aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update for 3.4.9Michael Niedermayer2021-09-123-2/+317
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: don't return negative values in av_get_audio_frame_duration()James Almer2021-09-121-2/+4
| | | | | | | | | | | | | In some extrme cases, like with adpcm_ms samples with an extremely high channel count, get_audio_frame_duration() may return a negative frame duration value. Don't propagate it, and instead return 0, signaling that a duration could not be determined. Fixes ticket #9312 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit e01d306c647b5827102260b885faa223b646d2d1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Check that atom header is within bytsetreamMichael Niedermayer2021-09-121-0/+2
| | | | | | | | | | | Fixes: Infinite loop Fixes: 36666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5912760671141888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3c659f861856d751fe3aa1358b1cccff3117f948) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix 2 integer overflows in filter_3800()Michael Niedermayer2021-09-121-2/+2
| | | | | | | | | | | Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int' Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 33feb527fff9bf547c4118147434869875cf0c3d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/xpmdec: Move allocations down after more error checksMichael Niedermayer2021-09-121-7/+7
| | | | | | | | | | | Fixes: Timeout Fixes: 37035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5142718576721920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e58692837c20c8484a23cd9beb63ac422f82458a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* network: Define ENOTCONN as WSAENOTCONN if not definedMartin Storsjö2021-09-121-0/+3
| | | | | | | | | This fixes compilation with old mingw.org toolchains, which has got much fewer errno.h entries. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 6569e9505c781468092c15fa84d034c9e37d26ca) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Use 64bit for frame number in odml index parsingMichael Niedermayer2021-09-121-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int' Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a4c98c507ed3c729fc92d641b974385f8aa37b33) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Check for bits left in mjpeg_decode_scan_progressive_ac()Michael Niedermayer2021-09-121-0/+3
| | | | | | | | | | Fixes: Timeout Fixes: 36262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4969052454912000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 909faca929cf30dcd439fa33479177e76fb5121d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/adtsenc: return value check for init_get_bits in adts_decode_extradatamaryam ebrahimzadeh2021-09-121-2/+4
| | | | | | | | | | As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. 'buf' is part of 'AVPacket pkt'. replace init_get_bits with init_get_bits8. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/webp: Check available space in loop in decode_entropy_coded_image()Michael Niedermayer2021-09-121-0/+3
| | | | | | | | | | Fixes: Timeout Fixes: 35401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5714401821851648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5e00eab61112c52f27a09fe77d50e6fc508f9c53) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1dec: ff_print_debug_info() does not support WMV3 field_modeMichael Niedermayer2021-09-121-2/+4
| | | | | | | | | | Fixes: out of array read Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c59b5e3d1e0121ea23b5b326529f5bdca44cf982) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/frame_thread_encoder: Free AVCodecContext structure on error during initMichael Niedermayer2021-09-122-4/+11
| | | | | | | | | | | | Fixes: MemLeak Fixes: 8281 Fixes: PoC_option158.jpg Fixes: CVE-2020-22037 Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7bba0dd6382e30d646cb406034a66199e071d713) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/faxcompr: Check for end of input in cmode == 1 in ↵Michael Niedermayer2021-09-121-0/+2
| | | | | | | | | | | | decode_group3_2d_line() Fixes: Infinite loop Fixes: 35591/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4503764022198272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f803635c4fac761ac68b39a369272d4c26433dc1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1dec: Disable error concealment for *IMAGEMichael Niedermayer2021-09-121-1/+3
| | | | | | | | | | | | | | | | The existing error concealment makes no sense for the image formats, they use transformed source images which is different from keyframe + MC+difference for which the error concealment is designed. Of course feel free to re-enable this if you have a case where it works and improves vissual results Fixes: Timeout Fixes: 36234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6300306743885824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 643b2d49bf52d5a3205ce3db732e0c4c396bd457) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sbrdsp_fixed: Fix negation overflow in sbr_neg_odd_64_c()Michael Niedermayer2021-09-121-1/+1
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 35593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5182217725804544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8f2856a1daa4e3d5767b6efe7a70ec86926dba47) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wtvdec: Check for EOF before seeking back in parse_media_type()Michael Niedermayer2021-09-121-0/+2
| | | | | | | | | | | Fixes: Infinite loop Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 89505d38de989bddd579ce3b841f1c011f1d7bf2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wavdec: Use 64bit in new_pos computationMichael Niedermayer2021-09-121-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9b57d2f0a967195dc1c72fda8f3a983a0132a243) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sbgdec: Check for overflow in timestamp preparationMichael Niedermayer2021-09-121-0/+4
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9dbed908403b0d97ae70881fab68020f148b6b11) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dsicin: Check packet size for overflowMichael Niedermayer2021-09-121-2/+5
| | | | | | | | | | Fixes: signed integer overflow: 24672 + 2147483424 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSICIN_fuzzer-6731325979623424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9d1c47ec033d038e04578eaf0767c8983250d03d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/bfi: check nframesMichael Niedermayer2021-09-121-0/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6737028768202752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b4e77dfca1c2970446f79277034d8e60c3fe3f4e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: fix position overflow in avi_load_index()Michael Niedermayer2021-09-121-1/+4
| | | | | | | | | | Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 527821a2dd6f19d9a4d2abe05833346ae86c66c6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_f: Check sizeX against paddingMichael Niedermayer2021-09-121-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483607 + 64 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6753897878257664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f034c2e36acb7d0c11dc1849ddf8a67bde44eff4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aiffdec: Check for size overflow in header parsingMichael Niedermayer2021-09-121-0/+3
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bae2e1977744f42d56b85193d4910811de829714) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aaccoder: Add minimal bias in search_for_ms()Michael Niedermayer2021-09-121-4/+4
| | | | | | | | | Fixes: floating point division by 0 Fixes: Ticket8218 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75a099fc734a4ee2b1347d0a3d8c53d883b95174) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_mestimate: Check b_countMichael Niedermayer2021-09-121-0/+3
| | | | | | | | | Fixes: left shift of negative value -1 Fixes: Ticket8270 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 06af6e101bbd04e8ecc5337bc3b6894a5e058e14) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: do not ignore errors in mov_metadata_hmmt()Michael Niedermayer2021-09-121-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 35637/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6311060272447488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c52c99a18f6e40973e52d99d4bb29e34a66c695a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mxfdec: Check size for shrinkingMichael Niedermayer2021-09-121-1/+1
| | | | | | | | | | | av_shrink_packet() takes int size, so size must fit in int Fixes: out of array access Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65b862ab59c4bfaae98be596b84a072f52444398) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dnxhddec: check and propagate function return valuemaryam ebr2021-09-121-7/+15
| | | | | | | | | | Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed. crafted DNxHD data can cause unspecified impact. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 7150f9575671f898382c370acae35f9087a30ba1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* swscale/slice: Fix wrong return on errorMichael Niedermayer2021-09-121-1/+3
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7874d40f10cca922797a8da14189a53ee52f0156) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* swscale/slice: Check slice for allocation failureMichael Niedermayer2021-09-121-1/+2
| | | | | | | | | | Fixes: null pointer dereference Fixes: alloc_slice.mp4 Found-by: Rafael Dutra <rafael.dutra@cispa.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 997f9cfc1295769be8d3180860ceebbc16f59069) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* configure: Fix sem_timedwait probeLuca Barbato2021-09-121-2/+1
| | | | | (cherry-picked from libav commit 41262498ff89ef48e5ce4823b2fc2dc514a3eb0c) Signed-off-by: James Almer <jamrial@gmail.com>
* configure: add missing pthreads dependency to v4l2_m2mJames Almer2021-09-121-1/+1
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/matroskadec: Fix handling of huge default durationsMichael Niedermayer2021-09-111-1/+2
| | | | | | | | | | Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 343d950a4a8a8c32f5f7d9d4ac1fbe317cb9cc80) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/lpc: check for zero err in normalization in compute_lpc_coefs()Michael Niedermayer2021-09-111-1/+2
| | | | | | | | | Fixes: floating point division by 0 Fixes: Ticket8213 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 70874e024a6eae0f95bd8dd4b9b4367ffd937f41) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/ftp: Check for av_strtok() failureMichael Niedermayer2021-09-111-0/+2
| | | | | | | | Fixes: CID1396258 Dereference null return value Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9d40782088cf969fbadc881e4a97ec22b8ae0177) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* tools/cws2fws: Check read() for failureMichael Niedermayer2021-09-111-0/+6
| | | | | | | | Fixes: CID1452579 Argument cannot be negative Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0b3cdd7cc2c63969e144cc3eb39d0c61260509ee) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cpia: Fix missing src_size updateMichael Niedermayer2021-09-111-0/+1
| | | | | | | | | | Fixes: out of array read Fixes: 35210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5669199688105984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cea05864e65db9a2dc8af82b2c63fb8f03c5f876) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Use 64bit for intermediate in AV_CODEC_ID_ADPCM_THP* duration ↵Michael Niedermayer2021-09-111-1/+1
| | | | | | | | | | | | calculation Fixes: signed integer overflow: 486539264 * 14 cannot be represented in type 'int' Fixes: 35281/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6068262742917120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 00ae9b77ef757f82660b4b3d2f490374a4f209fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: Check old_format len for overflowMichael Niedermayer2021-09-111-3/+5
| | | | | | | | | | | | | Maybe such large values could be disallowed earlier and closer to where they are set. Fixes: signed integer overflow: 538976288 * 8224 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6704350354341888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 06d174e289eb185f03a34a738965f0042f39c038) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/realtextdec: Check the pts difference before using it for the ↵Michael Niedermayer2021-09-111-1/+2
| | | | | | | | | | | | duration computation Fixes: signed integer overflow: 5404200000 - -9223372031709351616 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-6737340551790592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe12aa689003db9b07a6e1b837031dcc57a71435) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/qcp: Avoid negative nb_ratesMichael Niedermayer2021-09-111-1/+2
| | | | | | | | | | Fixes: signed integer overflow: 2 * -1725947872 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_QCP_fuzzer-6726807632084992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1b865cc703d29cb307e1fa628aa02940d54eb42a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nutdec: Check tmp_sizeMichael Niedermayer2021-09-111-0/+5
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6739990530883584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1ca00b5e44f21840b608e238fa135a1aab6e576b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/msf: Check that channels doesnt overflow during extradata constructionMichael Niedermayer2021-09-111-0/+2
| | | | | | | | | | Fixes: signed integer overflow: 2048 * 1122336 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6726959600107520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1a277926b49dad60d9e78c6c7a8c6b5d0d6d7c9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpc8: Check for position overflow in mpc8_handle_chunk()Michael Niedermayer2021-09-111-1/+4
| | | | | | | | | | | Fixes: signed integer overflow: 15 + 9223372036854775796 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6723520756318208 Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6739833034768384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8ef25d118246bf443900033fb3588dba628d11b0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/iff: Use 64bit in duration computationMichael Niedermayer2021-09-111-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 588 * 16719904 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6748331936186368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 93d964689c3b2bae26e6e3f502c1ffc4c2e46989) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dxa: Check fps to be within the supported range more precisselyMichael Niedermayer2021-09-111-1/+1
| | | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself Fixes: assertion failure Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6744985740378112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ea494befcb5d944ce8275e6f59de1a24c25ffb6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/iff: Only write palette to plane 1 if its PAL8Michael Niedermayer2021-09-111-1/+2
| | | | | | | | | | Fixes: null pointer passed as argument 1, which is declared to never be null Fixes: 33791/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5107575256383488.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 216eb60b853e9a230c1238ab7d1c63d3fa892d34) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/tta: Check for EOF in index reading loopMichael Niedermayer2021-09-111-0/+2
| | | | | | | | | | Fixes: OOM Fixes: 33585/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-4564665830080512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b72d657b73b2aa4a2a2f72f613199e6080ad48c0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Update missed irc linksMichael Niedermayer2021-09-113-3/+3
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c067d20177613e9cf74bcbd2a26e729ef7ababdb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rpl: The associative law doesnt hold for signed integers in CMichael Niedermayer2021-09-111-1/+1
| | | | | | | | | | | Add () to avoid undefined behavior Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long' Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 480f11bdd713c15e4964093be7ef0adf5b619cc1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-15 20:29:49 +0000