aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* avcodec/faxcompr: Check available bits in decode_uncompressed()Michael Niedermayer2021-09-111-0/+2
| | | | | | | | | | | Fixes: Timeout Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112 Fixes: 34966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4587409334468608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ff56c139e07a4de2803b974b6595f6b71fbf53bd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/faxcompr: Check if bits are available before reading in cmode == 9 ↵Michael Niedermayer2021-09-111-1/+4
| | | | | | | | | | | | || cmode == 10 Fixes: Timeout Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7d8421e3d5bc1300687a65384baccbcb3874b7ac) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: do "calc from frame_bytes, channels, and block_align" in 64bitMichael Niedermayer2021-09-111-9/+17
| | | | | | | | | | Fixes: signed integer overflow: 104962766 * 32 cannot be represented in type 'int' Fixes: 33614/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6252129036664832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3447979d08d701581a65f7275425cb1a59302319) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ttadata: Add sentinel at the end of ff_tta_shift_1Michael Niedermayer2021-09-111-1/+2
| | | | | | | | | | Fixes: out of array access Fixes: 34933/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5629322560929792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dbbcfbcc4e4f0e91f814f2e13ced7b6d99069518) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_dctdnoiz: Check threadsMichael Niedermayer2021-09-111-0/+3
| | | | | | | | | Fixes: floating point division by 0 Fixes: Ticket 8269 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4a3917c02c428b11128ac3d4a01b780ea44aa53c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_ciescope: Fix undefined behavior in rgb_to_xy() with blackMichael Niedermayer2021-09-111-1/+2
| | | | | | | | | | Fixes: floating point division by 0 Fixes: undefined behavior in handling NaN Fixes: Ticket 8268 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3d500e62f6206ad11308b18976246366aed8c1a5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rpl: Check for EOF and zero framesizeMichael Niedermayer2021-09-111-1/+1
| | | | | | | | | | | Fixes: Infinite loop Fixes: 34751/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5439330800762880 Fixes: 34774/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5851571660390400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a0a4a527c3b0819368d9b148542bb7663f39df79) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc2enc: Check for non negative slice boundsMichael Niedermayer2021-09-111-0/+2
| | | | | | | | | Fixes: invalid shifts Fixes: Ticket 8221 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f7862e82686b347eb6a9e64fa7ccdf25d5a76b4b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rpl: Use 64bit in bitrate computation and check itMichael Niedermayer2021-09-111-2/+4
| | | | | | | | | | Fixes: signed integer overflow: 777777776 * 4 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6726188921913344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 29b244ffc15abe2c24d2145f63048e8b3bdaa303) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/svq1enc: Do not print debug RD value before it has been computedMichael Niedermayer2021-09-111-3/+4
| | | | | | | | | | Avoids floating point division by 0 Fixes: Ticket8191 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c297f7e57a223da9f0d350e30456d60c8c87f902) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacpsy: Check bandwidthMichael Niedermayer2021-09-111-0/+3
| | | | | | | | Fixes: Ticket8011 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 36dead4bc28ca8aab13c61661f28c68bdefa5e9d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacenc: Do not divide by lambda_count if it is 0Michael Niedermayer2021-09-111-1/+1
| | | | | | | | | | Avoids Floating point division by 0 Fixes: Ticket8011 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c520b986915a3fdf3a20f6ce0ad5833eccfb7a91) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacenc: Use FLT_EPSILON for lambda minimumMichael Niedermayer2021-09-111-1/+1
| | | | | (cherry picked from commit 4b89cf7aa49191c7f8a5ae6e9cf6cfc79ff4ee5e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/cinedec: Fix index_entries size checkMichael Niedermayer2021-09-111-1/+1
| | | | | | | | Fixes: out of array access Fixes: 29868/clusterfuzz-testcase-minimized-ffmpeg_dem_CINE_fuzzer-5692001957445632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_yadif: Fix handing of tiny imagesMichael Niedermayer2021-09-111-14/+18
| | | | | | | | | | | | Fixes: out of array access Fixes: Ticket8240 Fixes: CVE-2020-22021 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7971f62120a55c141ec437aa3f0bacc1c1a3526b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bb08ee0c6fb7bdebd37cbf00aefed206909e8f78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_vmafmotion: Check dimensionsMichael Niedermayer2021-09-111-0/+3
| | | | | | | | | | | | Fixes: out of array access Fixes: Ticket8241 Fixes: Ticket8246 Fixes: CVE-2020-22019 Fixes: CVE-2020-22033 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 82ad1b76751bcfad5005440db48c46a4de5d6f02) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: Check pal_size before useMichael Niedermayer2021-09-111-2/+4
| | | | | | | | | | | Fixes: assertion failure Fixes: out of array read Fixes: Ticket8190 Fixes: CVE-2020-22015 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4c1afa292520329eecd1cc7631bc59a8cca95c46) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/lpc: Avoid floating point division by 0Michael Niedermayer2021-09-112-3/+3
| | | | | | | | | Fixes: Ticket7996 Fixes: CVE-2020-20445 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38d18fb57863bb9c54e68ae44aa780c5c282a184) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacpsy: Avoid floating point division by 0 of norm_facMichael Niedermayer2021-09-111-1/+1
| | | | | | | | | Fixes: Ticket7995 Fixes: CVE-2020-20446 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 223b5e8ac9f6461bb13ed365419ec485c5b2b002) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacenc: Avoid 0 lambdaMichael Niedermayer2021-09-111-1/+2
| | | | | | | | | Fixes: Ticket8003 Fixes: CVE-2020-20453 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: x/ymax cannot be INT_MAXMichael Niedermayer2021-09-111-0/+1
| | | | | | | | | | | | The code uses x/ymax + 1 so the maximum is INT_MAX-1 Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 33158/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5545462457303040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 48342aa0750f83006582d1598b5f22297f6dbf83) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avio: Check av_opt_copy() for failureMichael Niedermayer2021-09-111-2/+5
| | | | | | | | Fixes: CID1477416 Unchecked return value Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f8611ae1efc47fbe1aff140c89bee4fd1d62d3e1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1: Check remaining bits in ff_vc1_parse_frame_header()Michael Niedermayer2021-09-111-0/+5
| | | | | | | | | | Fixes: Timeout Fixes: 33156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-6259655027326976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38c47615880357314ba30727a85bf7b00989706a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Ignore duplicate CoLLMichael Niedermayer2021-09-111-0/+5
| | | | | | | | | | Fixes: memleak Fixes: 32146/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5377612845285376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9548dc74d8db2bc002e1195dbd076f621f5c3ea1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Limit nb_chapter_tracks to input sizeMichael Niedermayer2021-09-111-0/+2
| | | | | | | | | | Fixes: Timeout (15k loop iterations instead of 400m) Fixes: 31368/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6601583174483968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 299a56c9006b2eb8807c3e3efefb91a78fe6b3b2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Use 64bit earlier in r_frame_rate checkMichael Niedermayer2021-09-111-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 1406796319 * 2 cannot be represented in type 'int' Fixes: 32777/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5632576913014784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 578633fc1ac8c02a36a706bd71f775550412d1e1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mvdec: Check sample rate in parse_audio_var()Michael Niedermayer2021-09-111-0/+2
| | | | | | | | | | | Fixes: signed integer overflow: -635424002382840000 * 16 cannot be represented in type 'long' Fixes: 33612/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5704741108711424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0ff60249a57cba00ab679ca6190a802cc0c7b9c7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/faxcompr: Check for end of bitstream in decode_group3_1d_line() and ↵Michael Niedermayer2021-09-111-1/+6
| | | | | | | | | | | | decode_group3_2d_line() Fixes: infinite loop Fixes: 33674/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4816457818046464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 08d2df41538b583932c1a6772e3c8978a2334107) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: treat PAL8 for jpegs similar to other colorspacesMichael Niedermayer2021-09-111-0/+10
| | | | | | | | | | | | | | Fixes: out of array access Fixes: 33713/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5778775641030656 Fixes: 33717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4960397238075392 Fixes: 33718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-5314270096130048.fuzz Fixes: 33719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5352721864589312 Fixes: 33721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5938892055379968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f0ce023ddb8863d16ab650fcc0731851a55db084) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeglsdec: Set alpha plane in PAL8 so image is not 100% transparentMichael Niedermayer2021-09-111-1/+1
| | | | | | | | Fixes: tickets/3933/128.jls Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 011006874cb46325b6bc83234f81879ff421c05f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_o: Use ff_get_extradata()Michael Niedermayer2021-09-111-15/+6
| | | | | | | | | | Fixes: OOM Fixes: 27240/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5937469859823616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 098314e1e5142aa2b53dc5371a9d01eb09ddd30f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/id3v2: Check end for overflow in id3v2_parse()Michael Niedermayer2021-09-111-1/+5
| | | | | | | | | | Fixes: signed integer overflow: 9223372036840103978 + 67637280 cannot be represented in type 'long' Fixes: 33341/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6408154041679872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit efdb56450418933965dc6e27f0b1625d25e44a8c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wtvdec: Improve size overflow checks in parse_chunks()Michael Niedermayer2021-09-111-2/+2
| | | | | | | | | | | Fixes: signed integer overflow: 32 + 2147483647 cannot be represented in type 'int Fixes: 32967/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5132856218222592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f8ec1da8ac8e3daf2403e744f166ea9557b2d333) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/faxcompr: Check remaining bits on error in decode_group3_1d_line()Michael Niedermayer2021-09-111-1/+1
| | | | | | | | | | Fixes: Timeout Fixes: 32886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4779761466474496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7b3881f0da6da00cb6b5b123328e2fbfca936c47) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Check ima wav duration for overflowMichael Niedermayer2021-09-111-1/+5
| | | | | | | | | | Fixes: signed integer overflow: 44331634 * 65 cannot be represented in type 'int' Fixes: 32120/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-5760221223583744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f40e9b13554d88cbdd6cd2b4a3da2cbea9590f5d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/cafdec: Check channelsMichael Niedermayer2021-09-111-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -1184429040541376544 * 32 cannot be represented in type 'long' Fixes: 31788/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6236746338664448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 641c1db22bb27752b925293ad93f68843baa43bf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dpx: Check bits_per_color earlierMichael Niedermayer2021-09-111-0/+3
| | | | | | | | | | Fixes: shift exponent 251 is too large for 32-bit type 'int' Fixes: 32147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-5519111675314176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c093eb30311b7148a4da1c7555498187c8cdf0db) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pnm_parser: Check image size addition for overflowMichael Niedermayer2021-09-111-1/+1
| | | | | | | | | | | | Fixes: assertion failure Fixes: out of array access Fixes: 32664/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6533642202513408.fuzz Fixes: 32669/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6001928875147264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 79ac8d55468adc9cb9a0908e671807a2a789b7d0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: use larger intermediate type for audio_framesize * ↵Michael Niedermayer2021-09-111-1/+1
| | | | | | | | | | | | sub_packet_h check Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int' Fixes: 31406/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5024692843970560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cf2fd9204b3c707d9e414583b043ee88b8e8c52e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_slice: Check input SPS in ff_h264_update_thread_context()Michael Niedermayer2021-09-111-3/+2
| | | | | | | | | | Fixes: crash Fixes: check_pkt.mp4 Found-by: Rafael Dutra <rafael.dutra@cispa.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ceae92cb291c2536a93482cdf3c1ae3f7330b924) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpegvideo: Update chroma_?_shift in ff_mpv_common_frame_size_change()Michael Niedermayer2021-09-111-0/+7
| | | | | | | | | | Fixes: out of array access Fixes: 31201/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4627865612189696.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 87d87e6587deec1fa8ed5f5c6901535becdb0358) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Ignore multiple STSC / STCOMichael Niedermayer2021-09-111-4/+8
| | | | | | | | | | | Fixes: STSC / STCO inconsistency and assertion failure Fixes: crbug1184666.mp4 Found-by: Chromium ASAN fuzzer Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2611d20d353026f996cb9aaced8b35db37f490d4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Extend overflow check in dts wrap in compute_pkt_fields()Michael Niedermayer2021-09-111-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -9223372032574480351 - 4294967296 cannot be represented in type 'long long' Fixes: 30022/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5568610275819520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b37ff29e0e093b15585e9fb44bbd82bdf14b5230) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_scale: Fix adding 0 to NULL (which is UB) in scale_slice()Michael Niedermayer2021-09-111-2/+2
| | | | | | | Found-by: Jeremy Leconte <jleconte@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1cf96ce269364e3c2b4ec2097f121ad42b336839) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/common: Add FF_PTR_ADD()Michael Niedermayer2021-09-111-0/+2
| | | | | | | Suggested-by: Andreas Rheinhardt Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 522a5259e9cc17faf1f83c9cfb93c960a2ecf8a2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wtvdec: Check size in SBE2_STREAM_DESC_EVENT / stream2_guidMichael Niedermayer2021-09-111-0/+4
| | | | | | | | | | Fixes: signed integer overflow: 539033600 - -1910497124 cannot be represented in type 'int' Fixes: 30928/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5922630966312960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1f74661543c0c336e88846f90608fda7bd12deac) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/cafdec: Do not build an index if all packets are the sameMichael Niedermayer2021-09-111-9/+14
| | | | | | | | | | Fixes: Timeout Fixes: 28214/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6495999421579264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ea12590c8ecc1e3c4c7732e5adced21fb5feffa6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sonic: Use unsigned temporary in predictor_calc_error()Michael Niedermayer2021-09-111-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147471366 - 18638 cannot be represented in type 'int' Fixes: 30157/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5171199746506752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 075d793ba87635b77f8302d8a454fa681f90d267) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flvdec: Check array entry numberMichael Niedermayer2021-09-111-0/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 30209/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-5724831658147840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b5d8fe1c874947ca67ee8117b18f8052f0e590fc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_slice: Check sps in h264_slice_header_init()Michael Niedermayer2021-09-111-0/+5
| | | | | | | | | | | Fixes: null pointer dereference Fixes: h264_slice_header_init.mp4 Found-by: Rafael Dutra <rafael.dutra@cispa.de> Tested-by: Rafael Dutra <rafael.dutra@cispa.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 80472438996ed1928b30f6ac4e0d17a492de2cdf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 04:33:06 +0000