highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
88,359 Commits 36 Branches 392 Tags
d218b9e0671659fbb0f10fe2dc4e67fe6e94aaab
Commit Graph

88359 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
d218b9e067 avcodec/hnm4video: Forward errors of decode_interframe_v4() 
Fixes: Timeout (108sec -> 160ms)
Fixes: 15570/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HNM4_VIDEO_fuzzer-5085482213441536

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9af8ce754b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
8b525ccd36 avcodec/vp3: Check that theora is theora 
Theora is forced to be non zero if it is zero and a sample
is asked for, as suggested by reimar

Fixes: Timeout (2min -> 600ms)
Fixes: 15366/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5737849938247680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b4bf7226af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
2dadc27de2 avcodec/vc1_pred: Fix invalid shift in scaleforsame() 
Fixes: left shift of negative value -1
Fixes: 15531/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5759556258365440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6dfda35dd2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
06ad829800 avcodec/vc1_block: Fix integer overflow in ff_vc1_pred_dc() 
Fixes: signed integer overflow: 32796 * 65536 cannot be represented in type 'int'
Fixes: 15430/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5735424087031808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f31ed8f3b0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
9ba145e243 avcodec/truemotion2: Fix several integer overflows in tm2_motion_block() 
Fixes: 15524/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5173148372172800
Fixes: signed integer overflow: 13701388 - -2134868270 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9a353ea876)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
ef6ca6adff avcodec/apedec: make left/right unsigned to avoid undefined behavior 
Fixes: signed integer overflow: 755176387 + 1515360583 cannot be represented in type 'int'
Fixes: 15506/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5706859232624640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf778af149)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
363dd60366 avcodec/apedec: Fix multiple integer overflows and undefined behaviorin filter_3800() 
Fixes: left shift of negative value -4
Fixes: signed integer overflow: -15091694 * 167 cannot be represented in type 'int'
Fixes: signed integer overflow: 1898547155 + 453967445 cannot be represented in type 'int'
Fixes: 15258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5759095564402688
Fixes: signed integer overflow: 962196438 * 31 cannot be represented in type 'int'
Fixes: 15364/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718799845687296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 267eb2ab7f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
29fe37850a avformat/mpc: deallocate frames array on errors 
Fixes: memleak on error path
Fixes: 15984/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5679918412726272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit da5039415c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
b4edee5cab avcodec/eatqi: Check for minimum frame size 
The minimum header is 8 bytes, the smallest bitstream that is passed to
the MB decode code is 4 bytes

Fixes: Timeout (35sec -> 18sec)
Fixes: 15800/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATQI_fuzzer-5684154517159936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5ffb8e8793)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
2a43d9f882 avcodec/eatgv: Check remaining size after the keyframe header 
The minimal size which unpack() will not fail on is 5 bytes
Fixes: Timeout (14sec -> 77ms) (testcase 15508)
Fixes: 15508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGV_fuzzer-5700053513011200
Fixes: 15996/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGV_fuzzer-5751353223151616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 009ec8dc33)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
a71f9aaf42 avcodec/assdec: undefined use of memcpy() 
Fixes: null pointer passed as argument 2, which is declared to never be null
Fixes: 16008/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SSA_fuzzer-5650582821404672 (this is a separate issue found in this testcase)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47b6ca0b02)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
86549d839f avcodec/brenderpix: Check input size before allocating image 
An incomplete image is not supported prior to this and will
not produce any output. This commit moves the failure before
time consuming operations.

Fixes: Timeout (81sec -> 76ms)
Fixes: 15723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BRENDER_PIX_fuzzer-5147265653538816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38b6c48c43)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Matt Wolenetz
c88d2c4e2f lafv/wavdec: Fail bext parsing on incomplete reads 
avio_read can successfully return even when less than the requested
amount of input was read. wavdec's bext parsing mistakenly assumed a
successful avio_read always read the full amount that was requested.
The result could be dictionary tags populated with partially
uninitialized values.

This change also fixes a broken assertion in wav_parse_bext_string that
was off-by-one, though no known current usage of that method hits that
broken case.

Chromium bug: 987270

Signed-off-by: Matt Wolenetz <wolenetz@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 052d41377a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
5088a3e2d3 avcodec/utils: fix leak of subtitle_header on error path 
Fixes: memleak
Fixes: 15528/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_STL_fuzzer-5735993371525120
Fixes: 15792/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SAMI_fuzzer-5737754232619008
Fixes: 16008/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SSA_fuzzer-5650582821404672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 923d5c489f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:45 +01:00
Michael Niedermayer
c3b7afa4e9 avcodec/utils: Check close before calling it 
Fixes: NULL pointer dereference
Fixes: 15733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IDF_fuzzer-5658616977162240

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8df6884832)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-15 12:25:39 +01:00
Michael Niedermayer
baa8bca448 avcodec/vorbisdec: Check vlc for floor0 dec vector offset 
Fixes: out of array access
Fixes: 15649/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5729191309344768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 99f95f39c6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
8666a635fd avcodec/vorbisdec: amplitude bits can be more than 25 bits 
Fixes: assertion failure, invalid shift
Fixes: 15583/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5640157484548096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 308771a738)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
175def86b7 avutil/softfloat_ieee754: Fix odd bit position for exponent and sign in av_bits2sf_ieee754() 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 82e389d066)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
1dcb1dd490 avcodec/apedec: Fix various integer overflows 
Fixes: signed integer overflow: -538976267 * 31 cannot be represented in type 'int'
Fixes: left shift of 65312 by 16 places cannot be represented in type 'int'
Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264
Fixes: 15547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5691384901664768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 240bf0e596)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
91abbbda59 avcodec/apedec: Fix multiple integer overflows in predictor_update_filter() 
Fixes: signed integer overflow: -829262115 + -1410750414 cannot be represented in type 'int'
Fixes: 15251/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5651742252859392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0af08cb803)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
428dee1a03 avcodec/alsdec: fix undefined shift in multiply() 
Fixes: left shift of negative value -6
Fixes: 15564/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5701655938465792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b880b3b236)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
71fd020197 avcodec/alsdec: Fix 2 integer overflows 
Fixes: signed integer overflow: 1270564968 + 904828220 cannot be represented in type 'int'
Fixes: 15402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5755426823471104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9cd0d94f59)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
b3d8b99a28 avcodec/flicvideo: Make line_packets int 
Fixes: signed integer overflow: -32768 * 196032 cannot be represented in type 'int'
Fixes: 15300/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5733319519502336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 54bd47f861)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
03ea84792a avcodec/dvbsubdec: Use ff_set_dimensions() 
Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int'
Fixes: 15740/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5641749164195840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5941b7f615)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
2d86e41d45 avcodec/ffwavesynth: Check if there is enough extradata before allocation 
Fixes: OOM
Fixes: 15750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5702090367696896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 65bac4a782)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
6e1b07c0b2 avcodec/ffwavesynth: More correct cast in wavesynth_seek() 
Fixes: signed integer overflow: 553590816 - -9223372036315799520 cannot be represented in type 'long'
Fixes: 15743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5705835377852416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4605770af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
68ee6f4d8b avcodec/ffwavesynth: Check sample rate before use 
Fixes: division by zero
Fixes: 15725/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5641231956180992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c95857a423)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
190b92359b avcodec/dnxhd_parser: Fix parser when input does not have nicely sized packets 
Fixes: out of array access
Fixes: 15522/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DNXHD_fuzzer-5747756078989312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d900d8fe0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
6118362864 avcodec/dnxhd_parser: remove unneeded code 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1707dbdf49)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
774d23af2f avformat/utils: Check rfps_duration_sum for overflow 
Fixes: signed integer overflow: 9151595917793558550 + 297519050751678697 cannot be represented in type 'long'
Fixes: 15496/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5722866475073536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5c46fdf305)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
12dfbefda2 avcodec/h264_refs: Also check reference in ff_h264_build_ref_list() 
Fixes: out of array read
Fixes: 15409/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5758846959616000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7d3581e6bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
5bcced7bea avcodec/parser: Check next index validity in ff_combine_frame() 
Fixes: out of array access
Fixes: 15522/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DNXHD_fuzzer-5747756078989312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15008db0fa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
c2507e1946 avcodec/ivi: Ask for samples with odd tiles 
Fixes: Assertion failure
Fixes: 15422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5676625481433088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a7e02cf3ad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:38 +01:00
Michael Niedermayer
cda23a57cc avformat/xmv: Make bitrate 64bit 
Fixes: signed integer overflow: 32 * 538976288 cannot be represented in type 'int'
Fixes: 15633/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5752273981931520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 39a6a79bcb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
0af60924ea avcodec/pngdec: Check that previous_picture has same w/h/format 
Fixes: out of array access
Fixes: 15540/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5684905029140480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 18c808ffbe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
2b0180f80b avcodec/huffyuv: remove gray8a (the format is listed but not supported by the implementation) 
Fixes: null pointer dereference
Fixes: 15464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5681391150301184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6aaa01afe4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
db136657d4 avcodec/mpc8: Fixes invalid shift in mpc8_decode_frame() 
Fixes: left shift of negative value -456
Fixes: 15561/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5758130404720640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1dbb67d39b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
James Zern
7a026998b0 avcodec/utils, avcodec_open2: close codec on failure 
after a successful init if the function fails for another reason close
the codec without requiring FF_CODEC_CAP_INIT_CLEANUP which is meant to
cover init failures themselves. fixes a memory leak in those cases.

BUG=oss-fuzz:15529

Signed-off-by: James Zern <jzern@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b1febda061)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
49b4d41ec1 avcodec/golomb: Correct the doxy about get_ue_golomb() and errors 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1bb3b3f11c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
bcc19ab7b7 avformat/utils: Check timebase before use in estimate_timings() 
Fixes: division by 0
Fixes: 15480/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5746727434321920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f57e97dfd9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
f095734005 avcodec/hq_hqa: Use ff_set_dimensions() 
Fixes: 15530/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5637370344374272
Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a6229fcd40)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
99c45c0c82 avcodec/rv10: Fix integer overflow in aspect ratio compare 
Fixes: signed integer overflow: 2040 * 1187872 cannot be represented in type 'int'
Fixes: 15368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV20_fuzzer-5681657136283648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 14fcf42958)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
a7acecb0d9 avcodec/4xm: Fix signed integer overflows in idct() 
Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int'
Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bbea155bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
c698d9e46b avcodec/qdm2: Check checksum_size for 0 
Fixes: Infinite loop
Fixes: 15337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5757428949319680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b2ebf89a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
a85e0a0b8d avcodec/qdm2: error out of qdm2_fft_decode_tones() before entering endless loop 
Fixes: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int'
Fixes: infinite loop
Fixes: 15396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5116605501014016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 694be24bd6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
32902cc988 avcodec/qdm2: Do not read out of array in fix_coding_method_array() 
Instead we ask for a sample, its unclear what to do in this case.

Fixes: index 30 out of bounds for type 'int8_t [30][64]'
Fixes: 15339/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5749441484554240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ae021c1239)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
388d36101b avcodec/svq3: Use ff_set_dimension() 
Fixes: OOM
Fixes: 15410/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5659464805384192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b114d7687)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
d0651f24ba avcodec/iff: Check ham vs bpp 
This checks the ham value much stricter and avoids hitting cases which cannot be reached
with data from the libavformat demuxer.

Fixes: out of array access
Fixes: 15320/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5080476840099840
Fixes: 15423/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5630765833912320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f76d7352e0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
69a7633a76 avcodec/ffwavesynth: use uint32_t to compute difference, it is enough 
Fixes: signed integer overflow: 6494225984479297536 - -6043795377581187040 cannot be represented in type 'long'
Fixes: 15285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5632780307791872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e9dd3c7126)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00
Michael Niedermayer
6e050fc931 avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative case 
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 15289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5709034499342336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c02209935)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-14 23:30:37 +01:00