ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	e474173f47	avformat/nutdec: Check fields Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2c146406ea`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:51 +02:00
Michael Niedermayer	167c0dcfdc	avformat/dxa: avoid bpc overflows Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `93db0f0740`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:50 +02:00
Michael Niedermayer	9fb728dd1c	avformat/cafdec: Check that nb_frasmes fits within 64bit Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d4bb4e3759`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:50 +02:00
Michael Niedermayer	955ed9b641	avformat/asfdec_o: Limit packet offset avoids overflows with it Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136 Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `736e9e69d5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:50 +02:00
Michael Niedermayer	3e208ef088	avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d0349c9929`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:49 +02:00
Michael Niedermayer	80ec0ca973	avformat/icodec: Check nb_pal Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `db73ae0dc1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:49 +02:00
Michael Niedermayer	d52ed1be9e	avformat/aiffdec: Use 64bit for block_duration use Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9303ba272e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:49 +02:00
Michael Niedermayer	9959b6e2eb	avformat/aiffdec: Check block_duration Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1c2b6265c8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:48 +02:00
Michael Niedermayer	e55980d3bf	avformat/mxfdec: only probe max run in Suggested-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1182bbb2c3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:48 +02:00
Michael Niedermayer	045ed347fb	avformat/mxfdec: Check run_in is within 65536 Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7786097825`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:48 +02:00
Michael Niedermayer	a101c97782	avcodec/apedec: Fix integer overflow in filter_3800() Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296 Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f05247f6a4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:47 +02:00
Michael Niedermayer	7d5e8bdb0a	avcodec/tta: Check 24bit scaling for overflow Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3993345f91`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:47 +02:00
Michael Niedermayer	53f3a25107	libavformat/hls: Free keys Fixes: memleak Fixes: 50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu <lingjiujianke@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d32a9f3137`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:47 +02:00
Michael Niedermayer	f0fb070286	avcodec/fmvc: Move frame allocation to a later stage This way more things are checked before allocation Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9783749c66`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:46 +02:00
Michael Niedermayer	c263380558	avcodec/speedhq: Check width Fixes: out of array access Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400 Alternatively the buffer size can be increased Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f0395f9ef6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:46 +02:00
Michael Niedermayer	b222272124	avcodec/bink: disallow odd positioned scaled blocks Fixes: out of array access Fixes: 47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b14104a637`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:46 +02:00
Michael Niedermayer	bf29c080b1	avformat/asfdec_o: limit recursion depth in asf_read_unknown() The threshold of 5 is arbitrary, both smaller and larger should work fine Fixes: Stack overflow Fixes: 50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1f1a368169`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:45 +02:00
Michael Niedermayer	8f443328c0	doc/git-howto.texi: Document commit signing Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ced0dc807e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:45 +02:00
Michael Niedermayer	82e77e0dec	libavcodec/8bps: Check that line lengths fit within the buffer Fixes: Timeout Fixes: undefined pointer arithmetic Fixes: 50330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5436287485607936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2316d5ec1a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:45 +02:00
Michael Niedermayer	37139adfbf	libavformat/iff: Check for overflow in body_end calculation Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 cannot be represented in type 'long' Fixes: 50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bcb4690304`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:44 +02:00
Michael Niedermayer	2f2a3397cc	avformat/avidec: Prevent entity expansion attacks Fixes: Timeout Fixes no testcase, this is the same idea as similar attacks against XML parsers Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f3e823c2aa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:44 +02:00
Michael Niedermayer	4d537913e5	avcodec/h263dec: Sanity check against minimal I/P frame size Fixes: Timeout Fixes: 49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ca4ff9c21c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:44 +02:00
Michael Niedermayer	ec9af84dc5	avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccel This is somewhat redundant with the is_decoded check. Maybe there is a nicer solution Fixes: Null pointer dereference Fixes: 49584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5297367351427072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3b51e19922`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:43 +02:00
Michael Niedermayer	8229f4327f	MAINTAINERS: Add ED25519 key for signing my commits in the future Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `05225180be`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:43 +02:00
Michael Niedermayer	0bea6b5d50	avcodec/hevc_filter: copy_CTB() only within width&height Fixes: out of array access Fixes: 49271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5424984922652672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `009ef35d38`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:43 +02:00
Michael Niedermayer	f198ffcf38	avformat/flvdec: Check for EOF in index reading Fixes: Timeout Fixes: 47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ceff5d7b74`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:42 +02:00
Michael Niedermayer	5cefe5d304	avformat/nutdec: Check get_packetheader() in mainheader Fixes; Timeout Fixes: 48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b5de084aa6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:42 +02:00
Michael Niedermayer	c9d8271274	avformat/asfdec_f: Use 64bit for packet start time Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 49014/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6314973315334144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8ed78486fc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:42 +02:00
Michael Niedermayer	85d59a6a98	avcodec/lagarith: Check dst/src in zero run code Fixes: out of array access Fixes: 48799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-4764457825337344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9450f75974`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:41 +02:00
Michael Niedermayer	99f1f07b78	avcodec/h264dec: Skip late SEI Fixes: Race condition Fixes: clusterfuzz-testcase-minimized-mediasource_MP2T_AVC_pipeline_integration_fuzzer-6282675434094592 Found-by: google ClusterFuzz Tested-by: Dan Sanders <sandersd@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f7dd408d64`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:41 +02:00
Michael Niedermayer	5deba24c22	avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c() Fixes: signed integer overflow: 2147483645 + 16 cannot be represented in type 'int' Fixes: 46993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4759025234870272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1537f40516`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:41 +02:00
Michael Niedermayer	b3fdcaca7b	avfilter/vf_signature: Fix integer overflow in filter_frame() Fixes: CID1403233 The second of the 2 changes may be unneeded but will help coverity Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dd6040675e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:40 +02:00
Michael Niedermayer	6c1a7a829d	avformat/rtsp: break on unknown protocols This function needs more cleanup and it lacks error handling Fixes: use of uninitialized memory Fixes: CID700776 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `73c0fd27c5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:40 +02:00
Michael Niedermayer	8a4e3bc1c5	avcodec/hevcdsp_template: stay within tables in sao_band_filter() Fixes: out of array read Fixes: 47875/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5719393113341952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9c5250a561`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:40 +02:00
Michael Niedermayer	f9afd5cacc	avcodec/qpeldsp: copy less for the mc0x cases Fixes: out of array access Fixes: 47936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5745039940124672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e690d4edf5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:39 +02:00
Michael Niedermayer	f7b403bba6	avcodec/ffv1dec: Limit golomb rice coded slices to width 8M This limit is possibly not reachable due to other restrictions on buffers but the decoder run table is too small beyond this, so explicitly check for it. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b4431399ec`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:39 +02:00
Michael Niedermayer	aedff4dc8b	avformat/iff: simplify duration calculation Fixes: signed integer overflow: 315680096256 * 134215943 cannot be represented in type 'long long' Fixes: 48713/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5886272312311808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0740641e93`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:39 +02:00
Michael Niedermayer	c065971bf8	avcodec/wnv1: Check for width =1 The decoder only outputs pixels for width >1 images, fail early Fixes: Timeout Fixes: 48298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WNV1_fuzzer-6198626319204352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d98d5a436a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:38 +02:00
Michael Niedermayer	2bfc334441	avformat/sctp: close socket on errors This is untested as i have no testcase Fixes: CID1302709 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c9a2996544`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:38 +02:00
Michael Niedermayer	0e8b1a8b44	avcodec/aasc: Fix indention Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `af2ed09220`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:38 +02:00
Michael Niedermayer	9be645c544	avcodec/qdrw: adjust max colors to array size Fixes: out of array access Fixes: 48429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDRAW_fuzzer-4608329791438848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cd847f86d3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:37 +02:00
Michael Niedermayer	b6c471ab4e	avcodec/alacdsp: Make intermediates unsigned Fixes: signed integer overflow: -14914387 + -2147418648 cannot be represented in type 'int' Fixes: 46464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-474307197311385 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8709f4c10a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:37 +02:00
Michael Niedermayer	cc2357f36f	avformat/aiffdec: cleanup size handling for extreem cases Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c6f1e48b86`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:37 +02:00
Michael Niedermayer	36fdafb16d	avcodec/jpeglsdec: fix end check for xfrm Fixes: out of array access Fixes: 47871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-5646305956855808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6a82412bf3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:36 +02:00
Michael Niedermayer	d5d3f80e17	avcodec/cdgraphics: limit scrolling to the line Fixes: out of array access Fixes: 47877/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5690504626438144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b7e30a13d4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:36 +02:00
Michael Niedermayer	4d7a4f66f8	avformat/aiffdec: avoid integer overflow in get_meta() Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 45891/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6159183893889024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6a02de2127`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:36 +02:00
Michael Niedermayer	93145eaeba	avformat/ape: more bits in size for less overflows Fixes: signed integer overflow: 2147483647 + 3 cannot be represented in type 'int' Fixes: 46184/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-4678059519770624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e5f6707a7b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:35 +02:00
Michael Niedermayer	0487f8e95e	avformat/bfi: Check offsets better Fixes: signed integer overflow: -2145378272 - 538976288 cannot be represented in type 'int' Fixes: 45690/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5015496544616448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `35dc93ab44`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:35 +02:00
Michael Niedermayer	12794ff1e4	avformat/asfdec_f: Check packet_frag_timestamp Fixes: signed integer overflow: -9223372036854775808 - 4607 cannot be represented in type 'long' Fixes: 45685/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5280102802391040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ffc8772150`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:35 +02:00
Michael Niedermayer	dc4d0f630b	avcodec/texturedspenc: Fix indexing in color distribution determination Fixes CID1396405 MSE and PSNR is slightly improved, and some noticable corruptions disappear as well. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit `ade36d61de`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:34 +02:00

1 2 3 4 5 ...

93637 Commits