summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* update for 3.3.8n3.3.8Michael Niedermayer2018-07-163-2/+81
| | | | Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/dvdsub_parser: Allocate input paddingMichael Niedermayer2018-07-161-1/+5
| | | | | | | | | | Fixes: out of array read Fixes: 9350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5746777750765568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit cd86b5cfe278af79d6b147e122d9a72c270a9fde) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/dvdsub_parser: Init output buf/sizeMichael Niedermayer2018-07-161-0/+3
| | | | | | | | No testcase Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9e6c8437761661441d836876934314cb2b8fafe7) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/imgconvert: fix possible null pointer dereferenceSimon Thelen2018-07-161-2/+3
| | | | | | | | regression since 354b26a3945eadd4ed8fcd801dfefad2566241de (cherry picked from commit 8c2c97403baf95d0facb53f03e468f023eb943e1) (cherry picked from commit c1e172c2e14ef059dac632f7c67f081dfecd30dc) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/dirac_dwt_template: Fix signedness regression in interleave()Michael Niedermayer2018-07-161-2/+2
| | | | | | | | Found-by: <jdarnley> Tested-by: James Darnley <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 181435a4de6e38e0a15ddaf16de9a157ef41cb18) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/movenc: Write version 2 of audio atom if channels is not knownMichael Niedermayer2018-07-161-1/+1
| | | | | | | | | | | | | The version 1 needs the channel count and would divide by 0 Fixes: division by 0 Fixes: fpe_movenc.c_1108_1.ogg Fixes: fpe_movenc.c_1108_2.ogg Fixes: fpe_movenc.c_1108_3.wav Found-by: #CHEN HONGXU# <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582) Signed-off-by: Michael Niedermayer <[email protected]>
* swresample/arm: rename labels to fix xcode build errorRahul Chaudhry2018-07-161-4/+4
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e84212b78e00df17799e01be1e153a073eb8f689) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/movenc: Check input sample countMichael Niedermayer2018-07-161-0/+5
| | | | | | | | | | | | | | | | Fixes: division by 0 Fixes: fpe_movenc.c_199_1.wav Fixes: fpe_movenc.c_199_2.wav Fixes: fpe_movenc.c_199_3.wav Fixes: fpe_movenc.c_199_4.wav Fixes: fpe_movenc.c_199_5.wav Fixes: fpe_movenc.c_199_6.wav Fixes: fpe_movenc.c_199_7.wav Found-by: #CHEN HONGXU# <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 3a2d21bc5f97aa0161db3ae731fc2732be6108b8) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mjpegdec: Check for odd progressive RGBMichael Niedermayer2018-07-161-0/+4
| | | | | | | | | | Fixes: out of array access Fixes: 9225/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5684770334834688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ee1e3ca5eb1ec7d34e925d129c893e33847ee0b7) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/movenc: Check that frame_types other than ↵Michael Niedermayer2018-07-161-0/+5
| | | | | | | | | | | | EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id Fixes: out of array access Fixes: ffmpeg_bof_1.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ed22dc22216f74c75ee7901f82649e1ff725ba50) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/vp8_parser: Do not leave data/size uninitializedMichael Niedermayer2018-07-161-0/+3
| | | | | | | | | | | | | | This is identical to what the VP9 parser does Fixes: 9215/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVPX_VP8_fuzzer-5768227253649408 Fixes: out of memory access This may also fix oss fuzz issue 9212 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 284dde24dab30225ed3e233b0e5908d67d7e13e7) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mms: Add missing chunksize checkMichael Niedermayer2018-07-161-18/+26
| | | | | | | | | | | | Fixes: out of array read Fixes: mms-crash-01b6c5d85f9d9f40f4e879896103e9f5b222816a Found-by: Paul Ch <[email protected]> 1st hunk by Paul Ch <[email protected]> Tested-by: Paul Ch <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit cced03dd667a5df6df8fd40d8de0bff477ee02e8) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/pva: Check for EOF before retrying in read_part_of_packet()Michael Niedermayer2018-07-161-0/+4
| | | | | | | | | | Fixes: Infinite loop Fixes: pva-4b1835dbc2027bf3c567005dcc78e85199240d06 Found-by: Paul Ch <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/rmdec: Do not pass mime type in rm_read_multi() to ↵Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | | | | ff_rm_read_mdpr_codecdata() Fixes: use after free() Fixes: rmdec-crash-ffe85b4cab1597d1cfea6955705e53f1f5c8a362 Found-by: Paul Ch <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a7e032a277452366771951e29fd0bf2bd5c029f0) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/indeo4: Check for end of bitstream in decode_mb_info()Michael Niedermayer2018-07-161-0/+5
| | | | | | | | | | Fixes: Timeout Fixes: 8776/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5361788798369792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 267ba2aa96354c5b6a1ea89b2943fbd7a4893862) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/shorten: Fix undefined addition in shorten_decode_frame()Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 1139785606 + 1454196085 cannot be represented in type 'int' Fixes: 8937/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6202943597445120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 3b10bb8772c76177cc47b8d15a6970f19dd11039) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/shorten: Fix undefined integer overflowMichael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 8454144 * 256 cannot be represented in type 'int' Fixes: 8788/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5728205041303552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 70832333bba3b915040f415548518e136b44280e) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/jpeg2000dec: Fixes invalid shifts in ↵Michael Niedermayer2018-07-161-4/+4
| | | | | | | | | | | | jpeg2000_decode_packets_po_iteration() Fixes: shift exponent 47 is too large for 32-bit type 'int' Fixes: 9163/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5661750182543360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 652d7c6348f96181fa69f8e2afb7b27a14c0a88a) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/jpeg2000dec: Check that there are enough bytes for all tilesMichael Niedermayer2018-07-161-1/+4
| | | | | | | | | | Fixes: OOM Fixes: 8781/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5810709081358336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0898a3d9909960324e27d3a7a4f48c4effbb654a) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sampleMichael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: out of array read Fixes: ffmpeg_crash_8.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 95556e27e2c1d56d9e18f5db34d6f756f3011148) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/escape124: Fix spelling errors in commentMichael Niedermayer2018-07-161-2/+2
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f59c4e43915ed0528e2789f27ddb1635b59779df) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/ra144: Fix integer overflow in ff_eval_refl()Michael Niedermayer2018-07-161-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -4096 * -524288 cannot be represented in type 'int' Fixes: 8650/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5734816036159488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b31189881a4cf54b0057ecf3eab917ad56eecfea) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/cscd: Check output buffer size for lzo.Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | Fixes: Timeout Fixes: 8665/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-5768442610188288 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg (cherry picked from commit 78167b498f53c36c31105a2bf11e90b03637598f) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/escape124: Check buf_size against num_superblocksMichael Niedermayer2018-07-161-1/+5
| | | | | | | | | | Fixes: Timeout Fixes: 8722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-4843268402577408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 6677c98626489edfdb4b49b4f66ca91867768a9f) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/h264_parser: Reduce needed history for parsing mb indexMichael Niedermayer2018-07-161-8/+11
| | | | | | | | | | | | This fixes a bug/regression with very small packets Fixes: output_file Regression since: 0782fb6bcb32fe3ab956a99af4cc472ff81da0c2 Reported-by: Thierry Foucu <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d25c945247979a88fac6bb3b7a26370262b96ef1) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()Michael Niedermayer2018-07-161-0/+5
| | | | | | | | | | Fixes: Timeout Fixes: 8648/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5108395525799936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 540e8c2d641bf90fc28e47e170f8c0b1962197e9) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/aacdec_fixed: Fix undefined integer overflow in ↵Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | | | | apply_independent_coupling_fixed() Fixes: signed integer overflow: 1195517 * 2048 cannot be represented in type 'int' Fixes: 8636/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4695836326887424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8bd514d9343746566b123275f8b6d0e9c11ec2b0) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/dirac_dwt_template: Fix undefined behavior in interleave()Michael Niedermayer2018-07-161-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8697/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5197148130902016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 575d8ca0260fabac29e5b3541154633569ce2b5d) Signed-off-by: Michael Niedermayer <[email protected]>
* avutil/common: Fix undefined behavior in av_clip_uintp2_c()Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 8521/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5639024952737792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit aa41d322be71106ce147445f2b42bb763f1eff86) Signed-off-by: Michael Niedermayer <[email protected]>
* fftools/ffmpeg: Fallback to duration if sample rate is unavailableMichael Niedermayer2018-07-161-2/+6
| | | | | | | | | | | Regression since: af1761f7 Fixes: Division by 0 Fixes: ffmpeg_crash_1 Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 16d8b13b3b26c19d7f8856e039fe6662d96b4ff3) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Only set pkt->duration to non negative valuesMichael Niedermayer2018-07-161-1/+3
| | | | | | | Reviewed-by: Sasi Inguva <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8176799f31b23849382623f0f9001acc5edf7c76) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in ↵Michael Niedermayer2018-07-162-1/+1
| | | | | | | | h264_sei Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b796c5ae9299c795cba0d16ce1d8eef05488953b) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/h264_mc_template: Only prefetch motion if the list is used.Michael Niedermayer2018-07-161-1/+2
| | | | | | | | | | Fixes: index 59 out of bounds for type 'H264Ref [48]' Fixes: 8232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5703295145345024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8b55591757244d8244a2be369c2b54c9ae79b02a) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/xwddec: Use ff_set_dimensions()Michael Niedermayer2018-07-161-2/+6
| | | | | | | | | | | Fixes: OOM Fixes: 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c2852e4e00de4073ff7de82d41cb3368702686e8) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wavpack: Fix overflow in adding tailMichael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2146907204 + 26846088 cannot be represented in type 'int' Fixes: 8105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-6233036682166272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d13379fb79708f550460dd6d698023bf26f968d5) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/shorten: Fix multiple integer overflowsMichael Niedermayer2018-07-161-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int' Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f2abd36b3863188894fd21964c662b6c17268bfb) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/shorten: Fix undefined shift in fix_bitshift()Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: left shift of negative value -9 Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 606c7148231404544005c0827b83c165dd6b39a8) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/shorten: Fix a negative left shift in shorten_decode_frame()Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: left shift of negative value -9057 Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a711efe922b2bf1d363bdf7f8357656c3e35021e) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/shorten: Sanity check nmeansMichael Niedermayer2018-07-161-0/+4
| | | | | | | | | | | | | Fixes: OOM Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232 The reference software appears to use longs for 32bits and it uses int for nmeans hinting that the intended maximum size was not 32bit. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d91a0b503d7a886587281bc1ee42476aa5e89f85) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()Michael Niedermayer2018-07-161-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 424a81df107b63a166894a4aee3d27702ae3f459) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int' Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 936f4a2c2e14ec753e8835f2e820b4cd9aec9a56) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/truemotion2: Fix overflow in tm2_apply_deltas()Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 1077952576 + 1077952576 cannot be represented in type 'int' Fixes: 7712/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5056281753681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 79c6047c3668c639f717b3a7001a34dddba0ede2) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.cMichael Niedermayer2018-07-161-2/+4
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -1440457022 - 785819492 cannot be represented in type 'int' Fixes: 7700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OPUS_fuzzer-6595838684954624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e7dda51150b73e5fbdccf4c2d3a72e356980fba3) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/amrwbdec: Fix division by 0 in find_hb_gain()Michael Niedermayer2018-07-161-3/+8
| | | | | | | | | | | This restructures the code slightly toward D_UTIL_dec_synthesis() Fixes: 7420/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMRWB_fuzzer-6577305112543232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit dce80a4b47efaba97707bda781a9ee57f5a26974) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: replace a value error by clipping into valid range in ↵Michael Niedermayer2018-07-161-3/+11
| | | | | | | | | | mov_read_stsc() Fixes: #7165 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit fe84f70819d6f5aab3c4823290e0d32b99d6de78) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Break out early if chunk_count is 0 in mov_build_index()Michael Niedermayer2018-07-161-0/+3
| | | | | | | | | | | Without this some operations might overflow (undefined behavior) even though the index adding loop would never execute No testcase known Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 56e76bd0579cc7f7b28860885d9e569a39daf41b) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/fic: Avoid some magic numbers related to cursorsMichael Niedermayer2018-07-161-1/+2
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c6a11714c4b1227be62cbc36651ccfc415e8e623) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/g2meet: ask for sample with overflowing RGBMichael Niedermayer2018-07-161-1/+1
| | | | | | | | Suggested-by: Tomas Härdin <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ab834b8f36c8157b7015e849405cbf6ae21e672f) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in ↵Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | | | | apply_dependent_coupling_fixed() Fixes: signed integer overflow: -2141499320 + -14469590 cannot be represented in type 'int' Fixes: 7351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-6351214791884800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 90475db97e2e5931d295df6ab86519fa2e14d259) Signed-off-by: Michael Niedermayer <[email protected]>
* oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behaviorMichael Niedermayer2018-07-161-4/+4
| | | | | | | | | | Fixes: signed integer overflow: 1073741842 + 1784008138 cannot be represented in type 'int' Fixes: 6792/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5677589835284480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 62cb6fadf33de6db386deac92853d4b95c930015) Signed-off-by: Michael Niedermayer <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-22 04:57:21 +0000