Michael Niedermayer
f9a7ca5911
Update for 4.2.4
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-07-07 20:39:24 +02:00
Michael Niedermayer
11c1e1d6d0
avcodec/apedec: Fix undefined integer overflow with 24bit
...
Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int'
Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9f7b252cdfmichael@niedermayer.cc >
2020-07-07 19:30:17 +02:00
Michael Niedermayer
b8f3879bcc
avcodec/loco: Fix integer overflow with large values from loco_get_rice()
...
Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int'
Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3ddc5e1f3cmichael@niedermayer.cc >
2020-07-07 19:29:23 +02:00
Michael Niedermayer
bcbfcf1300
avformat/smjpegdec: Check the existence of referred streams
...
Fixes: Assertion failure
Fixes: 23758/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5160954605338624.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 321ea59dacmichael@niedermayer.cc >
2020-07-07 19:28:29 +02:00
Michael Niedermayer
7d3da77756
avcodec/pnmdec: Fix misaligned reads
...
Found-by: "Steinar H. Gunderson" <steinar+ffmpeg@gunderson.no >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ea28ce9bc1michael@niedermayer.cc >
2020-07-06 01:50:33 +02:00
Michael Niedermayer
a957f43072
avcodec/scpr3: Fix out of array access with dectab
...
Fixes: 23721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5914074721550336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c8de8dfba6michael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
2cebde69e0
avcodec/dstdec: Replace AC overread check by sample rate check
...
Real files do skip coding 0 bits at the end, thus this kind of check
does not work reliable.
Fixes: Ticket 8770
Fixes: dst-256fs44-6ch-refdstencoder.dff
The samplerate is specified in ISO/IEC 14496-3:2005(E) as one of 3 fixed
values, this also can be used to limit the duration and avoid the timeout
This reverts commit f6df99dba11679f23bebmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
9fd30d0bdf
avutil/avsscanf: Add () to avoid integer overflow in scanexp()
...
Fixes: signed integer overflow: 2147483610 + 52 cannot be represented in type 'int'
Fixes: 23260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-5187871274434560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 42b28565aamichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
6fe28832a9
avformat/utils: reorder duration computation to avoid overflow
...
Fixes: signed integer overflow: 8 * 9223372036854774783 cannot be represented in type 'long'
Fixes: 23381/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4818340509122560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 10cc82c35bmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
3ea2cfe162
avcodec/pngdec: Check for fctl after idat
...
Fixes: out of array access
Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 65b1ba680fmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
57970c41f5
avformat/hls: Pass a copy of the URL for probing
...
The segments / url can be modified by the io read when reloading
This may be an alternative or additional fix for Ticket8673
as a further alternative the reload stuff could be disabled during
probing
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b5e39880fbmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Steven Liu
c00e881a45
avformat/hls: check segment duration value of EXTINF
...
fix ticket: 8673
set the default EXTINF duration to 1ms if duration is smaller than 1ms
Signed-off-by: Steven Liu <lq@chinaffmpeg.org >
(cherry picked from commit 9dfb19baeb
2020-07-05 01:47:57 +02:00
Michael Niedermayer
0c4fcdead8
avutil/common: Fix integer overflow in av_ceil_log2_c()
...
Fixes: left shift of 1913647649 by 1 places cannot be represented in type 'int'
Fixes: 23572/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5082619795734528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e409262837michael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
e02303282d
avcodec/wmalosslessdec: fix overflow with pred in revert_cdlms
...
Fixes: signed integer overflow: 2048 + 2147483646 cannot be represented in type 'int'
Fixes: 23538/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5227567073460224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 21598d711dmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
Michael Niedermayer
98ff949451
avformat/mvdec: Fix integer overflow with billions of channels
...
Fixes: signed integer overflow: 1394614304 * 2 cannot be represented in type 'int'
Fixes: 23491/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5697377020411904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b6fbbe08c3michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
a720e4d3c9
avformat/microdvddec: skip malformed lines without frame number.
...
Fixes: signed integer overflow: 1 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 23490/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5133490093031424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a8fb7612a9michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
774efe1ece
avformat/mxfdec: free duplicated utf16 strings
...
Fixes: memleak
Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744
Suggested-by: Marton Balint <cus@passwd.hu >
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0aa2768cb2michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
5fd3af45bc
avformat/4xm: Check that a video stream was created before returning packets for it
...
Fixes: assertion failure
Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c517c3f474michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
19d9c40647
avcodec/ffwavesynth: Avoid undefined operation on ts overflow
...
Alternatively these conditions could be treated as errors
Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long')
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 584d334afdmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
ee14b82ee0
avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
...
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int'
Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e361785ee0michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
7a00fd4964
avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c()
...
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int'
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c0dfe134bemichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
1a74a8078c
avcodec/sonic: Fix several integer overflows
...
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int'
Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 75d520e337michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
8c7a41b455
avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile
...
Fixes: out of array access
Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e53235f06cmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
17175055f8
avcodec/pixlet: Fix log(0) check
...
Fixes: passing zero to clz(), which is not a valid argument
Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bd0f81526dmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
3a8ae4f297
avcodec/iff: Fix off by x error
...
Fixes: out of array access
Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 51225dee0amichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
9641fcb355
avcodec/wmalosslessdec: Check block_align maximum
...
Fixes: Assertion failure
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 314d10f7a6michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
035d30ba17
avcodec/loco: Fix signed integer overflow in loco_get_rice()
...
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aa88cdfd90michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
4f92e48d5c
avformat/thp: Check fps
...
Fixes: division by zero
Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0e15b01b4emichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
374a18fbc8
avformat/mpl2dec: Fix integer overflow with duration
...
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9a42a67c5cmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
75df98c0a0
avcodec/cbs: Allocate more CodedBitstreamUnit at once in cbs_insert_unit()
...
Fixes: Timeout (85sec -> 0.5sec)
Fixes: 20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360
Fixes: 21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656
Fixes: 21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 49ba60fed0michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
c540f6939d
avcodec/mpeg12dec: remove outdated comments
...
Found-by: Kieran
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 48de8f5816michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
4dec5b22ac
avcodec/snowdec: Avoid integer overflow with huge qlog
...
Fixes: integer overflow
Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 38fbf33c72michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Dale Curtis
361416218a
avformat/mov: Check if DTS is AV_NOPTS_VALUE in mov_find_next_sample().
...
Signed-off-by: Dale Curtis <dalecurtis@chromium.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bf446711bcmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
500965b7ee
avcodec/mpeg12dec: Fix got_output
...
This makes got_output consistent with the code in slice_end() which sets the output
in slice_end()
if (s->pict_type == AV_PICTURE_TYPE_B || s->low_delay) {
int ret = av_frame_ref(pict, s->current_picture_ptr->f);
...
} else {
Fixes: assertion failure
Fixes: 22178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5664234440753152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f33a9803amichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
a09705cf48
avformat/4xm: Cleanup on GET_LIST_HEADER() failure
...
Fixes: memleak
Fixes: 23142/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5932860820422656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5313ce654michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
a497d3de31
avcodec/lzf: Consider the needed size in reallocation
...
Fixes: NULL pointer dereference
Fixes: 22381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5659879921680384.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 292b9b93a5michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
3e88f40dfc
avformat/mlvdec: fail reading a packet with 0 streams
...
Fixes: NULL pointer dereference
Fixes: 22604/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5667739074297856.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5bd5c31087michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
a77a20ddee
avformat/thp: Check compcount
...
Fixes: out of array access
Fixes: 22520/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5100297658826752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1ba8484559michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
7991001f9d
avcodec/adpcm: XA: Check shift similar to filter
...
Fixes: negative shift
Fixes: 22499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5765452130418688
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6d96bae9c4michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
ab4798ae39
avcodec/huffyuvdec: Test vertical coordinate more often
...
Fixes: out of array access
Fixes: 22892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5135996772679680.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a1223ddc56michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
e19a5624d5
avformat/rawdec: fix identifier names
...
Fixes: out of array access
Fixes: 22686/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5121369624018944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov <anton@khirnov.net >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 71a822fa35michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
2f5040203b
avcodec/hq_hqa: Check info size
...
Fixes: assertion failure
Fixes: 21079/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5737046523248640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cf28521feemichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
b4c08bbd9c
avcodec/wmalosslessdec: Fix integer overflow in mclms_predict()
...
Fixes: signed integer overflow: 2147483636 + 2048 cannot be represented in type 'int'
Fixes: 22016/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5109395618004992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c42ed06695michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
0a93c8b60b
avcodec/vp9dsp_template: Fix integer overflow(s) in iadst16_1d()
...
Fixes: signed integer overflow: 1080285923 - -1130879337 cannot be represented in type 'int'
Fixes: 22002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-6260237310099456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 071e293723michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
aab78e0c00
avcodec/h264dec: Disable forced small_padding on flag2 fast
...
Fixes: 20978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5746381832847360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Michael Niedermayer
6555a71388
avformat/oggparsevorbis: Error out on double init of vp
...
Fixes: memleak
Fixes: 19949/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5743636058210304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2a3bbc0086michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
Andreas Rheinhardt
9ffcbf1db9
avcodec/h264_metadata_bsf: Fix invalid av_freep
...
This bug was introduced in 3c8a2a1180jamrial@gmail.com >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 04e06beb0aandreas.rheinhardt@gmail.com >
2020-07-04 22:32:14 +02:00
Andreas Rheinhardt
210aa29b42
avformat/hnm: Check for extradata allocation failure
...
and also add padding to it; moreover, don't use memcpy to write one byte
to extradata.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9e0f3352d1andreas.rheinhardt@gmail.com >
2020-07-02 01:25:24 +02:00
Andreas Rheinhardt
ca4d2c3c52
avcodec/bitstream: Don't check for undefined behaviour after it happened
...
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 5e196dac22andreas.rheinhardt@gmail.com >
2020-07-01 21:40:13 +02:00
Andreas Rheinhardt
fd6cb26583
avformat/avc, mxfenc: Avoid allocation of H264 SPS structure, fix memleak
...
Up until now, ff_avc_decode_sps would parse a SPS and return some
properties from it in a freshly allocated structure. Yet said structure
is very small and completely internal to libavformat, so there is no
reason to use the heap for it. This commit therefore changes the
function to return an int and to modify a caller-provided structure.
This will also allow ff_avc_decode_sps to return better error codes in
the future.
It also fixes a memleak in mxfenc: If a packet contained multiple SPS,
only the SPS structure belonging to the last SPS would be freed, the
other ones would leak when the pointer is overwritten to point to the
new SPS structure. Of course, without allocations there are no leaks.
This is Coverity issue #1445194 .
Furthermore, the SPS structure has been renamed from
H264SequenceParameterSet to H264SPS in order to avoid overlong lines.
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit a0b6df0a39andreas.rheinhardt@gmail.com >
2020-07-01 21:39:54 +02:00
