ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	82c530092b	avcodec/utils: Use 64bit for intermediate in AV_CODEC_ID_ADPCM_THP* duration calculation Fixes: signed integer overflow: 486539264 * 14 cannot be represented in type 'int' Fixes: 35281/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6068262742917120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `00ae9b77ef`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	f7303812dc	avformat/rmdec: Check old_format len for overflow Maybe such large values could be disallowed earlier and closer to where they are set. Fixes: signed integer overflow: 538976288 * 8224 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6704350354341888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `06d174e289`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	ec3839c6be	avformat/realtextdec: Check the pts difference before using it for the duration computation Fixes: signed integer overflow: 5404200000 - -9223372031709351616 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-6737340551790592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fe12aa6890`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	6b1756ae40	avformat/qcp: Avoid negative nb_rates Fixes: signed integer overflow: 2 * -1725947872 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_QCP_fuzzer-6726807632084992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1b865cc703`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	e5308ce13e	avformat/nutdec: Check tmp_size Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6739990530883584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1ca00b5e44`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	b53d3d5d0b	avformat/msf: Check that channels doesnt overflow during extradata construction Fixes: signed integer overflow: 2048 * 1122336 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6726959600107520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a1a277926b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	ed9fe15b49	avformat/mpc8: Check for position overflow in mpc8_handle_chunk() Fixes: signed integer overflow: 15 + 9223372036854775796 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6723520756318208 Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6739833034768384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8ef25d1182`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	433e72f7e5	avformat/iff: Use 64bit in duration computation Fixes: signed integer overflow: 588 * 16719904 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6748331936186368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `93d964689c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	fa4f7b96f4	avformat/dxa: Check fps to be within the supported range more precissely Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself Fixes: assertion failure Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6744985740378112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6ea494befc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	4d153afd9a	avcodec/iff: Only write palette to plane 1 if its PAL8 Fixes: null pointer passed as argument 1, which is declared to never be null Fixes: 33791/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5107575256383488.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `216eb60b85`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	22f1bbf263	avformat/tta: Check for EOF in index reading loop Fixes: OOM Fixes: 33585/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-4564665830080512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b72d657b73`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	68477b1ec0	Update missed irc links Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c067d20177`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	04e7bac763	avformat/rpl: The associative law doesnt hold for signed integers in C Add () to avoid undefined behavior Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long' Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `480f11bdd7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	090e21faef	avcodec/faxcompr: Check available bits in decode_uncompressed() Fixes: Timeout Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112 Fixes: 34966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4587409334468608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ff56c139e0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	9b66b5ccc1	avcodec/faxcompr: Check if bits are available before reading in cmode == 9 \|\| cmode == 10 Fixes: Timeout Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7d8421e3d5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	95f02cf737	avformat/utils: check dts/duration to be representable before using them Fixes: signed integer overflow: 6854513951393103890 + 3427256975738527712 cannot be represented in type 'long' Fixes: 32936/clusterfuzz-testcase-minimized-ffmpeg_dem_R3D_fuzzer-5236914752978944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bf4e7ec825`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	28c8271d21	avcodec/utils: do "calc from frame_bytes, channels, and block_align" in 64bit Fixes: signed integer overflow: 104962766 * 32 cannot be represented in type 'int' Fixes: 33614/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6252129036664832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3447979d08`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	31e285cca7	avcodec/ttadata: Add sentinel at the end of ff_tta_shift_1 Fixes: out of array access Fixes: 34933/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5629322560929792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dbbcfbcc4e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	37f90a4e38	avformat/mov: Check for duplicate mdcv Fixes: memleak Fixes: 34932/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5456227658235904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f54d85cee6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	359e106362	avfilter/vf_dctdnoiz: Check threads Fixes: floating point division by 0 Fixes: Ticket 8269 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4a3917c02c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	ad92dec581	avfilter/vf_ciescope: Fix undefined behavior in rgb_to_xy() with black Fixes: floating point division by 0 Fixes: undefined behavior in handling NaN Fixes: Ticket 8268 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3d500e62f6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	543c437bc2	avformat/rpl: Check for EOF and zero framesize Fixes: Infinite loop Fixes: 34751/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5439330800762880 Fixes: 34774/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5851571660390400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a0a4a527c3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	5c5449bfe0	avcodec/vc2enc: Check for non negative slice bounds Fixes: invalid shifts Fixes: Ticket 8221 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f7862e8268`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	10949da906	avformat/rpl: Use 64bit in bitrate computation and check it Fixes: signed integer overflow: 777777776 * 4 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6726188921913344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `29b244ffc1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	c247aae924	avcodec/svq1enc: Do not print debug RD value before it has been computed Avoids floating point division by 0 Fixes: Ticket8191 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c297f7e57a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	e1a994fd4b	avcodec/aacpsy: Check bandwidth Fixes: Ticket8011 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `36dead4bc2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	0ee20c4a1d	avcodec/aacenc: Do not divide by lambda_count if it is 0 Avoids Floating point division by 0 Fixes: Ticket8011 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c520b98691`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	9cfcbec325	avcodec/aacenc: Use FLT_EPSILON for lambda minimum (cherry picked from commit `4b89cf7aa4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	f9b3aa07be	avformat/cinedec: Fix index_entries size check Fixes: out of array access Fixes: 29868/clusterfuzz-testcase-minimized-ffmpeg_dem_CINE_fuzzer-5692001957445632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	bade86f679	avfilter/vf_yadif: Fix handing of tiny images Fixes: out of array access Fixes: Ticket8240 Fixes: CVE-2020-22021 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7971f62120`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	a6a0416767	avfilter/vf_vmafmotion: Check dimensions Fixes: out of array access Fixes: Ticket8241 Fixes: Ticket8246 Fixes: CVE-2020-22019 Fixes: CVE-2020-22033 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `82ad1b7675`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	e1089a581b	avformat/movenc: Check pal_size before use Fixes: assertion failure Fixes: out of array read Fixes: Ticket8190 Fixes: CVE-2020-22015 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4c1afa2925`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	053cece360	avcodec/lpc: Avoid floating point division by 0 Fixes: Ticket7996 Fixes: CVE-2020-20445 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `38d18fb578`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	ee5387471f	avcodec/aacpsy: Avoid floating point division by 0 of norm_fac Fixes: Ticket7995 Fixes: CVE-2020-20446 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `223b5e8ac9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	ff2159658a	avcodec/aacenc: Avoid 0 lambda Fixes: Ticket8003 Fixes: CVE-2020-20453 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a7a7f32c8a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	6de521a058	avcodec/exr: x/ymax cannot be INT_MAX The code uses x/ymax + 1 so the maximum is INT_MAX-1 Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 33158/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5545462457303040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `48342aa075`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	701dc655da	avformat/avio: Check av_opt_copy() for failure Fixes: CID1477416 Unchecked return value Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f8611ae1ef`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	60d5fa5874	avcodec/clearvideo: Check for 0 tile_shift Fixes: shift exponent -1 is negative Fixes: 33401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5908683596890112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `63e75e09ae`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	326fc42beb	avcodec/vc1: Check remaining bits in ff_vc1_parse_frame_header() Fixes: Timeout Fixes: 33156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-6259655027326976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `38c4761588`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	4630075b7d	avformat/mov: Ignore duplicate CoLL Fixes: memleak Fixes: 32146/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5377612845285376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9548dc74d8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	a956699518	avformat/mov: Limit nb_chapter_tracks to input size Fixes: Timeout (15k loop iterations instead of 400m) Fixes: 31368/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6601583174483968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `299a56c900`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	44b0e786eb	avformat/utils: Use 64bit earlier in r_frame_rate check Fixes: signed integer overflow: 1406796319 * 2 cannot be represented in type 'int' Fixes: 32777/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5632576913014784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `578633fc1a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	ac88b2e2ae	avcodec/alsdec: Fix decoding error with mono audio files highest_decoded_channel is modified to serve as meant. Reported-by: Noboru Harada <noboru@ieee.org> Regression since: `a11aa5f3ed` Fixes: Sin48k16bit1ch.mp4 Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f7987ce966`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	2fa9bf1f35	avformat/mvdec: Check sample rate in parse_audio_var() Fixes: signed integer overflow: -635424002382840000 * 16 cannot be represented in type 'long' Fixes: 33612/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5704741108711424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0ff60249a5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	b4ef072dfe	avcodec/faxcompr: Check for end of bitstream in decode_group3_1d_line() and decode_group3_2d_line() Fixes: infinite loop Fixes: 33674/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4816457818046464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `08d2df4153`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	1941a2abad	avcodec/utils: treat PAL8 for jpegs similar to other colorspaces Fixes: out of array access Fixes: 33713/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5778775641030656 Fixes: 33717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4960397238075392 Fixes: 33718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-5314270096130048.fuzz Fixes: 33719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5352721864589312 Fixes: 33721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5938892055379968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f0ce023ddb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	f0713843e7	avcodec/jpeglsdec: Set alpha plane in PAL8 so image is not 100% transparent Fixes: tickets/3933/128.jls Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `011006874c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	04abdd5154	avformat/asfdec_o: Use ff_get_extradata() Fixes: OOM Fixes: 27240/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5937469859823616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `098314e1e5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	aee30a18c7	avformat/id3v2: Check end for overflow in id3v2_parse() Fixes: signed integer overflow: 9223372036840103978 + 67637280 cannot be represented in type 'long' Fixes: 33341/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6408154041679872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `efdb564504`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00
Michael Niedermayer	793fefb333	avformat/wtvdec: Improve size overflow checks in parse_chunks() Fixes: signed integer overflow: 32 + 2147483647 cannot be represented in type 'int Fixes: 32967/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5132856218222592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f8ec1da8ac`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-06 14:41:41 +02:00

... 3 4 5 6 7 ...

98918 Commits