ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	c5cf948e20	avcodec/truemotion1: Check that the input has enough space for a minimal index_stream Fixes: Timeout (18sec -> 0.4sec) Fixes: 17585/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION1_fuzzer-5117015135617024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4a660fac98`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	86d36769e9	avformat/mpsubdec: Clear queue on error Fixes: Memleaks Fixes: 17219/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5720539124989952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9a0d36e562`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	8c550c8e25	avcodec/sunrast: Check that the input is large enough for the maximally compressed image Fixes: Timeout (17sec -> 15ms) Fixes: 17224/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SUNRAST_fuzzer-5663218491457536 Fixes: 17224/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SUNRAST_fuzzer-5735590015795200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bf0ba75c4a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	3a45323c97	avcodec/sunrast: Check for availability of maplength before allocating image Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `711ad71aea`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	878ba99316	avformat/subtitles: Check nb_subs in ff_subtitles_queue_finalize() Fixes: null pointer dereference Fixes: 17828/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5645915116797952 Fixes: Ticket8147 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `81b53913bb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	2f20bd7076	avcodec/wmaprodec: Check if there is a stream Fixes: null pointer dereference Fixes: signed integer overflow: 512 * 2147483647 cannot be represented in type 'int' Fixes: 17809/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5634409947987968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9b533de28e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	fe82ca8709	avcodec/g2meet: Check for end of input in jpg_decode_block() Fixes: Timeout (100sec -> 0.7sec) Fixes: 8668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5174143888130048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `61dd2e07be`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	b736f5be19	avcodec/g2meet: Check if adjusted pixel was on the stack This basically checks if a pixel that was coded with prediction and residual could have been stored using a previous case. This avoids basically a string of 0 symbols stored in less than 50 bytes to hit a O(n²) codepath. Fixes: Timeout (too slow to wait -> immediately) Fixes: 8668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-4895946310680576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9c84c162e9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	07e77be69f	avformat/electronicarts: If no packet has been read at the end do not treat it as if theres a packet Fixes: Assertion failure Fixes: 17770/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5700606668308480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c4de49edc4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	22b9eaf4e6	avcodec/dxv: Check op_offset in dxv_decompress_yo() Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Fixes: 17745/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5734628463214592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `97450d2b6a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	d8e3ea8400	avcodec/utils: Check sample_rate before opening the decoder Fixes: signed integer overflow: 2 * -1306460384 cannot be represented in type 'int' Fixes: 17685/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_fuzzer-5747390337777664 Fixes: 17688/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5739287210885120 Fixes: 17699/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5678394531905536 Fixes: 17738/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5763415733174272 Fixes: 17746/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_RDFT_fuzzer-5703008159006720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `75fefb1fb7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	d44ac91b17	avcodec/aptx: Fix multiple shift anomalies Fixes: left shift of negative value -24576 Fixes: 17719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APTX_fuzzer-5710508002377728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `675f62a202`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
James Almer	f0749555d7	avcodec/fitsdec: fix use of uninitialised values header.data_max and header.data_min are not necessarely set on all decoding scenarios. Fixes a Valgrind reported regression since `cfa1937791`. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `e3f0ecfc57`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	677b362948	avcodec/motionpixels: Mark 2 functions as always_inline Fixes: Timeout (30sec -> 25sec) Fixes: 17050/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5719149803732992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `017884bdc3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	4757369c3f	avcodec/ituh263dec: Make the condition for the studio slice start code match between ff_h263_resync() and ff_mpeg4_decode_studio_slice_header() If they mismatch an infinite loop can occur Fixes: Timeout (infinite loop) Fixes: 17043/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5695051748868096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8335ba8ae9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	d5a3e17d29	avcodec/ralf: Fix integer overflow in decode_channel() Fixes: signed integer overflow: -1094995519 * 64 cannot be represented in type 'int' Fixes: 17030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5640695838146560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fbb314b6f2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	c82ae7ea2a	vcodec/vc1: compute rangex/y only for P/B frames Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int' Fixes: 16976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-4847262047404032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e75e7fe160`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	461bcc5379	avcodec/vc1_pred: Fix invalid shifts in scaleforopp() Fixes: left shift of negative value -2 Fixes: 16964/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5757853565976576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ced9a1cd0a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	88ef3d9cfd	avcodec/vc1_block: Fix invalid shift with rangeredfrm Fixes: left shift of negative value -7 Fixes: 16959/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5200360825683968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c722a69253`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	3e450892b3	avcodec/vc1: Check for excessive resolution Fixes: overflow in aspect ratio calculation Fixes: signed integer overflow: 393215 * 14594 cannot be represented in type 'int' Fixes: 15728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5661588893204480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `181e138da7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	fca0a31b48	avcodec/vc1: check REFDIST "9.1.1.43 P Reference Distance (REFDIST)" "The value of REFDIST shall be less than, or equal to, 16." Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7f7af9e294`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	98c4cec8ba	avcodec/apedec: Fix several integer overflows in predictor_update_filter() and do_apply_filter() Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: signed integer overflow: -14527961 - 2147483425 cannot be represented in type 'int' Fixes: 16380/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5645957131141120 Fixes: 16968/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5716169901735936 Fixes: 17074/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5198710497083392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1e95a3e8a7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	22314cbea6	avcodec/hevc_cabac: Tighten the limit on k in ff_hevc_cu_qp_delta_abs() Values larger would fail subsequent tests. Fixes: signed integer overflow: 5 + 2147483646 cannot be represented in type 'int' Fixes: 16966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5695709549953024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f63cd1963e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	ec6f539196	avcodec/4xm: Check index in decode_i_block() also in the path where its not used. Fixes: Infinite loop Fixes: signed integer overflow: 2147483644 + 16 cannot be represented in type 'int' Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584 Fixes: 16782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5743163859271680 Fixes: 17641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5711603562971136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `87ddf9f1ef`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	955acbd8d5	avcodec/atrac3: Check block_align Fixes: Infinite loop Fixes: 17620/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3_fuzzer-5086123012915200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2acbbe2623`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	3a7fa0cebf	avcodec/alsdec: Avoid dereferencing context pointer in inner interleave loop This makes the decoder faster Improves/Fixes: Timeout (22sec -> 20sec) Testcase: 17619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5078510820917248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `581a895c5c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	ae4bfed934	avcodec/fitsdec: Prevent division by 0 with huge data_max Fixes: division by 0 Fixes: 15657/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5738154838982656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cfa1937791`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	3ba1413f04	avcodec/dstdec: Fix integer overflow in samples_per_frame computation Fixes: Timeout (? -> 2ms) Fixes: 17616/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5198057947267072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7dc0943d4a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	ea8d459fc9	avcodec/g729_parser: Check block_size Fixes: Infinite loop Fixes: 17611/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5765134928052224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `972a0a818f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	b5d6694cb7	avcodec/sbcdec: Initialize number of channels Fixes: out of array access Fixes: 17609/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SBC_fuzzer-5758729319874560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Reviewed-by: Moritz Barsnick <barsnick@gmx.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `02fb6a2147`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	4bd6253313	avcodec/utils: Optimize ff_color_frame() using memcpy() 4650975 -> 4493240 dezicycles This optimizes lines 2 and later. Line 1 still uses av_memcpy_backptr() This change originally fixed ossfuzz 10790 but this is now fixed by other optimizations already Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `95e5396919`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	c6b6f2b342	avcodec/aacdec: Check if we run out of input in read_stream_mux_config() Fixes: Infinite loop Fixes: 16920/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5653421289373696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3dce4d03d5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	0d47567d0b	avcodec/utils: Use av_memcpy_backptr() in ff_color_frame() Fixes: Timeout (191sec -> 53sec) Fixes: 16908/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5711207859748864 Fixes: 10709/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5630617975259136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `340ab13504`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	d7cb0d2205	avcodec/smacker: Fix integer overflow in signed int multiply in SMK_BLK_FILL Fixes: signed integer overflow: 238 * 16843009 cannot be represented in type 'int' Fixes: 16958/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5193905355620352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `033d2c4884`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	d01ab37867	avcodec/alac: Fix invalid shifts in 20/24 bps Fixes: left shift of negative value -256 Fixes: 16892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-4880802642395136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b30c07cc2b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	c87327f4a5	avcodec/alac: fix undefined behavior with INT_MIN in lpc_prediction() Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int' Fixes: 16786/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5632818851348480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0831cbfe09`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	cc178d0e4d	avcodec/ffwavesynth: Fix integer overflow in timestamps Fixes: signed integer overflow: 9223371075321077760 * 2 cannot be represented in type 'long' Fixes: 16447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5698937431785472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c7ccbf40ed`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	cc4cdecc61	avcodec/dxv: Check op_offset in both directions Fixes: signed integer overflow: 61 + 2147483647 cannot be represented in type 'int' Fixes: 15311/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5742552826773504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8c7d5fcfc3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	59f5d232dc	avcodec/adpcm: Check number of channels for MTAF Fixes: out of array access Fixes: 17608/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_MTAF_fuzzer-5074936267276288 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `74bbf9bc82`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	d918e45760	avcodec/sunrast: Fix indention Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0728d64497`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	942dcae517	avcodec/sunrast: Fix return type for "unsupported (compression) type" Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0e8b7709a9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	f8a4c39b2f	avformat/mov: Check for EOF in mov_read_meta() Fixes: Timeout (195sec -> 2ms) Fixes: 16735/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5090676403863552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `093d1f4250`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	cb3286d663	avcodec/hevcdec: Fix memleak of a53_caption Fixes: 15295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5675655187922944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ef50cf7b32`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	c87ccb476f	avformat/cdxl: Fix integer overflow in intermediate Fixes: signed integer overflow: 65535 * 65312 cannot be represented in type 'int' Fixes: 16704/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6294115603447808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5c5575c8dc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	c9173f8787	avcodec/hevcdec: repeat character in skiped Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d2d8e797cc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	0d1e3b33ed	avcodec/gdv: Replace assert() checking bitstream by if() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a9fae76370`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	4b68a455e2	libavcodec/utils: Free threads on init failure Fixes: Multiple memleaks Fixes: ffmpeg-memory-leak Found-by: Francis Provencher <francis@protekresearchlab.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `61b055bed0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	eeb50e42ba	avcodec/htmlsubtitles: Avoid locale dependant isdigit() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b94cf549e2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	97f04bc6e5	avcodec/alsdec: Check k from being outside what our implementation can handle The specification does not seem to list what the maximum valid value is Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int' Fixes: 16268/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5638164544225280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e125578994`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00
Michael Niedermayer	5ac0f94427	avcodec/takdec: Fix integer overflow in decorrelate() Fixes: signed integer overflow: -2424832 - 2145653689 cannot be represented in type 'int' Fixes: 16138/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5643451346976768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f119273649`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-11 20:18:47 +01:00

1 2 3 4 5 ...

91326 Commits