ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	8c66aed22b	avcodec/assdec: undefined use of memcpy() Fixes: null pointer passed as argument 2, which is declared to never be null Fixes: 16008/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SSA_fuzzer-5650582821404672 (this is a separate issue found in this testcase) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `47b6ca0b02`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	e46c1c68c6	avcodec/brenderpix: Check input size before allocating image An incomplete image is not supported prior to this and will not produce any output. This commit moves the failure before time consuming operations. Fixes: Timeout (81sec -> 76ms) Fixes: 15723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BRENDER_PIX_fuzzer-5147265653538816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `38b6c48c43`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Matt Wolenetz	82094a703e	lafv/wavdec: Fail bext parsing on incomplete reads avio_read can successfully return even when less than the requested amount of input was read. wavdec's bext parsing mistakenly assumed a successful avio_read always read the full amount that was requested. The result could be dictionary tags populated with partially uninitialized values. This change also fixes a broken assertion in wav_parse_bext_string that was off-by-one, though no known current usage of that method hits that broken case. Chromium bug: 987270 Signed-off-by: Matt Wolenetz <wolenetz@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `052d41377a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	b47758964a	avcodec/vorbisdec: Check vlc for floor0 dec vector offset Fixes: out of array access Fixes: 15649/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5729191309344768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `99f95f39c6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	b217b8ed59	avcodec/vorbisdec: amplitude bits can be more than 25 bits Fixes: assertion failure, invalid shift Fixes: 15583/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5640157484548096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `308771a738`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	0d922de167	avcodec/apedec: Fix various integer overflows Fixes: signed integer overflow: -538976267 * 31 cannot be represented in type 'int' Fixes: left shift of 65312 by 16 places cannot be represented in type 'int' Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264 Fixes: 15547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5691384901664768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `240bf0e596`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	7700ef6737	avcodec/apedec: Fix multiple integer overflows in predictor_update_filter() Fixes: signed integer overflow: -829262115 + -1410750414 cannot be represented in type 'int' Fixes: 15251/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5651742252859392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0af08cb803`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	b4185cb154	avcodec/alsdec: Fix 2 integer overflows Fixes: signed integer overflow: 1270564968 + 904828220 cannot be represented in type 'int' Fixes: 15402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5755426823471104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9cd0d94f59`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	d36bc33bcc	avcodec/flicvideo: Make line_packets int Fixes: signed integer overflow: -32768 * 196032 cannot be represented in type 'int' Fixes: 15300/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5733319519502336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `54bd47f861`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	45a306e4c4	avcodec/dvbsubdec: Use ff_set_dimensions() Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int' Fixes: 15740/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5641749164195840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5941b7f615`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	996accb0d7	avcodec/ffwavesynth: Check if there is enough extradata before allocation Fixes: OOM Fixes: 15750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5702090367696896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `65bac4a782`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	af0aea414f	avcodec/ffwavesynth: More correct cast in wavesynth_seek() Fixes: signed integer overflow: 553590816 - -9223372036315799520 cannot be represented in type 'long' Fixes: 15743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5705835377852416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f4605770af`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	561aefbf8a	avcodec/ffwavesynth: Check sample rate before use Fixes: division by zero Fixes: 15725/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5641231956180992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c95857a423`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	73556665ec	avformat/utils: Check rfps_duration_sum for overflow Fixes: signed integer overflow: 9151595917793558550 + 297519050751678697 cannot be represented in type 'long' Fixes: 15496/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5722866475073536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5c46fdf305`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	9ad8710d1c	avcodec/parser: Check next index validity in ff_combine_frame() Fixes: out of array access Fixes: 15522/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DNXHD_fuzzer-5747756078989312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `15008db0fa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	42734c4578	avcodec/ivi: Ask for samples with odd tiles Fixes: Assertion failure Fixes: 15422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5676625481433088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a7e02cf3ad`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	332a03042d	avformat/xmv: Make bitrate 64bit Fixes: signed integer overflow: 32 * 538976288 cannot be represented in type 'int' Fixes: 15633/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5752273981931520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `39a6a79bcb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	f2d81316e8	avcodec/pngdec: Check that previous_picture has same w/h/format Fixes: out of array access Fixes: 15540/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5684905029140480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `18c808ffbe`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	40c3eedd40	avcodec/huffyuv: remove gray8a (the format is listed but not supported by the implementation) Fixes: null pointer dereference Fixes: 15464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5681391150301184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6aaa01afe4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	65c25ad368	avcodec/mpc8: Fixes invalid shift in mpc8_decode_frame() Fixes: left shift of negative value -456 Fixes: 15561/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5758130404720640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Suggested-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1dbb67d39b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	54b3727a49	avcodec/hq_hqa: Use ff_set_dimensions() Fixes: 15530/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5637370344374272 Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a6229fcd40`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	4696370756	avcodec/rv10: Fix integer overflow in aspect ratio compare Fixes: signed integer overflow: 2040 * 1187872 cannot be represented in type 'int' Fixes: 15368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV20_fuzzer-5681657136283648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `14fcf42958`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	a70dd95c43	avcodec/4xm: Fix signed integer overflows in idct() Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int' Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2bbea155bf`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	76a60fc760	avcodec/qdm2: Check checksum_size for 0 Fixes: Infinite loop Fixes: 15337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5757428949319680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7b2ebf89a4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	2a1e1bc0b5	avcodec/qdm2: error out of qdm2_fft_decode_tones() before entering endless loop Fixes: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int' Fixes: infinite loop Fixes: 15396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5116605501014016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `694be24bd6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	8f5aff9e2d	avcodec/qdm2: Do not read out of array in fix_coding_method_array() Instead we ask for a sample, its unclear what to do in this case. Fixes: index 30 out of bounds for type 'int8_t [30][64]' Fixes: 15339/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5749441484554240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ae021c1239`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	7b4cd6ac8e	avcodec/svq3: Use ff_set_dimension() Fixes: OOM Fixes: 15410/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5659464805384192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7b114d7687`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	a58dfb447e	avcodec/iff: Check ham vs bpp This checks the ham value much stricter and avoids hitting cases which cannot be reached with data from the libavformat demuxer. Fixes: out of array access Fixes: 15320/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5080476840099840 Fixes: 15423/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5630765833912320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f76d7352e0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	ace8a759e6	avcodec/ffwavesynth: use uint32_t to compute difference, it is enough Fixes: signed integer overflow: 6494225984479297536 - -6043795377581187040 cannot be represented in type 'long' Fixes: 15285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5632780307791872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e9dd3c7126`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	d8c85a3464	avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative case Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Fixes: 15289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5709034499342336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8c02209935`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	3bb800525e	avcodec/ffwavesynth: Fix backward lcg_seek() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cf2bd3ce79`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	05a164a4dc	avcodec/vc1_block: Check for vlc error in vc1_decode_ac_coeff() Fixes: index -1 out of bounds for type 'const uint8_t [185][2]' Fixes: 15250/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5648992869810176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `79204a1fc8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	c583154829	avcodec/alac: Check lpc_quant lpc_quant of 0 produces undefined behavior, thus disallow this. If valid samples use this then such a sample would be quite usefull to confirm the correct&lossles handling of this. Fixes: libavcodec/alac.c:218:25: runtime error: shift exponent -1 is negative Fixes: 15273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5656388535058432 Fixes: 15276/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5761238417539072 Fixes: 15315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5767260766994432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a6474b899c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	fa89d0ec88	avcodec/alsdec: Add FF_CODEC_CAP_INIT_CLEANUP Fixes: multiple memleaks Fixes: 15293/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5642409288925184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b7b6ddd596`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	4e2bf59270	avcodec/alsdec: Fix integer overflow with buffer number Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int' Fixes: 15290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5738074249625600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5f64f6058e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	a6d53b3028	avcodec/alsdec: Check opt_order / sb_length in ra_block handling Fixes: out of array access Fixes: 15277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5184853437317120 Fixes: 15280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5741062137577472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0794494c8f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	cabdd900b7	avcodec/alsdec: Fix integer overflow with shifting samples Fixes: signed integer overflow: -346039050 * 8 cannot be represented in type 'int' Fixes: 15283/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5692700268953600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a3bd4b260e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	91c70cc895	avcodec/alsdec: Fix undefined behavior in decode_rice() Fixes: left shift of 72 by 26 places cannot be represented in type 'int' Fixes: 15279/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5700665621348352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `51f6870c37`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	7a4e69fed4	avcodec/alsdec: Fixes invalid shifts in read_var_block_data() and INTERLEAVE_OUTPUT() Fixes: left shift of negative value -6 Fixes: 15275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5742361767837696 Fixes: signed integer overflow: 41582592 * 256 cannot be represented in type 'int' Fixes: 15296/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5739558227935232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e131568752`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	43ced88379	avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264 Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3d4f4f4a15`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	1b491fbf25	avcodec/qdm2: Move fft_order check up This avoids undefined computations with unchecked values Fixes: shift exponent -21 is negative Fixes: 15262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5651261753393152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8d8b8c4ac6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	1894a36d6c	avcodec/libvorbisdec: Check extradata size Fixes: out of array read Fixes: 15261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_fuzzer-5764908467093504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cf3c245566`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	3af9317a11	avcodec/videodsp_template: Fix overflow of addition Fixes: addition of unsigned offset to 0x7f56fc26a9b6 overflowed to 0x7f56fc26a8be* Fixes: clusterfuzz-testcase-minimized-mediasource_MP4_AVC1_pipeline_integration_fuzzer-4917949056679936 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `247a1de7f7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	40a614a5bf	avcodec/ffwavesynth: Check ts_end - ts_start for overflow Fixes: signed integer overflow: 2314885530818453536 - -8926099139098304480 cannot be represented in type 'long' Fixes: 15259/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5764366093254656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2db7a3bc4a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	006d1a2f80	avcodec/vc1dsp: Avoid undefined shifts in vc1_v_s_overlap_c / vc1_h_s_overlap_c Fixes: left shift of negative value -13 Fixes: 15260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5702076048343040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `507ca66ee4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	7b9ca45a43	avcodec/tta: Fix undefined shift Fixes: left shift of negative value -4483 Fixes: 15256/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5738691617619968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ebccd2f778`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	58c95520ee	avcodec/bintext: Check font height Fixes: division by zero Fixes: 15257/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINTEXT_fuzzer-5757352881422336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bfb58bdd70`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	274423dd46	avcodec/binkdsp: Fix integer overflows in idct Fixes: signed integer overflow: 3784 * 682038 cannot be represented in type 'int' Fixes: 15265/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5088311799971840 Fixes: 15268/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5666502344179712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7a072fbcc4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	7ddb5fcbac	avcodec/motionpixels: Check for vlc error in mp_get_vlc() Fixes: 15246/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5168534407086080 Fixes: runtime error: index -1 out of bounds for type 'HuffCode [16]' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `930cdef80a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00
Michael Niedermayer	1d288d16d8	avcodec/loco: Limit lossy parameter so it is sane and does not overflow Fixes: 15248/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5087440458481664 Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ce3b0b9066`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +01:00

1 2 3 4 5 ...

76220 Commits