Michael Niedermayer
f51a271f20
avformat/mpegts: Fix side data type for stream id
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ab1319d82fmichael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
53d34fad0d
tests/fate/filter-video: increase fuzz for fate-filter-refcmp-psnr-rgb
...
Fixes: test failure on powerpc
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f8f762c300michael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
e657e8e8d6
avcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan()
...
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ea30ac1e40michael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
chcunningham
96062eb3cc
lavf/id3v2: fail read_apic on EOF reading mimetype
...
avio_read may return EOF, leaving the mimetype array unitialized. fail
early when this occurs to avoid using the array in an unitialized state.
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ee1e39a576michael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
f9b7c87145
avformat/nutenc: Document trailer index assert better
...
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3a95b73abcmichael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
chcunningham
cb901e1836
lavf/mov: ensure only one tkhd per trak
...
Chromium fuzzing produced a whacky file with extra tkhds. This caused
an AVStream that was already in use to be corrupted by assigning it a
new id, which blows up later in mov_read_trun because the
MOVFragmentStreamInfo.index_entry now points OOB.
Reviewed-by: Baptiste Coudurier <baptiste.coudurier@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c9f7b6f7a9michael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
04fe02bd80
avcodec/ppc/hevcdsp: Fix build failures with powerpc-linux-gnu-gcc-4.8 with --disable-optimizations
...
The affected functions could also be changed into macros, this is the
smaller change to fix it though. And avoids (probably) less readable macros
The extra code should be optimized out when optimizations are done as all values
are known at build after inlining.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2c64a6bcd2michael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
a6d25b6ba5
avcodec/msvideo1: Check for too small dimensions
...
Such low resolution would result in empty output as a minimum of 4x4 is needed
We could also check for multiple of 4 dimensions but that is not needed
Fixes: Timeout
Fixes: 11191/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSVIDEO1_fuzzer-5739529588178944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 953bd58861michael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
d6aac086b6
avcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size
...
Frames that small are not valid and of limited use for error concealment, while
being very computationally intensive to process.
Fixes: Timeout
Fixes: 11168/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5733782032744448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d6f4341522michael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
f06485063d
avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size
...
Frames that small are not valid and of limited use for error concealment, while
being very computationally intensive to process.
Fixes: Timeout
Fixes: 11318/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSMPEG4V1_fuzzer-5710884555456512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 09ec182864michael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
506b9c88c7
avcodec/truemotion2rt: Fix rounding in input size check
...
Fixes: Timeout
Fixes: 11332/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2RT_fuzzer-5678456612847616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7f22a4ebc9michael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
940c6f3fb1
avcodec/truemotion2: fix integer overflows in tm2_low_chroma()
...
Fixes: 11295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-4888953459572736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2ae39d7956michael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
5e1133920f
avcodec/pngdec: Check compression method
...
method 0 (inflate/deflate) is the only specified in the specification and the only supported
Fixes: Timeout
Fixes: 10976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-5729372588736512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1f99674dddmichael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
4376377c51
fftools/ffmpeg: Repair reinit_filter feature
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3504004879michael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
e8aaadd41e
avcodec/shorten: Fix integer overflow with offset
...
Fixes: signed integer overflow: -1625810908 - 582229060 cannot be represented in type 'int'
Fixes: 10977/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5732602018267136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2f888771cdmichael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
a6e6b86669
avcodec/cavsdec: Propagate error codes inside decode_mb_i()
...
Fixes: Timeout
Fixes: 10702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5669940938407936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c1cee05656michael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
Michael Niedermayer
f3404f6b90
avcodec/mpegaudio_parser: Consume more than 0 bytes in case of the unsupported mp3adu case
...
Fixes: Timeout
Fixes: 10966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADU_fuzzer-5348695024336896
Fixes: 10969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5691669402877952
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit df91af140cmichael@niedermayer.cc >
2019-03-24 10:38:51 +01:00
James Almer
da6a61606a
avcodec/hevcdec: decode at most one slice reporting being the first in the picture
...
Fixes deadlocks when decoding packets containing more than one of the aforementioned
slices when using frame threads.
Tested-by: Derek Buitenhuis <derek.buitenhuis@gmail.com >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 70c8c8a818
2019-03-20 21:03:48 -03:00
Paul B Mahol
15b385efca
avfilter/af_silenceremove: fix possible crash if supplied duration is negative
...
Signed-off-by: Paul B Mahol <onemda@gmail.com >
Fixes ticket #7697 .
(cherry picked from commit 2d1594a8d6
2019-01-25 01:01:42 +01:00
Michael Niedermayer
cb74b3ff27
Update for 3.4.5
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2018-11-01 15:40:09 +01:00
Michael Niedermayer
0e853b61e6
avutil/integer: Fix integer overflow in av_mul_i()
...
Found-by: fate
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3cc3cb663bmichael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
707ec3cfc0
avcodec/msrle: Check that the input is large enough to contain a end of picture code
...
Fixes: Timeout
Fixes: 10625/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSRLE_fuzzer-5659651283091456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 203ccb8746michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
1bcc79db44
avcodec/jpeg2000dec: Fix off by 1 error in JPEG2000_PGOD_CPRL handling
...
Fixes: assertion failure
Fixes: 10785/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5672160496975872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 305e523105michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
6763ff890e
avcodec/mpeg4videodec: Fix typo in sprite delta check
...
Fixes: Integer overflow
Fixes: 10890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5636062181851136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b737317a88michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
ced37ef52c
avcodec/h264_cavlc: Check mb_skip_run
...
Fixes: 10300/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6292205497483264
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f72b9904femichael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
a3ef90a73c
avcodec/ra144: Fix integer overflow in add_wav()
...
Fixes: signed integer overflow: -2144033225 + -5208934 cannot be represented in type 'int'
Fixes: 10633/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5679133791617024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c6282141cbmichael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
d17d08035c
avformat/utils: Never store negative values in last_IP_duration
...
Fixes: integer overflow compute_pkt_fields()
Fixes: compute_pkt_usan
Reported-by: Thomas Guilbert <tguilbert@chromium.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 079d1a7175michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
e9975d1b51
avformat/utils: Fix integer overflow in discontinuity check
...
Fixes: signed integer overflow: 7738135736989908991 - -7954308516317364223 cannot be represented in type 'long'
Fixes: find_stream_info_usan
Reported-by: Thomas Guilbert <tguilbert@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4e19cfcfa3michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
0cbd4fb995
avcodec/unary: Improve get_unary() docs
...
Found-by: kierank
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ad89e203bfmichael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
848726afc6
avcodec/gdv: Replace divisions by shifts in rescale()
...
Divisions tend to be slower than shifts unless the compiler optimizes them out.
And some of these are in inner loops.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b90d8cc746michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
50aa132f4d
avcodec/dvdsubdec: Sanity check len in decode_rle()
...
Fixes: Timeout
Fixes: 9778/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5186007132536832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e7b023e1dbmichael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
f80da843b2
avcodec/mpeg4videodec: Fix undefined shift in get_amv()
...
Fixes: runtime error: shift exponent -1 is negative
Fixes: 9938/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5653783529914368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c88afa44c4michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
127ec77e8c
avcodec/zmbv: Check that the decompressed data size is correct
...
This checks the value exactly for intra frames and checks it against a
minimum for inter frames as they can be variable.
Fixes: Timeout
Fixes: 10182/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZMBV_fuzzer-6245951174344704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e33b28cc79michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
80af29f32e
avcodec/zmbv: Update decomp_len in raw frames
...
decomp_len is used in raw frames, so it should not be left at the value from
whatever was decoded previously (which may be any other frame)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3d201b83cdmichael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
98709a1244
avcodec/shorten: Fix bitstream end check in read_header()
...
Fixes: Timeout
Fixes: 9961/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5687856176562176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 28b80c2d52michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
1a106752f3
avcodec/dvdsubdec: Avoid branch in decode_run_8bit()
...
Speed improvment 35.5 sec -> 34.7sec
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 71bf033050michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
ab5d930762
avcodec/h264_refs: Document last if() in ff_h264_execute_ref_pic_marking()
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 697984b9dbmichael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
ee8b4c16d7
avcodec/ra144: Fix undefined integer overflow in add_wav()
...
Fixes: signed integer overflow: -26884 * 91439 cannot be represented in type 'int'
Fixes: 9687/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-4995588121690112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 93a203662fmichael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
073a65aefc
avcodec/indeo4: Check dimensions in decode_pic_hdr()
...
Fixes: Timeout
Fixes: 9654/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-6289863463665664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7592e88bfemichael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Dale Curtis
eab5f6e419
avformat/mov: Error on too large stsd entry counts.
...
Entries are always at least 8 bytes per the parsing code, so if we
see an impossible entry count avoid massive allocations. This is
similar to an existing check in mov_read_stsc().
Since ff_mov_read_stsd_entries() does eof checks, an alternative
approach could be to clamp the entry count to atom.size / 8.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 320b631a99michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Bunk
462edf5b94
examples: Fix use of AV_CODEC_FLAG_GLOBAL_HEADER
...
AV_CODEC_FLAG_GLOBAL_HEADER should be set before calling avcodec_open2() to have any effect.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a82e4fb8c6michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
b61b38766e
avcodec/hq_hqa: Check remaining input bits in hqa_decode_mb()
...
Fixes: Timeout
Fixes: 9634/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-6267852259590144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c9222b972dmichael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
88afcff2f5
avcodec/vb: Check for end of bytestream before reading blocktype
...
Fixes: Timeout
Fixes: 9601/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VB_fuzzer-4550228702134272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1cbac9ce20michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
812f7fae35
avcodec/snowdec: Fix integer overflow with motion vector residual
...
Fixes: signed integer overflow: -19818 + -2147483648 cannot be represented in type 'int'
Fixes: 9545/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-4928769537081344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit acba153a14michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
0ef49c0818
avformat/nsvdec: Do not parse multiple NSVf
...
The specification states "NSV files may contain a single file header. "
Fixes: out of array access
Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421
Found-by: Paul Ch <paulcher@icloud.com >
Tested-by: Paul Ch <paulcher@icloud.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 78d4b6bd43michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
ff5196a98a
avformat/mlvdec: read_string() received unsigned size, make the argument unsigned
...
Fixes: infinite loop
Fixes: mlv-timeout-e3b8cab9835edecad6823baa057e029671329d04
Found-by: Paul Ch <paulcher@icloud.com >
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1e71cb2c8emichael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
17c0347977
avformat/rmdec: Fix EOF check in the stream loop in ivr_read_header()
...
Fixes: long running loop
Fixes: ivr-timeout-42468cb797f52f025fb329394702f5d4d64322d6
Found-by: Paul Ch <paulcher@icloud.com >
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c2eec1762dmichael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
007da8396f
avcodec/scpr: Check for min > max in decompress_p()
...
Fixes: Timeout
Fixes: 9342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-4795990841229312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3378194ce8michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
e3cc5e81ab
avcodec/shorten: Fix signed 32bit overflow in shift in shorten_decode_frame()
...
Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 9480/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6647324284551168 -rss_limit_mb=2000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9b604e96a5michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
Michael Niedermayer
ec573bd2eb
avcodec/shorten: Fix integer overflow in residual/LPC combination
...
Fixes: signed integer overflow: -540538872 + -2012739576 cannot be represented in type 'int'
Fixes: 9255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5758630052757504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit db7e9082e1michael@niedermayer.cc >
2018-10-28 02:22:42 +02:00
