aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Changelog: updaten4.1.2Michael Niedermayer2019-03-211-0/+3
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dfa: Check the chunk header is not truncatedMichael Niedermayer2019-03-211-0/+2
| | | | | | | | | | Fixes: Timeout (11sec -> 3sec) Fixes: 13218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-5661074316066816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f20760fadbc77483b9ff4b400b53ebb38ee33793) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/clearvideo: Check remaining data in P framesMichael Niedermayer2019-03-211-0/+3
| | | | | | | | | | Fixes: Timeout (19sec -> 419msec) Fixes: 13411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5733153811988480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 41f93f941155f9f9dbb2d5e7f5d20b2238150836) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdec: decode at most one slice reporting being the first in the ↵James Almer2019-03-201-0/+4
| | | | | | | | | | | picture Fixes deadlocks when decoding packets containing more than one of the aforementioned slices when using frame threads. Tested-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 70c8c8a818f39bc262565ec29fae2baffb3e1660)
* Update for 4.1.2Michael Niedermayer2019-03-143-2/+35
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dvbsubdec: Check object positionMichael Niedermayer2019-03-141-0/+7
| | | | | | | | | | | | Reference: ETSI EN 300 743 V1.2.1 7.2.2 Region composition segment Fixes: Timeout Fixes: 13325/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5143979392237568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a8c5ae451184e879fc8ff1333c6f26f9542c8ebf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cdgraphics: Use ff_set_dimensions()Michael Niedermayer2019-03-141-4/+1
| | | | | | | | | | Fixes: Timeout (17 sec -> 65 milli sec) Fixes: 13264/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5711167941509120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9a9f0e239c1c6f5c96cc90ba673087f86ca1eabc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/gdv: Check fpsMichael Niedermayer2019-03-141-0/+3
| | | | | | | | | | Fixes: Division by 0 Fixes: ffmpeg_zero_division.bin Found-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38381400fca45d1ae6e7604335b507b7dc70a903) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* configure: use vpx_codec_vp8_dx/cx for libvpx-vp8 checkingGuo, Yejun2019-03-141-2/+2
| | | | | | | Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit d9b2668766e3e924d4ebb3c6531b449874e13666) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* configure: add missing pthreads extralibs dependency for libvpx-vp9Guo, Yejun2019-03-141-2/+2
| | | | | | | Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 402bf262375dfecd0e90d7acc67c238abe952fc3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Check idx in mpeg4_decode_studio_block()Michael Niedermayer2019-03-141-0/+6
| | | | | | | | | | | Fixes: Out of array access Fixes: 13500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5769760178962432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Kieran Kunhya <kierank@obe.tv> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d227ed5d598340e719eff7156b1aa0a4469e9a6a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dxv: Correct integer overflow in get_opcodes()Michael Niedermayer2019-03-141-1/+2
| | | | | | | | | | Fixes: 13099/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5665598896340992 Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6e0b5d3a20e107860a34e90139b860d6b8219a1d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/scpr: Fix use of uninitialized variableMichael Niedermayer2019-03-141-1/+1
| | | | | | | | | | Fixes: Undefined shift Fixes: 12911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5677102915911680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 53248acfb3b23007c89ae822d7bcae451272d5a7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytesMichael Niedermayer2019-03-141-0/+2
| | | | | | | | | | Fixes: Timeout (27 sec -> 39 milli sec) Fixes: 13151/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5717536023248896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b819472995f55e827d6bb70dcdd86d963f65ae31) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aic: Check remaining bits in aic_decode_coeffs()Michael Niedermayer2019-03-141-0/+3
| | | | | | | | | | Fixes: Timeout (78 seconds -> 2 seconds) Fixes: 13186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5639516533030912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 951bb7632fe6e3bb1a9c3b47610705871e471f34) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/gdv: Check for truncated tags in decompress_5()Michael Niedermayer2019-03-141-0/+2
| | | | | | | | | Testcase: 13169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5666354038833152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5cf42f65b60d226d1223d2100cb1d90402189275) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/bethsoftvideo: Check block_typeMichael Niedermayer2019-03-141-0/+5
| | | | | | | | | | Fixes: Timeout (17 seconds -> 1 second) Fixes: 13184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BETHSOFTVID_fuzzer-5711446296494080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b8ecadec0582a1521b5d0d253376966138e6ca78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()Michael Niedermayer2019-03-141-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2147483598 + 128 cannot be represented in type 'int' Fixes: 12926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5705100733972480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4801eea0d465cd54670e7c19322705544e3e7524) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/error_resilience: Use a symmetric check for skipping MV estimationMichael Niedermayer2019-03-141-1/+1
| | | | | | | | | | | | This speeds up the testcase by a factor of 4 Fixes: Timeout Fixes: 13100/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5767533905313792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e4289cb253e29e4d62dc46759eb1a45d8f6d82df) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mlpdec: Insuffient typoMichael Niedermayer2019-03-141-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fc32e08941ea2795a3096e7a4013843e9ebf5fe3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/zmbv: obtain frame laterMichael Niedermayer2019-03-141-3/+3
| | | | | | | | | | | | | | The frame is not needed that early so obtaining it later avoids the costly operation in case other checks fail. Fixes: Timeout (14sec -> 4sec) Fixes: 13140/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZMBV_fuzzer-5738330308739072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 177b40890c6de8c6896e0a1d4a631ea1ca89c044) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jvdec: Check available input space before decode8x8()Michael Niedermayer2019-03-141-0/+5
| | | | | | | | | | Fixes: Timeout (78 sec -> 15 millisec) Fixes: 13147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JV_fuzzer-5727107827630080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 61523683c5a9bda9aaa7ae24764a3df0401a9877) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_direct: Fix overflow in POC comparissionMichael Niedermayer2019-03-141-2/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2147421862 - -33624063 cannot be represented in type 'int' Fixes: 12885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5733516975800320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5ccf296e74725bc8bdfbfe500d0482daa200b6f3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/webmdashenc: Check id in adaption_setsMichael Niedermayer2019-03-141-0/+6
| | | | | | | | | Fixes: out of array access Found-by: Wenxiang Qian Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b687b549aa0fb115861b1343208de8c2630803bf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/http: Fix Out-of-Bounds access in process_line()Wenxiang Qian2019-03-141-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 85f91ed760a517c0d5fcf692d40a5a9d7efa9476) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393Wenxiang Qian2019-03-141-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a142ffdcaec06fcbf7d4b00dbb0e5ddfb9e3344d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner ↵Kevin Backhouse via RT2019-03-141-2/+21
| | | | | | | | | | | loop for handling braces Fixes: [Semmle Security Reports #19439] Fixes: dos_sscanf2.mkv Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 894995c41e0795c7a44f81adc4838dedc3932e65) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner ↵Kevin Backhouse via RT2019-03-141-1/+29
| | | | | | | | | | | loop for tag scaning Fixes: [Semmle Security Reports #19438] Fixes: dos_sscanf1.mkv Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1f00c97bc3475c477f3c468cf2d924d5761d0982) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/matroskadec: Do not leak queued packets on sync errorsMichael Niedermayer2019-03-141-1/+1
| | | | | | | | | | | Fixes: memleak Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5649187601121280 Reported-by: Chris Cunningham <chcunningham@google.com> Tested-by: Chris Cunningham <chcunningham@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d1afa7284c3feba4debfebf1b9cf8ad67640e34a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Clear interlaced_dct for studio profileMichael Niedermayer2019-03-141-0/+1
| | | | | | | | | | | Fixes: Out of array access Fixes: 13090/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5408668986638336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Kieran Kunhya <kierank@obe.tv> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1f686d023b95219db933394a7704ad9aa5f01cbb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Do not use reference stream in mov_read_sidx() if there is no ↵Michael Niedermayer2019-03-141-1/+1
| | | | | | | | | | | | reference stream Fixes: NULL pointer dereference Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5634316373721088 Reported-by: Chris Cunningham <chcunningham@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b0d8b7cb8e86367178ef0c35dcae359d820c3b27) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()Michael Niedermayer2019-03-141-15/+19
| | | | | | | | | Fixes: 1377/clusterfuzz-testcase-minimized-5487049807233024 Fixes: assertion failure in sbr_sum_square_c() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4cde7e62dbaa63eda173e8d24a97d273890f282c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/prores_ks: Fix luma quantization if q >= MAX_STORED_QAlex Mogurenko2019-03-141-2/+4
| | | | | | | | | | | | | | | The problem occurs in slice quant estimation and slice encoding: If the slice quant is larger than MAX_STORED_Q we don't use pre-calculated quant matrices, but generate a new one, but both qmat and qmat_chroma both point to the same table, so the luma table ends up having chroma table values. Add custom_chroma_q the same way as custom_q. Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> (cherry picked from commit e4788ae31b2e9af45d11f4bf4498c075dcc25a6c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: fix hang while seek on a kind of fragmented mp4Charles Liu2019-02-111-9/+12
| | | | | | | | | | | | | | | | | | | | Binary searching would hang if the fragment items do NOT have timestamp for the specified stream. For example, a fmp4 consists of separated 'moof' boxes for each track, and separated 'sidx' for each segment, but no 'mfra' box. Then every fragment item only have the timestamp for one of its tracks. Example: ffmpeg -f lavfi -i testsrc -f lavfi -i sine -movflags dash+frag_keyframe+skip_trailer+separate_moof -t 1 out.mp4 ffmpeg -ss 0.5 -i out.mp4 -f null none Also fixes the hang in ticket #7572, but not the reason for having AV_NOPTS_VALUE timestamps there. Signed-off-by: Charles Liu <liuchh83@gmail.com> Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit aa25198f1b925a464bdfa83a98476f08d26c9209)
* avformat/async: fix assertion condition when draining bufferMarton Balint2019-02-111-1/+1
| | | | | | | | | Fixes some random assertion failures with ffprobe -show_packets async:samples/ffmpeg-bugs/trac/ticket6132/Samsung_HDR_-_Chasing_the_Light.ts > /dev/null Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 4b46d1ee463f6bb2d2be967d418d275a44fe2a9c)
* avcodec/cbs_av1: don't call cbs_av1_read_trailing_bits() when no bits remain ↵James Almer2019-02-101-2/+6
| | | | | | | | in the OBU Reviewed-by: jkqxz Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 3e8b8b6b509c8c37defd3a8c32883fa54bc00de8)
* Changelog: updaten4.1.1Michael Niedermayer2019-02-091-0/+2
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: validate chunk_count vs stsc_datachcunningham2019-02-081-2/+12
| | | | | | | | | | | | Bad content may contain stsc boxes with a first_chunk index that exceeds stco.entries (chunk_count). This ammends the existing check to include cases where chunk_count == 0. It also patches up the case when stsc refers to unknown chunks, but stts has no samples (so we can simply ignore stsc). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1c15449ca9a5bfa387868ac55628397273da761f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov.c: require tfhd to begin parsing trunchcunningham2019-02-082-0/+11
| | | | | | | | | | | | Detecting missing tfhd avoids re-using tfhd track info from the previous moof. For files with multiple tracks, this may make a mess of the avindex and fragindex, which can later trigger av_assert0 in mov_read_trun(). Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3ea87e5d9ea075d5b3c0f4f8c6c48e514b454cbe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Changelog: updateMichael Niedermayer2019-02-041-0/+8
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pgssubdec: Check for duplicate display segmentsMichael Niedermayer2019-02-041-0/+5
| | | | | | | | | | | | In such a duplication the previous gets overwritten and leaks Fixes: memleak Fixes: 12510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGSSUB_fuzzer-5694439226343424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e35c3d887b3e374c6a091342206a42da48785d70) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rtsp: Check number of streams in sdp_parse_line()Michael Niedermayer2019-01-311-1/+4
| | | | | | | | | | Fixes: OOM Found-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 497c9b0cce559d43607bbbd679fe42f1d7e9040e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()Michael Niedermayer2019-01-311-1/+2
| | | | | | | | | | Fixes: Infinite loop Found-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0b50f27635f684ec0526e9975c9979f35bbf486b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/rasc: Move ff_get_buffer() after frame checksMichael Niedermayer2019-01-311-3/+3
| | | | | | | | If the frame1/2 checks fail this avoids doing the allocation of a new frame Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9f4af97aff899571663342fbe68df8caee30097f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/rasc: Check uncompressed dlta sizeMichael Niedermayer2019-01-311-0/+2
| | | | | | | | | | | | | We assume that if the compressed size is bigger than if each byte is encoded in a single raw packet that the data is invalid. Fixes: Out of memory Fixes: 12208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RASC_fuzzer-5648916473708544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f4079d5174c20eddbc99eef6ebe98d411f8014c5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fic: Check that there is input left in fic_decode_block()Michael Niedermayer2019-01-311-0/+3
| | | | | | | | | | Fixes: Timeout Fixes: 12450/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5661984622641152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit db1c4acd02af4de5dfbea6012c296470679aa7a6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ilbcdec: Fix undefined integer overflow lsf2poly()Michael Niedermayer2019-01-311-4/+4
| | | | | | | | | | | | | The addition is moved up into the context where the variable is unsigned avoiding the undefined behavior Fixes: runtime error: signed integer overflow: 2147481972 + 4096 cannot be represented in type 'int' Fixes: 12444/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5755706244857856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4523cc5e75c8ecfba8975d16e96c29f9bf70973f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ilbcdec: Fix integer overflow in construct_vector()Michael Niedermayer2019-01-311-1/+1
| | | | | | | | | | | | webrtc contains explicit code to ignore the undefined behavior (RTC_NO_SANITIZE / OverflowingAddS32S32ToS32()) Probably fixes: Integer overflow (unreproducable here) Probably fixes: 12215/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5767142427852800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c95d0fb23917c35886f3b62daa05af20d2700a1e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Update for 4.1.1Michael Niedermayer2019-01-213-2/+68
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/prosumer: Error out if decompress() stops reading dataMichael Niedermayer2019-01-211-2/+5
| | | | | | | | | | | | | | | if 0 is encountered in the LUT then decompress() will continue to output 0 bytes but never read more data. Without a specification it is impossible to say if this is invalid or a feature. None of the valid prosumer files tested cause a 0 to be read, so it is likely not a intended feature. Fixes: Timeout Fixes: 11266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PROSUMER_fuzzer-5681827423977472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 62f8d27ef1995354d6529ea0d9428501d7f914b4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>