ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	0ed96055f4	avcodec/takdec: Fix multiple runtime error: signed integer overflow: 637072 * 4096 cannot be represented in type 'int' Fixes: 2079/clusterfuzz-testcase-minimized-5345861779324928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e4efd41b83`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-20 02:05:08 +02:00
Michael Niedermayer	b6b70060ba	avcodec/mjpegdec: Check that reference frame matches the current frame Fixes: out of array read Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4705edbbb9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-20 02:05:08 +02:00
Michael Niedermayer	d37559993f	avcodec/tiff: Avoid loosing allocated geotag values Fixes memleak Fixes: 2076/clusterfuzz-testcase-minimized-6542640243802112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d7cbeab4c1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-20 02:05:08 +02:00
Michael Niedermayer	49b7446317	avcodec/cavs: Fix runtime error: signed integer overflow: -12648062 * 256 cannot be represented in type 'int' Fixes: 2067/clusterfuzz-testcase-minimized-5578430902960128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1e6ee86d92`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-20 02:05:08 +02:00
Michael Niedermayer	bb1014279d	avformat/hls: Check local file extensions This reduces the attack surface of local file-system information leaking. It prevents the existing exploit leading to an information leak. As well as similar hypothetical attacks. Leaks of information from files and symlinks ending in common multimedia extensions are still possible. But files with sensitive information like private keys and passwords generally do not use common multimedia filename extensions. It does not stop leaks via remote addresses in the LAN. The existing exploit depends on a specific decoder as well. It does appear though that the exploit should be possible with any decoder. The problem is that as long as sensitive information gets into the decoder, the output of the decoder becomes sensitive as well. The only obvious solution is to prevent access to sensitive information. Or to disable hls or possibly some of its feature. More complex solutions like checking the path to limit access to only subdirectories of the hls path may work as an alternative. But such solutions are fragile and tricky to implement portably and would not stop every possible attack nor would they work with all valid hls files. Developers have expressed their dislike / objected to disabling hls by default as well as disabling hls with local files. There also where objections against restricting remote url file extensions. This here is a less robust but also lower inconvenience solution. It can be applied stand alone or together with other solutions. limiting the check to local files was suggested by nevcairiel This recommits the security fix without the author name joke which was originally requested by Nicolas. Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `189ff42196`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-20 02:05:08 +02:00
Michael Niedermayer	c4a3020c1b	avcodec/qdrw: Fix null pointer dereference The RGB555 PACKBITSRGN case tries to read a palette, if such palette is actually stored then it accesses a null pointer. All 16bit samples i could find use DIRECTBITSRGN. Fixes: 2065/clusterfuzz-testcase-minimized-6298930457346048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `46b865ea9f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 03:33:56 +02:00
Michael Niedermayer	1065957f7b	avutil/softfloat: Fix sign error in and improve documentation of av_int2sf() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6019d721d4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 03:33:22 +02:00
Michael Niedermayer	af85f35d2c	avcodec/hevc_ps: Fix runtime error: index 32 out of bounds for type 'uint8_t [32]' Fixes: 2010/clusterfuzz-testcase-minimized-6209288450080768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `29808fff33`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 03:31:52 +02:00
Michael Niedermayer	e0d1be3539	avcodec/dxv: Check remaining bytes in dxv_decompress_raw() Fixes: Timeout Fixes: 2006/clusterfuzz-testcase-minimized-5766515037044736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `eb50492270`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 03:31:29 +02:00
Michael Niedermayer	ce4196561a	avcodec/pafvideo: Check packet size and frame code before ff_reget_buffer() Fixes 1745/clusterfuzz-testcase-minimized-6160693365571584 Fixes: Timeout Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `faa5a2181d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-04 14:14:51 +02:00
Michael Niedermayer	06f6931529	avcodec/ac3dec_fixed: Fix runtime error: left shift of 419 by 23 places cannot be represented in type 'int' Fixes: 1352/clusterfuzz-testcase-minimized-5757565017260032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `136ce8baa4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-04 14:13:02 +02:00
Michael Niedermayer	641b38c9c8	avformat/options: log filename on open The loglevel is choosen so that the main filename and any images of multi image sequences are shown only at debug level to avoid clutter. This makes exploits in playlists more visible. As they would show accesses to private/sensitive files Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `53e0d5d724`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-04 14:11:39 +02:00
Michael Niedermayer	3764e3a2c5	avcodec/aacps: Fix runtime error: left shift of 1073741824 by 1 places cannot be represented in type 'INTFLOAT' (aka 'int') Fixes: 2005/clusterfuzz-testcase-minimized-5744226438479872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9faf098163`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-04 01:11:22 +02:00
Michael Niedermayer	2c3bcf6bf2	avcodec/wavpack: Fix runtime error: shift exponent 32 is too large for 32-bit type 'int' Fixes: 1967/clusterfuzz-testcase-minimized-5757031199801344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8b3e580b7f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-04 01:10:21 +02:00
Michael Niedermayer	ecc3fe3859	avcodec/wavpack: Fix runtime error: signed integer overflow: 2013265955 - -134217694 cannot be represented in type 'int' Fixes: 1922/clusterfuzz-testcase-minimized-5561194112876544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a47273c803`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-04 00:29:42 +02:00
Michael Niedermayer	9d8c59ce50	avcodec/cinepak: Check input packet size before frame reallocation Reduces time spend decoding 1917/clusterfuzz-testcase-minimized-5023221273329664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e47057e932`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-04 00:29:23 +02:00
Michael Niedermayer	a249250b3a	avcodec/hevc_ps: Fix runtime error: signed integer overflow: 2147483628 + 256 cannot be represented in type 'int' Fixes: 1909/clusterfuzz-testcase-minimized-6732072662073344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6726328f79`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-04 00:28:56 +02:00
Michael Niedermayer	9589a7f391	avcodec/ra144: Fixes runtime error: signed integer overflow: 7160 * 327138 cannot be represented in type 'int' Fixes: 1908/clusterfuzz-testcase-minimized-5392712477966336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `08cb69e870`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-04 00:28:23 +02:00
Michael Niedermayer	309ec23130	avcodec/pnm: Use ff_set_dimensions() Fixes: OOM Fixes: 1906/clusterfuzz-testcase-minimized-4599315114754048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a1c0d1d906`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-04 00:28:05 +02:00
Michael Niedermayer	f5c5bec448	avcodec/cavsdec: Fix runtime error: signed integer overflow: 59 + 2147483600 cannot be represented in type 'int' Fixes: 1903/clusterfuzz-testcase-minimized-5359318167715840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `58f8cd4ac5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-04 00:27:10 +02:00
Michael Niedermayer	794bcc6eca	avformat/avidec: Limit formats in gab2 to srt and ass/ssa This prevents part of one exploit leading to an information leak Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a5d849b149`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:45:14 +02:00
Michael Niedermayer	c82db14411	avcodec/acelp_pitch_delay: Fix runtime error: value 4.83233e+39 is outside the range of representable values of type 'float' Fixes: 1902/clusterfuzz-testcase-minimized-4762451407011840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `87bddba43b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:44:40 +02:00
Michael Niedermayer	343c1d1d7d	avcodec/wavpack: Check float_shift Fixes: runtime error: shift exponent 40 is too large for 32-bit type 'unsigned int' Fixes: 1898/clusterfuzz-testcase-minimized-5970744880136192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4020b009d1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:44:17 +02:00
Michael Niedermayer	d542185e05	avcodec/wavpack: Fix runtime error: signed integer overflow: 24 * -2147483648 cannot be represented in type 'int' Fixes: 1894/clusterfuzz-testcase-minimized-4716739789062144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d90c5bf105`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:43:29 +02:00
Michael Niedermayer	c92acd5ed4	avcodec/ansi: Fix frame memleak Fixes: 1892/clusterfuzz-testcase-minimized-4519341733183488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e091b9b3c7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:43:15 +02:00
Michael Niedermayer	759739e996	avcodec/jpeg2000dec: Use ff_set_dimensions() Fixes: OOM Fixes: 1890/clusterfuzz-testcase-minimized-6329019509243904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f3da6fbff8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:42:35 +02:00
Michael Niedermayer	27fecc7a73	avcodec/truemotion2: Fix passing null pointer to memset() Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c901627918`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:41:31 +02:00
Michael Niedermayer	24ab34a3fc	avcodec/truemotion2: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c9e884f3d9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:41:09 +02:00
Michael Niedermayer	3b3a3b7a5a	avcodec/ra144: Fix runtime error: signed integer overflow: -2449 * 1398101 cannot be represented in type 'int' Fixes: 1885/clusterfuzz-testcase-minimized-5336328549957632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7c845450d2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:40:49 +02:00
Michael Niedermayer	7e7c25a48e	avcodec/ra144: Fix runtime error: signed integer overflow: 11184810 * 404 cannot be represented in type 'int' Fixes: 1884/clusterfuzz-testcase-minimized-4637425835966464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4c472c5252`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:40:24 +02:00
Michael Niedermayer	7f0c66b8cf	avcodec/aac_defines: Add missing () to AAC_HALF_SUM() macro Fixes: runtime error: shift exponent 1073741848 is too large for 32-bit type 'INTFLOAT' (aka 'int') Fixes: 1880/clusterfuzz-testcase-minimized-4900645322620928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `872bac8159`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:40:02 +02:00
Michael Niedermayer	62979de168	avcodec/webp: Fixes null pointer dereference Fixes: 1470/clusterfuzz-testcase-minimized-5404421666111488 Fixes: 1472/clusterfuzz-testcase-minimized-5677426430443520 Fixes: 1875/clusterfuzz-testcase-minimized-5536474562822144 Approved-by: BBB Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `67020711b7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:39:20 +02:00
Michael Niedermayer	a8625d1110	avcodec/aacdec_fixed: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 1878/clusterfuzz-testcase-minimized-6441918630199296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6b9cb5d26a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:39:03 +02:00
Michael Niedermayer	21cb305903	avcodec/snow: Fix runtime error: signed integer overflow: 1086573993 + 1086573994 cannot be represented in type 'int' Fixes: 1871/clusterfuzz-testcase-minimized-5719950331215872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b9c032ebc0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-31 02:38:02 +02:00
Michael Niedermayer	9495075a7f	avcodec/jpeg2000: Fix runtime error: signed integer overflow: 4185 + 2147483394 cannot be represented in type 'int' Fixes: 1870/clusterfuzz-testcase-minimized-4686788029317120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `781f88bb26`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-28 14:32:20 +02:00
Michael Niedermayer	5c1c1e89de	avcodec/jpeg2000dec: Check tile offsets more completely Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9c1812491f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-28 14:31:16 +02:00
Michael Niedermayer	aaf104e525	avcodec/aacdec_fixed: Fix multiple runtime error: shift exponent 127 is too large for 32-bit type 'int' Fixes: 1851/clusterfuzz-testcase-minimized-5692607495667712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6c3a63fc3d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-28 04:09:14 +02:00
Michael Niedermayer	bd4dcd8731	avcodec/wnv1: More strict buffer size check This requires at least 25% of a picture to allocate and decode it Fixes: Timeout Fixes: 1845/clusterfuzz-testcase-minimized-5075974343360512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7f50c25124`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-28 04:08:56 +02:00
Michael Niedermayer	25442bd95f	avcodec/libfdk-aacdec: Correct buffer_size parameter the timeDataSize argument to aacDecoder_DecodeFrame() seems undocumented and until 2016 04 (203e3f28fbebec7011342017fafc2a0bda0ce530) unused. after that commit libfdk-aacdec interprets it as size in sample units and memsets that on error. FFmpeg as well as others (like GStreamer) did interpret it as size in bytes Fixes: 1442/clusterfuzz-testcase-minimized-4540199973421056 (This requires recent libfdk to reproduce) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ca6776a993`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-28 04:06:03 +02:00
Michael Niedermayer	ca3fab8c80	avcodec/sbrdsp_template: Fix: runtime error: signed integer overflow: 849815297 + 1315389781 cannot be represented in type 'int' Fixes: 1770/clusterfuzz-testcase-minimized-5285511235108864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7c36ee216f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-28 04:05:39 +02:00
Michael Niedermayer	1a800e8ff6	avcodec/ivi_dsp: Fix runtime error: left shift of negative value -2 Fixes: 1839/clusterfuzz-testcase-minimized-6238490993885184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `357f2316a0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-28 04:04:09 +02:00
Kevin Mark	3ad48f9acb	doc/filters: Clarify scale2ref example Signed-off-by: Kevin Mark <kmark937@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `114e871621`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-28 04:03:52 +02:00
Michael Niedermayer	a3ba6a66a3	avcodec/mlpdec: Do not leave invalid values in matrix_out_ch[] on error Fixes: runtime error: index 12 out of bounds for type 'uint8_t [8]' Fixes: 1832/clusterfuzz-testcase-minimized-6574546079449088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ac8dfcbd89`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-27 15:00:50 +02:00
Michael Niedermayer	385642f8c8	avcodec/ra144dec: Fix runtime error: left shift of negative value -17 Fixes: 1830/clusterfuzz-testcase-minimized-5828293733384192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `53c0c637d3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-27 15:00:25 +02:00
Michael Niedermayer	780c360e76	avformat/mux: Fix copy an paste typo Found-by: Roger Scott <rscott@grammatech.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1a36354698`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-27 04:22:52 +02:00
Michael Niedermayer	278bd748a8	avutil/internal: Do not enable CHECKED with DEBUG This avoids potential undefined behavior in debug mode while still allowing developers which want to check for potential additional overflows to do so by manually enabling this. Reviewed-by: wm4 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a44b3abb4c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-27 01:38:40 +02:00
Michael Niedermayer	7fe0a0e9e7	avcodec/aacdec_fixed: Fix runtime error: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int' Fixes: 1825/clusterfuzz-testcase-minimized-6002833050566656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8e87d146d7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-26 12:30:42 +02:00
Michael Niedermayer	6185b5e9bc	avcodec/smc: Check remaining input Fixes: Timeout Fixes: 1818/clusterfuzz-testcase-minimized-5039166473633792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `356194fcb1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-26 12:28:08 +02:00
Michael Niedermayer	16f76d544d	avcodec/jpeg2000dec: Fix copy and paste error Found-by: jamrial Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5782e0ba8c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-25 11:31:36 +02:00
Michael Niedermayer	c071e74aad	avcodec/jpeg2000dec: Check tile offsets Fixes: runtime error: signed integer overflow: 4096 - -2147483648 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `89325417e7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-25 11:30:56 +02:00

... 2 3 4 5 6 ...

79179 Commits