aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update for 4.0.1n4.0.1Michael Niedermayer2018-06-163-2/+111
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_fixed: Fix undefined integer overflow in ↵Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | | | apply_independent_coupling_fixed() Fixes: signed integer overflow: 1195517 * 2048 cannot be represented in type 'int' Fixes: 8636/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4695836326887424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8bd514d9343746566b123275f8b6d0e9c11ec2b0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt_template: Fix undefined behavior in interleave()Michael Niedermayer2018-06-151-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8697/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5197148130902016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 575d8ca0260fabac29e5b3541154633569ce2b5d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/common: Fix undefined behavior in av_clip_uintp2_c()Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 8521/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5639024952737792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa41d322be71106ce147445f2b42bb763f1eff86) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* fftools/ffmpeg: Fallback to duration if sample rate is unavailableMichael Niedermayer2018-06-151-2/+6
| | | | | | | | | | | Regression since: af1761f7 Fixes: Division by 0 Fixes: ffmpeg_crash_1 Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 16d8b13b3b26c19d7f8856e039fe6662d96b4ff3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Only set pkt->duration to non negative valuesMichael Niedermayer2018-06-151-1/+3
| | | | | | | Reviewed-by: Sasi Inguva <isasi@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8176799f31b23849382623f0f9001acc5edf7c76) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Clear bits_per_raw_sample if it has originated from a ↵Michael Niedermayer2018-06-151-0/+6
| | | | | | | | | | | | previous instance Fixes: assertion failure Fixes: ffmpeg_crash_5.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2fc108f60f98cd00813418a8754a46476b404a3c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: fix recognization of cover image streamsTimo Teräs2018-06-151-18/+18
| | | | | | | | | | | | For chapter images, the mov demux produces streams with disposition set to attached_pic+timed_thumbnails. This patch fixes to properly recognize streams that should be encoded as cover image (ones with only and only attached_pic disposition set). Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2223811b015926fec68473a08016d40cea0989b2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: properly handle cover image codecsTimo Teräs2018-06-151-18/+12
| | | | | | | | | | | | | Find codec tag for attached images using appropriate list of supported image formats. This fixes writing the cover image to m4v/m4a and other container formats that do not allow these codecs as a track. Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 12205d2c896b7edbc929d4886e7bfda4b53538e5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_slice: Fix overflow in recovery_frame computationMichael Niedermayer2018-06-151-3/+9
| | | | | | | | | | Fixes: signed integer overflow: 15 + 2147483646 cannot be represented in type 'int' Fixes: 8381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6225533137321984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c20ea8ee0f3f0b27aca0204c6dfaa4ac137e34e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in ↵Michael Niedermayer2018-06-152-1/+1
| | | | | | | | h264_sei Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b796c5ae9299c795cba0d16ce1d8eef05488953b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_mc_template: Only prefetch motion if the list is used.Michael Niedermayer2018-06-151-1/+2
| | | | | | | | | | Fixes: index 59 out of bounds for type 'H264Ref [48]' Fixes: 8232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5703295145345024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8b55591757244d8244a2be369c2b54c9ae79b02a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/xwddec: Use ff_set_dimensions()Michael Niedermayer2018-06-151-2/+6
| | | | | | | | | | | Fixes: OOM Fixes: 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c2852e4e00de4073ff7de82d41cb3368702686e8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix overflow in adding tailMichael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2146907204 + 26846088 cannot be represented in type 'int' Fixes: 8105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-6233036682166272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d13379fb79708f550460dd6d698023bf26f968d5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Fix multiple integer overflowsMichael Niedermayer2018-06-151-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int' Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f2abd36b3863188894fd21964c662b6c17268bfb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Fix undefined shift in fix_bitshift()Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: left shift of negative value -9 Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 606c7148231404544005c0827b83c165dd6b39a8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Fix a negative left shift in shorten_decode_frame()Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: left shift of negative value -9057 Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a711efe922b2bf1d363bdf7f8357656c3e35021e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Sanity check nmeansMichael Niedermayer2018-06-151-0/+4
| | | | | | | | | | | | | Fixes: OOM Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232 The reference software appears to use longs for 32bits and it uses int for nmeans hinting that the intended maximum size was not 32bit. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d91a0b503d7a886587281bc1ee42476aa5e89f85) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()Michael Niedermayer2018-06-151-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 424a81df107b63a166894a4aee3d27702ae3f459) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int' Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 936f4a2c2e14ec753e8835f2e820b4cd9aec9a56) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/truemotion2: Fix overflow in tm2_apply_deltas()Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 1077952576 + 1077952576 cannot be represented in type 'int' Fixes: 7712/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5056281753681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 79c6047c3668c639f717b3a7001a34dddba0ede2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.cMichael Niedermayer2018-06-151-2/+4
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -1440457022 - 785819492 cannot be represented in type 'int' Fixes: 7700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OPUS_fuzzer-6595838684954624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e7dda51150b73e5fbdccf4c2d3a72e356980fba3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/amrwbdec: Fix division by 0 in find_hb_gain()Michael Niedermayer2018-06-151-3/+8
| | | | | | | | | | | This restructures the code slightly toward D_UTIL_dec_synthesis() Fixes: 7420/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMRWB_fuzzer-6577305112543232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dce80a4b47efaba97707bda781a9ee57f5a26974) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h263dec: Reinitialize idct context if it has not been setup for the ↵Michael Niedermayer2018-06-151-0/+2
| | | | | | | | | | active profile The profile after reading headers can be different from when the context was initialized Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 44a2415a6d94f841f2026bb70b8b3c19ba68aa72) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/idctdsp: Clear idct/idct_add for studio profileMichael Niedermayer2018-06-151-2/+4
| | | | | | | | This does not leave them "as before" which may be a value from a previous profile Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c50d0cccfe4c9f25a8494f76da55dcdc2275058) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: replace a value error by clipping into valid range in ↵Michael Niedermayer2018-06-151-3/+11
| | | | | | | | | | mov_read_stsc() Fixes: #7165 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe84f70819d6f5aab3c4823290e0d32b99d6de78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/bintext: Reduce detection for random .bin files as it more likely ↵Michael Niedermayer2018-06-151-1/+1
| | | | | | | | is not a multimedia related file Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 919e37377a76f63d030d680fcb9506a3f8cc2d62) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Break out early if chunk_count is 0 in mov_build_index()Michael Niedermayer2018-06-151-0/+3
| | | | | | | | | | | Without this some operations might overflow (undefined behavior) even though the index adding loop would never execute No testcase known Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 56e76bd0579cc7f7b28860885d9e569a39daf41b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fic: Avoid some magic numbers related to cursorsMichael Niedermayer2018-06-151-1/+2
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c6a11714c4b1227be62cbc36651ccfc415e8e623) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4video: Detect reference studio streams as studio streamsMichael Niedermayer2018-06-152-9/+25
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ba97d75ac6254db90c64d3c7aacdd0548dca7b24) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Do not corrupt bits_per_raw_sampleMichael Niedermayer2018-06-151-3/+5
| | | | | | | Reviewed-by: Kieran Kunhya <kierank@obe.tv> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9e5d0860c043ba5d1e48c0f8c42b0fe3b6cbeba4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videode: Eliminate out of loop VOP startcode reading for studio ↵Michael Niedermayer2018-06-151-4/+0
| | | | | | | | profile Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9f73ae31e075104c7613d481a09a8b102e6449e9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g2meet: ask for sample with overflowing RGBMichael Niedermayer2018-06-151-1/+1
| | | | | | | | Suggested-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ab834b8f36c8157b7015e849405cbf6ae21e672f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/idctdsp: Transmit studio_profile to init instead of using ↵Michael Niedermayer2018-06-153-1/+5
| | | | | | | | | | | | | | | AVCodecContext profile These 2 fields are not always the same, it is simpler to always use the same field for detecting studio profile Fixes: null pointer dereference Fixes: ffmpeg_crash_3.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b3332a182f8ba33a34542e4a0370f38b914ccf7d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec: Check that the number of channels with dependant streams is ↵Michael Niedermayer2018-06-151-0/+5
| | | | | | | | | | | | | valid Fixes: left shift of 1 by 63 places cannot be represented in type 'long long' Fixes: out of array access Fixes: 7284/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_fuzzer-5767914968842240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e3275f937dc38e740c74539f2f6aad5bfdba2bf1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec: Fix null pointer dereference in ac3_decode_frame()Michael Niedermayer2018-06-151-1/+3
| | | | | | | | | | Fixes: index 8 out of bounds for type 'uint8_t *[8]' Fixes: 7273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-6296497667702784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e3f656f2dea6ef6e2a14e72931f3d6f205f732c8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in ↵Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | | | apply_dependent_coupling_fixed() Fixes: signed integer overflow: -2141499320 + -14469590 cannot be represented in type 'int' Fixes: 7351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-6351214791884800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 90475db97e2e5931d295df6ab86519fa2e14d259) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behaviorMichael Niedermayer2018-06-151-4/+4
| | | | | | | | | | Fixes: signed integer overflow: 1073741842 + 1784008138 cannot be represented in type 'int' Fixes: 6792/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5677589835284480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 62cb6fadf33de6db386deac92853d4b95c930015) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g723_1dec: Clip bits2 in both directionsMichael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: shift exponent 33 is too large for 32-bit type 'int' Fixes: 6743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5823772687859712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 53f241218d9eac368e2e1c58bcca9bbdf10fd0e1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | | | Fixes truncation Fixes Assertion n <= 31 && value < (1U << n) failed at libavcodec/put_bits.h:169 Fixes: ffmpeg_crash_2.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e1182fac1afba92a4975917823a5f644bee7e6e8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mlpdec: Only change noise_type if the related fields are validMichael Niedermayer2018-06-151-4/+5
| | | | | | | | | | | Fixes: inconsistency Fixes:runtime error: index 8 out of bounds for type 'int32_t [8]' Fixes: 6686/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5191383498358784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 63c4a4b0d692bc86142790276358ba35129f2290) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* indeo4: Decode all or nothing of a band header.Michael Niedermayer2018-06-151-3/+8
| | | | | | | | | | | | | | | | This avoids inconsistent value combinations. Alternatively it would be possible to add more checks and careful use of temporary variables, but my try of this quickly seemed to become a rather large change. The disadvantage of this, is that the struct is copied back and forth. Fixes: index 6 out of bounds for type 'const uint16_t [5][16]' Fixes: 6557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-4787296550256640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 10c8521265da86118597336c5589e26de377a374) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec: Use frame_size if superframe_size is 0Michael Niedermayer2018-06-151-0/+3
| | | | | | | | | | | | Fixes: Infinite loop Fixes: 7669/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-4689042185650176 Fixes: 7670/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_AC3_fuzzer-4706306762997760 Fixes: 7672/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-4702108499574784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f77eee67e25b13e32e899efb6fdf01719914353e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Only fail for STCO/STSC contradictions if both existMichael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes regression with playback of GF9720Repeal20the20Eighth20with20Helen20Linehan.m4a See: crbug 822666 Found-by: "Mattias Wadman <mattias.wadman@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c2d689c56646cce64d02a3b75f61c12c5589260) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0Michael Niedermayer2018-06-151-2/+2
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); Fixes: 6500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-4523620274536448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cb944fc7f1327443a0cf449afbce5a3e8712f90f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fic: Check available input space for cursorMichael Niedermayer2018-06-151-0/+4
| | | | | | | | | | Fixes: out of array read Fixes: 6546/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-6317064647081984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cb2f7ea96b4f6e03ebf0c0563677745fc65f148e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Check bps (VOL header) before VOP for studio profileMichael Niedermayer2018-06-151-2/+6
| | | | | | | | | | | | | Fixes: runtime error: shift exponent -1 is negative Fixes: 7486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4977380939530240 Fixes: runtime error: index 36 out of bounds for type 'const uint8_t [32]' Fixes: 7566/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6536620682510336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b3a18511cc93082ebecce0861bc15d7f548492e0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g2meet: Check RGB upper limitMichael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: runtime error: left shift of 1876744317 by 16 places cannot be represented in type 'int' Fixes: 6799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5115274731716608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4dd2c8b9ea46b4e008a8bfc2077834428cd5a17c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Fix undefined shift in the ↵Michael Niedermayer2018-06-151-2/+2
| | | | | | | | | | | | jpeg2000_decode_packets_po_iteration() CPRL case Fixes: shift exponent 47 is too large for 32-bit type 'int' Fixes: 7955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6016721977606144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 652ba72ed3124f201f98eea9bafb2232b535f549) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be doneMichael Niedermayer2018-06-151-0/+3
| | | | | | | | | | Fixes: assertion failure Fixes: 7949/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-4819602782552064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a96c131eb53b00de154f4773d96a3b323ea3daed) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-14 06:35:30 +0000