSBF_fuzzer-5197097180856320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2570a8777emichael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
05e2de8291
avcodec/xvididct: Fix integer overflow in idct_row()
...
Fixes: signed integer overflow: -1238335488 + -1003634688 cannot be represented in type 'int'
Fixes: 21649/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5112005765890048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 620236e4d2michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
Michael Niedermayer
296d4bf22e
avcodec/wmalosslessdec: Fix integer overflows in revert_inter_ch_decorr()
...
Fixes: signed integer overflow: -717241856 + -1434459904 cannot be represented in type 'int'
Fixes: 21405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5677143666458624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e9a4c4fe99michael@niedermayer.cc >
2020-07-03 12:10:24 +02:00
