Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5280947fb6db37063334eae5b467cecd2417b063)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This makes the decoder faster
Improves/Fixes: Timeout (22sec -> 20sec)
Testcase: 17619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5078510820917248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 581a895c5c8b464a7fc7ebbaa6d9f565c10bae62)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The specification does not seem to list what the maximum valid
value is
Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int'
Fixes: 16268/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5638164544225280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e1255789941d213a8e193469d0687946c9fa4a63)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1927975249 - -514719744 cannot be represented in type 'int'
Fixes: 16413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5651206856245248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 661a9b274b0181b2e36ff21fd13840f35992bea6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
There seems to be no limit in the specification and upto 64k could be stored
512 is choosen as limit as thats the maximum in a conformance sample
An alternative to this patch would be a max_channels variable
Fixes: OOM
Fixes: 16200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5764788793114624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: Thilo Borgmann <thilo.borgmann@mail.de>
Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f51e4d026cc762ff2d47d6107658dbff42ba5ea8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This also makes the code consistent with the existing similar MUL64()
in decode_var_block_data()
Fixes: signed integer overflow: -7277630735906765035 + -3272193951413647896 cannot be represented in type 'long'
Fixes: 16015/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5666552818434048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fad3ec89b7a664b93b5e29bdb0db0cab0272a0c4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483424 - -1772303236 cannot be represented in type 'int'
Fixes: 15708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5067890362941440
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce652324062a2c72f92e40699797630ef7f1ec5a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -1
Fixes: 15719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5685731105701888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be4fb282f9fb00d9c267dcc477745e2e468e758f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1270564968 + 904828220 cannot be represented in type 'int'
Fixes: 15402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5755426823471104
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9cd0d94f59d05e7bfaae9690e827752e7717eda3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int'
Fixes: 15290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5738074249625600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f64f6058e0c23641a68ce7dfe47b1f55efd401c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 15277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5184853437317120
Fixes: 15280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5741062137577472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0794494c8f2f756e3c9384dba21c54f7d4ba9286)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -346039050 * 8 cannot be represented in type 'int'
Fixes: 15283/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5692700268953600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a3bd4b260eb9f0d5817f9b3d672844f127c51a0b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of 72 by 26 places cannot be represented in type 'int'
Fixes: 15279/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5700665621348352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 51f6870c37cc29e1ea7e0c66df2fe505938b7561)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -6
Fixes: 15275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5742361767837696
Fixes: signed integer overflow: 41582592 * 256 cannot be represented in type 'int'
Fixes: 15296/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5739558227935232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e131568752ad41222946304c61eadb87b0a24791)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
No testcase known
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c36fc857b5a8f8bdf2bcc54ce72bbf817902edcf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The maximum number of bits int the prefix code for
p(0) is 4. By setting it as 3, we were missing the
last 0 bit.
This fixes bug #4715 present on the trac.
Signed-off-by: Umair Khan <omerjerk@gmail.com>
Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d64ba9d18294a305f4f46c9a64e592dc5d34aa9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
For max_order = 0 the clipping range is invalid. (amin = 2, amax = 1)
CC: libav-stable@libav.org
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Also change the type of begin, end and smp to ptrdiff_t to make the
comparison well-defined.
CC: libav-stable@libav.org
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
avctx->bits_per_raw_sample is used in get_sbits_long, which only
supports up to 32 bits.
CC: libav-stable@libav.org
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
For max_order = 0 the clipping range is invalid. (amin = 2, amax = 1)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Also change the type of begin, end and smp to ptrdiff_t to make the
comparison well-defined.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If begin is smaller than t, the subtraction 'begin -= t' wraps around,
because begin is unsigned. The same applies for end < t.
This causes segmentation faults.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
avctx->bits_per_raw_sample is used in get_sbits_long, which only
supports up to 32 bits.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If the same idx is used for more than one i, at least one entry in
sconf->chan_pos remains uninitialized.
This can cause segmentation faults.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: abd3c041acbcb816be113455d138166b-asan_heap-oob_b11634_3707_cov_1707137151_als_05_2ch48k16b.mp4
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '23a211cbba0b7c9ee694040031b2e5da1be54a00':
lavc: change all decoders to behave consistently with AV_EF_CRCCHECK.
Conflicts:
libavcodec/avcodec.h
libavcodec/tta.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
