highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
98,631 Commits 36 Branches 392 Tags
ff0eb21c7522ceedc3e1d6836b5f15702ba3592c
Commit Graph

98631 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
4e08ecb7a4 avformat/samidec: Sanity check pts 
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 29743/clusterfuzz-testcase-minimized-ffmpeg_dem_SAMI_fuzzer-5499256859394048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2014b01352)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
186df3419c avcodec/jpeg2000dec: Check atom_size in jp2_find_codestream() 
Fixes: Infinite loop
Fixes: 29722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6412228041506816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a2082a41b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
fc22600d5c avformat/avidec: Use 64bit in get_duration() 
Fixes: signed integer overflow: 2147483424 + 8224 cannot be represented in type 'int'
Fixes: 29619/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5191424373030912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a0ceb0cdd4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
6112b1b6e4 avformat/mov: Check for duplicate st3d 
Fixes: memleak
Fixes: 29585/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6594188688490496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 658f0606cb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
ff6a6b9417 avformat/mvdec: Check for EOF in read_index() 
Fixes: Timeout
Fixes: 29550/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5094307193290752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6c64351bb1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
4a4f4cc814 avcodec/jpeglsdec: Fix k=16 in ls_get_code_regular() 
Fixes: Timeout
Fixes: left shift of 33046 by 16 places cannot be represented in type 'int'
Fixes: 29258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-4889231489105920
Fixes: 29515/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-6161940391002112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 980900d991)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
499970980f avformat/id3v2: Check the return from avio_get_str() 
Fixes: out of array access
Fixes: 29446/clusterfuzz-testcase-minimized-ffmpeg_dem_AAC_fuzzer-5096222622875648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 25f240fcb3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
fc0453d3e4 avcodec/hevc_sei: Check payload size in decode_nal_sei_message() 
Fixes: out of array access
Fixes: 29392/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4821602850177024.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0791a515d3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
aaa74324ca libavutil/eval: Remove CONFIG_TRAPV special handling 
Fixes: division by zero
Fixes: 29555/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVO_fuzzer-5149951447400448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8574fcbfc7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
f678e8196c avformat/wtvdec: Check len in parse_chunks() to avoid overflow 
Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int'
Fixes: 30084/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6192261941559296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5552ceaf56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
a5f1321f81 avformat/asfdec_f: Add an additional check for the extradata size 
Fixes: OOM
Fixes: 30066/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6182309126602752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c8cd4490a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
81735671c2 avformat/3dostr: Check sample_rate 
Fixes: signed integer overflow: -1268324762623155200 * 8 cannot be represented in type 'long'
Fixes: 30123/clusterfuzz-testcase-minimized-ffmpeg_dem_THREEDOSTR_fuzzer-6710765123928064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7e5034f97e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
8373b3baa0 avformat/4xm: Make audio_frame_count 64bit 
Fixes: signed integer overflow: 2099257366 * 2 cannot be represented in type 'int'
Fixes: 27486/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-5112179134824448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 842c268c64)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
b368f9cc8d avformat/mov: Use av_mul_q() to avoid integer overflows 
Fixes: signed integer overflow: 538976288 * 538976288 cannot be represented in type 'int'
Fixes: 27473/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5758978289827840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f70e1ec0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
ad7c1ed262 avcodec/vp9dsp_template: Fix integer overflows in itxfm_wrapper 
Fixes: signed integer overflow: 2147483641 + 32 cannot be represented in type 'int'
Fixes: 27452/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5078752576667648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4dfb7ff528)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
9797f8dba3 avformat/rmdec: Reorder operations to avoid overflow 
Fixes: signed integer overflow: -2147483648 - 14 cannot be represented in type 'int'
Fixes: 27659/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5697250168406016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b12e713b80)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
506406b803 avcodec/mxpegdec: fix SOF counting 
Fixes: Timeout (>10sec -> 15ms)
Fixes: 27652/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5125920868007936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 401495def6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
77f3b32708 avcodec/rscc: Check inflated_buf size whan it is used 
Fixes: out of array access
Fixes: 27434/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RSCC_fuzzer-5196757675540480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
(cherry picked from commit a5ed6da9bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Michael Niedermayer
1563042dc3 avformat/mvdec: Sanity check SAMPLE_WIDTH 
Fixes: signed integer overflow: 999999999 * 8 cannot be represented in type 'int'
Fixes: 30048/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5864289917337600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab82c10578)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-20 14:21:24 +01:00
Timo Rothenpieler
93061bc90c avcodec/nvenc: fix timestamp offset ticks logic 2021-02-19 22:17:34 +01:00
Michael Niedermayer
d08bcbffff Update for 4.3.2 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:55:32 +01:00
Michael Niedermayer
b6b21c9bb0 avformat/rmdec: Fix codecdata_length overflow check 
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 28509/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-6310969680723968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3c41d0bfd6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:22 +01:00
Michael Niedermayer
9bdf7c4823 avcodec/simple_idct: Fix undefined integer overflow in idct4row() 
Fixes: signed integer overflow: -1498310196 - 902891776 cannot be represented in type 'int'
Fixes: 28445/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5075163389493248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 57f7e5caa3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:22 +01:00
Michael Niedermayer
9c6a0fa8f1 avformat/wavdec: Check block_align vs. channels before combining them 
Fixes: signed integer overflow: 65535 * 65312 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6606935226974208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0af0a80cef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:22 +01:00
Michael Niedermayer
a296ecaa71 avformat/tta: Use 64bit intermediate for index 
Fixes: signed integer overflow: 42032 * 51092 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-6679539648430080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fd61b42b4c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:22 +01:00
Michael Niedermayer
d4e071be5c avformat/soxdec: Check channels to be positive 
Fixes: signed integer overflow: 32 * -1795162112 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SOX_fuzzer-6724151473340416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b0588b73da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:22 +01:00
Michael Niedermayer
bbb5494801 avformat/smacker: Check for too small pts_inc 
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-6705429132476416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f54aab94a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:22 +01:00
Michael Niedermayer
32c6304cf0 avformat/sbgdec: Use av_sat_add64() in str_to_time() 
Fixes: signed integer overflow: 7279992792120000000 + 4611686018427387904 cannot be represented in type 'long long'
Fixes: 29744/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6434060249464832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5441699f83)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:22 +01:00
Michael Niedermayer
3a777a340b avcodec/cscd: Check output len in zlib as in lzo 
Fixes: Timeout (>10sec -> 134ms)
Fixes: 27245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-575318210772992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6de039823c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:22 +01:00
Michael Niedermayer
0011b1f9e8 avcodec/vp3: Check input amount in theora_decode_header() 
Fixes: Timeout
Fixes: 29226/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-6195092572471296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 869fe41d10)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:22 +01:00
Michael Niedermayer
75285f388f avformat/wavdec: Check avio_get_str16le() for failure 
Fixes: out of array access
Fixes: 29195/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5037853281222656

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d7594ee751)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:22 +01:00
Michael Niedermayer
868f4ff955 avformat/flvdec: Check for EOF in amf_skip_tag() 
Fixes: Timeout
Fixes: 29070/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5650106766458880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9725d07a17)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
5eca6df648 avformat/aiffdec: Check size before subtraction in get_aiff_header() 
Fixes: Infinite loop
Fixes: 27235/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5761398380167168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8af299acde)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
19ec9d0dda avformat/electronicarts: More chunk_size checks 
Fixes: Timeout
Fixes: 26909/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6489496553783296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d03f0ec9a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
28df673d7d avcodec/cfhd: check peak.offset 
Fixes: signed integer overflow: -2147483648 - 4 cannot be represented in type 'int'
Fixes: 26907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5746202330267648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 386faeda5f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
9e1fede231 avformat/tedcaptionsdec: Check for overflow in parse_int() 
Fixes: signed integer overflow: 1111111111111111111 * 10 cannot be represented in type 'long'
Fixes: 26892/clusterfuzz-testcase-minimized-ffmpeg_dem_TEDCAPTIONS_fuzzer-5756045055754240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b0f8586ca9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
220eaaf6b6 avformat/nuv: Check channels 
Fixes: signed integer overflow: -3468545475927866368 * 4 cannot be represented in type 'long'
Fixes: 28879/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-6303367307591680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fc45d924d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
529f34568e avcodec/siren: Increase noise category 5 and 6 
The entry read is not used in subsequent computation, thus its
value is not important.

Fixes: out of array read
Fixes: 28578/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SIREN_fuzzer-6332019122503680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f3e4ebb007)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
50d9e4b48c avformat/mpc8: Check size before implicitly converting to int 
Fixes: Timeout
Fixes: 28551/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6229183210586112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78d6d8ddb5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
87c071a7c8 avformat/nutdec: Fix integer overflow in count computation 
Note, the value is checked a few lines later already

Fixes: signed integer overflow: -440402016 - 1879048064 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6603876618469376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0014249fd9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
55ba3505ed avformat/mvi: Use 64bit for testing dimensions 
Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-6649291124899840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 48fb752767)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
94a9ec6339 avformat/utils: Check dts in update_initial_timestamps() more 
Fixes: signed integer overflow: -9223372036853488158 - 90000000 cannot be represented in type 'long long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MPSUB_fuzzer-6696625298866176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 29851cb840)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
293222d8be avformat/mpsubdec: Use av_sat_add/sub64() in fracval handling 
Fixes: signed integer overflow: 9223372036850000000 + 9000000 cannot be represented in type 'long long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MPSUB_fuzzer-665448017480908

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 463e024363)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
146e353d9c avformat/flvdec: Check for avio_read() failure in amf_get_string() 
Suggested-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cb31667611)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
d85607f30a avformat/flvdec: Check for nesting depth in amf_skip_tag() 
Fixes: out of array access
Fixes: 29440/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5985279812960256.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ef522c918)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
bc131525ff avformat/flvdec: Check for nesting depth in amf_parse_object() 
Fixes: out of array access
Fixes: 29202/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5112845840809984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 074e204b42)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
4706b4455b avformat/asfdec_o: Check for EOF in asf_read_marker() 
Fixes: Timeout
Fixes: 26460/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5710884393189376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e3d09f435)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
cb946af7e2 avformat/flvdec: Use av_sat_add64() for pts computation 
Fixes: signed integer overflow: -9223372036854767583 + -65536 cannot be represented in type 'long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-6734549467922432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7a6666b19d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
9f0b673194 avformat/utils: Check dts - (1<<pts_wrap_bits) overflow 
Fixes: signed integer overflow: -9223372036842389247 - 2147483648 cannot be represented in type 'long long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-4845007531671552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d82ee907d6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00
Michael Niedermayer
dda0826ab6 avformat/bfi: Check chunk_header 
Fixes: signed integer overflow: -2147483648 - 3 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6665764123836416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 638a151a87)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-02-02 14:18:21 +01:00