aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/cavsdec: Check alpha/beta offsetMichael Niedermayer2018-02-271-0/+5
| | | | | | | | | | Fixes: Integer overflow Fixes: 6183/clusterfuzz-testcase-minimized-6269224436629504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ae2eb04648839bfc6c61c32cb0f124e91bb7ff8e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fix integer overflow in mv computationMichael Niedermayer2018-02-271-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -2072 + -2147483646 cannot be represented in type 'int' Fixes: 6097/clusterfuzz-testcase-minimized-5034145253163008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 47e65ad63b3d067445c4de41a7718b83fc07767c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_templat: Fix integer overflow in apply_ltp()Michael Niedermayer2018-02-271-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -1625276744 + -1041893960 cannot be represented in type 'int' Fixes: 5948/clusterfuzz-testcase-minimized-5791479856365568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 33fe17bdc88d51a8e0c87aa1e8011aaaf38a7a90) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()Michael Niedermayer2018-02-271-4/+4
| | | | | | | | | Fixes: 5918/clusterfuzz-testcase-minimized-5120505435652096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 793347a54579ee954b58d336b82eed4a1786de21) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Use int64 in global mv to prevent overflowMichael Niedermayer2018-02-271-2/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 361 * -6295541 cannot be represented in type 'int' Fixes: 5911/clusterfuzz-testcase-minimized-6450382197751808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cbcbefdc3b4cbc917d2f8b2dd216fb12121a838b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dxtory: Remove code that corrupts dimensionsMichael Niedermayer2018-02-271-5/+1
| | | | | | | | | | | | Fixes: Timeout Fixes: 5796/clusterfuzz-testcase-minimized-5206729085157376 Does someone have a valid sample that triggers this path ? Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3748746a4d6988484d34516f7a3c6febf7bdf488) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/hvcc: zero initialize the nal buffers past the last written byteJames Almer2018-02-241-0/+2
| | | | | | | | | | Prevents use of uninitialized values. Fixes ticket #7038. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 9482ec1b203e4cf51d7f60c85d261cc13f9a9d2f)
* swresample/rematrix: fix update of channel matrix if input or output layout ↵Tobias Rapp2018-02-201-2/+4
| | | | | | | | | | is undefined Prefer direct in/out channel count values over channel layout, when available. Fixes a pan filter bug (ticket #6790). Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com> (cherry picked from commit 6325bd3717348615adafb52e4da2fd01a3007d0a)
* Update for 3.0.11Michael Niedermayer2018-02-193-2/+59
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i()Michael Niedermayer2018-02-191-4/+4
| | | | | | | | | | Fixes: 5894/clusterfuzz-testcase-minimized-5315325420634112 Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 647fa49495c39a48b7ccb92acd8fb975b1575456) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp8: Check for bitstream end before vp7_fade_frame()Michael Niedermayer2018-02-191-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 5653/clusterfuzz-testcase-5497680018014208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit de675648cef7e451ca82fabaee0d8ec1fe653311) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check remaining bits in last get code loopMichael Niedermayer2018-02-191-1/+1
| | | | | | | | | | Fixes: runtime error: shift exponent -7 is negative Fixes: 3902/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6081926122176512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dd8351b1184b8054925c28ecc5fcb6dbbc177fad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c()Michael Niedermayer2018-02-191-2/+2
| | | | | | | | | | Fixes: 5567/clusterfuzz-testcase-minimized-5769966247739392 Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ab6f571ef71967da7c7c1cfba483d3597c7357d5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_cabac: Tighten allowed coeff_abs rangeMichael Niedermayer2018-02-191-1/+1
| | | | | | | | | | | | Fixes: integer overflows Reported-by: "Xiaohan Wang (王消寒)" <xhwang@chromium.org> Based on limits in "8.5 Transform coefficient decoding process and picture construction process prior to deblocking filter process" Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f26a63c4ee1bdbe21d7ab462cd66f8ba20b14244) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc()Xiaohan Wang2018-02-191-0/+1
| | | | | | | | | | | | | When ff_h264_decode_mb_cavlc() failed due to wrong sl->qscale values, e.g. dquant out of range, set the qscale to be a valid value before returning -1 and exiting the function. The qscale value can be used later e.g. in loop filter. BUG=806122 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 71f39de2a57efc8db1d607b09c162c3b806cd45d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp3: Error out on invalid num_coeffs in unpack_vlcs()Michael Niedermayer2018-02-191-1/+3
| | | | | | | | This fixes a hypothetical integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f2318aee8ca8df1c84092f7d6691a2d0df02c474) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Ignore multiple VOL headersMichael Niedermayer2018-02-191-2/+2
| | | | | | | | Fixes: Ticket7005 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 63a4bdbf3b732504e54cc2b9ec0886e6242a90bc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp3: Check eob_runMichael Niedermayer2018-02-191-0/+3
| | | | | | | | | | | Fixes: out of array access Fixes: 5919/clusterfuzz-testcase-minimized-5859311382167552 Fixes: special case for theora (untested due to lack of sample) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 570023eab3e2962b4ad8345a157c1e18ca1a6eca) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/huffyuvdec: Check input buffer sizeMichael Niedermayer2018-02-191-0/+3
| | | | | | | | | | | Fixes: Timeout Fixes: 5487/clusterfuzz-testcase-4696837035393024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 08c220d26cff51ca2f6896b65aebfa3accc67290) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix integer overflow in FFABSMichael Niedermayer2018-02-191-1/+1
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 5396/clusterfuzz-testcase-minimized-6558555529281536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8e50bd61e4ff97bd7fc6cbd7ec4ca514e17a70c4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacsbr_fixed: Fix overflows in rounding in sbr_hf_assemble()Michael Niedermayer2018-02-191-4/+5
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2052929346 + 204817098 cannot be represented in type 'int' Fixes: 5275/clusterfuzz-testcase-minimized-5367635958038528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b1bef755f617af9685b592d866b3eb7f3c4b02b1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt: Fix several integer overflowsMichael Niedermayer2018-02-192-3/+3
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -2146071175 + -268479557 cannot be represented in type 'int' Fixes: 5237/clusterfuzz-testcase-minimized-4569895275593728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe1e6c06d03432c3e9208f019533c1d701f485d0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/indeo5: Do not leave frame_type set to an invalid valueMichael Niedermayer2018-02-191-0/+1
| | | | | | | | | | Fixes: null pointer dereference Fixes: 5264/clusterfuzz-testcase-minimized-4621956621008896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2ff9f178519b68d4d1d606eb5451ad81da948efc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_ps: Check log2_sao_offset_scale_*Michael Niedermayer2018-02-191-0/+5
| | | | | | | | | | Fixes: 4868/clusterfuzz-testcase-minimized-6236542906400768 Fixes: runtime error: shift exponent 126 is too large for 32-bit type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4a75a75c62efc645ec28444e4675c325b8f2bb1a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_ps: extract one SPS fields required for hvcC constructionAman Gupta2018-02-192-0/+2
| | | | | Signed-off-by: Aman Gupta <aman@tmm1.net> Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Avoid possibly aliasing violating castsMichael Niedermayer2018-02-191-2/+5
| | | | | | | | Found-by: kierank Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d4967c04e040b3b2f937cad88599af825147ec94) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/get_bits: Document the return code of get_vlc2()Michael Niedermayer2018-02-191-0/+1
| | | | | | | | Found-by: kierank Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4a94ff4ccd4f2329c599e37cabe4152dae60359e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Check mb_num also against 0Michael Niedermayer2018-02-191-1/+1
| | | | | | | | | | The spec implies that 0 is invalid in addition to the existing checks Found-by: <kierank> Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 05f4703a168a336363750e32bcfdd6f303fbdbc3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_transpose: Fix used plane count.Michael Niedermayer2018-02-191-1/+7
| | | | | | | | | | | Fixes out of array access Fixes: poc.mp4 Found-by: GwanYeong Kim <gy741.kim@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c6939f65a116b1ffed345d29d8621ee4ffb32235) (cherry picked from commit 3f621455d62e46745453568d915badd5b1e5bcd5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_cabac: Check prefix so as to avoid invalid shifts in ↵Michael Niedermayer2018-02-191-1/+1
| | | | | | | | | | | | | | | coeff_abs_level_remaining_decode() I suspect that this can be limited tighter, but i failed to find anything in the spec that would confirm that. Fixes: 4833/clusterfuzz-testcase-minimized-5302840101699584 Fixes: runtime error: left shift of 134217730 by 4 places cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a026a3efaeb9c2026668dccbbda339a21ab3206b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Fix integer overflow in DC dequantizationMichael Niedermayer2018-02-191-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -65535 * 65312 cannot be represented in type 'int' Fixes: 4900/clusterfuzz-testcase-minimized-5769019744321536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1bfc1aa004950c5ad527d823a08b8a19eef34eb0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dxtory: Fix bits left checksMichael Niedermayer2018-02-191-5/+5
| | | | | | | | | | Fixes: Timeout Fixes: 4863/clusterfuzz-testcase-6347354178322432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6e1a167c5564085385488b4f579e9efb987d4bfa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_cabac: Move prefix check in coeff_abs_level_remaining_decode() downMichael Niedermayer2018-02-191-4/+7
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 94d4237a7a294ce80e1e577b38e9c93e8882aff9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/truemotion2: Fix integer overflow in TM2_RECALC_BLOCK()Michael Niedermayer2018-02-191-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 1477974040 - -1877995504 cannot be represented in type 'int' Fixes: 4861/clusterfuzz-testcase-minimized-4570316383715328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 56a53340ed4cc55898e49c07081311ebb2816630) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowdec: Fix integer overflow before htaps checkMichael Niedermayer2018-02-191-2/+3
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -1094995529 * 2 cannot be represented in type 'int' Fixes: 4828/clusterfuzz-testcase-minimized-5100849937252352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2eecf3cf8eeae67697934df326e98df2149881e5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ulti: Check number of blocks at initMichael Niedermayer2018-02-191-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 4832/clusterfuzz-testcase-4699096590843904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 725353525e73bbe5b6b4d01528252675f2417a02) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec_fixed: Fix integer overflow in scale_coefs()Michael Niedermayer2018-02-191-2/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2147483520 + 128 cannot be represented in type 'int' Fixes: 4800/clusterfuzz-testcase-minimized-6110372403609600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1f38c75893c852cf19dcf3e4553549ba1e70950) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/lrcdec: Fix memory leak in lrc_read_header()Nikolas Bowe2018-02-191-0/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ef5994e09d07ace62a672fcdc84761231288edad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/matroskadec: Fix float-cast-overflow undefined behavior in ↵Nikolas Bowe2018-02-191-2/+10
| | | | | | | | matroska_parse_tracks() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e07649e618caedc07eaf2f4d09253de7f77d14f0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* configure: bump yearCarl Eugen Hoyos2018-02-191-1/+1
| | | | | | | Happy new year! (cherry picked from commit bddf31ba7570325dd2c8d033eae3d0dd74127f96) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Avoid hardcoding duplicated types in sizeof()Michael Niedermayer2018-02-191-2/+2
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 860d991fcd715233b5b9eb1f6c7bf0aadefb6061) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/arm/sbrdsp_neon: Use a free register instead of putting 2 things in oneMichael Niedermayer2018-02-191-2/+2
| | | | | | | | | | | Fixes high pitched shriek Fixes: 25420848_1478428308873746_4255813235963330560_n.mp4 Reported-by: Dale Curtis <dalecurtis@google.com> Reviewed-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7dbbb75ee32f87108ca9e15f5551dbbe69fe2641) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264addpx_template: Fixes integer overflowsMichael Niedermayer2018-02-191-12/+12
| | | | | | | | | | Fixes: signed integer overflow: 512 + 2147483491 cannot be represented in type 'int' Fixes: 4780/clusterfuzz-testcase-minimized-4709066174627840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d6945aeee419a8417b8019c7c92227e12e45b7ad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt: Fix overflows in COMPOSE_HAARiH0/COMPOSE_HAARiL0Michael Niedermayer2018-02-191-2/+2
| | | | | | | | | | Fixes: 4830/clusterfuzz-testcase-minimized-5255392054476800 Fixes: signed integer overflow: 2147483646 - -7 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0e62a2373475f58c72c0faf5568be00b26909585) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fix integer overflow with quantMichael Niedermayer2018-02-191-5/+5
| | | | | | | | | | | Fixes: signed integer overflow: 2 + 2147483646 cannot be represented in type 'int' Fixes: 4792/clusterfuzz-testcase-minimized-6322450775146496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit eaa93175895568ef6c2542b13104874907d9c4ef) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/opus_parser: Check payload_len in parse_opus_ts_header()Michael Niedermayer2018-02-191-3/+13
| | | | | | | | | | Fixes: clusterfuzz-testcase-minimized-6134545979277312 Fixes: crbug 797469 Reported-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1bcd7fefcb3c1ec47978fdc64a9e8dfb9512ae62) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dsp: Fix integer overflows in ict_int()Michael Niedermayer2018-02-191-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 46802 * -71230 cannot be represented in type 'int' Fixes: 4756/clusterfuzz-testcase-minimized-4812495563784192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b3192c64b5bdcb0474cda437d2d5f9421d68811e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_slice: Do not attempt to render into frames already outputMichael Niedermayer2018-02-191-0/+6
| | | | | | | | | | | | Fixes: null pointer dereference Fixes: 4698/clusterfuzz-testcase-minimized-5096956322906112 This testcase does not reproduce the issue before 03b82b3ab9883cef017e513c7d0b3b986b3b3e7b Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 476665d4de989dba48ec1195215ccc8db54538f4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dnxhddec: Check dc vlcMichael Niedermayer2018-02-191-1/+5
| | | | | | | | | | | Fixes: signed integer overflow: 1024 + 2147483640 cannot be represented in type 'int' Fixes: 4671/clusterfuzz-testcase-minimized-6027464343027712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b2be76c0a472b729756ed7a91225c209d0dd1d2e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check buf_size more completelyMichael Niedermayer2018-02-191-2/+2
| | | | | | | | | | Fixes: Out of heap array read Fixes: 4683/clusterfuzz-testcase-minimized-6152313673613312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 903be5e4f66268273dc6e3c42a7fdeaab32066ef) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 13:38:22 +0000