aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* lavc/mpeg4audio: add chan_config check to avoid indeterminate channelsJun Zhao2019-09-271-0/+4
| | | | | | | | add chan_config check to avoid indeterminate channels. Signed-off-by: Jun Zhao <barryjzhao@tencent.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 333109f46961946d3c6fab05210a8d543697c91b)
* aformat/movenc: add missing padding to output track extradataJames Almer2019-09-271-5/+10
| | | | | | | | Fixes ticket #8183. Tested-by: Thierry Foucu <tfoucu@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145)
* avcodec/nvenc: add driver version info for latest SDKsTimo Rothenpieler2019-09-241-1/+21
| | | | Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
* avcodec/bsf: check that AVBSFInternal was allocated before dereferencing itJames Almer2019-09-231-1/+2
| | | | | | | | This can happen when av_bsf_free() is called on av_bsf_alloc() failure. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit d889ae33962e4ad2b24175418fe89d72ce712179)
* lavf/rawenc: Only accept the appropriate stream type for raw muxers.Carl Eugen Hoyos2019-09-061-0/+12
| | | | | | | | This does not affect the rawvideo muxer. Fixes ticket #7979. (cherry picked from commit aef24efb0c1e65097ab77a4bf9264189bdf3ace3)
* lavc/tableprint_vlc: Remove avpriv_request_sample() from included files.Carl Eugen Hoyos2019-08-091-0/+1
| | | | | | | Fixes compilation with --enable-hardcoded-tables. Fixes ticket #7962. (cherry picked from commit c8232e50074f6f9f9b0674d0a5433f49d73a4e50)
* avcodec/h263dec: fix hwaccel decodingStefan Schoenefeld2019-08-041-1/+1
| | | | | | | | | | | | Recently we encountered an issue when decoding a h.263 file: FFmpeg will freeze when decoding h.263 video with NVDEC. Turns out this is not directly related to NVDEC but is a problem that shows with several other HW decoders like VDPAU, though the exact kind of error is different (either error messages or freezing[1]). The root cause is that ff_thread_finish_setup() is called twice per frame from ff_h263_decode_frame(). This is not supported by ff_thread_finish_setup() and specifically checked for and warned against in the functions code. The issue is also specific to hw accelerated decoding only as the second call to ff_thread_finish_setup() is only issued when hw acceleration is on. The fix is simple: add a check that the first call is only send when hw acceleration is off, and the second call only when hw acceleration is on (see attached patch). This works fine as far as I was able to test with vdpau and nvdec/nvcuvid hw decoding. The patch also adds NVDEC to the hw config list if available. I also noticed a secondary issue when browsing through the code which is that, according to documentation, ff_thread_finish_setup() should only be called if the codec implements update_thread_context(), which h263dec does not. The patch does not address this and I'm not sure any action needs to be taken here at all. [1] This is depending on whether or not the hw decoder sets the HWACCEL_CAPS_ASYNC_SAFE flag Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
* avutil/mem: Fix invalid use of av_alloc_sizeMark Harris2019-07-231-1/+1
| | | | | | | | | | | | The alloc_size attribute is valid only on functions that return a pointer. GCC 9 (not yet released) warns about invalid usage: ./libavutil/mem.h:342:1: warning: 'alloc_size' attribute ignored on a function returning int' [-Wattributes] 342 | av_alloc_size(2, 3) int av_reallocp_array(void *ptr, size_t nmemb, size_t size); | ^~~~~~~~~~~~~ Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4361293fcf59edb56879c36edcd25f0a91e0edf8)
* cbs_h2645: Fix infinite loop in more_rbsp_dataAndreas Rheinhardt2019-07-211-2/+4
| | | | | | | | | | | | | | | | | | | | | | | cbs_h2645_read_more_rbsp_data does not handle malformed input very well: 1. If there were <= 8 bits left in the bitreader, these bits were read via show_bits. But show_bits requires the number of bits to be read to be > 0 (internally it shifts by 32 - number of bits to be read which is undefined behaviour if said number is zero; there is also an assert for this, but it is only an av_assert2). Furthermore, in this case a shift by -1 was performed which is of course undefined behaviour, too. 2. If there were > 0 and <= 8 bits left and all of them were zero (this can only happen for defective input), it was reported that there was further RBSP data. This can lead to an infinite loop in H.265's cbs_h265_read_extension_data corresponding to the [vsp]ps_extension_data_flag syntax elements. If the relevant flag indicates the (potential) occurence of these syntax elements, while all bits after this flag are zero, cbs_h2645_read_more_rbsp_data always returns 1 on x86. Given that a checked bitstream reader is used, we are also not "saved" by an overflow in the bitstream reader's index. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit d4035ca849bdb90e95c87e2737a99ea657be0716)
* avformat/aacdec: resync to the next adts frame on invalid data instead of ↵James Almer2019-07-211-3/+3
| | | | | | | | | aborting Should fix ticket #6634 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 881e1f5a6227a6fbaf67083d4d4b6caf58ff9892)
* avformat/aacdec: factorize the adts frame resync codeJames Almer2019-07-211-12/+25
| | | | | Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit a38eab8b7501440f872ff1af8a0c5482b7b3e532)
* cbs_mpeg2: Fix storage type for frame_centre_*_offsetAndreas Rheinhardt2019-07-213-4/+24
| | | | | | | | | | | | | | | | | | The frame_centre_horizontal/vertical_offset values contained in picture display extensions are actually signed values (i.e. it is possible to indicate that the display device should add black bars/pillars). The files sony-ct3.bs and tcela-6.bits (which are both used in fate tests for mpeg2_metadata) contain picture display extensions; the former even contains a negative frame_centre_vertical_offset. Fortunately, the old code did not damage the picture display extensions when one did a cycle of reading and writing. For the same reason the fate tests needn't be updated either. Furthermore these fields now use the trace output for matrices. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit de5880383967f44927c599ab16fa0f4f96b38365)
* cbs_mpeg2: Improve checks for invalid valuesAndreas Rheinhardt2019-07-212-30/+50
| | | | | | | | | | | | | | | | | | | | | | MPEG-2 contains several elements that mustn't be zero according to the specifications: horizontal/vertical_size_value, aspect_ratio_information, frame_rate_code, the quantiser matrices, the colour_description elements, picture_coding_type, the f_code[r][s] values and quantiser_scale_code. It is now checked that the invalid values don't occur. The colour_description elements are treated specially in this regard: Given that there are files in the wild which use illegal values for the colour_description elements (some of them created by mpeg2_metadata), they will be corrected to the value meaning "unknown" (namely 2) during reading. This has been done in such a way that trace_headers will nevertheless report the original value, together with a message about the fixup. Furthermore, the trace_headers output of user_data has been beautified. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 9c3f2a8894a66d6b5b9285caa25f91fbfca7b3bc)
* avcodec/cbs_mpeg2: fix leak of extra_information_slice buffer in ↵James Almer2019-07-211-3/+4
| | | | | | | | | | cbs_mpeg2_read_slice_header() cbs_mpeg2_free_slice() calls av_buffer_unref() on extra_information_ref, meaning allocating with av_malloc() was not the intention. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit d903c09d9a5c641223f0810d24161520e977544a)
* lavc/cbs: Do not use format specifier "z" on Windows.Carl Eugen Hoyos2019-07-212-7/+7
| | | | (cherry picked from commit 0b7269e62d0345fec5f1ee9ee7b960e8d25c5dd1)
* lavc/cbs_vp9: Make variable prob unsigned.Carl Eugen Hoyos2019-07-211-1/+1
| | | | | | | | Silences a warning with clang: libavcodec/cbs_vp9_syntax_template.c:220:17: warning: implicit conversion from 'int' to 'int8_t' (aka 'signed char') changes value from 255 to -1 (cherry picked from commit de441ad52a4d9791d93c278b4cf6867815c28b92)
* avcodec/cbs_h264: fix storage type for time_offset in Pic Timing SEIJames Almer2019-07-212-3/+4
| | | | | | | | The spec defines it as a signed value. Reviewed-by: Mark Thompson <sw@jkqxz.net> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 9bf520d04d6137d0772e019356356614bbf7ca82)
* avcodec/cbs_h2645: add helper macros for signed valuesJames Almer2019-07-211-0/+20
| | | | | | Reviewed-by: Mark Thompson <sw@jkqxz.net> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 3dc6adf326c8cd6c7fc830ccb8def8772835c676)
* avcodec/cbs: add helper functions and macros to read and write signed valuesJames Almer2019-07-212-1/+98
| | | | | | Reviewed-by: Mark Thompson <sw@jkqxz.net> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 5006dcdf9af177444e3e0185640d7d84629e4215)
* cbs_h264: Fix handling of auxiliary picturesAndreas Rheinhardt2019-07-211-3/+9
| | | | | | | | | | | The earlier code used the most recent non-auxiliary slice to determine whether an auxiliary slice has the syntax of an IDR slice, even when the most recent slice was from a slice of a redundant frame. Now only slices of the primary coded picture are used, as the specifications mandate. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@googlemail.com> (cherry picked from commit 8d1cf2d89481ca986af893425188d065c0f8f857)
* Changelog: fix typon4.1.4Michael Niedermayer2019-07-081-1/+1
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Changelog: updateMichael Niedermayer2019-07-081-0/+36
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ilbcdec: Simplify use of unsigned and fix more undefined overflowsMichael Niedermayer2019-07-081-3/+3
| | | | | | | | | | Fixes: signed integer overflow: 2147475672 + 8192 cannot be represented in type 'int' Fixes: 15415/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5712074128228352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 019d729039aaa164152035864d65d77e53df1c98) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/golomb: Correct the doxy about get_ue_golomb() and errorsMichael Niedermayer2019-07-081-0/+2
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1bb3b3f11c6960e90bcfe685c0ad1e355a3e787e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Check timebase before use in estimate_timings()Michael Niedermayer2019-07-081-0/+1
| | | | | | | | | | Fixes: division by 0 Fixes: 15480/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5746727434321920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f57e97dfd9539bc3f4f97a76ebc001f0b055cb88) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hq_hqa: Use ff_set_dimensions()Michael Niedermayer2019-07-081-2/+4
| | | | | | | | | | Fixes: 15530/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5637370344374272 Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a6229fcd405d4135848c83df73634871260de59c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/rv10: Fix integer overflow in aspect ratio compareMichael Niedermayer2019-07-081-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2040 * 1187872 cannot be represented in type 'int' Fixes: 15368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV20_fuzzer-5681657136283648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 14fcf42958608223a0be6558fb6e323419c9fc27) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/4xm: Fix signed integer overflows in idct()Michael Niedermayer2019-07-081-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int' Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2bbea155bf7c6ce6d5ae53cc41e44798cad2f39c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdm2: Check checksum_size for 0Michael Niedermayer2019-07-081-2/+2
| | | | | | | | | | Fixes: Infinite loop Fixes: 15337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5757428949319680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7b2ebf89a411d957ca999f1e7a919ff617fbfd56) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdm2: error out of qdm2_fft_decode_tones() before entering endless loopMichael Niedermayer2019-07-081-0/+4
| | | | | | | | | | | Fixes: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int' Fixes: infinite loop Fixes: 15396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5116605501014016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 694be24bd6c4cc9c62222f4583260bf79056e4c1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdm2: Do not read out of array in fix_coding_method_array()Michael Niedermayer2019-07-081-1/+6
| | | | | | | | | | | | Instead we ask for a sample, its unclear what to do in this case. Fixes: index 30 out of bounds for type 'int8_t [30][64]' Fixes: 15339/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5749441484554240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ae021c1239ec3bc0a30dc5a4720569071599ece4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/svq3: Use ff_set_dimension()Michael Niedermayer2019-07-081-16/+20
| | | | | | | | | | Fixes: OOM Fixes: 15410/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5659464805384192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7b114d76878f1a542bcb75456492cc43e6414f8b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/iff: Check ham vs bppMichael Niedermayer2019-07-081-3/+10
| | | | | | | | | | | | | | This checks the ham value much stricter and avoids hitting cases which cannot be reached with data from the libavformat demuxer. Fixes: out of array access Fixes: 15320/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5080476840099840 Fixes: 15423/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5630765833912320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f76d7352e05526fde7c607b9a9db536a5760af29) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: use uint32_t to compute difference, it is enoughMichael Niedermayer2019-07-081-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 6494225984479297536 - -6043795377581187040 cannot be represented in type 'long' Fixes: 15285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5632780307791872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e9dd3c7126097d7c8d4f137db9957b81a219aa2c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative caseMichael Niedermayer2019-07-081-9/+3
| | | | | | | | | | Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Fixes: 15289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5709034499342336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c022099351c04ae21e0b8696ea71a690ed03cd2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Fix backward lcg_seek()Michael Niedermayer2019-07-081-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cf2bd3ce79b12256d7d129b2ada5ee649b9a27eb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/flicvideo: Fix off by 1 error in flic_decode_frame_24BPP()Michael Niedermayer2019-07-081-1/+1
| | | | | | | | | | | Fixes: out of array access Fixes: 15360/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5653837190266880 Fixes: 15412/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5740537648250880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 37708cbae8d6887b80f58a70a1dfa01af6ea2c85) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: Check for vlc error in vc1_decode_ac_coeff()Michael Niedermayer2019-07-081-8/+26
| | | | | | | | | | Fixes: index -1 out of bounds for type 'const uint8_t [185][2]' Fixes: 15250/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5648992869810176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 79204a1fc8f1988f7d7e6cae2c3b68f513444d38) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alac: Check lpc_quantMichael Niedermayer2019-07-081-1/+1
| | | | | | | | | | | | | | | | lpc_quant of 0 produces undefined behavior, thus disallow this. If valid samples use this then such a sample would be quite usefull to confirm the correct&lossles handling of this. Fixes: libavcodec/alac.c:218:25: runtime error: shift exponent -1 is negative Fixes: 15273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5656388535058432 Fixes: 15276/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5761238417539072 Fixes: 15315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5767260766994432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a6474b899c1153e3bb95e399b6605c3507aea0d0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dxv: Initialize tex_funct to NULLMichael Niedermayer2019-07-081-0/+4
| | | | | | | | | | | Fixes: Various anomalies Fixes: 14493/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5071018000908288 Fixes: 14630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5714888963391488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e96b7a8ba62c5e010328b80b647b64dd9cdbdc01) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Add FF_CODEC_CAP_INIT_CLEANUPMichael Niedermayer2019-07-061-1/+1
| | | | | | | | | | Fixes: multiple memleaks Fixes: 15293/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5642409288925184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b7b6ddd59693008c35b3247496ecc946331d0856) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fix integer overflow with buffer numberMichael Niedermayer2019-07-061-0/+2
| | | | | | | | | | Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int' Fixes: 15290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5738074249625600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f64f6058e0c23641a68ce7dfe47b1f55efd401c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fixes signed integer overflow in LSB additionMichael Niedermayer2019-07-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 8 * 536870912 cannot be represented in type 'int' Fixes: 15281/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5744458785619968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7f527021df73b4792323f38f84a4bf2fbe5a2052) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Check opt_order / sb_length in ra_block handlingMichael Niedermayer2019-07-061-2/+8
| | | | | | | | | | | Fixes: out of array access Fixes: 15277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5184853437317120 Fixes: 15280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5741062137577472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0794494c8f2f756e3c9384dba21c54f7d4ba9286) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fix integer overflow with shifting samplesMichael Niedermayer2019-07-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -346039050 * 8 cannot be represented in type 'int' Fixes: 15283/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5692700268953600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a3bd4b260eb9f0d5817f9b3d672844f127c51a0b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fix undefined behavior in decode_rice()Michael Niedermayer2019-07-061-1/+1
| | | | | | | | | | Fixes: left shift of 72 by 26 places cannot be represented in type 'int' Fixes: 15279/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5700665621348352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 51f6870c37cc29e1ea7e0c66df2fe505938b7561) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fixes invalid shifts in read_var_block_data() and ↵Michael Niedermayer2019-07-061-6/+6
| | | | | | | | | | | | | | INTERLEAVE_OUTPUT() Fixes: left shift of negative value -6 Fixes: 15275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5742361767837696 Fixes: signed integer overflow: 41582592 * 256 cannot be represented in type 'int' Fixes: 15296/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5739558227935232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e131568752ad41222946304c61eadb87b0a24791) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_ps: Change num_tile_rows/columns checks to sps->ctb_height/weightMichael Niedermayer2019-06-301-2/+2
| | | | | | | | Suggested-by: James Almer <jamrial@gmail.com> Reviewed-by: James Almer <jamrial@gmail.com Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3b2082c663dac93fd722289a540c1b1e24a12564) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columnsMichael Niedermayer2019-06-302-12/+15
| | | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 14880/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5130977304641536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c692051252693155c4eecd16f4f8a79caf66cd54) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a checkMichael Niedermayer2019-06-301-1/+1
| | | | | | | | | | Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264 Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3d4f4f4a15e79c96c3613e5c252b2f5cc4190e18) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 06:58:38 +0000