aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Changelog: updaten4.1.6Michael Niedermayer2020-07-051-0/+1
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_mp4toannexb_bsf: Check NAL size against available inputAndreas Rheinhardt2020-07-031-1/+5
| | | | | | | | | | | | | | | | | The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit is so big that it extends beyond the end of the input packet; it does so only implicitly by using the checked version of the bytestream2 API. But this has downsides compared to real checks: It can lead to huge allocations (up to 2GiB) even when the input packet is just a few bytes. And furthermore it leads to uninitialized data being output. So add a check to error out early if it happens. Also check directly whether there is enough data for the length field. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit ea1b71e82f5a1752d59d3bfb9704092a79eba6b5) Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* Update for 4.1.6Michael Niedermayer2020-07-033-2/+247
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dstdec: Replace AC overread check by sample rate checkMichael Niedermayer2020-07-031-0/+6
| | | | | | | | | | | | | | | | Real files do skip coding 0 bits at the end, thus this kind of check does not work reliable. Fixes: Ticket 8770 Fixes: dst-256fs44-6ch-refdstencoder.dff The samplerate is specified in ISO/IEC 14496-3:2005(E) as one of 3 fixed values, this also can be used to limit the duration and avoid the timeout This reverts commit f6df99dba1ae64b05d08fba8160d13eb9795042f. (cherry picked from commit 1679f23beb3cfc3639352b3cbe7c08c00189c6b0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: reorder duration computation to avoid overflowMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 8 * 9223372036854774783 cannot be represented in type 'long' Fixes: 23381/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4818340509122560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 10cc82c35baabbb07ffec3faccb04d8928c39e4c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pngdec: Check for fctl after idatMichael Niedermayer2020-07-031-0/+5
| | | | | | | | | | Fixes: out of array access Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65b1ba680fb67902a9c876a49d0146eaae5a1c3d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/hls: Pass a copy of the URL for probingMichael Niedermayer2020-07-031-2/+4
| | | | | | | | | | | | The segments / url can be modified by the io read when reloading This may be an alternative or additional fix for Ticket8673 as a further alternative the reload stuff could be disabled during probing Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b5e39880fb7269b1b3577cee288e06aa3dc1dfa2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/hls: check segment duration value of EXTINFSteven Liu2020-07-031-2/+7
| | | | | | | | fix ticket: 8673 set the default EXTINF duration to 1ms if duration is smaller than 1ms Signed-off-by: Steven Liu <lq@chinaffmpeg.org> (cherry picked from commit 9dfb19baeb86a8bb02c53a441682c6e9a6e104cc)
* avutil/common: Fix integer overflow in av_ceil_log2_c()Michael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: left shift of 1913647649 by 1 places cannot be represented in type 'int' Fixes: 23572/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5082619795734528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e409262837712016097c187e97bf99aadf6a4cdf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: fix overflow with pred in revert_cdlmsMichael Niedermayer2020-07-031-2/+3
| | | | | | | | | | Fixes: signed integer overflow: 2048 + 2147483646 cannot be represented in type 'int' Fixes: 23538/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5227567073460224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 21598d711d894081d0566282473044ba4f378f33) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mvdec: Fix integer overflow with billions of channelsMichael Niedermayer2020-07-031-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 1394614304 * 2 cannot be represented in type 'int' Fixes: 23491/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5697377020411904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b6fbbe08c325415cc784df296058beb6604f0b9c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/microdvddec: skip malformed lines without frame number.Michael Niedermayer2020-07-031-1/+5
| | | | | | | | | | | Fixes: signed integer overflow: 1 - -9223372036854775808 cannot be represented in type 'long' Fixes: 23490/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5133490093031424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a8fb7612a97530bdd0b2549dacf91dcf71a3187a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mxfdec: free duplicated utf16 stringsMichael Niedermayer2020-07-031-0/+1
| | | | | | | | | | | Fixes: memleak Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744 Suggested-by: Marton Balint <cus@passwd.hu> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0aa2768cb275bda9e9e1331ed95adc7cd686eafe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/4xm: Check that a video stream was created before returning packets ↵Michael Niedermayer2020-07-031-0/+3
| | | | | | | | | | | | for it Fixes: assertion failure Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c517c3f4741b6897ea952d1fba199c93c5217cfe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Avoid undefined operation on ts overflowMichael Niedermayer2020-07-031-2/+2
| | | | | | | | | | | Alternatively these conditions could be treated as errors Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896 Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long') Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 584d334afd59714ed04637a9227a4f1368c26166) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()Michael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int' Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e361785ee05cc75d3caacf2f254160b0336f5358) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/lossless_audiodsp: Fix undefined overflows in ↵Michael Niedermayer2020-07-031-1/+1
| | | | | | | | | | | | scalarproduct_and_madd_int16_c() Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int' Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c0dfe134beefde4070d43910518b1f4a58f01794) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sonic: Fix several integer overflowsMichael Niedermayer2020-07-031-3/+4
| | | | | | | | | | Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int' Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75d520e33704447f1b29ac47fd9e40994a6bc659) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: avoid invalid values and reinitialize in format ↵Michael Niedermayer2020-07-031-5/+14
| | | | | | | | | | | | changes for studio profile Fixes: out of array access Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e53235f06c229a23d3241b47e32647019161fb7c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pixlet: Fix log(0) checkMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: passing zero to clz(), which is not a valid argument Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bd0f81526d3f4c23ecd0a399829103be2445c011) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/iff: Fix off by x errorMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: out of array access Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 51225dee0a6266780d26d43bd6802bbcf736327e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Check block_align maximumMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: Assertion failure Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 314d10f7a60f1786c85da30a569be61e2b906fef) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/loco: Fix signed integer overflow in loco_get_rice()Michael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa88cdfd90f5da0683cd6556c75a5ba5740a1c27) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/thp: Check fpsMichael Niedermayer2020-07-031-0/+2
| | | | | | | | | | Fixes: division by zero Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0e15b01b4e463d12128db2c15de7741637548347) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpl2dec: Fix integer overflow with durationMichael Niedermayer2020-07-031-3/+6
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long' Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9a42a67c5ca198a3879b7f3663cc44ccbcaf0bd3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg12dec: remove outdated commentsMichael Niedermayer2020-07-031-3/+0
| | | | | | | Found-by: Kieran Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 48de8f5816aa54dc584aeb2dbbf63a0e880279e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowdec: Avoid integer overflow with huge qlogMichael Niedermayer2020-07-031-2/+2
| | | | | | | | | | Fixes: integer overflow Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38fbf33c7255b503453052c32ab5ae4fb151b29e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Check if DTS is AV_NOPTS_VALUE in mov_find_next_sample().Dale Curtis2020-07-031-1/+1
| | | | | | | Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bf446711bc8b7f316771870b8d4dc4dd65f5d94b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg12dec: Fix got_outputMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | | | | | | | | | This makes got_output consistent with the code in slice_end() which sets the output in slice_end() if (s->pict_type == AV_PICTURE_TYPE_B || s->low_delay) { int ret = av_frame_ref(pict, s->current_picture_ptr->f); ... } else { Fixes: assertion failure Fixes: 22178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5664234440753152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f33a9803a3068ce2d52289fc1db60375dc8b7a5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/4xm: Cleanup on GET_LIST_HEADER() failureMichael Niedermayer2020-07-031-3/+5
| | | | | | | | | | | Fixes: memleak Fixes: 23142/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5932860820422656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a5313ce6542a4ee4112acd260e59bff698f3dddd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/lzf: Consider the needed size in reallocationMichael Niedermayer2020-07-031-2/+2
| | | | | | | | | | Fixes: NULL pointer dereference Fixes: 22381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5659879921680384.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 292b9b93a50aa0622e33013de9f2ddc130bef671) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mlvdec: fail reading a packet with 0 streamsMichael Niedermayer2020-07-031-1/+5
| | | | | | | | | | Fixes: NULL pointer dereference Fixes: 22604/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5667739074297856.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5bd5c3108786bf69f108c55c375f1956f67ca7a4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/thp: Check compcountMichael Niedermayer2020-07-031-0/+3
| | | | | | | | | | Fixes: out of array access Fixes: 22520/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5100297658826752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1ba8484559661dfdbca36dbc17b203f33f62e26c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/adpcm: XA: Check shift similar to filterMichael Niedermayer2020-07-031-1/+9
| | | | | | | | | | Fixes: negative shift Fixes: 22499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5765452130418688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6d96bae9c480e020e9f51fabd5642d7ae6020943) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/huffyuvdec: Test vertical coordinate more oftenMichael Niedermayer2020-07-031-0/+8
| | | | | | | | | | | Fixes: out of array access Fixes: 22892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5135996772679680.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1223ddc5692772198a02600ecff2545f32b37be) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hq_hqa: Check info sizeMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: assertion failure Fixes: 21079/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5737046523248640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cf28521fee22dbe2f7eeb8ab0306c0fd0802c48a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Fix integer overflow in mclms_predict()Michael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483636 + 2048 cannot be represented in type 'int' Fixes: 22016/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5109395618004992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c42ed06695848617350a94543823e850f190b3ab) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp9dsp_template: Fix integer overflow(s) in iadst16_1d()Michael Niedermayer2020-07-031-76/+76
| | | | | | | | | | Fixes: signed integer overflow: 1080285923 - -1130879337 cannot be represented in type 'int' Fixes: 22002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-6260237310099456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 071e2937236945c168ab99d3e3b01539194466dd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264dec: Disable forced small_padding on flag2 fastMichael Niedermayer2020-07-031-1/+1
| | | | | | | Fixes: 20978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5746381832847360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/oggparsevorbis: Error out on double init of vpMichael Niedermayer2020-07-031-1/+6
| | | | | | | | | | Fixes: memleak Fixes: 19949/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5743636058210304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2a3bbc0086aa608cc0465dd14901178d41cfe113) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pnmdec: Use unsigned for maxval rescalingMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 65535 * 55335 cannot be represented in type 'int' Fixes: 21955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5669206981083136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 49459aca47d4803b2188fbf12b758bd2b01e91d7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ivi: Clear got_p_frame before decoding a new frame using itMichael Niedermayer2020-07-031-0/+2
| | | | | | | | | | Fixes: assertion failure Fixes: 21666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5706468994318336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1d633e6a0a61118c9b2d1785d96bdebaa8c38592) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dsddec: Check channelsMichael Niedermayer2020-07-031-0/+3
| | | | | | | | | | | Fixes: division by zero Fixes: 21677/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_MSBF_fuzzer-5712547983654912 Fixes: 21751/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_LSBF_fuzzer-5197097180856320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2570a8777e7095358b10f679d35641e114a2ab33) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/xvididct: Fix integer overflow in idct_row()Michael Niedermayer2020-07-031-18/+18
| | | | | | | | | | Fixes: signed integer overflow: -1238335488 + -1003634688 cannot be represented in type 'int' Fixes: 21649/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5112005765890048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 620236e4d2ac46821911b99fa4551868675d4ed9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Fix integer overflows in revert_inter_ch_decorr()Michael Niedermayer2020-07-031-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -717241856 + -1434459904 cannot be represented in type 'int' Fixes: 21405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5677143666458624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e9a4c4fe9918220be492a4a9d74c2293fd706be3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cbs_jpeg: Fix infinite loop in cbs_jpeg_split_fragment()Michael Niedermayer2020-07-031-3/+2
| | | | | | | | | | Fixes: Timeout Fixes: 21104/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5129580475318272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a3dc67c9840f6ba6cdf6233248897146e9171cc8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpegenc: Fix integer overflow with AV_NOPTS_VALUEMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -9223372036854775808 - 45000 cannot be represented in type 'long' Fixes: ticket8187 Found-by: Suhwan Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9874815b1aadadd7fd19aa6aabb7d9193f2f43d5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/swfenc: Fix integer overflow in frame rate handlingMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 30000299 * 256 cannot be represented in type 'int' Fixes: ticket8184 Found-by: Suhwan Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 31f956acadd994b8c4e22b714aaffee0f527c827) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aadec: Check toc_size to contain the minimum to demuxer usesMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: out of array access Fixes: stack-buffer-overflow-READ-0x0831fff1 Found-by: GalyCannon <galycannon@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit daa2482871dffa9af12fa6d874a3d2dedd73f42e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cbs_h265_syntax_template: Limit num_long_term_pics more strictlyMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | | The limit is based on hevcdec.c Fixes: 20854/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-5160442882424832 Fixes: out of array access Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 435fa373d1f5045b17de74934e44863e2fb3071f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-16 03:27:01 +0000