ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	e6f31fa16c	avcodec/iff: Skip overflowing runs in decode_delta_d() Fixes: Timeout (107sec - 75ms> Fixes: 18812/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6295585225441280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `185f441ba2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Michael Niedermayer	4b521929cf	avcodec/pnm: Check that the header is not truncated Fixes: Ticket8430 Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c94cb8d9b2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Michael Niedermayer	8bdb8b5689	avcodec/mp3_header_decompress_bsf: Check sample_rate_index Fixes: out of array read Fixes: 19309/clusterfuzz-testcase-minimized-ffmpeg_BSF_MP3_HEADER_DECOMPRESS_fuzzer-5651002950942720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f064c7c449`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Michael Niedermayer	627d5ff890	avcodec/cbs_av1_syntax_template: Check num_y_points "It is a requirement of bitstream conformance that num_y_points is less than or equal to 14." Fixes: index 24 out of bounds for type 'uint8_t [24]' Fixes: 19282/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_MERGE_fuzzer-5747424845103104 Note, also needs `a23dd33606` Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: jamrial Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bbe27890ff`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
James Almer	6850c5e4cd	avcodec/cbs_av1: fix array size for ar_coeffs_cb_plus_128 and ar_coeffs_cr_plus_128 Taking into account the code fb(2, ar_coeff_lag); num_pos_luma = 2 * current->ar_coeff_lag * (current->ar_coeff_lag + 1); if (current->num_y_points) num_pos_chroma = num_pos_luma + 1; else num_pos_chroma = num_pos_luma; Max value for ar_coeff_lag is 3 (two bits), for num_pos_luma 24, and for num_pos_chroma 25. Both ar_coeffs_cb_plus_128 and ar_coeffs_cr_plus_128 may have up to num_pos_chroma values. Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `a23dd33606`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Michael Niedermayer	5ce0c254dd	avformat/rmdec: Initialize and sanity check offset in ivr_read_header() Fixes: signed integer overflow: -9223372036854775808 - 17 cannot be represented in type 'long' Fixes: 18768/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5674385247830016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7e665e4a81`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Michael Niedermayer	6355dde556	avcodec/apedec: Fix 2 integer overflows Fixes: signed integer overflow: 2119056926 - -134217728 cannot be represented in type 'int' Fixes: 18728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5747539563511808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6e15ba2d1f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Andreas Rheinhardt	6770f09066	avformat/id3v2: Fix double-free on error ff_id3v2_parse_priv_dict() uses av_dict_set() with the flags AV_DICT_DONT_STRDUP_KEY and AV_DICT_DONT_STRDUP_VAL. In this case both key and value are freed on error (and owned by the destination dictionary on success), so that freeing them again on error is a double-free and therefore forbidden. But it nevertheless happened. Fixes CID 1452489 and 1452421. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `67d4940a77`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Michael Niedermayer	caa7f10047	avcodec/wmaprodec: Set packet_loss when we error out on a sanity check Fixes: left shift of negative value -34 Fixes: 18719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5642658173419520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a9cbd25d89`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Michael Niedermayer	2b5abf94de	avcodec/wmaprodec: Check offset Fixes: index 33280 out of bounds for type 'float [32768]' Fixes: 18718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5635373899710464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5473c7825e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Michael Niedermayer	b26f303865	avcodec/truemotion2: Fix 2 integer overflows in tm2_low_res_block() Fixes: signed integer overflow: 1778647621 + 574372924 cannot be represented in type 'int' Fixes: 18692/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-6248679635943424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `93d52a181e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Michael Niedermayer	745040d269	avcodec/wmaprodec: Check if the channel sum of all internal contexts match the external Fixes: NULL pointer dereference Fixes: 18689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5715114640015360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `090ac57997`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Michael Niedermayer	53a03d98bd	avcodec/atrac9dec: Check q_unit_cnt more completely before using it to access at9_tab_band_ext_group Fixes: index 8 out of bounds for type 'const uint8_t [8][3]' Fixes: 19127/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5709394985091072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Lynne <dev@lynne.ee> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e1d836d237`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Michael Niedermayer	9c026dd94d	avcodec/fitsdec: Use lrint() Fixes: fate-fitsdec-bitpix-64 Possibly Fixes: -nan is outside the range of representable values of type 'unsigned short' Possibly Fixes: 17769/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5678314672357376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `37f31f4e50`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +01:00
Michael Niedermayer	0667c14ad6	avcodec/g729dec: require buf_size to be non 0 The 0 case was added with the support for multiple packets. It appears unintended and causes extra complexity and out of array accesses (though within padding) No testcase Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f64be9da4c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	1792310910	avcodec/alac: Fix integer overflow in lpc_prediction() with sign Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int' Fixes: 18643/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5672182449700864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7686ba1f14`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	e9fa01eb60	avcodec/wmaprodec: Fix buflen computation in save_bits() Fixes: Assertion failure Fixes: 18630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5201588654440448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `589cb44498`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	54c0706a2d	avcodec/vc1_block: Fix integer overflow in AC rescaling in vc1_decode_i_block_adv() Fixes: signed integer overflow: 50176 * 262144 cannot be represented in type 'int' Fixes: 18629/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5182370286403584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0e010e489b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	600e1df9a5	avcodec/vmdaudio: Check chunk counts to avoid integer overflow Fixes: signed integer overflow: 4 * 538976288 cannot be represented in type 'int' Fixes: 18622/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-5092166174507008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `47d963335e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	3b8512ae09	avformat/mxfdec: Clear metadata_sets_count in mxf_read_close() This avoids problems if the function is called twice Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `13816a1d08`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	ad3c8540f8	avcodec/nuv: Use ff_set_dimensions() Fixes: OOM Fixes: 18956/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5766505644163072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1ca978d636`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	03d5c402f0	avcodec/ffwavesynth: Fix integer overflow with pink_ts_cur/next Fixes: signed integer overflow: 6175076100092079360 - -5034989061050195840 cannot be represented in type 'long' Fixes: 18614/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5704508847423488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d82ab96e76`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	aaec28913f	avcodec/ralf: Fix integer overflows with the filter coefficient in decode_channel() Fixes: signed integer overflow: 1145975808 - -1146173210 cannot be represented in type 'int' Fixes: 18616/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5121296757424128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `721624c2f6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	2f5dbf9b15	avcodec/g729dec: Use 64bit and clip in scalar product The G729 reference decoder clips after each individual operation and keeps track if overflow occurred (in the fixed point implementation), this here is simpler and faster but not 1:1 the same what the reference does. Non fuzzed samples which trigger any such overflow are welcome, so the need and impact of different clipping solutions can be evaluated. Fixes: signed integer overflow: 1271483721 + 1073676289 cannot be represented in type 'int' Fixes: 18617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5137705679978496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bf9c4a1275`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	34e6544424	avcodec/mxpegdec: Check for multiple SOF Fixes: Timeout (14sec -> 9ms) Fixes: 18598/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5726095261564928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `75b64e5aa3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	132344fcba	avcodec/nuv: Move comptype check up Fixes: Timeout (23sec -> 5ms) Fixes: 18517/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5753135536013312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1138cdecbe`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	4edd992a65	avcodec/wmavoice: Fix integer overflow in synth_frame() Fixes: left shift of negative value -3 Fixes: 18518/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-6560514359951360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cf323f4d38`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	5574daa690	avcodec/rawdec: Check bits_per_coded_sample more pedantically for 16bit cases Fixes: shift exponent -14 is negative Fixes: 18335/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RAWVIDEO_fuzzer-5723267192586240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5634e20525`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	1109a736ef	avutil/lfg: Correct index increment type to avoid undefined behavior Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 18333/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COMFORTNOISE_fuzzer-5668481831272448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6014bcf1b7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	084a3e582b	avcodec/cngdec: Remove AV_CODEC_CAP_DELAY As is the decoder will never stop, it will cause an infinite loop. The RFC seems only to speak of non empty packets so endlessly generating noise from the last empty flush packets seems wrong. Fixes: infinite loop Fixes: 18333/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COMFORTNOISE_fuzzer-5668481831272448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `327a968817`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	6783232dfe	avcodec/iff: Move index use after check in decodeplane8() Fixes: index 9 out of bounds for type 'const uint64_t [8][256]' Fixes: 18409/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5767030560522240 Fixes: 18720/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5651995784642560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a1f8b36cc4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	71d17a2827	avcodec/atrac3: Check for huge block aligns The largest documented frame size = block align is 1024 bytes (https://wiki.multimedia.cx/index.php/ATRAC3) Without a limit this can allocate arbitrary memory and trigger OOM Fixes: OOM Fixes: 18337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3_fuzzer-5763861478637568 Fixes: 18556/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3AL_fuzzer-5646183334936576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f09151fff9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	4d53c962ed	avcodec/ralf: use multiply instead of shift to avoid undefined behavior in decode_block() Fixes: left shift of negative value -249 Fixes: 18566/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5649394561187840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1b7d02642b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	7b81868a25	avcodec/wmadec: Require previous exponents for reuse Fixes: division by zero Fixes: 18474/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5764986962182144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c54b9fc42f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	864649067b	avcodec/vc1_block: Fix undefined behavior in ac prediction rescaling The intermediates are required to fit in 12bit (8.1.3.9 Coefficient Scaling) See SMPTE 421M-2006 and Amendment 1-2007 Fixes: signed integer overflow: -20691 * 262144 cannot be represented in type 'int' Fixes: 18479/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5128912371187712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7fc1baf0ca`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	65cda31ace	avcodec/qdm2: The smallest header seems to have 2 bytes so treat 1 as invalid Fixes: Timeout (217sec -> 2ms) Fixes: 18488/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5708293662310400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e36ccb5048`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	1baae1c8f1	avcodec/apedec: Fixes integer overflow of res+*data in do_apply_filter() Fixes: signed integer overflow: 7400 + 2147482786 cannot be represented in type 'int' Fixes: 18405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5708834760294400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dc3f327e74`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	6778b3c927	avcodec/sonic: Fix integer overflow in predictor_calc_error() Fixes: signed integer overflow: 5 * -1094995529 cannot be represented in type 'int' Fixes: 18346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5709623893426176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c8c17b8cef`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	3ba7629104	avcodec/atrac9dec: Check precision_fine/coarse Clipping is done as it was preferred in review See: [FFmpeg-devel] [PATCH 1/5] avcodec/atrac9dec: Check precision_fine/coarse Fixes: out of array access Fixes: 18330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5641113058148352 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `19b8db2908`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	cf6f4e0d68	avformat/mp3dec: Check that the frame fits within the probe buffer Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e9a335150a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	88c8195526	avcodec/wmaprodec: get frame during frame decode Fixes: memleak Fixes: 17615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5681306024804352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0f89a2293e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	fdc350ec5f	avcodec/interplayacm: Fix overflow of last unused value Fixes: signed integer overflow: -2147450880 - 65535 cannot be represented in type 'int' Fixes: 18393/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5667520110919680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `10eabb8e40`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	a5636c1d4c	avcodec/adpcm: Fix undefined behavior with negative predictions in IMA OKI Fixes: left shift of negative value -30 Fixes: 18392/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_OKI_fuzzer-5631771831435264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7786f6c30e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	b7d552e222	avcodec/cook: Move up and extend block_align check Fixes: signed integer overflow: 2046820356 * 8 cannot be represented in type 'int' Fixes: 18391/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5631674666188800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1c63edcdd2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	8a52366349	avcodec/sbcdec: Fix integer overflows in sbc_synthesize_four() Fixes: signed integer overflow: 1494495519 + 1494495519 cannot be represented in type 'int' Fixes: 18347/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SBC_fuzzer-5711714661695488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `00e469fb61`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	96e6ef9abe	avcodec/twinvq: Check block_align Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int' Fixes: 18348/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_METASOUND_fuzzer-6681325716635648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `97f778e9c5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	a2b7e3bacc	avcodec/cook: Enlarge gain table Fixes: index 25 out of bounds for type 'float [23]' Fixes: 18355/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5641398941908992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `50001cd440`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	a85bfe3a4f	avcodec/cook: Check samples_per_channel earlier Fixes: division by zero Fixes: 18362/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5653727679086592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `57750bb629`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	27b1e6cd86	avcodec/atrac3plus: Check split point in fill mode 3 Fixes: index 32 out of bounds for type 'int [32]' Fixes: 18350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3P_fuzzer-5643794862571520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `de5102fd92`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00
Michael Niedermayer	d05aa7459f	avcodec/wmavoice: Check sample_rate Fixes: left shift of 538976288 by 8 places cannot be represented in type 'int' Fixes: 18376/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5741645391200256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `55c97a7637`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:44 +01:00

1 2 3 4 5 ...

92869 Commits