f9f95ceebf
Changelog: update
2020-07-09 01:30:42 +02:00
a06587b01a
avformat/mov: Fix unaligned read of uint32_t and endian-dependance in mov_read_default
...
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 806a4d5187michael@niedermayer.cc >
2020-07-07 21:05:23 +02:00
f9a7ca5911
Update for 4.2.4
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-07-07 20:39:24 +02:00
11c1e1d6d0
avcodec/apedec: Fix undefined integer overflow with 24bit
...
Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int'
Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9f7b252cdfmichael@niedermayer.cc >
2020-07-07 19:30:17 +02:00
b8f3879bcc
avcodec/loco: Fix integer overflow with large values from loco_get_rice()
...
Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int'
Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3ddc5e1f3cmichael@niedermayer.cc >
2020-07-07 19:29:23 +02:00
bcbfcf1300
avformat/smjpegdec: Check the existence of referred streams
...
Fixes: Assertion failure
Fixes: 23758/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5160954605338624.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 321ea59dacmichael@niedermayer.cc >
2020-07-07 19:28:29 +02:00
7d3da77756
avcodec/pnmdec: Fix misaligned reads
...
Found-by: "Steinar H. Gunderson" <steinar+ffmpeg@gunderson.no >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ea28ce9bc1michael@niedermayer.cc >
2020-07-06 01:50:33 +02:00
a957f43072
avcodec/scpr3: Fix out of array access with dectab
...
Fixes: 23721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5914074721550336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c8de8dfba6michael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
2cebde69e0
avcodec/dstdec: Replace AC overread check by sample rate check
...
Real files do skip coding 0 bits at the end, thus this kind of check
does not work reliable.
Fixes: Ticket 8770
Fixes: dst-256fs44-6ch-refdstencoder.dff
The samplerate is specified in ISO/IEC 14496-3:2005(E) as one of 3 fixed
values, this also can be used to limit the duration and avoid the timeout
This reverts commit f6df99dba11679f23bebmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
9fd30d0bdf
avutil/avsscanf: Add () to avoid integer overflow in scanexp()
...
Fixes: signed integer overflow: 2147483610 + 52 cannot be represented in type 'int'
Fixes: 23260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-5187871274434560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 42b28565aamichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
6fe28832a9
avformat/utils: reorder duration computation to avoid overflow
...
Fixes: signed integer overflow: 8 * 9223372036854774783 cannot be represented in type 'long'
Fixes: 23381/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4818340509122560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 10cc82c35bmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
3ea2cfe162
avcodec/pngdec: Check for fctl after idat
...
Fixes: out of array access
Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 65b1ba680fmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
57970c41f5
avformat/hls: Pass a copy of the URL for probing
...
The segments / url can be modified by the io read when reloading
This may be an alternative or additional fix for Ticket8673
as a further alternative the reload stuff could be disabled during
probing
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b5e39880fbmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
c00e881a45
avformat/hls: check segment duration value of EXTINF
...
fix ticket: 8673
set the default EXTINF duration to 1ms if duration is smaller than 1ms
Signed-off-by: Steven Liu <lq@chinaffmpeg.org >
(cherry picked from commit 9dfb19baeb
2020-07-05 01:47:57 +02:00
0c4fcdead8
avutil/common: Fix integer overflow in av_ceil_log2_c()
...
Fixes: left shift of 1913647649 by 1 places cannot be represented in type 'int'
Fixes: 23572/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5082619795734528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e409262837michael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
e02303282d
avcodec/wmalosslessdec: fix overflow with pred in revert_cdlms
...
Fixes: signed integer overflow: 2048 + 2147483646 cannot be represented in type 'int'
Fixes: 23538/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5227567073460224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 21598d711dmichael@niedermayer.cc >
2020-07-05 01:47:57 +02:00
98ff949451
avformat/mvdec: Fix integer overflow with billions of channels
...
Fixes: signed integer overflow: 1394614304 * 2 cannot be represented in type 'int'
Fixes: 23491/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5697377020411904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b6fbbe08c3michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
a720e4d3c9
avformat/microdvddec: skip malformed lines without frame number.
...
Fixes: signed integer overflow: 1 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 23490/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5133490093031424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a8fb7612a9michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
774efe1ece
avformat/mxfdec: free duplicated utf16 strings
...
Fixes: memleak
Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744
Suggested-by: Marton Balint <cus@passwd.hu >
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0aa2768cb2michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
5fd3af45bc
avformat/4xm: Check that a video stream was created before returning packets for it
...
Fixes: assertion failure
Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c517c3f474michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
19d9c40647
avcodec/ffwavesynth: Avoid undefined operation on ts overflow
...
Alternatively these conditions could be treated as errors
Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long')
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 584d334afdmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
ee14b82ee0
avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
...
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int'
Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e361785ee0michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
7a00fd4964
avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c()
...
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int'
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c0dfe134bemichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
1a74a8078c
avcodec/sonic: Fix several integer overflows
...
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int'
Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 75d520e337michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
8c7a41b455
avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile
...
Fixes: out of array access
Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e53235f06cmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
17175055f8
avcodec/pixlet: Fix log(0) check
...
Fixes: passing zero to clz(), which is not a valid argument
Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bd0f81526dmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
3a8ae4f297
avcodec/iff: Fix off by x error
...
Fixes: out of array access
Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 51225dee0amichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
9641fcb355
avcodec/wmalosslessdec: Check block_align maximum
...
Fixes: Assertion failure
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 314d10f7a6michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
035d30ba17
avcodec/loco: Fix signed integer overflow in loco_get_rice()
...
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aa88cdfd90michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
4f92e48d5c
avformat/thp: Check fps
...
Fixes: division by zero
Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0e15b01b4emichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
374a18fbc8
avformat/mpl2dec: Fix integer overflow with duration
...
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9a42a67c5cmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
75df98c0a0
avcodec/cbs: Allocate more CodedBitstreamUnit at once in cbs_insert_unit()
...
Fixes: Timeout (85sec -> 0.5sec)
Fixes: 20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360
Fixes: 21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656
Fixes: 21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 49ba60fed0michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
c540f6939d
avcodec/mpeg12dec: remove outdated comments
...
Found-by: Kieran
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 48de8f5816michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
4dec5b22ac
avcodec/snowdec: Avoid integer overflow with huge qlog
...
Fixes: integer overflow
Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 38fbf33c72michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
361416218a
avformat/mov: Check if DTS is AV_NOPTS_VALUE in mov_find_next_sample().
...
Signed-off-by: Dale Curtis <dalecurtis@chromium.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bf446711bcmichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
500965b7ee
avcodec/mpeg12dec: Fix got_output
...
This makes got_output consistent with the code in slice_end() which sets the output
in slice_end()
if (s->pict_type == AV_PICTURE_TYPE_B || s->low_delay) {
int ret = av_frame_ref(pict, s->current_picture_ptr->f);
...
} else {
Fixes: assertion failure
Fixes: 22178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5664234440753152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f33a9803amichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
a09705cf48
avformat/4xm: Cleanup on GET_LIST_HEADER() failure
...
Fixes: memleak
Fixes: 23142/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5932860820422656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5313ce654michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
a497d3de31
avcodec/lzf: Consider the needed size in reallocation
...
Fixes: NULL pointer dereference
Fixes: 22381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5659879921680384.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 292b9b93a5michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
3e88f40dfc
avformat/mlvdec: fail reading a packet with 0 streams
...
Fixes: NULL pointer dereference
Fixes: 22604/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5667739074297856.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5bd5c31087michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
a77a20ddee
avformat/thp: Check compcount
...
Fixes: out of array access
Fixes: 22520/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5100297658826752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1ba8484559michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
7991001f9d
avcodec/adpcm: XA: Check shift similar to filter
...
Fixes: negative shift
Fixes: 22499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5765452130418688
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6d96bae9c4michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
ab4798ae39
avcodec/huffyuvdec: Test vertical coordinate more often
...
Fixes: out of array access
Fixes: 22892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5135996772679680.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a1223ddc56michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
e19a5624d5
avformat/rawdec: fix identifier names
...
Fixes: out of array access
Fixes: 22686/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5121369624018944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov <anton@khirnov.net >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 71a822fa35michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
2f5040203b
avcodec/hq_hqa: Check info size
...
Fixes: assertion failure
Fixes: 21079/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5737046523248640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cf28521feemichael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
b4c08bbd9c
avcodec/wmalosslessdec: Fix integer overflow in mclms_predict()
...
Fixes: signed integer overflow: 2147483636 + 2048 cannot be represented in type 'int'
Fixes: 22016/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5109395618004992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c42ed06695michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
0a93c8b60b
avcodec/vp9dsp_template: Fix integer overflow(s) in iadst16_1d()
...
Fixes: signed integer overflow: 1080285923 - -1130879337 cannot be represented in type 'int'
Fixes: 22002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-6260237310099456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 071e293723michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
aab78e0c00
avcodec/h264dec: Disable forced small_padding on flag2 fast
...
Fixes: 20978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5746381832847360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
6555a71388
avformat/oggparsevorbis: Error out on double init of vp
...
Fixes: memleak
Fixes: 19949/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5743636058210304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2a3bbc0086michael@niedermayer.cc >
2020-07-05 01:47:56 +02:00
9ffcbf1db9
avcodec/h264_metadata_bsf: Fix invalid av_freep
...
This bug was introduced in 3c8a2a1180jamrial@gmail.com >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 04e06beb0aandreas.rheinhardt@gmail.com >
2020-07-04 22:32:14 +02:00
210aa29b42
avformat/hnm: Check for extradata allocation failure
...
and also add padding to it; moreover, don't use memcpy to write one byte
to extradata.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9e0f3352d1andreas.rheinhardt@gmail.com >
2020-07-02 01:25:24 +02:00
