summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* lavf/hlsenc: Do not mix declarations and code.n4.1.5Carl Eugen Hoyos2020-01-071-5/+5
| | | | | | | | | | | | | | | | | Fixes the following warnings: libavformat/hlsenc.c: In function 'hls_write_trailer': libavformat/hlsenc.c:2364:17: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] uint8_t *buffer = NULL; ^~~~~~~ libavformat/hlsenc.c:2372:17: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] int byterange_mode = (hls->flags & HLS_SINGLE_FILE) || (hls->max_seg_size > 0); ^~~ libavformat/hlsenc.c:2379:13: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] int range_length = 0; ^~~ (cherry picked from commit fc94e9704e056a2dc85745ffec685ffb6fcd142e) Signed-off-by: Michael Niedermayer <[email protected]>
* Update for FFmpeg 4.1.5Michael Niedermayer2020-01-063-2/+322
|
* Changelog: Fix formating for 4.1.4Michael Niedermayer2020-01-061-105/+105
|
* avcodec/cbs_av1: avoid reading trailing bits when obu type is OBU_TILE_LISTFei Wang2020-01-061-0/+1
| | | | | | Signed-off-by: Fei Wang <[email protected]> Signed-off-by: James Almer <[email protected]> (cherry picked from commit 1ea44178f5fff7eb600026a09a0ce7d477ed0240)
* avcodec/av1_parser: skip frames with spatial_id > 0James Almer2020-01-061-0/+3
| | | | | | | This fixes marking keyframes in svc samples. Signed-off-by: James Almer <[email protected]> (cherry picked from commit 5985ca0436f26483f37259357bf34bbf743252ed)
* cbs_h264: Fix missing inferred colour description fieldsMark Thompson2020-01-061-0/+4
| | | | | | | With video_signal_type_present_flag set but colour_description_present_flag unset the colour fields would not have had their correct values inferred. (cherry picked from commit f9b8503639c0ff90846f07c92e2fe7836690dd0c)
* avcodec/cbs_av1: keep separate reference frame state for reading and writingJames Almer2020-01-062-1/+7
| | | | | | | | | | | | In scearios where a Temporal Unit is written right after reading it using the same CBS context (av1_metadata, av1_frame_merge, etc), the reference frame state used by the writer must not be the state that's the result of the reader having already parsed the current frame in question. This fixes writing Switch frames, and frames using short ref signaling. Signed-off-by: James Almer <[email protected]> (cherry picked from commit 4e2bef6a82b356772a5919c51c9be1530268bd79)
* avcodec/cbs_av1: fix reading reference order hint in skip_mode_params()James Almer2020-01-061-2/+2
| | | | | | Reviewed-by: Ronald S. Bultje <[email protected]> Signed-off-by: James Almer <[email protected]> (cherry picked from commit 2703068110dce2c145a2d3a0f380f8e0de79b632)
* configure: bump yearGyan Doshi2020-01-061-1/+1
| | | | | (cherry picked from commit 7b58702cbdce097f32f62c87cd537ab28c04ffb2) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/pgssubdec: Free subtitle on errorMichael Niedermayer2020-01-061-1/+4
| | | | | | | | | | | Fixes: Assertion failure Fixes: 19753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGSSUB_fuzzer-5688461843759104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b0a718923bb4a75b0c1cbf283fb17a319b840346) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/ffwavesynth: Fix undefined overflow in wavesynth_synth_sample()Michael Niedermayer2020-01-061-1/+2
| | | | | | | | | | Fixes: signed integer overflow: 2147464192 + 21176 cannot be represented in type 'int' Fixes: 19042/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5719828090585088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit fa47f6412dbf93b4865adf8c66618906a3274330) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/cook: Use 3 stage VLC decoding for channel_couplingMichael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | | Fixes: shift exponent -1 is negative Fixes: out of array read Fixes: 19028/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5759766471376896 Fixes: 19037/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5734106625474560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 89fd76db71d9d4f87c51fee2a2edf99662444df7) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmalosslessdec: Fixes undefined overflow in dequantization in ↵Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | | decode_subframe() Fixes: signed integer overflow: 47875596 * 45 cannot be represented in type 'int' Fixes: 19082/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5687766512041984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 53efab44a9d0971c6c12d9b3d1af855ca863c847) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/sonic: Check e in get_symbol()Michael Niedermayer2020-01-061-0/+2
| | | | | | | | | | | Fixes: signed integer overflow: 1721520852 + 1721520852 cannot be represented in type 'int' Fixes: 18346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5709623893426176 Fixes: 18753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5663299131932672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit aea67556116330d3151e4cd3ef1e266b5d90f388) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/twinvqdec: Correct overflow in block align checkMichael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int' Fixes: 19126/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TWINVQ_fuzzer-5687464110325760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 4dc93ae3d725e892927f04002021337c2f90252a) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/vc1dec: Fix "return -1" casesMichael Niedermayer2020-01-061-4/+4
| | | | | | | Reviewed-by: "[email protected]" <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 26f040bcb4a1db78d1311af2e69de6984ecb43e5) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/vc1dec: Free sprite_output_frame on errorMichael Niedermayer2020-01-061-2/+9
| | | | | | | | | | Fixes: memleaks Fixes: 19471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5688035714269184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 3ee9240be3e4044ae9e60a9a3a68820bf8075299) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/atrac9dec: Clamp band_ext_data to max that can be read if skipped.Michael Niedermayer2020-01-061-1/+11
| | | | | | | | | | | Fixes: out of array read Fixes: 19327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5679823087468544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Lynne <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 18ff210efb8d158f3e8c79508d99a52eaebf9d48) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmadec: Keep track of exponent initialization per channelMichael Niedermayer2020-01-062-4/+7
| | | | | | | | | | Fixes: division by 0 Fixes: 19123/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5655493121146880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit bf5c850b795126d4f60dd9498c06f0492f5726a7) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/iff: Check that video_size is large enough for the read parametersMichael Niedermayer2020-01-061-0/+2
| | | | | | | | | | | | | video is allocated before parameters like bpp are read. Fixes: out of array access Fixes: 19084/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5718556033679360 Fixes: 19465/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5759908398235648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f1b97f62f86d5dca35d01d7a5ebbc5dca2a88ae6) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/cbs_vp9: Check data_sizeMichael Niedermayer2020-01-061-0/+3
| | | | | | | | | | | Fixes: out of array access Fixes: 19542/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5659498341728256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 4fa2d5a692f40c398a299acf2c6a20f5b98a3708) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/cbs_vp9: Check index_sizeMichael Niedermayer2020-01-061-0/+3
| | | | | | | | | | | Fixes: out of array read Fixes: 19300/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_METADATA_fuzzer-5653911730126848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d6553e2e60a389296dd2f83a96f944ccfa5877a0) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/adpcm: Clip predictor for APCMichael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 13 cannot be represented in type 'int' Fixes: 18893/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_APC_fuzzer-5630760442920960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9fe07908c3f67d59cf4db5668d61b34506189590) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/targa: Check colors vs. available spaceMichael Niedermayer2020-01-061-6/+6
| | | | | | | | | | Fixes: Timeout (37sec -> 52ms) Fixes: 18892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TARGA_fuzzer-5739537854889984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 01593278cef06dbb4491d50d03b72198d2848adf) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/dstdec: Use get_ur_golomb_jpegls()Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | Fixes: shift exponent -4 is negative Fixes: 17793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5766088435957760 Fixes: 18989/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5175008116867072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a76690c02b4fd12d7fac6f753af8bad72c82d55c) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmavoice: Check remaining input in parse_packet_header()Michael Niedermayer2020-01-061-0/+3
| | | | | | | | | | Fixes: Infinite loop Fixes: 18914/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5731902946541568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 19c41969b26d07519fff8182a0d3266cdb712078) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmalosslessdec: Fix 2 overflows in mclmsMichael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2038337026 + 109343477 cannot be represented in type 'int' Fixes: 18886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5673660505653248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 92455c8c65c403ea696cb8c63d474d386d631bbd) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmaprodec: Fixes integer overflow with 32bit samplesMichael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 18860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5755223125786624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a9cc69c0d59057ea172a107e0308fdf5fd8fc04e) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/adpcm: Fix invalid shift in xa_decode()Michael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: left shift of negative value -1 Fixes: 18859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5748474213040128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 50db30b47d016fc4e7b47067545b15d22d4faddf) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmalosslessdec: Fix several integer issuesMichael Niedermayer2020-01-061-5/+5
| | | | | | | | | | Fixes: shift exponent -1 is negative (and others) Fixes: 18852/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5660855295541248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ec3fe67074ad0a6a3a817f6f42175ea63a98092b) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmalosslessdec: Check that padding bits is not more than sample bitsMichael Niedermayer2020-01-061-0/+2
| | | | | | | | | | Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 18817/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5713317180211200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9d428265808255ad2fc60355fe641aaa4fd3dae4) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/iff: Skip overflowing runs in decode_delta_d()Michael Niedermayer2020-01-061-0/+2
| | | | | | | | | | Fixes: Timeout (107sec - 75ms> Fixes: 18812/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6295585225441280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 185f441ba26a2112725db1e8f218e54ac8068bbb) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/pnm: Check that the header is not truncatedMichael Niedermayer2020-01-061-0/+7
| | | | | | | | | Fixes: Ticket8430 Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c94cb8d9b21baeeecef962c72965dbedc4e0b0e1) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mp3_header_decompress_bsf: Check sample_rate_indexMichael Niedermayer2020-01-061-0/+5
| | | | | | | | | | | Fixes: out of array read Fixes: 19309/clusterfuzz-testcase-minimized-ffmpeg_BSF_MP3_HEADER_DECOMPRESS_fuzzer-5651002950942720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f064c7c449f162a9011ad890f26ceeca26934d22) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/cbs_av1_syntax_template: Check num_y_pointsMichael Niedermayer2020-01-062-3/+3
| | | | | | | | | | | | | | | "It is a requirement of bitstream conformance that num_y_points is less than or equal to 14." Fixes: index 24 out of bounds for type 'uint8_t [24]' Fixes: 19282/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_MERGE_fuzzer-5747424845103104 Note, also needs a23dd33606d5 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: jamrial Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit bbe27890ff7e31e74d024a17123cb073720f2486) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/cbs_av1: fix array size for ar_coeffs_cb_plus_128 and ↵James Almer2020-01-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | ar_coeffs_cr_plus_128 Taking into account the code fb(2, ar_coeff_lag); num_pos_luma = 2 * current->ar_coeff_lag * (current->ar_coeff_lag + 1); if (current->num_y_points) num_pos_chroma = num_pos_luma + 1; else num_pos_chroma = num_pos_luma; Max value for ar_coeff_lag is 3 (two bits), for num_pos_luma 24, and for num_pos_chroma 25. Both ar_coeffs_cb_plus_128 and ar_coeffs_cr_plus_128 may have up to num_pos_chroma values. Reviewed-by: Ronald S. Bultje <[email protected]> Signed-off-by: James Almer <[email protected]> (cherry picked from commit a23dd33606d5a711fd632383d81a1d6c60082e0f) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/rmdec: Initialize and sanity check offset in ivr_read_header()Michael Niedermayer2020-01-061-1/+3
| | | | | | | | | | Fixes: signed integer overflow: -9223372036854775808 - 17 cannot be represented in type 'long' Fixes: 18768/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5674385247830016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7e665e4a81e2e96eb45138a1dfa38617de2631a4) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/apedec: Fix 2 integer overflowsMichael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2119056926 - -134217728 cannot be represented in type 'int' Fixes: 18728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5747539563511808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 6e15ba2d1f688c61759001839811b11903de9ce0) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/id3v2: Fix double-free on errorAndreas Rheinhardt2020-01-061-2/+0
| | | | | | | | | | | | | | | ff_id3v2_parse_priv_dict() uses av_dict_set() with the flags AV_DICT_DONT_STRDUP_KEY and AV_DICT_DONT_STRDUP_VAL. In this case both key and value are freed on error (and owned by the destination dictionary on success), so that freeing them again on error is a double-free and therefore forbidden. But it nevertheless happened. Fixes CID 1452489 and 1452421. Signed-off-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 67d4940a7795aa3afc8d1e624de33b030e0be51e) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmaprodec: Set packet_loss when we error out on a sanity checkMichael Niedermayer2020-01-061-0/+1
| | | | | | | | | | Fixes: left shift of negative value -34 Fixes: 18719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5642658173419520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a9cbd25d89dbdf72f7b616fdf672d7da36143cfe) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmaprodec: Check offsetMichael Niedermayer2020-01-061-0/+5
| | | | | | | | | | Fixes: index 33280 out of bounds for type 'float [32768]' Fixes: 18718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5635373899710464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 5473c7825ea627a115155313a56a907d67a0d0c1) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/truemotion2: Fix 2 integer overflows in tm2_low_res_block()Michael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 1778647621 + 574372924 cannot be represented in type 'int' Fixes: 18692/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-6248679635943424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 93d52a181ec050d3a4fb68f526604d39cd006be5) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmaprodec: Check if the channel sum of all internal contexts match ↵Michael Niedermayer2020-01-061-0/+2
| | | | | | | | | | | | the external Fixes: NULL pointer dereference Fixes: 18689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5715114640015360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 090ac5799751c6f52358da4e5201a3845760db93) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/atrac9dec: Check q_unit_cnt more completely before using it to ↵Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | | | access at9_tab_band_ext_group Fixes: index 8 out of bounds for type 'const uint8_t [8][3]' Fixes: 19127/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5709394985091072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Lynne <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e1d836d2375c93cbc44a2b0d34e404682c1e8436) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/fitsdec: Use lrint()Michael Niedermayer2020-01-067-7/+7
| | | | | | | | | | | | Fixes: fate-fitsdec-bitpix-64 Possibly Fixes: -nan is outside the range of representable values of type 'unsigned short' Possibly Fixes: 17769/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5678314672357376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 37f31f4e509fe4ccc56a64edaa6fa3d95ee20466) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/g729dec: require buf_size to be non 0Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | | The 0 case was added with the support for multiple packets. It appears unintended and causes extra complexity and out of array accesses (though within padding) No testcase Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f64be9da4c8b16071ec84056a61d1fc0d5d6728c) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/alac: Fix integer overflow in lpc_prediction() with signMichael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int' Fixes: 18643/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5672182449700864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7686ba1f149a94c3bac235589de8aa8db92be4e5) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmaprodec: Fix buflen computation in save_bits()Michael Niedermayer2020-01-061-3/+3
| | | | | | | | | | Fixes: Assertion failure Fixes: 18630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5201588654440448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 589cb44498b5e9683c95746255a2abd6d1e74f94) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/vc1_block: Fix integer overflow in AC rescaling in ↵Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | | vc1_decode_i_block_adv() Fixes: signed integer overflow: 50176 * 262144 cannot be represented in type 'int' Fixes: 18629/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5182370286403584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0e010e489b70c044a67c47083cf8eb03209ee89f) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/vmdaudio: Check chunk counts to avoid integer overflowMichael Niedermayer2020-01-061-0/+3
| | | | | | | | | | Fixes: signed integer overflow: 4 * 538976288 cannot be represented in type 'int' Fixes: 18622/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-5092166174507008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 47d963335eb2c36c0e6615d7971c762458e813dd) Signed-off-by: Michael Niedermayer <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-23 07:28:34 +0000