Michael Niedermayer
d08abbd0bd
avformat/mov: Fix DoS in read_tfra()
...
Fixes: Missing EOF check in loop
No testcase
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9cb4eb7728michael@niedermayer.cc >
2017-09-08 18:37:21 +02:00
Michael Niedermayer
fd4500df5c
avcodec/dirac_dwt: Fix multiple overflows in 9/7 lifting
...
Fixes: runtime error: signed integer overflow: 1073901567 + 1073901567 cannot be represented in type 'int'
Fixes: 3124/clusterfuzz-testcase-minimized-454643435752652
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f71cd44147michael@niedermayer.cc >
2017-09-02 23:54:44 +02:00
Michael Niedermayer
92f4341ed1
avcodec/diracdec: Fix integer overflow in INTRA_DC_PRED()
...
Fixes: runtime error: signed integer overflow: 1168175789 + 1168178473 cannot be represented in type 'int'
Fixes: 3081/clusterfuzz-testcase-minimized-4807564879462400
Fixes: 2844/clusterfuzz-testcase-minimized-5561715838156800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2a0823ae96michael@niedermayer.cc >
2017-09-02 23:54:16 +02:00
孙浩(晓黑)
b2aa633d66
avformat/mxfdec: Fix Sign error in mxf_read_primer_pack()
...
Fixes: 20170829B.mxf
Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com >
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9d00fb9d70michael@niedermayer.cc >
2017-09-01 03:20:53 +02:00
孙浩(晓黑)
74c067e955
avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array()
...
Fixes: 20170829A.mxf
Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com >
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 900f39692cmichael@niedermayer.cc >
2017-09-01 03:04:24 +02:00
孙浩(晓黑)
c6d3640cf7
avformat/nsvdec: Fix DoS due to lack of eof check in nsvs_file_offset loop.
...
Fixes: 20170829.nsv
Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com >
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c24bcb5536michael@niedermayer.cc >
2017-09-01 03:03:44 +02:00
Michael Niedermayer
e89125faba
avcodec/snowdec: Fix integer overflow in decode_subband_slice_buffered()
...
Fixes: runtime error: signed integer overflow: 267 * 8388608 cannot be represented in type 'int'
Fixes: 2743/clusterfuzz-testcase-minimized-5820652076400640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 732f976456michael@niedermayer.cc >
2017-08-29 21:21:05 +02:00
Michael Niedermayer
51ee15df58
avcodec/hevc_ps: Fix undefined shift in pcm code
...
Fixes: runtime error: shift exponent -1 is negative
Fixes: 3091/clusterfuzz-testcase-minimized-6229767969832960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2a83866c9fmichael@niedermayer.cc >
2017-08-29 21:20:50 +02:00
Michael Niedermayer
a5018026af
avcodec/sbrdsp_fixed: Fix undefined overflows in autocorrelate()
...
Fixes: runtime error: signed integer overflow: 8903997421129740175 + 354481484684609529 cannot be represented in type 'long'
Fixes: 2045/clusterfuzz-testcase-minimized-6751255865065472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eefb68c9c3michael@niedermayer.cc >
2017-08-28 01:44:23 +02:00
Michael Niedermayer
9a73a77681
avformat/mvdec: Fix DoS due to lack of eof check
...
Fixes: loop.mv
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f05e2e2dcmichael@niedermayer.cc >
2017-08-28 01:43:28 +02:00
孙浩 and 张洪亮(望初)
4c6bed6e3b
avformat/rl2: Fix DoS due to lack of eof check
...
Fixes: loop.rl2
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 96f24d1beemichael@niedermayer.cc >
2017-08-28 01:43:03 +02:00
孙浩 and 张洪亮(望初)
81e6a95e54
avformat/rmdec: Fix DoS due to lack of eof check
...
Fixes: loop.ivr
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 124eb202e7michael@niedermayer.cc >
2017-08-28 01:42:34 +02:00
孙浩 and 张洪亮(望初)
adca94d65e
avformat/cinedec: Fix DoS due to lack of eof check
...
Fixes: loop.cine
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7e80b63ecdmichael@niedermayer.cc >
2017-08-28 01:42:23 +02:00
孙浩 and 张洪亮(望初)
39ddbd204a
avformat/asfdec: Fix DoS due to lack of eof check
...
Fixes: loop.asf
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7f9ec5593emichael@niedermayer.cc >
2017-08-28 01:42:00 +02:00
Michael Niedermayer
b9fa2a86e6
avformat/hls: Fix DoS due to infinite loop
...
Fixes: loop.m3u
The default max iteration count of 1000 is arbitrary and ideas for a better solution are welcome
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Previous version reviewed-by: Steven Liu <lingjiujianke@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7ec414892dmichael@niedermayer.cc >
2017-08-28 01:41:36 +02:00
Michael Niedermayer
ffdc430c4a
ffprobe: Fix NULL pointer handling in color parameter printing
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 351e28f9a7michael@niedermayer.cc >
2017-08-24 12:46:07 +02:00
Michael Niedermayer
cf838b8fd2
ffprobe: Fix null pointer dereference with color primaries
...
Found-by: AD-lab of venustech
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 837cb4325bmichael@niedermayer.cc >
(cherry picked from commit b2c39fcc3c0749490dc93bca80f56724878b55fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2017-08-24 12:25:56 +02:00
Michael Niedermayer
9e98eee39d
avcodec/hevc_ps: Check delta_pocs in ff_hevc_decode_short_term_rps()
...
Fixes: integer overflow
Fixes: 2893/clusterfuzz-testcase-minimized-5809330567774208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2b44dcbc44michael@niedermayer.cc >
2017-08-24 12:10:32 +02:00
Vitaly Buka
aadd7fbc14
avformat/aviobuf: Fix signed integer overflow in avio_seek()
...
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow
Signed-off-by: Vitaly Buka <vitalybuka@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eca2a49716michael@niedermayer.cc >
2017-08-24 12:08:06 +02:00
Vitaly Buka
64af458bb8
avformat/mov: Fix signed integer overflows with total_size
...
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow
Signed-off-by: Vitaly Buka <vitalybuka@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4a404cb5b9michael@niedermayer.cc >
2017-08-24 12:03:51 +02:00
Vitaly Buka
616154a6a5
avcodec/utils: Fix signed integer overflow in rc_initial_buffer_occupancy initialization
...
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow
Signed-off-by: Vitaly Buka <vitalybuka@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8c2bb10ddfmichael@niedermayer.cc >
2017-08-24 12:03:33 +02:00
Michael Niedermayer
2820ffe392
avcodec/aacdec_template: Fix running cleanup in decode_ics_info()
...
Fixes: out of array read
Fixes: 2873/clusterfuzz-testcase-minimized-5924145713905664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Previous version reviewed-by: Alex Converse <alex.converse@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6f03ffb47dmichael@niedermayer.cc >
2017-08-23 04:03:16 +02:00
Michael Niedermayer
c543ff526b
avcodec/me_cmp: Fix crashes on ARM due to misalignment
...
Adds a diff_pixels_unaligned()
Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872503
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bc488ec28amichael@niedermayer.cc >
2017-08-21 23:27:09 +02:00
Michael Niedermayer
2f49580e03
avcodec/dirac_dwt_template: Fix integer overflow in vertical_compose53iL0()
...
Fixes: runtime error: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int'
Fixes: 3013/clusterfuzz-testcase-minimized-4644084197097472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a165b53daamichael@niedermayer.cc >
2017-08-21 23:27:09 +02:00
Michael Niedermayer
689e97fcad
avcodec/fic: Fixes signed integer overflow
...
Fixes: runtime error: signed integer overflow: 1037142357 + 1227025305 cannot be represented in type 'int'
Fixes: 3024/clusterfuzz-testcase-minimized-5885660323905536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0c9d5b015cmichael@niedermayer.cc >
2017-08-21 23:27:08 +02:00
Michael Niedermayer
f7509e9fce
avcodec/snowdec: Fix off by 1 error
...
Fixes: runtime error: index 4 out of bounds for type 'int8_t [4]'
Fixes: 3023/clusterfuzz-testcase-minimized-6421736130084864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d132683dddmichael@niedermayer.cc >
2017-08-21 23:27:08 +02:00
Michael Niedermayer
9bfa8b692e
avcodec/diracdec: Check perspective_exp and zrs_exp.
...
Fixes: undefined shift
Fixes: runtime error: shift exponent 264 is too large for 32-bit type 'int'
Fixes: 2860/clusterfuzz-testcase-minimized-4672811689836544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1e6cab8745michael@niedermayer.cc >
2017-08-17 00:27:31 +02:00
Michael Niedermayer
e154826a2f
avcodec/mpeg4videodec: Clear mcsel before decoding an image
...
Fixes: runtime error: signed integer overflow: 2146467840 + 1032192 cannot be represented in type 'int'
Fixes: 2826/clusterfuzz-testcase-minimized-5901511613743104
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7735ed2974michael@niedermayer.cc >
2017-08-13 01:07:20 +02:00
Michael Niedermayer
f91733e141
avcodec/dirac_dwt: Fixes integer overflows in COMPOSE_DAUB97*
...
Fix multiple: runtime error: signed integer overflow: 6497 * 3409630 cannot be represented in type 'int'
Fixes: 2819/clusterfuzz-testcase-minimized-4743700301217792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5380f9c1cmichael@niedermayer.cc >
2017-08-08 19:38:09 +02:00
Michael Niedermayer
410f709bec
avcodec/aacdec_fixed: fix invalid shift in predict()
...
Fixes: runtime error: shift exponent -2 is negative
Fixes: 2818/clusterfuzz-testcase-minimized-5062943676825600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1e443051b2michael@niedermayer.cc >
2017-08-08 19:37:42 +02:00
Michael Niedermayer
b59d6183c4
avcodec/h264_slice: Fix overflow in slice offset
...
Fixes: runtime error: signed integer overflow: 1610612736 * 2 cannot be represented in type 'int'
Fixes: 2817/clusterfuzz-testcase-minimized-5289691240726528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1f53bde6d8michael@niedermayer.cc >
2017-08-08 19:37:24 +02:00
Steven Siloti
a371850d58
avformat/utils: fix memory leak in avformat_free_context
...
The pointer to the packet queue is stored in the internal structure
so the queue needs to be flushed before internal is freed.
Signed-off-by: Steven Siloti <ssiloti@bittorrent.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 949debd1d1michael@niedermayer.cc >
2017-08-05 23:25:05 +02:00
Michael Niedermayer
693db350dd
avcodec/dirac_dwt: Fix multiple integer overflows in COMPOSE_DD97iH0()
...
Fixes: runtime error: signed integer overflow: 9 * 335544320 cannot be represented in type 'int'
Fixes: 2739/clusterfuzz-testcase-minimized-6737297955356672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bf8ab72ae9michael@niedermayer.cc >
2017-07-29 19:13:21 +02:00
Michael Niedermayer
ac0fbaf8ac
avcodec/diracdec: Fix integer overflow in divide3()
...
Fixes: runtime error: signed integer overflow: -1073746548 * 21845 cannot be represented in type 'int'
Fixes: 2729/clusterfuzz-testcase-minimized-5902915464069120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c0220c768cmichael@niedermayer.cc >
2017-07-29 14:23:25 +02:00
Michael Niedermayer
43d7b1e42f
avcodec/takdec: Fix integer overflow in decode_subframe()
...
Fixes: runtime error: signed integer overflow: -536870912 - 1972191120 cannot be represented in type 'int'
Fixes: 2711/clusterfuzz-testcase-minimized-4975142398590976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2c630d159fmichael@niedermayer.cc >
2017-07-29 14:18:35 +02:00
Michael Niedermayer
81c940b151
avformat/rtmppkt: Convert ff_amf_get_field_value() to bytestream2
...
Fixes: out of array accesses
Found-by: JunDong Xie of Ant-financial Light-Year Security Lab
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ffcc82219cmichael@niedermayer.cc >
2017-07-29 14:17:58 +02:00
Michael Niedermayer
2954ce9dea
avformat/rtmppkt: Convert ff_amf_tag_size() to bytestream2
...
Fixes: out of array accesses
Fixes: crash-9238fa9e8d4fde3beda1f279626f53812cb001cb-SEGV
Found-by: JunDong Xie of Ant-financial Light-Year Security Lab
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 08c073434emichael@niedermayer.cc >
2017-07-29 04:49:47 +02:00
Michael Niedermayer
654e157d21
avcodec/diracdec: Fix integer overflow in signed multiplication in UNPACK_ARITH()
...
Fixes: runtime error: signed integer overflow: 1073741823 * 4 cannot be represented in type 'int'
Fixes: 2729/clusterfuzz-testcase-minimized-5902915464069120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8e275a74b0michael@niedermayer.cc >
2017-07-28 03:41:09 +02:00
Michael Niedermayer
f31fc4755f
avcodec/dnxhddec: Move mb height check out of non hr branch
...
Fixes: out of array access
Fixes: poc.dnxhd
Found-by: Bingchang, Liu@VARAS of IIE
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 296debd213michael@niedermayer.cc >
2017-07-27 03:11:20 +02:00
Michael Niedermayer
665311ab1f
avcodec/hevc_ps: fix integer overflow in log2_parallel_merge_level_minus2
...
Fixes: runtime error: signed integer overflow: -2147483647 - 2 cannot be represented in type 'int'
Fixes: 2702/clusterfuzz-testcase-minimized-4511932591636480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 74c1c22d7fmichael@niedermayer.cc >
2017-07-26 17:25:17 +02:00
Michael Niedermayer
8c05ac89d3
avformat/oggparsecelt: Do not re-allocate os->private
...
Fixes: double free
Fixes: clusterfuzz-testcase-minimized-5080550145785856
Found-by: ClusterFuzz
Reviewed-by: Nicolas George <george@nsup.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7140761481michael@niedermayer.cc >
2017-07-26 00:15:38 +02:00
Michael Niedermayer
3fd54e4440
avcodec/aacps: Fix multiple integer overflow in map_val_34_to_20()
...
Fixes: avcodec/aacps.c:511:40: runtime error: signed integer overflow: 1509077651 + 758068176 cannot be represented in type 'int'
Fixes: 2678/clusterfuzz-testcase-minimized-4702787684270080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0764fe1d09michael@niedermayer.cc >
2017-07-26 00:14:03 +02:00
Michael Niedermayer
d4bc7fc412
avcodec/aacdec_fixed: fix: left shift of negative value -1
...
Fixes: 2699/clusterfuzz-testcase-minimized-5631303862976512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2dfb8c4178michael@niedermayer.cc >
2017-07-26 00:11:56 +02:00
Brice Waegeneire
d57345e8d0
doc/filters: typo in frei0r
...
Signed-off-by: Brice Waegeneire <brice.wge@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6a6eec485dmichael@niedermayer.cc >
2017-07-23 15:01:04 +02:00
Vodyannikov Aleksandr
8642322b9f
avcodec/cfhd: Fix decoding regression due to height check
...
Fixes: Ticket6546
Regression since: 54aaadf648mfcc64@gmail.com >
Reviewed-by: Kieran Kunhya <kierank@obe.tv >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 47c9365724michael@niedermayer.cc >
2017-07-23 15:00:53 +02:00
Michael Niedermayer
0df61711cf
Changelog: update
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2017-07-19 13:48:31 +02:00
Michael Niedermayer
4e7ddba594
avcodec/aacdec_template (fixed point): Check gain in decode_cce() to avoid undefined shifts later
...
Fixes: runtime error: shift exponent 47 is too large for 32-bit type 'int'
Fixes: 2581/clusterfuzz-testcase-minimized-4681474395602944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2886142e0cmichael@niedermayer.cc >
2017-07-19 04:03:10 +02:00
Michael Niedermayer
5e78e477fa
avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
...
Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 cannot be represented in type 'int'
Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0ef8f03133michael@niedermayer.cc >
2017-07-19 03:54:39 +02:00
Michael Niedermayer
9a2ca3cce2
avcodec/mjpegdec: Clip DC also on the negative side.
...
Fixes: runtime error: signed integer overflow: -16711425 + -2130772346 cannot be represented in type 'int'
Fixes: 2533/clusterfuzz-testcase-minimized-5372857678823424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c28f648b19michael@niedermayer.cc >
2017-07-19 03:48:00 +02:00
Michael Niedermayer
f1143f5dc0
avcodec/aacps (fixed point): Fix multiple signed integer overflows
...
Fixes: runtime error: signed integer overflow: 1421978265 - -1810326882 cannot be represented in type 'int'
Fixes: 2527/clusterfuzz-testcase-minimized-5260915396050944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 80b9e40b6fmichael@niedermayer.cc >
2017-07-19 03:47:45 +02:00
