Michael Niedermayer
c2221da019
avformat/bintext: Check width in idf_read_header()
...
Fixes: division by 0
Fixes: 26802/clusterfuzz-testcase-minimized-ffmpeg_dem_IDF_fuzzer-5180591554953216.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 442d53f409michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
9d2df3050e
avformat/iff: check size against INT64_MAX
...
Bigger sizes are misinterpreted as negative numbers by the API
Fixes: infinite loop
Fixes: 26611/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4890614975692800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f291cd681bmichael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
72a8fb594d
avformat/paf: Check for EOF in read_table()
...
Fixes: OOM
Fixes: 26528/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5081929248145408
Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 437b7302b0michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
da5220bc06
avformat/gxf: Check pkt_len
...
Fixes: Infinite loop
Fixes: 26576/clusterfuzz-testcase-minimized-ffmpeg_dem_GXF_fuzzer-4823080360476672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit dad9a86ca7michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
5a76224c88
avformat/aiffdec: Check packet size
...
Fixes: Fixes infinite loop
Fixes: 26575/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5727522236661760
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0ba71a72d3michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
4ed6695658
avformat/concatdec: use av_strstart()
...
Fixes: out array read
Fixes: 26610/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5631838049271808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Reviewed-by: Nicolas George <george@nsup.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2610acb49amichael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
26db6eccce
avformat/wavdec: Refuse to read chunks bigger than the filesize in w64_read_header()
...
Fixes: OOM
Fixes: 26414/clusterfuzz-testcase-minimized-ffmpeg_dem_FWSE_fuzzer-5070632544632832
Fixes: 26475/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5770207722995712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7b2244565amichael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
c07f2cfaec
avformat/rsd: Check size and start before computing duration
...
Fixes: signed integer overflow: 100794754 * 28 cannot be represented in type 'int'
Fixes: 26474/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-5181797606096896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c79d8a6851michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
36ff07fd02
avformat/iff: More completely check body_size
...
Fixes: infinite loop
Fixes: 26485/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5126561373880320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3588e2e6b0michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
bb88c223d6
avformat/xwma: Check for EOF in dpds_table read code
...
Fixes: Timeout (>30 -> 140ms)
Fixes: 26478/clusterfuzz-testcase-minimized-ffmpeg_dem_XWMA_fuzzer-5918147066200064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 44b18a76b8michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
c07661c8cd
avcodec/utils: Check sample rate before use for AV_CODEC_ID_BINKAUDIO_DCT in get_audio_frame_duration()
...
Fixes: shift exponent 95 is too large for 32-bit type 'int'
Fixes: 26590/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-5120609937522688
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ec7e0d4288michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
8d46937051
avcodec/dirac_parser: do not offset AV_NOPTS_OFFSET
...
Fixes: signed integer overflow: -9223372036854775807 - 48000 cannot be represented in type 'long long'
Fixes: 26521/clusterfuzz-testcase-minimized-ffmpeg_dem_DIRAC_fuzzer-5635536506847232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 343c3149abmichael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
7487e6b6a7
avformat/rmdec: Make expected_len 64bit
...
Fixes: signed integer overflow: 1347551268 * 14 cannot be represented in type 'int'
Fixes: 26458/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5655364324032512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 728330462cmichael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
d608ea0027
avformat/pcm: Check block_align
...
Fixes: signed integer overflow: 321 * 8746632 cannot be represented in type 'int'
Fixes: 26461/clusterfuzz-testcase-minimized-ffmpeg_dem_PVF_fuzzer-6326427831762944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b23a619c13michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
c7a3dacf53
avformat/lrcdec: Clip timestamps
...
Fixes: signed integer overflow: 7111111111111531010 - -7335632962598013506 cannot be represented in type 'long'
Fixes: 26463/clusterfuzz-testcase-minimized-ffmpeg_dem_LRC_fuzzer-6015558333759488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 80bc2ac3c0michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
ce445adcbd
avformat/electronicarts: Check for EOF in each iteration of the loop in ea_read_packet()
...
Fixes: timeout(>20sec -> 1ms)
Fixes: 26526/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-5672328069120000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 857aba7c45michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
57396f97ca
avcodec/vp9dsp_template: Fix some overflows in iadst8_1d()
...
Fixes: signed integer overflow: 190587 * 11585 cannot be represented in type 'int'
Fixes: 26407/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5086348408782848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bca0735be5michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
3ce851aab3
avcodec/fits: Check bscale
...
Fixes: division by 0
Fixes: 26208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-6270472117026816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c2ccd76fd0michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
f608e78016
avformat/nistspheredec: Check bps
...
Fixes: left shift of 1111111190 by 3 places cannot be represented in type 'int'
Fixes: 26437/clusterfuzz-testcase-minimized-ffmpeg_dem_NISTSPHERE_fuzzer-4886896091856896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7c144b363emichael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
b7b6f4c557
avformat/jacosubdec: Use 64bit inside get_shift()
...
Fixes: signed integer overflow: 111111111 * 30 cannot be represented in type 'int'
Fixes: 26448/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5638440374501376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 715ff75e5dmichael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
a090f4cf0c
avformat/genh: Check block_align
...
Fixes: infinite loop
Fixes: 26440/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5632134020333568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 37396e9ba8michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
afb0664623
avformat/mvi: Check count for overflow
...
Fixes: left shift of 21378748 by 10 places cannot be represented in type 'int'
Fixes: 26449/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5680463374712832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a413ed9863michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
be62e51943
avcodec/magicyuv: Check slice size before reading flags and pred
...
Fixes: heap-buffer-overflow
Fixes: 26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0dc42147b6michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
c7fd8744b5
avformat/asfdec_f: Check for negative ext_len
...
Fixes: Infinite loop
Fixes: 26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016
Fixes: 26377/clusterfuzz-testcase-minimized-ffmpeg_dem_TY_fuzzer-4838195726123008
Fixes: 26384/clusterfuzz-testcase-minimized-ffmpeg_dem_G729_fuzzer-5173450337157120
Fixes: 26396/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_S24BE_fuzzer-5071092206796800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 209b9ff5c3michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
6cc18dca55
avformat/bethsoftvid: Check image dimensions before use
...
Fixes: signed integer overflow: 55255 * 53207 cannot be represented in type 'int'
Fixes: 26387/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS2_fuzzer-5684222226071552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 50b29f081emichael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
cb961b2322
avformat/genh: Check block_align for how it will be used in SDX2_DPCM
...
Fixes: signed integer overflow: 19922944 * 1024 cannot be represented in type 'int'
Fixes: 26402/clusterfuzz-testcase-minimized-ffmpeg_dem_VMD_fuzzer-5745470053548032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c95b47e18fmichael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
5be63051e7
avformat/au: Check for EOF in au_read_annotation()
...
Fixes: Timeout (too looong -> 1 ms)
Fixes: 26366/clusterfuzz-testcase-minimized-ffmpeg_dem_SDX_fuzzer-5655584843759616
Fixes: 26391/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-5484026133217280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e680d50eb4michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
5aaf7f4646
avformat/segafilm: Do not assume AV_CODEC_ID_NONE is 0
...
Suggested-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d34e4904cdmichael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
5fc65636a7
avformat/segafilm: Check that there is a stream
...
Fixes: assertion failure
Fixes: 26472/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5759751591559168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c0d7fd269bmichael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
0ee0f51886
avformat/wtvdec: Check dir_length
...
Fixes: Infinite loop
Fixes: 26445/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5125558331244544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1868cb7316michael@niedermayer.cc >
2021-09-09 13:53:29 +02:00
Michael Niedermayer
d2cefe21e1
avcodec/decode/ff_get_buffer: Check for overflow in FFALIGN()
...
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 26218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5734075396259840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 939b72b02emichael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
c8c0ed9e2b
avcodec/exr: Check limits to avoid overflow in delta computation
...
Fixes: signed integer overflow: 553590816 - -2145378049 cannot be represented in type 'int'
Fixes: 26315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5938755121446912
Fixes: 26340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5644316208529408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6910e0f4e5michael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
253b1ed27e
avformat/boadec: Check that channels and block_align are set
...
Fixes: Infinite loop
Fixes: 26381/clusterfuzz-testcase-minimized-ffmpeg_dem_BOA_fuzzer-5745789089087488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 44ff5a1bffmichael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
31517647e5
avformat/asfdec_f: Check name_len for overflow
...
Fixes: signed integer overflow: -1172299744 * 2 cannot be represented in type 'int'
Fixes: 26258/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5672758488596480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0d088a47camichael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
366e5e489d
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
...
Fixes: signed integer overflow: 241173056 + 1953511200 cannot be represented in type 'int'
Fixes: 26086/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5068366420901888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d198362839michael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
92b8c0a8c1
avcodec/aacdec_fixed: Limit index in vector_pow43()
...
Fixes: out of array access
Fixes: 26087/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5724825462767616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f83a53638michael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
75ce842d7c
avformat/rmdec: sanity check coded_framesize
...
Fixes: signed integer overflow: -14671840 * 8224 cannot be represented in type 'int'
Fixes: 24793/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5101884323659776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aee8477c6bmichael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
13de14d44d
avformat/flvdec: Check for EOF in amf_parse_object()
...
Fixes: Timeout (too long -> 1ms)
Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 33624f4f2emichael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
29dade5fea
avcodec/smacker: Check remaining bits in SMK_BLK_FULL
...
Fixes: out of array access
Fixes: 26047/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5083031667474432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 42ded4d1e6michael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
1f8aa084ea
avcodec/cook: Check subpacket index against max
...
Fixes: off by 1 error
Fixes: index 5 out of bounds for type 'COOKSubpacket [5]'
Fixes: 25772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5762459498184704.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5a2a7604damichael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
6778e41252
avcodec/utils: Check for overflow with ATRAC* in get_audio_frame_duration()
...
Fixes: signed integer overflow: 1024 * 13129048 cannot be represented in type 'int'
Fixes: 26378/clusterfuzz-testcase-minimized-ffmpeg_dem_CODEC2RAW_fuzzer-5634018353348608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 01bb12f883michael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
85cf812442
avcodec/hevcpred_template: Fix diagonal chroma availability in 4:2:2 edge case in intra_pred
...
Fixes: pixel decode issue.ts
Fixes: raw frame.hevc
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3fbf873792michael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
d7fd7eb297
avformat/icodec: Change order of operations to avoid NULL dereference
...
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3300f5c133michael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
8bcad00e41
avcodec/exr: Fix overflow with many blocks
...
Fixes: signed integer overflow: 1073741827 * 8 cannot be represented in type 'int'
Fixes: 25621/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6304841641754624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7265b7d904michael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
f2025f4ed7
avcodec/vp9dsp_template: Fix integer overflows in idct16_1d()
...
Fixes: signed integer overflow: -190760 * 11585 cannot be represented in type 'int'
Fixes: 25471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5743354917421056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 394e8bb385michael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
c58f0345b8
avcodec/ansi: Check initial dimensions
...
Fixes: Timeout (minutes to less than 1sec)
Fixes: 25682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ANSI_fuzzer-6320712032452608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 949f0a6be9michael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
4b6bcdd997
avcodec/hevcdec: Check slice_cb_qp_offset / slice_cr_qp_offset
...
Fixes: signed integer overflow: 29 + 2147483640 cannot be represented in type 'int'
Fixes: 25413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5697909331591168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 106f11f68amichael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
d859b40bf2
avcodec/sonic: Check for overread
...
Fixes: Timeout (too long -> 1.3 sec)
Fixes: 24358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5107284099989504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eeabdef1bfmichael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
db94bff826
avformat/subviewerdec: fail on AV_NOPTS_VALUE
...
Such values are not supported by ff_subtitles_queue*
Fixes: signed integer overflow: 10 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 24193/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5714901855895552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b7f51428b1michael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
Michael Niedermayer
13a10e107a
avcodec/exr: Check line size for overflow
...
Fixes: signed integer overflow: 570425356 * 6 cannot be represented in type 'int
Fixes: 25929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5099197739827200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9b72cea446michael@niedermayer.cc >
2021-09-09 13:37:21 +02:00
