aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* avcodec/shorten: Check verbatim lengthMichael Niedermayer2018-10-071-0/+5
| | | | | | | | | | Fixes: Timeout Fixes: 9252/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5780720709533696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7007dabec08f2f9f81661e71ef482dde394e17a8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpegaudio_parser: Initialize poutbuf*Michael Niedermayer2018-10-071-0/+2
| | | | | | | | | | | | Possibly fixes: null pointer dereference Possibly fixes: 9352/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5146068961460224 Fixes: Heap-use-after-free Fixes: 9453/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5137954375729152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0f4c3b0b8e5435d13fd3b64c91969b31c3c018dc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacpsdsp_template: Fix integer overflow in ps_stereo_interpolate_c()Michael Niedermayer2018-10-071-4/+4
| | | | | | | | | | Fixes: signed integer overflow: -1813244069 + -1407981383 cannot be represented in type 'int' Fixes: 8823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5643295618236416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 47db5763e21c5e3b0ddde2430d15938f8d88480d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flvenc: Check audio packet sizeMichael Niedermayer2018-10-071-0/+5
| | | | | | | | | | Fixes: Assertion failure Fixes: assert_flvenc.c:941_1.swf Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/svq3: Fix regression decoding some files.Nikolas Bowe2018-10-071-5/+4
| | | | | | | | | | | | | Fixes some SVQ3 encoded files which fail to decode correctly after 6d6faa2a2d. These files exhibit lots of artifacts and logs show "Media key encryption is not implemented". However they decode without artifacts before 6d6faa2a2d. The attatched patch allows these files to successfully decode, but also reject media key files. Tested on the files in #6094 and http://samples.mplayerhq.hu/V-codecs/SVQ3/Vertical400kbit.sorenson3.mov Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5aeb3b008080d8d4a38f245d557dbc9bd6c36dcf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mlp_parser: Check if synccode is within bufferMichael Niedermayer2018-10-071-1/+1
| | | | | | | | | | Fixes: undefined shift Fixes: 9216/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-6281404575907840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 51ac3f43b8bf3b7f2af555af319cd240bb8b4ebf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qtrle: Check remaining bytestream in qtrle_decode_XYbpp()Michael Niedermayer2018-10-071-0/+10
| | | | | | | | | | Fixes: Timeout Fixes: 9213/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QTRLE_fuzzer-5649753332252672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7dd836a3f9771e0e44df1b27e67d6866d91e06d7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Check bytes count in else branch in decode_lowdelay() tooMichael Niedermayer2018-10-071-0/+4
| | | | | | | | | | Fixes: signed integer overflow: 8 * 340018243 cannot be represented in type 'int' Fixes: 9441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5194665207791616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bed125b7108481574f36fdd6ee699b27354602e8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Check slice numbers for overflows in relation to picture ↵Michael Niedermayer2018-10-071-1/+4
| | | | | | | | | | | | dimensions Fixes: signed integer overflow: 88 * 33685506 cannot be represented in type 'int' Fixes: 9433/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5725943535501312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f457c0ad7f73e31e99761f2ad3738cf3b3c24ca0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Change frame_number to 64bit as its a 32bit from the ↵Michael Niedermayer2018-10-071-2/+2
| | | | | | | | | | | | bitstream and we also have a -1 special case Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 9291/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6324345860259840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 462d1be6dec5ff4768be8c202f359cbf037db3c6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt_template: Fix several integer overflows in ↵Michael Niedermayer2018-10-071-4/+4
| | | | | | | | | | | | horizontal_compose_daub97i() Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6047609228623872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 69cac9e130dc8c9d2a5b8012011df372974adf35) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Prevent integer overflow in intermediate in global_mv()Michael Niedermayer2018-10-071-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -393471 * 5460 cannot be represented in type 'int' Fixes: 8890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6299775379963904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 51290406461ed40b70e0e05b389a461a283f3367) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* swresample/swresample: Fix input channel count in resample_first computationMichael Niedermayer2018-10-071-1/+1
| | | | | | | | Found-by: Marcin Gorzel <gorzel@google.com> Reviewed-by: Marcin Gorzel <gorzel@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bce4da85e8110b66040a5fb07ffc724ab4e09a86) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/pixfmt: Document chroma plane size for odd resolutionsMichael Niedermayer2018-10-071-0/+4
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit be0b77e6e83b61c2da338201b5ddfae1c9acedc5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/libsmbclient: return AVERROR_EOF for EOF.Nicolas George2018-09-021-1/+1
| | | | Fix trac ticket #7387.
* lavc/videotoolboxenc: Fix compilation on osx 10.10.5 YosemiteThilo Borgmann2018-08-141-1/+1
| | | | | Signed-off-by: Aman Gupta <aman@tmm1.net> (cherry picked from commit 72d9b8f4c53ce3de48ba43ddeeccc62f6932b376)
* avcodec/mediacodecdec: fix SEGV on modern nvidia decodersAman Gupta2018-08-031-2/+3
| | | | | | | | | | | | | | | | | | | | | This code came originally from gstreamer, where it was added in [1] as a work-around for the Tegra 3. (The alignment was changed in [2] as a response to [3], from 32-bit to 16-bit). gstreamer only used this workaround in the case where the decoder didn't return a slice-height property, but when the code was copied into avcodec the conditional got lost. This commit restores the guard and prefers the slice-height from the decoder when it is available. This fixes segfaults decoding 1920x1080 h264 and mpeg2 videos on the NVidia SHIELD after upgrading to Android Oreo. [1] https://github.com/GStreamer/gst-plugins-bad/commit/a870e6a5c30dd85240fe75c7409cc1cf1b86541d [2] https://github.com/GStreamer/gst-plugins-bad/commit/21ff3ae0b0127bd82951d278ca24f2d54133b7cd [3] https://bugzilla.gnome.org/show_bug.cgi?id=748867 Signed-off-by: Aman Gupta <aman@tmm1.net> (cherry picked from commit 476fd6ba3a7d74ed8be9af10cb9f4d4b3fdaf3e1)
* avcodec/bitstream_filters: check the input argument of av_bsf_get_by_name() ↵James Almer2018-07-281-0/+3
| | | | | | | | | for NULL Fixes crashes like "ffmpeg -h bsf" caused by passing NULL to strcmp() Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 3258cc6507a2012d54889ce5f8efbde7e81d927d)
* avformat/librtmp: fix returning EOF from Read/WriteTimo Rothenpieler2018-07-281-2/+8
| | | | Ticket #7052
* avcodec/videotoolboxenc: fix undefined behavior with rc_max_rate=0Thomas Guillem2018-07-191-1/+4
| | | | | | | | | | | | On macOS, a zero rc_max_rate cause an error from VTSessionSetProperty(kVTCompressionPropertyKey_DataRateLimits). on iOS (depending on device/version), a zero rc_max_rate cause invalid arguments from the vtenc_output_callback after few frames and then a crash within the VideoToolbox library. Signed-off-by: Aman Gupta <aman@tmm1.net> (cherry picked from commit 93e157f40f415119ea0f94b35596965e9870f863)
* Update for 4.0.2n4.0.2Michael Niedermayer2018-07-183-2/+49
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dvdsub_parser: Allocate input paddingMichael Niedermayer2018-07-161-1/+5
| | | | | | | | | | Fixes: out of array read Fixes: 9350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5746777750765568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cd86b5cfe278af79d6b147e122d9a72c270a9fde) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dvdsub_parser: Init output buf/sizeMichael Niedermayer2018-07-161-0/+3
| | | | | | | | No testcase Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9e6c8437761661441d836876934314cb2b8fafe7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt_template: Fix signedness regression in interleave()Michael Niedermayer2018-07-161-2/+2
| | | | | | | | Found-by: <jdarnley> Tested-by: James Darnley <james.darnley@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 181435a4de6e38e0a15ddaf16de9a157ef41cb18) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Simplify last element computation in mov_estimate_video_delay()Michael Niedermayer2018-07-161-3/+2
| | | | | | | | Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Reviewed-by: Sasi Inguva <isasi@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b0644f7f72a9ae64c7285d26ec720441c25d4cf5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Break out of inner loop early in mov_estimate_video_delay()Michael Niedermayer2018-07-161-0/+2
| | | | | | | | | | | | 0.266 <- 0.299 sec (this is time ffmpeg so containing alot other things) Sample for benchmark was: ffmpeg -f rawvideo -pix_fmt yuv420p -s 32x32 -i /dev/zero -t 24:00:00.00 out.mp4 Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Reviewed-by: Sasi Inguva <isasi@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aba13dc13e5233545bdd06f514e0addbb0155c69) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Eliminate variable buf_size from mov_estimate_video_delay()Michael Niedermayer2018-07-161-11/+8
| | | | | | | | Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Reviewed-by: Sasi Inguva <isasi@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3ce4034308a3726395a2c1b18a3dff3554e0b619) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: remove modulo operations from mov_estimate_video_delay()Michael Niedermayer2018-07-161-3/+7
| | | | | | | | | | 0.324 <-0.491 sec Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Reviewed-by: Sasi Inguva <isasi@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c995e01b1e01ac11cf2545b3ce86569a482ff434) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: Write version 2 of audio atom if channels is not knownMichael Niedermayer2018-07-161-1/+1
| | | | | | | | | | | | | The version 1 needs the channel count and would divide by 0 Fixes: division by 0 Fixes: fpe_movenc.c_1108_1.ogg Fixes: fpe_movenc.c_1108_2.ogg Fixes: fpe_movenc.c_1108_3.wav Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* swresample/arm: rename labels to fix xcode build errorRahul Chaudhry2018-07-161-4/+4
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e84212b78e00df17799e01be1e153a073eb8f689) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: Check input sample countMichael Niedermayer2018-07-161-0/+5
| | | | | | | | | | | | | | | | Fixes: division by 0 Fixes: fpe_movenc.c_199_1.wav Fixes: fpe_movenc.c_199_2.wav Fixes: fpe_movenc.c_199_3.wav Fixes: fpe_movenc.c_199_4.wav Fixes: fpe_movenc.c_199_5.wav Fixes: fpe_movenc.c_199_6.wav Fixes: fpe_movenc.c_199_7.wav Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3a2d21bc5f97aa0161db3ae731fc2732be6108b8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Check for odd progressive RGBMichael Niedermayer2018-07-161-0/+4
| | | | | | | | | | Fixes: out of array access Fixes: 9225/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5684770334834688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ee1e3ca5eb1ec7d34e925d129c893e33847ee0b7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp8_parser: Do not leave data/size uninitializedMichael Niedermayer2018-07-161-0/+3
| | | | | | | | | | | | | | This is identical to what the VP9 parser does Fixes: 9215/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVPX_VP8_fuzzer-5768227253649408 Fixes: out of memory access This may also fix oss fuzz issue 9212 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 284dde24dab30225ed3e233b0e5908d67d7e13e7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mms: Add missing chunksize checkMichael Niedermayer2018-07-161-18/+26
| | | | | | | | | | | | Fixes: out of array read Fixes: mms-crash-01b6c5d85f9d9f40f4e879896103e9f5b222816a Found-by: Paul Ch <paulcher@icloud.com> 1st hunk by Paul Ch <paulcher@icloud.com> Tested-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cced03dd667a5df6df8fd40d8de0bff477ee02e8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/pva: Check for EOF before retrying in read_part_of_packet()Michael Niedermayer2018-07-161-0/+4
| | | | | | | | | | Fixes: Infinite loop Fixes: pva-4b1835dbc2027bf3c567005dcc78e85199240d06 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: Do not pass mime type in rm_read_multi() to ↵Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | | | | ff_rm_read_mdpr_codecdata() Fixes: use after free() Fixes: rmdec-crash-ffe85b4cab1597d1cfea6955705e53f1f5c8a362 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a7e032a277452366771951e29fd0bf2bd5c029f0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_o: Check size_bmp more fullyMichael Niedermayer2018-07-161-1/+2
| | | | | | | | | | Fixes: integer overflow and out of array access Fixes: asfo-crash-46080c4341572a7137a162331af77f6ded45cbd7 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mxfdec: Fix av_log contextMichael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: out of array access Fixes: mxf-crash-1c2e59bf07a34675bfb3ada5e1ec22fa9f38f923 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Check for bitstream end in read_quant_matrix_ext()Michael Niedermayer2018-07-161-1/+10
| | | | | | | | | | Fixes: out of array read Fixes: asff-crash-0e53d0dc491dfdd507530b66562812fbd4c36678 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/indeo4: Check for end of bitstream in decode_mb_info()Michael Niedermayer2018-07-161-0/+5
| | | | | | | | | | Fixes: Timeout Fixes: 8776/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5361788798369792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 267ba2aa96354c5b6a1ea89b2943fbd7a4893862) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec: Check channel_map indexMichael Niedermayer2018-07-161-0/+7
| | | | | | | | | | Fixes: out of array read Fixes: 8924/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-5851861780267008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 00f98d23b1462afb97116b947334db3754516207) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Remove use of FF_PROFILE_MPEG4_SIMPLE_STUDIO as ↵Michael Niedermayer2018-07-163-5/+5
| | | | | | | | | | | | | | | | | indicator of studio profile The profile field is changed by code inside and outside the decoder, its not a reliable indicator of the internal codec state. Maintaining it consistency with studio_profile is messy. Its easier to just avoid it and use only studio_profile Fixes: assertion failure Fixes: ffmpeg_crash_9.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bd27a9364ca274ca97f1df6d984e88a0700fb235) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Fix undefined addition in shorten_decode_frame()Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 1139785606 + 1454196085 cannot be represented in type 'int' Fixes: 8937/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6202943597445120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3b10bb8772c76177cc47b8d15a6970f19dd11039) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Fix undefined integer overflowMichael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 8454144 * 256 cannot be represented in type 'int' Fixes: 8788/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5728205041303552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 70832333bba3b915040f415548518e136b44280e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Fixes invalid shifts in ↵Michael Niedermayer2018-07-161-4/+4
| | | | | | | | | | | | jpeg2000_decode_packets_po_iteration() Fixes: shift exponent 47 is too large for 32-bit type 'int' Fixes: 9163/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5661750182543360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 652d7c6348f96181fa69f8e2afb7b27a14c0a88a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Check that there are enough bytes for all tilesMichael Niedermayer2018-07-161-1/+4
| | | | | | | | | | Fixes: OOM Fixes: 8781/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5810709081358336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0898a3d9909960324e27d3a7a4f48c4effbb654a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: Use mov->fc consistently for av_log()Michael Niedermayer2018-07-161-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 872ea3dfe565098570ad213a6f1eb00a805aec5d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Check read profile before setting itMichael Niedermayer2018-07-161-8/+15
| | | | | | | | | | Fixes: null pointer dereference Fixes: ffmpeg_crash_7.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2aa9047486dbff12d9e040f917e5f799ed2fd78b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sampleMichael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: out of array read Fixes: ffmpeg_crash_8.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 95556e27e2c1d56d9e18f5db34d6f756f3011148) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3_parser: Check init_get_bits8() for failureMichael Niedermayer2018-07-161-1/+3
| | | | | | | | | | | Fixes: null pointer dereference Fixes: ffmpeg_crash_6.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 00e8181bd97c834fe60751b0c511d4bb97875f78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 05:08:33 +0000