Michael Niedermayer
fee5c1ec54
avformat/tta: Check for EOF in index reading loop
...
Fixes: OOM
Fixes: 33585/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-4564665830080512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b72d657b73michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
e46fac4042
Update missed irc links
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c067d20177michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
b65f9e606a
avformat/rpl: The associative law doesnt hold for signed integers in C
...
Add () to avoid undefined behavior
Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long'
Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 480f11bdd7michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
2955147e93
avcodec/faxcompr: Check available bits in decode_uncompressed()
...
Fixes: Timeout
Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Fixes: 34966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4587409334468608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ff56c139e0michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
2d59246341
avcodec/faxcompr: Check if bits are available before reading in cmode == 9 || cmode == 10
...
Fixes: Timeout
Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7d8421e3d5michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
665192827a
avcodec/utils: do "calc from frame_bytes, channels, and block_align" in 64bit
...
Fixes: signed integer overflow: 104962766 * 32 cannot be represented in type 'int'
Fixes: 33614/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6252129036664832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3447979d08michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
91afefa2b6
avcodec/ttadata: Add sentinel at the end of ff_tta_shift_1
...
Fixes: out of array access
Fixes: 34933/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5629322560929792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit dbbcfbcc4emichael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
95a86b7fc9
avformat/mov: Check for duplicate mdcv
...
Fixes: memleak
Fixes: 34932/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5456227658235904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f54d85cee6michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
f747fd6d6f
avfilter/vf_dctdnoiz: Check threads
...
Fixes: floating point division by 0
Fixes: Ticket 8269
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4a3917c02cmichael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
879ac3418e
avfilter/vf_ciescope: Fix undefined behavior in rgb_to_xy() with black
...
Fixes: floating point division by 0
Fixes: undefined behavior in handling NaN
Fixes: Ticket 8268
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3d500e62f6michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
516632359d
avformat/rpl: Check for EOF and zero framesize
...
Fixes: Infinite loop
Fixes: 34751/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5439330800762880
Fixes: 34774/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5851571660390400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a0a4a527c3michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
c86f19e47c
avcodec/vc2enc: Check for non negative slice bounds
...
Fixes: invalid shifts
Fixes: Ticket 8221
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f7862e8268michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
511989d2a7
avformat/rpl: Use 64bit in bitrate computation and check it
...
Fixes: signed integer overflow: 777777776 * 4 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6726188921913344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 29b244ffc1michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
e01ffd6f3f
avcodec/svq1enc: Do not print debug RD value before it has been computed
...
Avoids floating point division by 0
Fixes: Ticket8191
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c297f7e57amichael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
4e779e4ace
avcodec/aacpsy: Check bandwidth
...
Fixes: Ticket8011
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 36dead4bc2michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
ddd6d344c5
avcodec/aacenc: Do not divide by lambda_count if it is 0
...
Avoids Floating point division by 0
Fixes: Ticket8011
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c520b98691michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
92b047755e
avcodec/aacenc: Use FLT_EPSILON for lambda minimum
...
(cherry picked from commit 4b89cf7aa4michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
7cc32a537b
avformat/cinedec: Fix index_entries size check
...
Fixes: out of array access
Fixes: 29868/clusterfuzz-testcase-minimized-ffmpeg_dem_CINE_fuzzer-5692001957445632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
0ab6b4469c
avfilter/vf_yadif: Fix handing of tiny images
...
Fixes: out of array access
Fixes: Ticket8240
Fixes: CVE-2020-22021
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7971f62120michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
e6b5c7a5fc
avfilter/vf_vmafmotion: Check dimensions
...
Fixes: out of array access
Fixes: Ticket8241
Fixes: Ticket8246
Fixes: CVE-2020-22019
Fixes: CVE-2020-22033
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 82ad1b7675michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
cf876bdef8
avformat/movenc: Check pal_size before use
...
Fixes: assertion failure
Fixes: out of array read
Fixes: Ticket8190
Fixes: CVE-2020-22015
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4c1afa2925michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
196d21d7ee
avcodec/lpc: Avoid floating point division by 0
...
Fixes: Ticket7996
Fixes: CVE-2020-20445
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 38d18fb578michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
e56ee5a3e4
avcodec/aacpsy: Avoid floating point division by 0 of norm_fac
...
Fixes: Ticket7995
Fixes: CVE-2020-20446
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 223b5e8ac9michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
c21762969e
avcodec/aacenc: Avoid 0 lambda
...
Fixes: Ticket8003
Fixes: CVE-2020-20453
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a7a7f32c8amichael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
c840ac7464
avcodec/exr: x/ymax cannot be INT_MAX
...
The code uses x/ymax + 1 so the maximum is INT_MAX-1
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 33158/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5545462457303040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 48342aa075michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
b673bcc017
avformat/avio: Check av_opt_copy() for failure
...
Fixes: CID1477416 Unchecked return value
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f8611ae1efmichael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
a19e2a5a94
avcodec/clearvideo: Check for 0 tile_shift
...
Fixes: shift exponent -1 is negative
Fixes: 33401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5908683596890112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 63e75e09aemichael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
9e98ee41e7
avcodec/vc1: Check remaining bits in ff_vc1_parse_frame_header()
...
Fixes: Timeout
Fixes: 33156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-6259655027326976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 38c4761588michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
f143bb05c6
avformat/mov: Ignore duplicate CoLL
...
Fixes: memleak
Fixes: 32146/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5377612845285376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9548dc74d8michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
6dcff59432
avformat/mov: Limit nb_chapter_tracks to input size
...
Fixes: Timeout (15k loop iterations instead of 400m)
Fixes: 31368/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6601583174483968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 299a56c900michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
16629cf4a6
avformat/utils: Use 64bit earlier in r_frame_rate check
...
Fixes: signed integer overflow: 1406796319 * 2 cannot be represented in type 'int'
Fixes: 32777/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5632576913014784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 578633fc1amichael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
6785185ea5
avformat/mvdec: Check sample rate in parse_audio_var()
...
Fixes: signed integer overflow: -635424002382840000 * 16 cannot be represented in type 'long'
Fixes: 33612/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5704741108711424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0ff60249a5michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
4a688d139b
avcodec/faxcompr: Check for end of bitstream in decode_group3_1d_line() and decode_group3_2d_line()
...
Fixes: infinite loop
Fixes: 33674/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4816457818046464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 08d2df4153michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
92ecb9c9e6
avcodec/utils: treat PAL8 for jpegs similar to other colorspaces
...
Fixes: out of array access
Fixes: 33713/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5778775641030656
Fixes: 33717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4960397238075392
Fixes: 33718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-5314270096130048.fuzz
Fixes: 33719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5352721864589312
Fixes: 33721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5938892055379968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f0ce023ddbmichael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
0d5e8b2746
avcodec/jpeglsdec: Set alpha plane in PAL8 so image is not 100% transparent
...
Fixes: tickets/3933/128.jls
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 011006874cmichael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
fdfacc449b
avformat/asfdec_o: Use ff_get_extradata()
...
Fixes: OOM
Fixes: 27240/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5937469859823616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 098314e1e5michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
97c9eaaf04
avformat/id3v2: Check end for overflow in id3v2_parse()
...
Fixes: signed integer overflow: 9223372036840103978 + 67637280 cannot be represented in type 'long'
Fixes: 33341/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6408154041679872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit efdb564504michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
7d64c2256e
avformat/wtvdec: Improve size overflow checks in parse_chunks()
...
Fixes: signed integer overflow: 32 + 2147483647 cannot be represented in type 'int
Fixes: 32967/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5132856218222592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f8ec1da8acmichael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
33dc68cad1
avcodec/faxcompr: Check remaining bits on error in decode_group3_1d_line()
...
Fixes: Timeout
Fixes: 32886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4779761466474496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7b3881f0damichael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
5ca2f59b89
avcodec/utils: Check ima wav duration for overflow
...
Fixes: signed integer overflow: 44331634 * 65 cannot be represented in type 'int'
Fixes: 32120/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-5760221223583744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f40e9b1355michael@niedermayer.cc >
2021-10-06 13:54:16 +02:00
Michael Niedermayer
8620139042
avformat/cafdec: Check channels
...
Fixes: signed integer overflow: -1184429040541376544 * 32 cannot be represented in type 'long'
Fixes: 31788/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6236746338664448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 641c1db22bmichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
98843a29eb
avcodec/dpx: Check bits_per_color earlier
...
Fixes: shift exponent 251 is too large for 32-bit type 'int'
Fixes: 32147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-5519111675314176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c093eb3031michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
d1ec3974a4
avcodec/pnm_parser: Check image size addition for overflow
...
Fixes: assertion failure
Fixes: out of array access
Fixes: 32664/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6533642202513408.fuzz
Fixes: 32669/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6001928875147264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 79ac8d5546michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
746fda9419
avcodec/h265_metadata_bsf: Check nb_units before accessing the first in h265_metadata_update_fragment()
...
Fixes: null pointer dereference
Fixes: 32113/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-4803262287052800
Same as 0c48c332eehttps://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 497ea04dbdmichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
ddcaa14abb
avformat/rmdec: use larger intermediate type for audio_framesize * sub_packet_h check
...
Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
Fixes: 31406/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5024692843970560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cf2fd9204bmichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
7cafb6461d
avcodec/h264_slice: Check input SPS in ff_h264_update_thread_context()
...
Fixes: crash
Fixes: check_pkt.mp4
Found-by: Rafael Dutra <rafael.dutra@cispa.de >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ceae92cb29michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
94c0877dd0
avcodec/mpegvideo: Update chroma_?_shift in ff_mpv_common_frame_size_change()
...
Fixes: out of array access
Fixes: 31201/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4627865612189696.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 87d87e6587michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
d24c7e4c8b
avformat/mov: Ignore multiple STSC / STCO
...
Fixes: STSC / STCO inconsistency and assertion failure
Fixes: crbug1184666.mp4
Found-by: Chromium ASAN fuzzer
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2611d20d35michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
fbb6d182d0
avformat/utils: Extend overflow check in dts wrap in compute_pkt_fields()
...
Fixes: signed integer overflow: -9223372032574480351 - 4294967296 cannot be represented in type 'long long'
Fixes: 30022/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5568610275819520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b37ff29e0emichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
41903a9dd2
avfilter/vf_scale: Fix adding 0 to NULL (which is UB) in scale_slice()
...
Found-by: Jeremy Leconte <jleconte@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1cf96ce269michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
