summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Changelog: updaten4.4.2Michael Niedermayer2022-04-141-0/+3
| | | | Signed-off-by: Michael Niedermayer <[email protected]>
* fate: update reference files after the recent dash manifest muxer changesJames Almer2022-04-084-4/+4
| | | | | | | Missed in 487b49d8f2e1e81dce86230fc957ca2ee9de00ee. Signed-off-by: James Almer <[email protected]> (cherry picked from commit aa0829d834232b13e513fb88b2b9a2b74918e05c)
* avformat/webmdashenc: fix on-demand profile stringJames Almer2022-04-081-1/+1
| | | | | | | Fixes ticket #9596 Signed-off-by: James Almer <[email protected]> (cherry picked from commit 487b49d8f2e1e81dce86230fc957ca2ee9de00ee)
* Update for FFmpeg 4.4.2Michael Niedermayer2022-04-063-2/+114
| | | | Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/exr: Avoid signed overflow in displayWindowMichael Niedermayer2022-04-061-2/+2
| | | | | | | | | | | | | | | The inputs are unused except for this computation so wraparound does not give an attacker any extra values as they are already fully controlled Fixes: signed integer overflow: 0 - -2147483648 cannot be represented in type 'int' Fixes: 45820/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5766159019933696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 1291568c9834c02413ab5d87762308f15b4ae9c6) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/diracdec: avoid signed integer overflow in global mvMichael Niedermayer2022-04-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -128275513086 * -76056576 cannot be represented in type 'long' Fixes: 45818/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5129799149944832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7f1279684e8e1e33c78577b7f0265c062e4e6232) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/takdsp: Fix integer overflow in decorrelate_sf()Michael Niedermayer2022-04-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -101 * 71041254 cannot be represented in type 'int' Fixes: 45938/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-4687974320701440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 01d8c887f63bcb1f870034ed441504b3daffc645) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/apedec: fix a integer overflow in long_filter_high_3800()Michael Niedermayer2022-04-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -2146549696 - 3923884 cannot be represented in type 'int' Fixes: 45907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5992380584558592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b085b400becb93ccc68d786ab738b1fc50408b89) Signed-off-by: Michael Niedermayer <[email protected]>
* avfilter/vf_subtitles: pass storage size to libassOneric2022-04-061-1/+8
| | | | | Due to a quirk of the ASS format some tags depend on the exact storage resolution of the video, so tell libass via ass_set_storage_size.
* avformat/aqtitledec: Skip unrepresentable durationsMichael Niedermayer2022-04-061-1/+2
| | | | | | | | | | Fixes: signed integer overflow: -5 - 9223372036854775807 cannot be represented in type 'long' Fixes: 45665/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-475618463934054 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c2d1597a8a6470045a8da241d4f65c81f26c3107) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/cafdec: Do not store empty keys in read_info_chunk()Michael Niedermayer2022-04-061-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 45543/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5684953164152832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7ec28e1d4cef723485f50f7a08859752b79b570c) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mxfdec: Do not clear array in mxf_read_strong_ref_array() before ↵Michael Niedermayer2022-04-061-1/+1
| | | | | | | | writing Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7aebdb8bf1fc3e09263617a7f49101cba2d43804) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mxfdec: Check for avio_read() failure in mxf_read_strong_ref_array()Michael Niedermayer2022-04-061-1/+7
| | | | | | | | | Fixes: 42827/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4900528511909888 Reviewed-by: Tomas Härdin <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8d6f49cfc339825f3f3f8a910e4bb4c0f822db1f) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mxfdec: Check count in mxf_read_strong_ref_array()Michael Niedermayer2022-04-061-1/+7
| | | | | | | Reviewed-by: Tomas Härdin <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 3015c556f316d4ab364ed55e8bc97cc0f2cc57a3) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/hls: Check target_durationMichael Niedermayer2022-04-061-1/+7
| | | | | | | | | | | Fixes: signed integer overflow: 77777777777777 * 1000000 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/pixlet: Avoid signed integer overflow in scaling in filterfn()Michael Niedermayer2022-04-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 11494 * 1073741824000000 cannot be represented in type 'long' Fixes: 26586/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5752633970917376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0c1f20c6c858b753effda274b58ef635d1924915) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Check pre_nsMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | | Fixes: division by 0 Fixes: 44615/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6681108677263360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 710e51677a6f3a5c2b37dc31a597957a22a5e531) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/sonic: Use unsigned for predictor_k to avoid undefined behaviorMichael Niedermayer2022-04-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -1094995529 * 24 cannot be represented in type 'int' Fixes: 44436/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-4874459459223552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 28008bf95ed9b2ab5945ae6658358ad7c7f1df35) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/libuavs3d: Check ff_set_dimensions() for failureMichael Niedermayer2022-04-061-1/+3
| | | | | | | | Untested, no testcase Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e88b99afdffce269e7a6a588948c4e00b86536f6) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mjpegbdec: Set buf_sizeMichael Niedermayer2022-04-061-0/+1
| | | | | | | | Fixes: Timeout Fixes: 45170/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-5874820431085568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Use rounded down duration in get_cue_desc() checkMichael Niedermayer2022-04-061-1/+3
| | | | | | | | | | | | Floating point is evil, it would be better if duration was not a double Fixes: Infinite loop Fixes: 45123/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6725052291219456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit bd3a03db9aef72ee36a7cc964171e9f52967f4bc) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/argo: Check packet sizeMichael Niedermayer2022-04-061-0/+3
| | | | | | | | | | Fixes: Timeout Fixes: 45052/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-6033489206575104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 1bed27acefaab1b4c1813b8adc6468ca952a43f3) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/g729_parser: Check channelsMichael Niedermayer2022-04-061-0/+3
| | | | | | | | | | | Fixes: signed integer overflow: 10 * 808464428 cannot be represented in type 'int' Fixes: assertion failure Fixes: ticket9651 Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 757da974b21833529cc41bdcc9684c29660cdfa8) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/avidec: Check heightMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: Ticket8486 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ec8ff659f57786c4cb089b07dfeab7e5cbab8d52) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/rmdec: Better duplicate tags checkMichael Niedermayer2022-04-061-4/+5
| | | | | | | | | | Fixes: memleaks Fixes: 44810/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5619494647627776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 15a646e5018078a0954918f510f819a5599f0445) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Disallow empty sidxMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | | | | It appears this is not allowed "Each Segment Index box documents how a (sub)segment is divided into one or more subsegments (which may themselves be further subdivided using Segment Index boxes)." Fixes: Null pointer dereference Fixes: Ticket9517 Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 4419433d77278cb742944c4514be5f72a04103c0) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/argo_asf: Fix order of operations in error check in ↵Michael Niedermayer2022-04-061-1/+1
| | | | | | | | argo_asf_write_trailer() Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c8c12fb5d69107f94c5a0be14d0f3646861c60d1) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Check durationMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | | | Fixes: -nan is outside the range of representable values of type 'long' Fixes: 44614/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6216204841254912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 36680078ca3302496d9b0b8a8d7168ce9eabb2bc) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Corner case encryption error cleanup in mov_read_senc()Michael Niedermayer2022-04-061-0/+2
| | | | | | | | | | Fixes: memleak Fixes: 42341/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4566632823914496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8ee0e4abcb8af36cae4eb24d4d6229461c1e3333) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/jpeglsdec: Fix if( code styleMichael Niedermayer2022-04-061-3/+3
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f306b8e80ab04cfd8f6cd577a4484cb791d6e765) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for errorMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | | | | | | | | Fixes: Timeout Fixes: Invalid shift Fixes: 44548/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-556487680891289 Fixes: 44569/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-6302543246917632 Fixes: 44570/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-4550196556595200 Fixes: 44592/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5651610385121280 Fixes: 44571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5094698987945984 Fixes: 44607/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5341352013987840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 151f83584eeb1912c8bdcd0c1ab1296e8664a0de) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/motion_est: fix indention of ff_get_best_fcode()Michael Niedermayer2022-04-061-3/+3
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ce43e1c581b4ed539ab366cc3df458779e8a44b8) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode()Michael Niedermayer2022-04-061-2/+1
| | | | | | | | | This codepath seems untested, no testcases change Found-by: <mkver> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 634312a70f4d5afd40058c52b4d8eade1da07a70) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/hls: Use unsigned for iv computationMichael Niedermayer2022-04-061-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: 9223372036854775748 + 60 cannot be represented in type 'long' Fixes: 44417/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5802443881971712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit bf33a384995ac21aa41422c6246ebdc5d9632452) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using ↵Michael Niedermayer2022-04-061-1/+1
| | | | | | | | | | | | | | unsigned Fixes: left shift of 32768 by 16 places cannot be represented in type 'int' Fixes: Timeout Fixes: 44219/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-4679455379947520 Fixes: 44088/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-4885976600674304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 6ee283d7d001cfcfec94a023e172bca731e96514) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Check desc_bytesMichael Niedermayer2022-04-061-4/+8
| | | | | | | | | | Fixes: Division by 0 Fixes: 44035/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4826721386364928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 5038933977d06d1048b41d71e0ada4d1ac536ddc) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()Michael Niedermayer2022-04-061-1/+1
| | | | | | | | | | Fixes: pointer index expression with base 0x000000000000 overflowed to 0xffffffffffffffff Fixes: 44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5670607746891776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 59328aabd2c789ae053e18a62a20a7addfd4d069) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/matroskadec: Fix infinite loop with bz decompressionMichael Niedermayer2022-04-061-2/+2
| | | | | | | | | | | | | The same check is added to zlib too, it seems not needed there though Fixes: Infinite loop Fixes: 43932/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6175167573786624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9c3d2cbb510674226b0c8fa6b146bf891f83786c) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check size before subtractionMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | | Fixes: signed integer overflow: -9223372036854775808 - 8 cannot be represented in type 'long' Fixes: 43542/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5237670148702208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d8d9d506a3de976b647bcbb8f76c7b8d30eff576) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/cfhd: Avoid signed integer overflow in coeffMichael Niedermayer2022-04-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 15244032 * 256 cannot be represented in type 'int' Fixes: 43504/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4865014842916864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit cd6ac013a00373126bf3d313743d39b5edd5428a) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/apedec: Fix integer overflows in predictor_update_3930()Michael Niedermayer2022-04-061-8/+8
| | | | | | | | | | Fixes: signed integer overflow: 1074134419 - -1075212485 cannot be represented in type 'int' Fixes: 43273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-4706880883130368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0c9c9bbd01bd82c35b6a908592d9dd6d9f4bd4a0) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/apedec: fix integer overflow in 8bit samplesMichael Niedermayer2022-04-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483542 + 128 cannot be represented in type 'int' Fixes: 42812/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6344057861832704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7cee3b37187dbf61dbebff023f07ceedfc0129bb) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/flvdec: timestamps cannot use the full int64 rangeMichael Niedermayer2022-04-061-0/+2
| | | | | | | | | | | We do not support this as we multiply by 1000 Fixes: signed integer overflow: -45318575073853696 * 1000 cannot be represented in type 'long' Fixes: 42804/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-4630325425209344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c217ca7718c8e24905d7ba9ede719ae040899476) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/tiff: Remove messing with jpeg contextMichael Niedermayer2022-04-061-22/+2
| | | | | | | | | | | | | | | | | | The whole concept is just not correct, also as it seems not to be needed at all, all dng files i have decode without this. Fixes: various crashes Fixes: 42937/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4625073334517760 Fixes: 42938/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4643368217477120 Fixes: 42939/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4925325908246528 Fixes: 42940/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4925378806808576 Fixes: 42941/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6202009265504256 Fixes: 42944/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6076860998483968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit afdbc940c6011b64c1856f88d2b0609369f87406) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/tiff: Use ff_set_dimensions() for setting up mjpeg context dimensionsMichael Niedermayer2022-04-061-7/+8
| | | | | | | | | | | | | sets coded_width / coded_height too to keep them consistent with width / height Fixes: OOM Fixes: 42263/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5653333619113984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit cfa1f0e214d07f0fdc027f2ec760eb9fd3fac85e) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/tiff: Pass max_pixels to mjpeg contextMichael Niedermayer2022-04-061-0/+1
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d6c16f42ccebca917bb9861c619abcf71ab25762) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/vqavideo: reset accounting on errorMichael Niedermayer2022-04-061-3/+4
| | | | | | | | | | Fixes: Timeout (same growing chunk is decoded to failure repeatedly) Fixes: 42582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-6531195591065600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d8ea7a67ba62f5d4520e75e56b9954d80e7ff223) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/alacdsp: fix integer overflow in decorrelate_stereo()Michael Niedermayer2022-04-061-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: -16777216 * 131 cannot be represented in type 'int' Fixes: 23835/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5669943160078336 Fixes: 41101/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-4636330705944576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 68457c1e85122ffcadb0c909070dd210095fd2cd) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/4xm: Check for duplicate track idsMichael Niedermayer2022-04-061-0/+3
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit dd949124793c722ed55dead9da245574ace81968) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/4xm: Consider max_streams on reallocating tracks arrayMichael Niedermayer2022-04-061-1/+2
| | | | | | | | | | Fixes: OOM Fixes: 41595/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-6355979363549184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0dcd95ef8a2e16ed930296567ab1044e33602a34) Signed-off-by: Michael Niedermayer <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-23 11:18:37 +0000