aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/wmalosslessdec: Fix integer overflow with sliding in padding bitsMichael Niedermayer2020-07-011-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -53716100 * 256 cannot be represented in type 'int' Fixes: 20143/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5716604000403456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b8a0be93528187721a2414f66abbc252a258afa3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Fix loop in revert_acfilter()Michael Niedermayer2020-07-011-2/+5
| | | | | | | | | | | | Fixes: out of array read Fixes: 20059/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5691776237305856 No testcase except the fuzzed one. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5584c0bb945d6010a9d8c22ef3270792022e1761) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/lagarith: Sanity check scaleMichael Niedermayer2020-07-011-0/+3
| | | | | | | | | | | | A value of 24 and above can collaps the range to 0 which would not work. Fixes: Timeout (75sec -> 21sec) Fixes: 18707/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-5708950892969984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fb3855342b9e4c577c63b38a7a5a574830a21934) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflows in predictor_decode_mono_3950()Michael Niedermayer2020-07-011-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147407150 + -1871606 cannot be represented in type 'int' Fixes: 18702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679095417667584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit eb64a5c6f94981e4a68ad65a6e445557e11c08fc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ralf: Fix integer overflow in apply_lpc()Michael Niedermayer2020-07-011-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: 2147482897 + 2048 cannot be represented in type 'int' Fixes: 19240/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5743240326414336 Fixes: 19869/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5150136636538880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fd313d8cf8368918882b6de0880e44ae25cc7394) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dca_lbr: Fix some error codes and error passingMichael Niedermayer2020-07-011-69/+93
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bfea054a75f17d140f2f171056a801c4c89f6d26) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmavoice: Fix rounding and integer anomalies in calc_input_response()Michael Niedermayer2020-07-011-2/+4
| | | | | | | | | | | | Fixes: out of array access Fixes: inf is outside the range of representable values of type 'int' Fixes: signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long' Fixes: 19316/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5677369365102592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38d37584448731f90977132b838d50ff1a28811b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pcm: Fix invalid shift in pcm_decode_frame for LXFMichael Niedermayer2020-07-011-1/+1
| | | | | | | | | | Fixes: left shift of 32 by 28 places cannot be represented in type 'int' Fixes: 19472/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_LXF_fuzzer-5704364320096256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 985d3666f672781152f4b68093740ea6a9888194) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snappy: Sanity check bytestream2_get_levarint()Michael Niedermayer2020-07-011-0/+2
| | | | | | | | | | | | Fixes: left shift of 79 by 28 places cannot be represented in type 'int' Fixes: 20202/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5719004081815552 Fixes: 20219/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5641738677125120 Fixes: 20389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5680721517871104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit be54da2117a6f58c14283f2511e71fda8d3bfe9d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mlpdsp: Fix a invalid shift in ff_mlp_rematrix_channel()Michael Niedermayer2020-07-011-1/+1
| | | | | | | | | | | Fixes: left shift of negative value -2 Fixes: 20305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5677196618498048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Jai Luthra <me@jailuthra.in> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fcc9f13717c8c3fe08ca5caf957c39e76ea35e4f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/avdct: Clear IDCTDSPContext contextMichael Niedermayer2020-07-011-1/+1
| | | | | | | | | | Fixes use of uninitialized variable and segfault Reviewed-by: Paul B Mahol <onemda@gmail.com> Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b82825eba837f7cbb24c1d66e93285d029307417) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/x86/diracdsp: Fix high bits on Windows x86_64Michael Niedermayer2020-07-011-1/+1
| | | | | | Found-by: james (cherry picked from commit 24af459d1e568fd134476f305f4fba23bf2c386a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Check STCO locationMichael Niedermayer2020-07-011-0/+4
| | | | | | | | | | | Fixes: bypassing of checks and assertion failure Fixes: asan_1003879.mp4 Found-by: Clusterfuzz + asan Reported-by: Thomas Guilbert <tguilbert@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1cd41840208bce7e690a4ccc48077567418a0aa8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Fix multiple integer overflowsMichael Niedermayer2020-07-011-2/+3
| | | | | | | | | | | | Fixes: left shift of 3329 by 20 places cannot be represented in type 'int' Fixes: signed integer overflow: -199378355 + -1948950833 cannot be represented in type 'int' Fixes: 19837/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5752565837070336 Fixes: 19839/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5767483265122304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 422202516cfb6239abb4e20db9f628f3899a76e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix undefined integer overflow in decode_array_0000()Michael Niedermayer2020-07-011-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -2143289344 - 6246400 cannot be represented in type 'int' Fixes: 19239/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5173755680915456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a3655bb02c21e70573335e9396632f64b2589536) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/smacker: Check space before decoding typeMichael Niedermayer2020-07-011-0/+4
| | | | | | | | | | Fixes: Timeout (232sec -> 280ms) Fixes: 19682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5654129649385472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6f5c18da5977a3214e1ea30e6b0c0d9d858ce83d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/rawdec: Use linesize in b64aMichael Niedermayer2020-07-011-4/+7
| | | | | | | | | | Fixes: out of array access Fixes: 19750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RAWVIDEO_fuzzer-5074834119983104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2b5b9d5dac9a3525d7330662724c0e9045078bfb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/iff: Over-allocate ham_palbuf for HAM6 IFF-PBMMichael Niedermayer2020-07-011-1/+5
| | | | | | | | | | | IFF-PBM-HAM6 can read out of array without this overallocation Fixes: Out of array read Fixes: 19752/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5675331403120640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8652f4e7a15e56fadf9697188c1ed42c9981db82) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/x86/diracdsp: Fix incorrect src addressing in dequant_subband_32()Michael Niedermayer2020-07-011-1/+2
| | | | | | | | | | | | Fixes: Segfault (not reproducable with asm, which made this hard to debug) Fixes: decoding errors Fixes: 19854/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5729372837511168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0694b60b7b4892eac1d6e2aca64de9e0cb096486) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_find_rect: Remove assertMichael Niedermayer2020-07-011-2/+0
| | | | | | | | | | | A score of 0 is possible Fixes: Ticket8500 Reviewed-by: Paul B Mahol <onemda@gmail.com> Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dfc471488675aa257183745502d0074055db3bd2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_find_rect: Increase worst case scoreMichael Niedermayer2020-07-011-2/+2
| | | | | | | | score could be 1.0 which lead to uninitialized values Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ff2474e02200dce7abdea3fd211fcaf49691c2c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* swscale/input: Fix several invalid shifts related to rgb2yuv constantsMichael Niedermayer2020-07-011-4/+4
| | | | | | | | | | Fixes: Invalid shifts Fixes: #8140 Fixes: #8146 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d48e510124d0fea24e2ec27271687c92e4428a18) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* swscale/output: Fix several invalid shifts in yuv2rgb_full_1_c_template()Michael Niedermayer2020-07-011-4/+4
| | | | | | | | | | Fixes: Invalid shifts Fixes: #8320 Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7b7f97532b2ac8836d8d8e3c71dd026e35ae1ca7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* swscale/swscale: Fix several invalid shifts related to vChrDropMichael Niedermayer2020-07-011-2/+2
| | | | | | | | | | | Fixes: Invalid shifts Fixes: #8166 Fixes: filter-crop_scale_vflip FATE-test Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a6ca22c11834c0ff075592e3f051d41068c407db) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_mp4toannexb_bsf: check that nalu size doesnt overflowMichael Niedermayer2020-07-011-2/+1
| | | | | | | | | | Fixes: Out of array access Fixes: 19299/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_MP4TOANNEXB_fuzzer-5169193398042624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a8ceb2a72fa1bef4ab5f1ec6cdc7ce74fffda19d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_mp4toannexb_bsf: Avoid NULL memcpy()Michael Niedermayer2020-07-011-1/+1
| | | | | | | | | | Fixes: invalid memcpy use Fixes: 19299/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_MP4TOANNEXB_fuzzer-5169193398042624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1e23b5a706cd378ed07a200dfee656b38504f165) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: move channel check upMichael Niedermayer2020-07-011-10/+10
| | | | | | | | | | | Fixes: out of array access Fixes: 2nd part of 18429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-6210814364614656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 891bcc4acc93e0c5a75ab7a9da668df84a0edba7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/adpcm: Fix overflow in FFABS() IMA_EA_EACSMichael Niedermayer2020-07-011-1/+1
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 19235/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_EA_EACS_fuzzer-5680878952382464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 794352ae9d1cb32b4b9e45d3affb83763f4ee12e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alac: Fix integer overflow in LPC coefficient adaptionMichael Niedermayer2020-07-011-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 267693597 * 10 cannot be represented in type 'int' Fixes: 19237/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5755407700328448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6a865cec5e7584ef476f394fc55c1fc91cec1a14) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g729postfilter: Optimize out overflowing multiplication from ↵Michael Niedermayer2020-07-011-7/+7
| | | | | | | | | | | | apply_tilt_comp() Fixes: signed integer overflow: -1114392282 * 2 cannot be represented in type 'int' Fixes: 19236/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5741678938030080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c0bd5fa43d193aa389bea7c5176b2fe23f6eeddd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1dec: Check field_mode for spritesMichael Niedermayer2020-07-011-1/+6
| | | | | | | | | | Fixes: Out of array read Fixes: 19263/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5389219325542400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 32fb9198360402941e49aa878b9d33737b654f62) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1dec: Limit bits by the actual bitstream sizeMichael Niedermayer2020-07-011-2/+4
| | | | | | | | | | Fixes: Timeout (350 ->19sec) Fixes: 19249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6566896438870016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c56a52a82c0a4039e606e82b948a8abfe417f35f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vmdaudio: Check block_align moreMichael Niedermayer2020-07-011-1/+3
| | | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 19788/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-5743379690553344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 06f6857b54a7fbbd087b0803f75bed44abed50d9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* configure: bump yearGyan Doshi2020-07-011-1/+1
| | | | | (cherry picked from commit 7b58702cbdce097f32f62c87cd537ab28c04ffb2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pgssubdec: Free subtitle on errorMichael Niedermayer2020-07-011-1/+4
| | | | | | | | | | | Fixes: Assertion failure Fixes: 19753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGSSUB_fuzzer-5688461843759104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b0a718923bb4a75b0c1cbf283fb17a319b840346) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Fix undefined overflow in wavesynth_synth_sample()Michael Niedermayer2020-07-011-1/+2
| | | | | | | | | | Fixes: signed integer overflow: 2147464192 + 21176 cannot be represented in type 'int' Fixes: 19042/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5719828090585088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fa47f6412dbf93b4865adf8c66618906a3274330) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cook: Use 3 stage VLC decoding for channel_couplingMichael Niedermayer2020-07-011-1/+1
| | | | | | | | | | | | Fixes: shift exponent -1 is negative Fixes: out of array read Fixes: 19028/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5759766471376896 Fixes: 19037/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5734106625474560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 89fd76db71d9d4f87c51fee2a2edf99662444df7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Fixes undefined overflow in dequantization in ↵Michael Niedermayer2020-07-011-1/+1
| | | | | | | | | | | | decode_subframe() Fixes: signed integer overflow: 47875596 * 45 cannot be represented in type 'int' Fixes: 19082/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5687766512041984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 53efab44a9d0971c6c12d9b3d1af855ca863c847) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sonic: Check e in get_symbol()Michael Niedermayer2020-07-011-0/+2
| | | | | | | | | | | Fixes: signed integer overflow: 1721520852 + 1721520852 cannot be represented in type 'int' Fixes: 18346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5709623893426176 Fixes: 18753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5663299131932672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aea67556116330d3151e4cd3ef1e266b5d90f388) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/twinvqdec: Correct overflow in block align checkMichael Niedermayer2020-07-011-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int' Fixes: 19126/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TWINVQ_fuzzer-5687464110325760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4dc93ae3d725e892927f04002021337c2f90252a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1dec: Fix "return -1" casesMichael Niedermayer2020-07-011-4/+4
| | | | | | | Reviewed-by: "mypopy@gmail.com" <mypopy@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 26f040bcb4a1db78d1311af2e69de6984ecb43e5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1dec: Free sprite_output_frame on errorMichael Niedermayer2020-07-011-2/+9
| | | | | | | | | | Fixes: memleaks Fixes: 19471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5688035714269184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3ee9240be3e4044ae9e60a9a3a68820bf8075299) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmadec: Keep track of exponent initialization per channelMichael Niedermayer2020-07-012-4/+7
| | | | | | | | | | Fixes: division by 0 Fixes: 19123/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5655493121146880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bf5c850b795126d4f60dd9498c06f0492f5726a7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/iff: Check that video_size is large enough for the read parametersMichael Niedermayer2020-07-011-0/+2
| | | | | | | | | | | | | video is allocated before parameters like bpp are read. Fixes: out of array access Fixes: 19084/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5718556033679360 Fixes: 19465/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5759908398235648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f1b97f62f86d5dca35d01d7a5ebbc5dca2a88ae6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/adpcm: Clip predictor for APCMichael Niedermayer2020-07-011-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 13 cannot be represented in type 'int' Fixes: 18893/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_APC_fuzzer-5630760442920960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9fe07908c3f67d59cf4db5668d61b34506189590) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/targa: Check colors vs. available spaceMichael Niedermayer2020-07-011-6/+6
| | | | | | | | | | Fixes: Timeout (37sec -> 52ms) Fixes: 18892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TARGA_fuzzer-5739537854889984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 01593278cef06dbb4491d50d03b72198d2848adf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dstdec: Use get_ur_golomb_jpegls()Michael Niedermayer2020-07-011-1/+1
| | | | | | | | | | | Fixes: shift exponent -4 is negative Fixes: 17793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5766088435957760 Fixes: 18989/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5175008116867072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a76690c02b4fd12d7fac6f753af8bad72c82d55c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmavoice: Check remaining input in parse_packet_header()Michael Niedermayer2020-07-011-0/+3
| | | | | | | | | | Fixes: Infinite loop Fixes: 18914/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5731902946541568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 19c41969b26d07519fff8182a0d3266cdb712078) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Fix 2 overflows in mclmsMichael Niedermayer2020-07-011-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2038337026 + 109343477 cannot be represented in type 'int' Fixes: 18886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5673660505653248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 92455c8c65c403ea696cb8c63d474d386d631bbd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmaprodec: Fixes integer overflow with 32bit samplesMichael Niedermayer2020-07-011-1/+1
| | | | | | | | | | Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 18860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5755223125786624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a9cc69c0d59057ea172a107e0308fdf5fd8fc04e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-12 22:59:47 +0000