Michael Niedermayer
dd59d92e94
avcodec/svq3: Use ff_set_dimension()
...
Fixes: OOM
Fixes: 15410/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5659464805384192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7b114d7687michael@niedermayer.cc >
2019-07-08 11:44:52 +02:00
Michael Niedermayer
d534cb8345
avcodec/iff: Check ham vs bpp
...
This checks the ham value much stricter and avoids hitting cases which cannot be reached
with data from the libavformat demuxer.
Fixes: out of array access
Fixes: 15320/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5080476840099840
Fixes: 15423/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5630765833912320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f76d7352e0michael@niedermayer.cc >
2019-07-08 11:44:24 +02:00
Michael Niedermayer
074f40608e
avcodec/ffwavesynth: use uint32_t to compute difference, it is enough
...
Fixes: signed integer overflow: 6494225984479297536 - -6043795377581187040 cannot be represented in type 'long'
Fixes: 15285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5632780307791872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e9dd3c7126michael@niedermayer.cc >
2019-07-08 11:43:56 +02:00
Michael Niedermayer
73885bf3e1
avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative case
...
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 15289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5709034499342336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8c02209935michael@niedermayer.cc >
2019-07-08 11:43:31 +02:00
Michael Niedermayer
24ea2679e2
avcodec/ffwavesynth: Fix backward lcg_seek()
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cf2bd3ce79michael@niedermayer.cc >
2019-07-08 11:43:06 +02:00
Michael Niedermayer
10880dd695
avcodec/flicvideo: Fix off by 1 error in flic_decode_frame_24BPP()
...
Fixes: out of array access
Fixes: 15360/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5653837190266880
Fixes: 15412/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5740537648250880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 37708cbae8michael@niedermayer.cc >
2019-07-08 11:42:38 +02:00
Michael Niedermayer
4d7ee3b0ff
avcodec/vc1_block: Check for vlc error in vc1_decode_ac_coeff()
...
Fixes: index -1 out of bounds for type 'const uint8_t [185][2]'
Fixes: 15250/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5648992869810176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 79204a1fc8michael@niedermayer.cc >
2019-07-08 11:42:14 +02:00
Michael Niedermayer
ac9d8e7c50
avcodec/alac: Check lpc_quant
...
lpc_quant of 0 produces undefined behavior, thus disallow this.
If valid samples use this then such a sample would be quite
usefull to confirm the correct&lossles handling of this.
Fixes: libavcodec/alac.c:218:25: runtime error: shift exponent -1 is negative
Fixes: 15273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5656388535058432
Fixes: 15276/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5761238417539072
Fixes: 15315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5767260766994432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a6474b899cmichael@niedermayer.cc >
2019-07-08 11:41:51 +02:00
Michael Niedermayer
c697819aee
avcodec/dxv: Initialize tex_funct to NULL
...
Fixes: Various anomalies
Fixes: 14493/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5071018000908288
Fixes: 14630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5714888963391488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e96b7a8ba6michael@niedermayer.cc >
2019-07-08 11:41:32 +02:00
Michael Niedermayer
c34512371e
avcodec/alsdec: Add FF_CODEC_CAP_INIT_CLEANUP
...
Fixes: multiple memleaks
Fixes: 15293/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5642409288925184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b7b6ddd596michael@niedermayer.cc >
2019-07-06 23:09:45 +02:00
Michael Niedermayer
fa2dbcfd8f
avcodec/alsdec: Fix integer overflow with buffer number
...
Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int'
Fixes: 15290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5738074249625600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5f64f6058emichael@niedermayer.cc >
2019-07-06 23:08:37 +02:00
Michael Niedermayer
ed8e191bfb
avcodec/alsdec: Fixes signed integer overflow in LSB addition
...
Fixes: signed integer overflow: 8 * 536870912 cannot be represented in type 'int'
Fixes: 15281/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5744458785619968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7f527021dfmichael@niedermayer.cc >
2019-07-06 23:07:41 +02:00
Michael Niedermayer
75e838a6da
avcodec/alsdec: Check opt_order / sb_length in ra_block handling
...
Fixes: out of array access
Fixes: 15277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5184853437317120
Fixes: 15280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5741062137577472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0794494c8fmichael@niedermayer.cc >
2019-07-06 23:07:06 +02:00
Michael Niedermayer
99745dc2f3
avcodec/alsdec: Fix integer overflow with shifting samples
...
Fixes: signed integer overflow: -346039050 * 8 cannot be represented in type 'int'
Fixes: 15283/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5692700268953600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a3bd4b260emichael@niedermayer.cc >
2019-07-06 23:06:23 +02:00
Michael Niedermayer
dcef55b5ff
avcodec/alsdec: Fix undefined behavior in decode_rice()
...
Fixes: left shift of 72 by 26 places cannot be represented in type 'int'
Fixes: 15279/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5700665621348352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 51f6870c37michael@niedermayer.cc >
2019-07-06 23:05:37 +02:00
Michael Niedermayer
1056217540
avcodec/alsdec: Fixes invalid shifts in read_var_block_data() and INTERLEAVE_OUTPUT()
...
Fixes: left shift of negative value -6
Fixes: 15275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5742361767837696
Fixes: signed integer overflow: 41582592 * 256 cannot be represented in type 'int'
Fixes: 15296/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5739558227935232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e131568752michael@niedermayer.cc >
2019-07-06 23:05:11 +02:00
Michael Niedermayer
df61ec263f
avcodec/hevc_ps: Change num_tile_rows/columns checks to sps->ctb_height/weight
...
Suggested-by: James Almer <jamrial@gmail.com >
Reviewed-by: James Almer <jamrial@gmail.com
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3b2082c663michael@niedermayer.cc >
2019-06-30 18:50:38 +02:00
Michael Niedermayer
3fa15bb096
avcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columns
...
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 14880/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5130977304641536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c692051252michael@niedermayer.cc >
2019-06-30 18:50:22 +02:00
Michael Niedermayer
523a47b3f6
avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check
...
Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3d4f4f4a15michael@niedermayer.cc >
2019-06-30 18:49:07 +02:00
Michael Niedermayer
7d075c5f33
avformat/aviobuf: Delay buffer downsizing until asserts are met
...
Fixes: Assertion failure
Fixes: 15151/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5757079496687616
Fixes: 15205/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5767573242642432
May fix: Ticket7094
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0334632d5cmichael@niedermayer.cc >
2019-06-30 18:48:42 +02:00
Michael Niedermayer
b5d6b509b1
avcodec/fitsdec: Check data_min/max
...
Fixes: division by 0
Fixes: 15206/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5657260212092928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eb82d19f03michael@niedermayer.cc >
2019-06-30 14:41:51 +02:00
Michael Niedermayer
f3bfb07179
avcodec/m101: Fix off be 2 error
...
Fixes: out of array read
Fixes: 15263/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_M101_fuzzer-5728999453491200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 89b96900famichael@niedermayer.cc >
2019-06-29 20:43:54 +02:00
Michael Niedermayer
423d0bbc55
avcodec/qdm2: Move fft_order check up
...
This avoids undefined computations with unchecked values
Fixes: shift exponent -21 is negative
Fixes: 15262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5651261753393152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8d8b8c4ac6michael@niedermayer.cc >
2019-06-29 20:42:20 +02:00
Michael Niedermayer
1aa0c2a06f
avcodec/libvorbisdec: Check extradata size
...
Fixes: out of array read
Fixes: 15261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_fuzzer-5764908467093504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cf3c245566michael@niedermayer.cc >
2019-06-29 20:32:43 +02:00
Michael Niedermayer
5b8bce805c
avformat/vqf: Check header_size
...
Fixes: 15271/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5735262606327808
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7c30ff3888michael@niedermayer.cc >
2019-06-29 20:32:14 +02:00
Michael Niedermayer
7daa138f68
avcodec/atrac9dec: Check q_unit_cnt in parse_band_ext()
...
Fixes: global-buffer-overflow
Fixes: 15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fb4a4557d1michael@niedermayer.cc >
2019-06-29 20:30:30 +02:00
Michael Niedermayer
3d1903acfe
avcodec/atrac9dec: Check that the reused block has succeeded initilization
...
Fixes: global-buffer-overflow
Fixes: 15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ac9af7e9a5michael@niedermayer.cc >
2019-06-29 19:36:02 +02:00
Michael Niedermayer
6872daee87
Update for 4.1.4
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2019-06-27 19:52:20 +02:00
Michael Niedermayer
1603661523
avcodec/utils: Check bits_per_coded_sample
...
This avoids the need for each decoder separately having to handle this case
Fixes: shift exponent -100663046 is negative
Fixes: out of array access
Fixes: 15270/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5727829913763840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d33414d2admichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
297c5c26cd
avcodec/videodsp_template: Fix overflow of addition
...
Fixes: addition of unsigned offset to 0x7f56fc26a9b6 overflowed to 0x7f56fc26a8be*
Fixes: clusterfuzz-testcase-minimized-mediasource_MP4_AVC1_pipeline_integration_fuzzer-4917949056679936
Reported-by: Matt Wolenetz <wolenetz@google.com >
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 247a1de7f7michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
9ede5cab3a
avcodec/alsdec: Fix invalid shift in multiply()
...
Fixes: shift exponent -24 is negative
Fixes: 15292/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5768533318828032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f30be1ec98michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
c434a043ac
avcodec/ffwavesynth: Check ts_end - ts_start for overflow
...
Fixes: signed integer overflow: 2314885530818453536 - -8926099139098304480 cannot be represented in type 'long'
Fixes: 15259/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5764366093254656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2db7a3bc4amichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
92140d7b24
avcodec/vc1dsp: Avoid undefined shifts in vc1_v_s_overlap_c / vc1_h_s_overlap_c
...
Fixes: left shift of negative value -13
Fixes: 15260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5702076048343040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 507ca66ee4michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
1b4b738033
avcodec/tta: Fix undefined shift
...
Fixes: left shift of negative value -4483
Fixes: 15256/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5738691617619968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ebccd2f778michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
d00e33ed3a
avcodec/qdmc: Fix integer overflows in PRNG
...
Fixes: signed integer overflow: 214013 * 2531011 cannot be represented in type 'int'
Fixes: 15254/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDMC_fuzzer-5698137026461696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2921b45a38michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
9b8a58fa78
avcodec/bintext: Check font height
...
Fixes: division by zero
Fixes: 15257/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINTEXT_fuzzer-5757352881422336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bfb58bdd70michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
d08d4b1066
avcodec/binkdsp: Fix integer overflows in idct
...
Fixes: signed integer overflow: 3784 * 682038 cannot be represented in type 'int'
Fixes: 15265/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5088311799971840
Fixes: 15268/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5666502344179712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7a072fbcc4michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
9a68341e9e
avcodec/bink: Fix integer overflow in unquantize_dct_coeffs()
...
Fixes: signed integer overflow: -3447 * 2883584 cannot be represented in type 'int'
Fixes: 15265/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5088311799971840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 62ad08cef9michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
da081ecf69
avcodec/motionpixels: Check for vlc error in mp_get_vlc()
...
Fixes: 15246/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5168534407086080
Fixes: runtime error: index -1 out of bounds for type 'HuffCode [16]'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 930cdef80amichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
479b70d2f8
avcodec/loco: Limit lossy parameter so it is sane and does not overflow
...
Fixes: 15248/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5087440458481664
Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ce3b0b9066michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
65e1440140
avformat/mov: Set fragment.found_tfhd only after TFHD has been parsed
...
Fixes: Assertion failure
Fixes: crbug971646.mp4
Reported-by: Matt Wolenetz <wolenetz@google.com >
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 696312c487michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
529a719a25
avcodec/xpmdec: Do not use context dimensions as temporary variables
...
Fixes: Integer overflow
Fixes: 15134/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5722635939348480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5ea7f20500michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
c0e3f54ec0
avcodec/fitsdec: Fix division by 0 in size check
...
Fixes: division by zero
Fixes: 15210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5746033243455488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 07ffe94c17michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
26605408f1
avcodec/aacpsdsp_template: Fix integer overflow in ps_hybrid_analysis_c()
...
Fixes: signed integer overflow: -1539565182 + -798086761 cannot be represented in type 'int'
Fixes: 14807/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-564925382682214
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f8f5668df5michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
ef73b0da2d
avcodec/truemotion2: Fix integer overflow in last loop in tm2_update_block()
...
Fixes: signed integer overflow: -1727985666 - 538976288 cannot be represented in type 'int'
Fixes: 15031/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5100228035739648
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3aecd01704michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
8ba9b195e7
avcodec/iff: finetune the palette size check in the mask case
...
Fixes: out of array access
Fixes: 15381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5668057826983936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0f9789c8e3michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
4d2343825c
avcodec/iff: Fix mask_buf / mask_palbuf leak
...
Fixes: 15372/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5708881759567872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 92e8db532cmichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
45d3ba9e5f
avformat/icodec: Free ico->images on error paths
...
Fixes: 15116/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5715173567889408
Fixes: memleak
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 54918b5116michael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
0789b6295b
avformat/wsddec: Fix undefined shift
...
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15123/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5738039235575808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 112eb17a2bmichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
Michael Niedermayer
a56b96a3da
avcodec/fmvc: Check if header fields are available before allocating the image
...
Fixes: Timeout (15sec -> 0.5sec)
Fixes: 14846/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FMVC_fuzzer-5068322120400896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 561cc161camichael@niedermayer.cc >
2019-06-27 17:50:47 +02:00
