aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Changelog: updaten4.0.5Michael Niedermayer2019-11-211-0/+10
|
* avcodec/iff: Move index use after check in decodeplane8()Michael Niedermayer2019-11-211-1/+2
| | | | | | | | | | | Fixes: index 9 out of bounds for type 'const uint64_t [8][256]' Fixes: 18409/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5767030560522240 Fixes: 18720/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5651995784642560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1f8b36cc45406f66aac635a4db32d2a5cc29f43) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/atrac3: Check for huge block alignsMichael Niedermayer2019-11-211-1/+1
| | | | | | | | | | | | | | | The largest documented frame size = block align is 1024 bytes (https://wiki.multimedia.cx/index.php/ATRAC3) Without a limit this can allocate arbitrary memory and trigger OOM Fixes: OOM Fixes: 18337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3_fuzzer-5763861478637568 Fixes: 18556/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3AL_fuzzer-5646183334936576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f09151fff9c754fbc1d2560adf18b14957f8b181) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ralf: use multiply instead of shift to avoid undefined behavior in ↵Michael Niedermayer2019-11-211-1/+1
| | | | | | | | | | | | decode_block() Fixes: left shift of negative value -249 Fixes: 18566/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5649394561187840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1b7d02642b2096622cee6165fea1301bb9ad54ff) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmadec: Require previous exponents for reuseMichael Niedermayer2019-11-212-0/+4
| | | | | | | | | | Fixes: division by zero Fixes: 18474/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5764986962182144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c54b9fc42fee613e2c4c0dae2052ff94cd15e254) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: Fix undefined behavior in ac prediction rescalingMichael Niedermayer2019-11-211-2/+2
| | | | | | | | | | | | | The intermediates are required to fit in 12bit (8.1.3.9 Coefficient Scaling) See SMPTE 421M-2006 and Amendment 1-2007 Fixes: signed integer overflow: -20691 * 262144 cannot be represented in type 'int' Fixes: 18479/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5128912371187712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7fc1baf0ca83ef06014878290339a59735603959) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdm2: The smallest header seems to have 2 bytes so treat 1 as invalidMichael Niedermayer2019-11-211-1/+1
| | | | | | | | | | Fixes: Timeout (217sec -> 2ms) Fixes: 18488/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5708293662310400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e36ccb5048f052b8b2ef08281cb607fa53a7b7e4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fixes integer overflow of res+*data in do_apply_filter()Michael Niedermayer2019-11-211-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 7400 + 2147482786 cannot be represented in type 'int' Fixes: 18405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5708834760294400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dc3f327e7403a34c88a900f0b8de55b4afd7cf6c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sonic: Fix integer overflow in predictor_calc_error()Michael Niedermayer2019-11-211-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 5 * -1094995529 cannot be represented in type 'int' Fixes: 18346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5709623893426176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c8c17b8cef77dc052e8845e5fd86daf2983fd7dd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mp3dec: Check that the frame fits within the probe bufferMichael Niedermayer2019-11-211-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e9a335150a62bb377a26ce096187b4476145d02b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/tableprint_vlc: Remove avpriv_request_sample() from included files.Carl Eugen Hoyos2019-11-151-0/+1
| | | | | | | | Fixes compilation with --enable-hardcoded-tables. Fixes ticket #7962. (cherry picked from commit c8232e50074f6f9f9b0674d0a5433f49d73a4e50) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Update for 4.0.5Michael Niedermayer2019-11-113-2/+324
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmaprodec: get frame during frame decodeMichael Niedermayer2019-11-111-4/+6
| | | | | | | | | | | Fixes: memleak Fixes: 17615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5681306024804352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0f89a2293ea5f642a67700225d76948ed154418e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/interplayacm: Fix overflow of last unused valueMichael Niedermayer2019-11-111-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -2147450880 - 65535 cannot be represented in type 'int' Fixes: 18393/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5667520110919680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 10eabb8e40df0ad84470d750f903917f4a05cb1f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/adpcm: Fix undefined behavior with negative predictions in IMA OKIMichael Niedermayer2019-11-111-1/+1
| | | | | | | | | | Fixes: left shift of negative value -30 Fixes: 18392/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_OKI_fuzzer-5631771831435264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7786f6c30e77a393b72ded01baa4250738925509) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cook: Move up and extend block_align checkMichael Niedermayer2019-11-111-4/+3
| | | | | | | | | | Fixes: signed integer overflow: 2046820356 * 8 cannot be represented in type 'int' Fixes: 18391/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5631674666188800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1c63edcdd208bf18a3be66e94deb6ac115f6364e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sbcdec: Fix integer overflows in sbc_synthesize_four()Michael Niedermayer2019-11-111-14/+14
| | | | | | | | | | Fixes: signed integer overflow: 1494495519 + 1494495519 cannot be represented in type 'int' Fixes: 18347/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SBC_fuzzer-5711714661695488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 00e469fb6123df92ec3c54ab3b37f77e21d297be) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/twinvq: Check block_alignMichael Niedermayer2019-11-111-7/+10
| | | | | | | | | | Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int' Fixes: 18348/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_METASOUND_fuzzer-6681325716635648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 97f778e9c55328e8b48f4b8b4171245e5f2232f6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cook: Enlarge gain tableMichael Niedermayer2019-11-111-4/+4
| | | | | | | | | | Fixes: index 25 out of bounds for type 'float [23]' Fixes: 18355/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5641398941908992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 50001cd440ac89ed125f0154dedbcfa2718d2d68) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cook: Check samples_per_channel earlierMichael Niedermayer2019-11-111-8/+9
| | | | | | | | | | Fixes: division by zero Fixes: 18362/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5653727679086592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 57750bb629a145326e20b8760f21f1041464a937) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/atrac3plus: Check split point in fill mode 3Michael Niedermayer2019-11-111-0/+4
| | | | | | | | | | Fixes: index 32 out of bounds for type 'int [32]' Fixes: 18350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3P_fuzzer-5643794862571520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit de5102fd92de8d353fdf060375ed3ce859c83977) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmavoice: Check sample_rateMichael Niedermayer2019-11-111-0/+3
| | | | | | | | | | Fixes: left shift of 538976288 by 8 places cannot be represented in type 'int' Fixes: 18376/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5741645391200256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 55c97a763783540ee48a326a3e82fbdea42f8280) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/xsubdec: fix overflow in alpha handlingMichael Niedermayer2019-11-111-1/+1
| | | | | | | | | | Fixes: left shift of 255 by 24 places cannot be represented in type 'int' Fixes: 18368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XSUB_fuzzer-5702665442426880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9ea997395909907f569787d4ba5b96352ad31a80) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/iff: Check available space before entering loop in ↵Michael Niedermayer2019-11-111-0/+6
| | | | | | | | | | | | decode_long_vertical_delta2() / decode_long_vertical_delta() Fixes: Timeout (31sec -> 41ms) Fixes: 18380/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5645210121404416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 32b3c8ce7d050210d210511cdb8c6644664a70ab) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflow in filter_3800()Michael Niedermayer2019-11-111-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2117181180 + 60483298 cannot be represented in type 'int' Fixes: 18344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5685327791915008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1c038c5c63375883a8a94332cffd701c4cb1301a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/lfg: Document the AVLFG structMichael Niedermayer2019-11-111-0/+6
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d6fea2ef221a2f438cc55e82c61d0375750edf94) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: Use a different error message for the slice level CRCMichael Niedermayer2019-11-111-1/+1
| | | | | | | | This way they can be told apart easily Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit df498cf544fd4690e5a246925e4de1125b57795b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830()Michael Niedermayer2019-11-111-1/+2
| | | | | | | | | | Fixes: signed integer overflow: -1094995529 * 2 cannot be represented in type 'int' Fixes: 18281/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5692589180715008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1d1719a44dd43b2d9d8ccd26e3b2854e675a7bd7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dstdec: Check that AC probabilities are within rangeMichael Niedermayer2019-11-111-0/+4
| | | | | | | | | | | | | ISO/IEC 14496-3:2005(E): "Each entry of P_one[ ][ ] is in the range of 1 to 128, corresponding to a probability of 1/256 to 128/256 of the next error bit (bit E, See Figure 10.5)..." Fixes: Timeout (42sec ->1sec) Fixes: 18181/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5736646250594304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0c3e1b395b47fac44397604b2a3343c4bd92561c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dstdec: Check read_table() for failureMichael Niedermayer2019-11-111-2/+6
| | | | | | | | | | Fixes: Timeout (too long -> 42sec) Fixes: 18181/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5736646250594304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 03ea8d8cd45e55eeb9675c38184dc2149710a557) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowenc: Set mb_num to avoid ratecontrol floating point divisions by 0.0Michael Niedermayer2019-11-111-0/+1
| | | | | | | | Fixes: Ticket7990 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 55279d699fa64d8eb1185d8db04ab4ed92e8dea2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowenc: Fix 2 undefined shiftsMichael Niedermayer2019-11-111-2/+2
| | | | | | | | Fixes: Ticket7990 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8802e329c8317ca5ceb929df48a23eb0f9e852b2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nutenc: Do not pass NULL to memcmp() in get_needed_flags()Michael Niedermayer2019-11-111-5/+6
| | | | | | | | | | | | | | | | This compared to the other suggestions is cleaner and easier to understand keeping the condition in the if() simple. This affects alot of fate tests. See: [FFmpeg-devel] [PATCH 05/11] avformat/nutenc: Don't pass NULL to memcmp See: [FFmpeg-devel] [PATCH]lavf/nutenc: Do not call memcmp() with NULL argument Fixes: Ticket 7980 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e4fdeb3fcefeb98f2225f7ccded156fb175959c5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aptx: Check the number of channelsMichael Niedermayer2019-11-111-0/+3
| | | | | | | | | | Fixes: store to null pointer of type 'uint32_t' (aka 'unsigned int') Fixes: 18021/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APTX_HD_fuzzer-5761738313564160 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 98a257c3235bdc18151534134148845728418248) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_template: Check samplerateMichael Niedermayer2019-11-111-0/+3
| | | | | | | | | | Fixes: signed integer overflow: 2 * 1881153568 cannot be represented in type 'int' Fixes: 17996/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5687126468853760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7730bacb413fcb59f30acef0b2c6d50c5e6382d6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/truemotion2: Fix several integer overflows in tm2_low_res_block()Michael Niedermayer2019-11-111-3/+3
| | | | | | | | | | Fixes: signed integer overflow: 1077952576 + 1355863565 cannot be represented in type 'int' Fixes: 16196/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5679842317565952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2b655f55eaf09eb99b5e694dba2c0cf73fa2c646) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Check block_alignMichael Niedermayer2019-11-111-0/+5
| | | | | | | | | | | | | Fixes: out of array access Fixes: 18432/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5675574936207360 Fixes: 18326/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5071752362721280 Fixes: 18384/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV1_fuzzer-5769439500304384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f011572e66c8dd2f0ac3cb147a769e91f24e0202) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Fix some integer anomaliesMichael Niedermayer2019-11-111-3/+3
| | | | | | | | | | | Fixes: left shift of negative value -341180 Fixes: 18401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5686380134400000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d3dee676b8a8ab6752c599e25c9b5461f06a3959) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/adpcm: Fix invalid shifts in ADPCM DTKMichael Niedermayer2019-11-111-1/+1
| | | | | | | | | | | Fixes: left shift of negative value -1 Fixes: 18397/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_DTK_fuzzer-5675653487132672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 34e701ff93b664703e1bc1b1a6073fa058b02f34) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Only clear the needed buffer space, instead of allMichael Niedermayer2019-11-111-1/+1
| | | | | | | | | | | Fixes: Timeout (15sec -> 0.4sec) Fixes: 18396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5730080487112704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f17ea0200178a4dae446a6bec2f68312f41714a0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/libvorbisdec: Fix insufficient input checks leading to out of array ↵Michael Niedermayer2019-11-111-4/+7
| | | | | | | | | | | | reads Fixes: 16144/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_fuzzer-5638618940440576 Fixes: out of array read Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 069be4aa5ddce4479b18896d80a852b144e680df) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g723_1dec: fix invalid shift with negative sid_gainMichael Niedermayer2019-11-111-1/+1
| | | | | | | | | | | Fixes: left shift of negative value -1 Fixes: 18395/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5710313034350592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1850c3feaa1c7b5b63a55c61075029fa59c84e66) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp5: Check render_x/yMichael Niedermayer2019-11-111-2/+7
| | | | | | | | | | | Fixes: Timeout (15sec -> 91ms) Fixes: 18353/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP5_fuzzer-5704150326706176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 698e042c77ecb5b0d616de254adc783e8b61b9c4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdrw: Check input for header/skiped space before get_buffer()Michael Niedermayer2019-11-111-0/+2
| | | | | | | | | | Fixes: Timeout (21sec -> 0.8sec) Fixes: 17990/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDRAW_fuzzer-5200374436200448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b63fbc19c09d0b42da4f83c21fcf362d6ed7c545) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ralf: Skip initializing unused filter variablesMichael Niedermayer2019-11-111-2/+4
| | | | | | | | | | Fixes: left shift of negative value -1 Fixes: 17890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5643307467669504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f4ecf6c39de9a7cc1dae70cf87c225771001e883) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/takdec: Fix overflow with large sample ratesMichael Niedermayer2019-11-111-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 511 cannot be represented in type 'int' Fixes: 17899/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5719753322135552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 42eb78059d149abcd994f46c8b8a0dd98e86b594) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Check that input space for header exists in ↵Michael Niedermayer2019-11-111-0/+3
| | | | | | | | | | | | read_diff_float_data() Fixes: Timeout (21sec -> 8sec) Fixes: 17832/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5737092172218368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 09581f7923ed9af7719762868e8f1ff626ea8374) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/pjsdec: Check duration for overflowMichael Niedermayer2019-11-111-0/+2
| | | | | | | | | | Fixes: signed integer overflow: -3 - 9223372036854775807 cannot be represented in type 'long' Fixes: 17828/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5645915116797952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1efaac69328bdc17680924c71be7ec990f0e8f2c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ptx: Check that the input contains at least one lineMichael Niedermayer2019-11-111-0/+3
| | | | | | | | | | Fixes: Timeout (19sec -> 44ms) Fixes: 17816/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PTX_fuzzer-5704459950227456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a6ad328256fe6a6ace7d1e15f3515afccf1247fc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alac: Fix integer overflow in LPCMichael Niedermayer2019-11-111-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483628 + 128 cannot be represented in type 'int' Fixes: 17783/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5146470595952640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 44b73a0568f8ad5993ec79b29873151f316bf95c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-27 06:06:52 +0000