Michael Niedermayer
a0c91fb0f0
avcodec/g729postfilter: Fix left shift of negative value
...
Fixes: Ticket8176
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5f0acc5064michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
7bf2546301
avcodec/binkaudio: Check sample rate
...
Fixes: signed integer overflow: 1092624416 * 2 cannot be represented in type 'int'
Fixes: 18045/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_RDFT_fuzzer-5718519492116480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2fca09bce4michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
c7520f4825
avcodec/sbcdec: Fix integer overflows in sbc_synthesize_eight()
...
Fixes: signed integer overflow: 518484152 + 1868182638 cannot be represented in type 'int'
Fixes: 17732/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SBC_fuzzer-5663738132168704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c70d547751michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
c5ecfccb5f
avcodec/adpcm: Check initial predictor for ADPCM_IMA_EA_EACS
...
Fixes: signed integer overflow: -2147483360 - 631 cannot be represented in type 'int'
Fixes: 17701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_EA_EACS_fuzzer-5711517319692288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2f66e8436dmichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
dfcd3ad2bc
avcodec/g723_1dec: Fix overflow in shift
...
Fixes: shift exponent 1008 is too large for 32-bit type 'int'
Fixes: 17700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5707633436131328
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 07732f12a4michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
4d392fc27c
avcodec/apedec: Fix integer overflow in predictor_update_3930()
...
Fixes: signed integer overflow: -69555262 * 31 cannot be represented in type 'int'
Fixes: 17698/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728970447781888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5c072c9ed7michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
fa9ca0b663
avcodec/g729postfilter: Fix undefined intermediate pointers
...
Fixes: index -49 out of bounds for type 'int16_t [192]'
Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0c61661a2cmichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
45e31d6dd0
avcodec/g729postfilter: Fix undefined shifts
...
Fixes: left shift of negative value -12
Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6a4fdbf112michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
b977836eda
avcodec/lsp: Fix undefined shifts in lsp2poly()
...
Fixes: left shift of negative value -30635
Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2b93f52cd6michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
17e3552008
avcodec/adpcm: Fix left shifts in AV_CODEC_ID_ADPCM_EA
...
Fixes: left shift of negative value -1
Fixes: 17683/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_EA_R2_fuzzer-5111690013704192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8695fbec57michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
881b3de55a
avformat/shortendec: Check k in probe
...
Fixes: Assertion failure
Fixes: 17640/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5708767475269632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ea770eb559michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
f238fcdb3e
avfilter/vf_geq: Use av_clipd() instead of av_clipf()
...
With floats we cannot represent all 32bit integer dimensions
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c8813b1a98michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
6247243e07
avcodec/wmaprodec: Check that the streams channels do not exceed the overall channels
...
Fixes: NULL pointer dereference
Fixes: 18075/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5708262036471808
Fixes: 18087/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5740627634946048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e418b315ddmichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
0240d56daf
avcodec/qdmc: Check input space in qdmc_get_vlc()
...
Fixes: Timeout (125sec -> 0.4sec)
Fixes: 18059/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDMC_fuzzer-5656195825664000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2c7975fe6fmichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
3088c82476
avcodec/pcm: Check bits_per_coded_sample
...
Fixes: shift exponent -2 is negative
Fixes: 17736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_F16LE_fuzzer-5742815929171968
Fixes: 17998/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_F24LE_fuzzer-5716980383875072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5de19160a3michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
25a7110651
avcodec/exr: Allow duplicate use of channel indexes
...
Fixes: Ticket #8203
Reported-by: durandal_1707
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 080819b3b4michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
9c2659f4ab
avcodec/fitsdec: Fail on 0 naxisn
...
Fixes: Timeout (100+ sec -> 23ms)
Fixes: 17769/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5678314672357376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4a3303d520michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
39183277ef
avcodec/dxv: Subtract 12 earlier in dxv_decompress_cocg()
...
the data_start is after reading 12 bytes and if its subtracted
at the very end the intermediate might overflow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit dd9e6d077emichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
97244c8c62
libavcodec/dxv: Remove redundant seek
...
This seeks to the position the previous call to dxv_decompress_opcodes()
positioned us in case of success
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c371e50b4fmichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
71e56b44ed
avcodec/ituh263dec: Check input for minimal frame size
...
Fixes: Timeout (28sec -> 3sec)
Fixes: 17559/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H263_fuzzer-5681050776240128
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7f0498ed46michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
cc2a919086
avcodec/truemotion1: Check that the input has enough space for a minimal index_stream
...
Fixes: Timeout (18sec -> 0.4sec)
Fixes: 17585/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION1_fuzzer-5117015135617024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4a660fac98michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
e8206b63ad
avformat/mpsubdec: Clear queue on error
...
Fixes: Memleaks
Fixes: 17219/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5720539124989952
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9a0d36e562michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
3a661be4c4
avcodec/sunrast: Check that the input is large enough for the maximally compressed image
...
Fixes: Timeout (17sec -> 15ms)
Fixes: 17224/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SUNRAST_fuzzer-5663218491457536
Fixes: 17224/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SUNRAST_fuzzer-5735590015795200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bf0ba75c4amichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
b1ae124919
avcodec/sunrast: Check for availability of maplength before allocating image
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 711ad71aeamichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
1da6cfeccb
avformat/subtitles: Check nb_subs in ff_subtitles_queue_finalize()
...
Fixes: null pointer dereference
Fixes: 17828/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5645915116797952
Fixes: Ticket8147
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 81b53913bbmichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
317c63d3f4
avcodec/vc1_block: Fix invalid left shift in vc1_decode_p_mb()
...
Fixes: left shift of negative value -6
Fixes: 17810/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5638541240958976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2f588ccfb7michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
3ae6eee2a7
avcodec/wmaprodec: Check if there is a stream
...
Fixes: null pointer dereference
Fixes: signed integer overflow: 512 * 2147483647 cannot be represented in type 'int'
Fixes: 17809/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5634409947987968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9b533de28emichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
c8823d4957
avcodec/g2meet: Check for end of input in jpg_decode_block()
...
Fixes: Timeout (100sec -> 0.7sec)
Fixes: 8668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5174143888130048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 61dd2e07bemichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
a547d59079
avcodec/g2meet: Check if adjusted pixel was on the stack
...
This basically checks if a pixel that was coded with prediction
and residual could have been stored using a previous case.
This avoids basically a string of 0 symbols stored in less than
50 bytes to hit a O(n²) codepath.
Fixes: Timeout (too slow to wait -> immediately)
Fixes: 8668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-4895946310680576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9c84c162e9michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
e644b74074
avformat/electronicarts: If no packet has been read at the end do not treat it as if theres a packet
...
Fixes: Assertion failure
Fixes: 17770/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5700606668308480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c4de49edc4michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
45836a60f5
avcodec/dxv: Check op_offset in dxv_decompress_yo()
...
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int'
Fixes: 17745/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5734628463214592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 97450d2b6amichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
5e3a827e9d
avcodec/utils: Check sample_rate before opening the decoder
...
Fixes: signed integer overflow: 2 * -1306460384 cannot be represented in type 'int'
Fixes: 17685/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_fuzzer-5747390337777664
Fixes: 17688/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5739287210885120
Fixes: 17699/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5678394531905536
Fixes: 17738/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5763415733174272
Fixes: 17746/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_RDFT_fuzzer-5703008159006720
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 75fefb1fb7michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
f5636c5b20
avcodec/aptx: Fix multiple shift anomalies
...
Fixes: left shift of negative value -24576
Fixes: 17719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APTX_fuzzer-5710508002377728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 675f62a202michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
James Almer
781a4a43b5
avcodec/fitsdec: fix use of uninitialised values
...
header.data_max and header.data_min are not necessarely set on all decoding scenarios.
Fixes a Valgrind reported regression since cfa1937791michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit e3f0ecfc57michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
dc5760a909
avcodec/motionpixels: Mark 2 functions as always_inline
...
Fixes: Timeout (30sec -> 25sec)
Fixes: 17050/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5719149803732992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 017884bdc3michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
20a923a3ae
avcodec/ituh263dec: Make the condition for the studio slice start code match between ff_h263_resync() and ff_mpeg4_decode_studio_slice_header()
...
If they mismatch an infinite loop can occur
Fixes: Timeout (infinite loop)
Fixes: 17043/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5695051748868096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8335ba8ae9michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
6b9a6088d6
avcodec/ralf: Fix integer overflow in decode_channel()
...
Fixes: signed integer overflow: -1094995519 * 64 cannot be represented in type 'int'
Fixes: 17030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5640695838146560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fbb314b6f2michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
d3f8892249
vcodec/vc1: compute rangex/y only for P/B frames
...
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: 16976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-4847262047404032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e75e7fe160michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
26db773767
avcodec/vc1_pred: Fix invalid shifts in scaleforopp()
...
Fixes: left shift of negative value -2
Fixes: 16964/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5757853565976576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ced9a1cd0amichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
a9788d00ee
avcodec/vc1_block: Fix invalid shift with rangeredfrm
...
Fixes: left shift of negative value -7
Fixes: 16959/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5200360825683968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c722a69253michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
cd949baefd
avcodec/vc1: Check for excessive resolution
...
Fixes: overflow in aspect ratio calculation
Fixes: signed integer overflow: 393215 * 14594 cannot be represented in type 'int'
Fixes: 15728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5661588893204480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 181e138da7michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
79dffb7f2c
avcodec/vc1: check REFDIST
...
"9.1.1.43 P Reference Distance (REFDIST)"
"The value of REFDIST shall be less than, or equal to, 16."
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7f7af9e294michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
fe51b4d5a0
avcodec/apedec: Fix several integer overflows in predictor_update_filter() and do_apply_filter()
...
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: signed integer overflow: -14527961 - 2147483425 cannot be represented in type 'int'
Fixes: 16380/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5645957131141120
Fixes: 16968/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5716169901735936
Fixes: 17074/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5198710497083392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1e95a3e8a7michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
588c735ce5
avcodec/hevc_cabac: Tighten the limit on k in ff_hevc_cu_qp_delta_abs()
...
Values larger would fail subsequent tests.
Fixes: signed integer overflow: 5 + 2147483646 cannot be represented in type 'int'
Fixes: 16966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5695709549953024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f63cd1963emichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
9691f42ae9
avcodec/4xm: Check index in decode_i_block() also in the path where its not used.
...
Fixes: Infinite loop
Fixes: signed integer overflow: 2147483644 + 16 cannot be represented in type 'int'
Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584
Fixes: 16782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5743163859271680
Fixes: 17641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5711603562971136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 87ddf9f1efmichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
b0c5ec9ab4
avcodec/loco: Check for end of input in the first line
...
Fixes: Timeout (85sec -> 0.1sec)
Fixes: 17634/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5666410809786368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c5a52eb5cdmichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
ba148f2329
avcodec/atrac3: Check block_align
...
Fixes: Infinite loop
Fixes: 17620/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3_fuzzer-5086123012915200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2acbbe2623michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
559280043d
avcodec/alsdec: Avoid dereferencing context pointer in inner interleave loop
...
This makes the decoder faster
Improves/Fixes: Timeout (22sec -> 20sec)
Testcase: 17619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5078510820917248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 581a895c5cmichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
7e4d850a9f
avcodec/fitsdec: Prevent division by 0 with huge data_max
...
Fixes: division by 0
Fixes: 15657/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5738154838982656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cfa1937791michael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
Michael Niedermayer
2567675f00
avcodec/dstdec: Fix integer overflow in samples_per_frame computation
...
Fixes: Timeout (? -> 2ms)
Fixes: 17616/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5198057947267072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7dc0943d4amichael@niedermayer.cc >
2020-01-06 11:30:43 +01:00
