aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* avformat/oggparsecelt: Do not re-allocate os->privateMichael Niedermayer2017-08-231-2/+7
| | | | | | | | | | | Fixes: double free Fixes: clusterfuzz-testcase-minimized-5080550145785856 Found-by: ClusterFuzz Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7140761481e4296723a592019a0244ebe6c1a8cf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* doc/filters: typo in frei0rBrice Waegeneire2017-08-231-1/+1
| | | | | | | Signed-off-by: Brice Waegeneire <brice.wge@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6a6eec485d23b0c47a7cfeb94995db1be91c0e1a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix invalid shiftMichael Niedermayer2017-08-231-2/+2
| | | | | | | | | | Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 2377/clusterfuzz-testcase-minimized-6108505935183872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c07af720984acaafaa273369080b458d73975775) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vb: Check vertical GMC component before multiplyMichael Niedermayer2017-08-231-0/+4
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 8224 * 663584 cannot be represented in type 'int' Fixes: 2393/clusterfuzz-testcase-minimized-6128334993883136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bc6ab72bc7af27189e7b524b97e45c6fcadab5cf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflowMichael Niedermayer2017-08-231-3/+5
| | | | | | | | | | Fixes: out of array access Fixes: PoC.ape and others Found-by: Bingchang, Liu@VARAS of IIE Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ba4beaf6149f7241c8bd85fe853318c2f6837ad0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix integer overflow in wv_unpack_stereo()Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2080374785 + 2080374784 cannot be represented in type 'int' Fixes: 2351/clusterfuzz-testcase-minimized-5359403240783872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 73ea2a028e12a7d779834f78dc496c8c4b08361f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Fix GMC with videos of dimension 1Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | Fixes: runtime error: shift exponent -1 is negative Fixes: 2338/clusterfuzz-testcase-minimized-5153426541379584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4976a3411f71518d17a57e373b62517f066648fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix integer overflowMichael Niedermayer2017-08-231-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 227511904 + 1964113935 cannot be represented in type 'int' Fixes: 2331/clusterfuzz-testcase-minimized-6182185830711296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 24e95f9d4de012f51fdd5767dff0b3142e13ec3a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/takdec: Fix integer overflowMichael Niedermayer2017-08-231-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 512 + 2147483146 cannot be represented in type 'int' Fixes: 2314/clusterfuzz-testcase-minimized-4519333877252096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0c2ef4f6b4d52a7b7184c747ffea3576926ea1b1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_filter: Fix invalid shiftMichael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | Fixes: runtime error: left shift of negative value -1 Fixes: 2299/clusterfuzz-testcase-minimized-4843509351710720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d7b3d5c3f2e2ff1994762b5e09c05fbc33790b5b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Fix overflow in virtual_ref computationMichael Niedermayer2017-08-231-8/+8
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 262144 * -16120 cannot be represented in type 'int' Fixes: 2292/clusterfuzz-testcase-minimized-6156080415506432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5443c4bdf4828ac5b7b19cf54feb496c2da40079) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix undefined integer negationMichael Niedermayer2017-08-231-2/+2
| | | | | | | | | | Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 2291/clusterfuzz-testcase-minimized-5538453481586688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f89747086af741ddc34e2378cde8519b8faee78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_mb: Fix 8x8dct in lossless for new versions of x264Anton Mitrofanov2017-08-231-1/+1
| | | | | | Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 06dda70f1e7c69a3b1684af5e6930431c62c527a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_cabac: Fix CABAC+8x8dct in 4:4:4Anton Mitrofanov2017-08-231-14/+33
| | | | | | | | | Use the correct ctxIdxInc calculation for coded_block_flag. Keep old behavior for old versions of x264 for backward compatibility. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 840b41b2a643fc8f0617c0370125a19c02c6b586) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/takdec: Fixes: integer overflow in AV_SAMPLE_FMT_U8P outputMichael Niedermayer2017-08-231-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2147483543 + 128 cannot be represented in type 'int' Fixes: 2234/clusterfuzz-testcase-minimized-6266896041115648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 27c20068054d8c6786833234f7b6db19f1e98362) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcpred_template: Fix left shift of negative valueMichael Niedermayer2017-08-231-1/+1
| | | | | | | | | | Fixes: runtime error: left shift of negative value -1 Fixes: 2250/clusterfuzz-testcase-minimized-5693382112313344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c94326c1fc2fb5719c6f28fe1b95c0c74417998b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdec: Fix signed integer overflow in decode_lt_rps()Michael Niedermayer2017-08-231-2/+6
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2147483647 + 6 cannot be represented in type 'int' Fixes: 2263/clusterfuzz-testcase-minimized-4800359627227136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1edbf5e20c75f06d6987bc823e63aa4e649ccddd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Check nonzerobits more completelyMichael Niedermayer2017-08-231-2/+2
| | | | | | | | | | Fixes: runtime error: shift exponent 36 is too large for 32-bit type 'int' Fixes: 2239/clusterfuzz-testcase-minimized-5639766592716800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dfb61ea2630029b7aec7911aade769bf1a914eea) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Sanity check maxnlpcMichael Niedermayer2017-08-231-0/+4
| | | | | | | | | | Fixes OOM Fixes: 2131/clusterfuzz-testcase-minimized-4718045157130240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e77ddd31a8e14bcf5eccd6008d866ae90b4b0d4c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdec: Check nb_spsMichael Niedermayer2017-08-231-0/+2
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bc406744620710911de9157eafa3e61d0246566f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_refs: Check nb_refs in add_candidate_ref()Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | Fixes: runtime error: index 16 out of bounds for type 'int [16]' Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1cb4ef526dd1e5f547d0354efb0831d07e967919) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Check sprite delta upshift against overflowing.Michael Niedermayer2017-08-231-8/+10
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -268386304 * 16 cannot be represented in type 'int' Fixes: 2204/clusterfuzz-testcase-minimized-5616756909408256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 12245ab1f677074b8ff83e87f76a41aba692ccd6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 caseMichael Niedermayer2017-08-231-20/+20
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 131072 + 2147352576 cannot be represented in type 'int' Fixes: 2192/clusterfuzz-testcase-minimized-5370387988742144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0a87be404ab7e3f47e67e79160dcc9623e36835b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix runtime error: signed integer overflow: 1886191616 + ↵Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | 277872640 cannot be represented in type 'int' Fixes: 2181/clusterfuzz-testcase-minimized-6314784322486272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c996374d4d86e0efbef71812448b4c65656bc667) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowdec: Fix runtime error: left shift of negative value -1Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | Fixes: 2197/clusterfuzz-testcase-minimized-6010716676947968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2e44126363bc9e23093ceced5d7bde1ee4bbb338) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Fix leak of geotags[].valMichael Niedermayer2017-08-231-0/+2
| | | | | | | | | Fixes: 2176/clusterfuzz-testcase-minimized-5908197216878592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 22a25ab3896cbb8dceebdba4d439e8b2b398ff0e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ra144: Fix runtime error: signed integer overflow: -2200 * 1033073 ↵Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | cannot be represented in type 'int' Fixes: 2175/clusterfuzz-testcase-minimized-5809657849315328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 71da0a5c9750e9fd0c9609470f610d32952923eb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/flicvideo: Fix runtime error: signed integer overflow: 4864 * 459296 ↵Michael Niedermayer2017-08-231-0/+10
| | | | | | | | | | | cannot be represented in type 'int' Fixes: 2174/clusterfuzz-testcase-minimized-5739234533048320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 90e8317b3b33dcb54ae01e419d85cbbfbd874963) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec_fixed: Fix multiple runtime error: signed integer overflow: ↵Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | -39271008 * 59 cannot be represented in type 'int' Fixes: 2113/clusterfuzz-testcase-minimized-6510704959946752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4e3ab1a5c12fe3a88f44b734d3f2e25f4769ec47) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pafvideo: Fix assertion failureMichael Niedermayer2017-08-231-1/+1
| | | | | | | | | Fixes: 2100/clusterfuzz-testcase-minimized-4522961547558912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c4360559ee2a6c8c624f24fc7e2a1cf00972ba68) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/takdec: Fix multiple runtime error: signed integer overflow: 637072 ↵Michael Niedermayer2017-08-231-2/+2
| | | | | | | | | | | * 4096 cannot be represented in type 'int' Fixes: 2079/clusterfuzz-testcase-minimized-5345861779324928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e4efd41b83e78c7f2ee3e74bee90226110743a8e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Check that reference frame matches the current frameMichael Niedermayer2017-08-231-0/+9
| | | | | | | | | | Fixes: out of array read Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4705edbbb96e193f51c72248f508ae5693702a48) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Avoid loosing allocated geotag valuesMichael Niedermayer2017-08-231-0/+2
| | | | | | | | | | Fixes memleak Fixes: 2076/clusterfuzz-testcase-minimized-6542640243802112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d7cbeab4c1381f95ed0ebf85d7950bee96f66164) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cavs: Fix runtime error: signed integer overflow: -12648062 * 256 ↵Michael Niedermayer2017-08-231-2/+1
| | | | | | | | | | | cannot be represented in type 'int' Fixes: 2067/clusterfuzz-testcase-minimized-5578430902960128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1e6ee86d9254e8fd2158cc9a31d3be96b0809411) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/hls: Check local file extensionsMichael Niedermayer2017-08-231-4/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reduces the attack surface of local file-system information leaking. It prevents the existing exploit leading to an information leak. As well as similar hypothetical attacks. Leaks of information from files and symlinks ending in common multimedia extensions are still possible. But files with sensitive information like private keys and passwords generally do not use common multimedia filename extensions. It does not stop leaks via remote addresses in the LAN. The existing exploit depends on a specific decoder as well. It does appear though that the exploit should be possible with any decoder. The problem is that as long as sensitive information gets into the decoder, the output of the decoder becomes sensitive as well. The only obvious solution is to prevent access to sensitive information. Or to disable hls or possibly some of its feature. More complex solutions like checking the path to limit access to only subdirectories of the hls path may work as an alternative. But such solutions are fragile and tricky to implement portably and would not stop every possible attack nor would they work with all valid hls files. Developers have expressed their dislike / objected to disabling hls by default as well as disabling hls with local files. There also where objections against restricting remote url file extensions. This here is a less robust but also lower inconvenience solution. It can be applied stand alone or together with other solutions. limiting the check to local files was suggested by nevcairiel This recommits the security fix without the author name joke which was originally requested by Nicolas. Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 189ff4219644532bdfa7bab28dfedaee4d6d4021) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_ps: Fix runtime error: index 32 out of bounds for type 'uint8_t ↵Michael Niedermayer2017-08-231-0/+6
| | | | | | | | | | | [32]' Fixes: 2010/clusterfuzz-testcase-minimized-6209288450080768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 29808fff339da3e0f26131f7a6209b853947a54b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pafvideo: Check packet size and frame code before ff_reget_buffer()Michael Niedermayer2017-08-231-4/+11
| | | | | | | | | | Fixes 1745/clusterfuzz-testcase-minimized-6160693365571584 Fixes: Timeout Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit faa5a2181df53b5226f998a20b735798addcd365) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec_fixed: Fix runtime error: left shift of 419 by 23 places ↵Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | cannot be represented in type 'int' Fixes: 1352/clusterfuzz-testcase-minimized-5757565017260032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 136ce8baa4fc16cf38690cb457f7356c00e00a28) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix runtime error: shift exponent 32 is too large for ↵Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | 32-bit type 'int' Fixes: 1967/clusterfuzz-testcase-minimized-5757031199801344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8b3e580b7f436206e84dac89415e057fa9abdab8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix runtime error: signed integer overflow: 2013265955 - ↵Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | -134217694 cannot be represented in type 'int' Fixes: 1922/clusterfuzz-testcase-minimized-5561194112876544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a47273c803edfbc43793349b74429ae29b05c003) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cinepak: Check input packet size before frame reallocationMichael Niedermayer2017-08-231-3/+3
| | | | | | | | | Reduces time spend decoding 1917/clusterfuzz-testcase-minimized-5023221273329664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e47057e932ff9a071d52fa1d5d4a956340eb2475) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_ps: Fix runtime error: signed integer overflow: 2147483628 + ↵Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | 256 cannot be represented in type 'int' Fixes: 1909/clusterfuzz-testcase-minimized-6732072662073344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6726328f7940a76c43b4d97ac37ababf363d042f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ra144: Fixes runtime error: signed integer overflow: 7160 * 327138 ↵Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | cannot be represented in type 'int' Fixes: 1908/clusterfuzz-testcase-minimized-5392712477966336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 08cb69e870c1b2fdc3574780a3662b92bfd6ef79) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pnm: Use ff_set_dimensions()Michael Niedermayer2017-08-231-4/+8
| | | | | | | | | | Fixes: OOM Fixes: 1906/clusterfuzz-testcase-minimized-4599315114754048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1c0d1d906d27d3f9e1b058bb065f897f90c1c7c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cavsdec: Fix runtime error: signed integer overflow: 59 + 2147483600 ↵Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | cannot be represented in type 'int' Fixes: 1903/clusterfuzz-testcase-minimized-5359318167715840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 58f8cd4ac576028ef492a005bd06b1f22c3a6879) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Limit formats in gab2 to srt and ass/ssaMichael Niedermayer2017-08-231-0/+3
| | | | | | | | | | | This prevents part of one exploit leading to an information leak Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a5d849b149ca67ced2d271dc84db0bc95a548abb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/acelp_pitch_delay: Fix runtime error: value 4.83233e+39 is outside ↵Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | the range of representable values of type 'float' Fixes: 1902/clusterfuzz-testcase-minimized-4762451407011840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 87bddba43b725d43767f2a387cdea0936ac1b549) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Check float_shiftMichael Niedermayer2017-08-231-0/+6
| | | | | | | | | | Fixes: runtime error: shift exponent 40 is too large for 32-bit type 'unsigned int' Fixes: 1898/clusterfuzz-testcase-minimized-5970744880136192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4020b009d1e88ff10abd25fb768165afa546851d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix runtime error: signed integer overflow: 24 * ↵Michael Niedermayer2017-08-231-1/+1
| | | | | | | | | | | -2147483648 cannot be represented in type 'int' Fixes: 1894/clusterfuzz-testcase-minimized-4716739789062144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d90c5bf10559554d6f9cd1dfb90767b991b76d5d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ansi: Fix frame memleakMichael Niedermayer2017-08-231-4/+5
| | | | | | | | | Fixes: 1892/clusterfuzz-testcase-minimized-4519341733183488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e091b9b3c7859030f2896ca2ae96faa3afc694a1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 02:07:31 +0000