aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/vc1_pred: Fix refdist in scaleforopp()Michael Niedermayer2020-01-061-1/+2
| | | | | | | | | | Fixes: out of array access Fixes: 16601/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5656105392275456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 413e0f2516eef678011cffd1ec6f0d92aa8bb96a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vorbisdec: fix FASTDIV usage for vr_type == 2Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | | This reverts a hunk from f1ca40ee00402102046fc7e59606651930436b0e Fixes: out of array read Fixes: 16924/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5157893162139648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 722fd4696583cc984700eaec4745922ae177b2da) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/iff: Check for overlap in cmap_read_palette()Michael Niedermayer2020-01-061-0/+4
| | | | | | | | | | Fixes: undefined memcpy() use Fixes: 16302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5678750575886336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dfa5d1a3667fa38e07373becc2401175b31d8228) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix 32bit int overflow in do_apply_filter()Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: 2147480546 + 4096 cannot be represented in type 'int' Fixes: 16280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5123442566758400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9d3ddef519e88c40c05be8cb94cd9e71c0957ec7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ralf: fix undefined shift in extend_code()Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: left shift of negative value -3 Fixes: 16147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5658392722407424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4778407ab3b545c40def7e95a8f9dd4ae92a4e8e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ralf: fix undefined shiftMichael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: left shift of negative value -2 Fixes: 16145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5146671058518016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0ee886988e75b3c22cabc2ca0fadcf8e4f787640) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/bgmc: Check input space in ff_bgmc_decode_init()Michael Niedermayer2020-01-063-3/+10
| | | | | | | | | | | Fixes: Infinite loop Fixes: 16608/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5636229827133440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b54031a6e93d1abc7fb2d0263e0f6c4b639e423f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/truemotion2: Fix multiple integer overflows in tm2_null_res_block()Michael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 1795032576 + 598344192 cannot be represented in type 'int' Fixes: 16196/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5636723419119616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cc78783ce5e8837d4f4ca43eedf2d299651e65ff) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: Check the return code from vc1_decode_p_block()Michael Niedermayer2020-01-061-10/+27
| | | | | | | | | | | Fixes: left shift of negative value -1 Fixes: 16424/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5656579055026176 Fixes: 16358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5714436358144000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe536b6d9984d40f800a24a84032b99ebc9f680e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1dec: Require res_sprite for wmv3imagesMichael Niedermayer2020-01-061-0/+5
| | | | | | | | | | | | | non res_sprite leads to decoder delay which leads to assertion failure Fixes: Assertion failure Fixes: 16402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5704510034411520 Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int' Fixes: 16425/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5692858838810624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9c6b4004928ef41563b0e913666f8da27fdb2399) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: Check for double escapesMichael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: out of array read Fixes: 16331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5672735195267072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6962fd586e1a9a98828866dcfb4114af30c8c756) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vorbisdec: Check get_vlc2() failureMichael Niedermayer2020-01-061-7/+25
| | | | | | | | | | Fixes: out of array read Fixes: 16510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5754510382727168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 07b948fe60789064d7c784d47b8fe798a9a4d2b9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tta: Fix integer overflow in predictionMichael Niedermayer2020-01-061-5/+5
| | | | | | | | | | Fixes: signed integer overflow: -395281576 + -1827578048 cannot be represented in type 'int' Fixes: 16038/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5646109705240576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7e9aecc9f358901426c134978e764ee7beac4944) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vb: Check input packet size to be large enough to contain flagsMichael Niedermayer2020-01-061-0/+3
| | | | | | | | | | Fixes: Timeout (->9sec) Fixes: 16292/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VB_fuzzer-5747063496638464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dea2591d4fbc989ca82bc8a8ad7d16aacdc89af1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cavsdec: Limit the number of access units per packet to 2Michael Niedermayer2020-01-061-0/+4
| | | | | | | | | | Fixes: Timeout (122sec -> 13ms) Fixes: 15978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5148925004087296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 37bc8e3249c88b733bcc0d8c74cdf668292e4d63) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/atrac9dec: Check block_alignMichael Niedermayer2020-01-061-0/+5
| | | | | | | | | | | Fixes: Infinite loop Fixes: 16260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5676365617037312 Fixes: 16260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5768093879500800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dead949a1fbf019647f5c8ea797d1c7be6615639) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alac: Check for bps of 0Michael Niedermayer2020-01-061-1/+3
| | | | | | | | | | | Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int' Fixes: 15764/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5102101203517440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8f49176e845fee8e4e0aaf06411636b46d1ae3ad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alac: Fix multiple integer overflows in lpc_prediction()Michael Niedermayer2020-01-061-4/+4
| | | | | | | | | | | | | | | Fixes: signed integer overflow: 2088795537 + 2147254401 cannot be represented in type 'int' Fixes: signed integer overflow: -1500363496 + -1295351808 cannot be represented in type 'int' Fixes: signed integer overflow: -79560 * 32640 cannot be represented in type 'int' Fixes: signed integer overflow: 2088910005 + 2088796058 cannot be represented in type 'int' Fixes: signed integer overflow: -117258064 - 2088725225 cannot be represented in type 'int' Fixes: signed integer overflow: 2088725225 - -117258064 cannot be represented in type 'int' Fixes: 15739/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5630664122040320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ae3d6a337ad25527bcd3172e3885e45fadf9908c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/rl2: set dimensionsMichael Niedermayer2020-01-061-0/+5
| | | | | | | | | | | | | The dimensions are always 320x200 they are hardcoded in the demuxer. Hardcode them instead in the decoder. Fixes: Timeout (16sec -> 400ms) Fixes: 15574/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RL2_fuzzer-5158614072819712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 965e766e4892cfc45c97cca88895248a7735e7d0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec: Add FF_CODEC_CAP_INIT_CLEANUPMichael Niedermayer2020-01-061-2/+2
| | | | | | | | | | | Fixes: memleaks Fixes: 16289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5200695692623872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 48b86dd8a6bf50a7d8ab0343a1535bc4b0b5b196) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/idcinvideo: Add 320x240 default maximum resolutionMichael Niedermayer2020-01-061-0/+6
| | | | | | | | | | | | | Fixes: Timeout (128sec -> 2ms) Fixes: 16568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IDCIN_fuzzer-5675004095627264 See: [FFmpeg-devel] [PATCH 4/4] tools/target_dec_fuzzer: Adjust max_pixels for IDCIN Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c9fcf881e69e34a2acfa2bb7052ca200cab16740) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/realtextdec: free queue on errorMichael Niedermayer2020-01-061-0/+2
| | | | | | | | | | | Fixes: memleak Fixes: 16277/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5696629440512000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 493438fafc5c43b7b7c62bf0c21b7cc884034ce9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp5/6/8: use vpX_rac_is_end()Michael Niedermayer2020-01-063-5/+5
| | | | | | | Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ab56e62e8f7e02760cfc883956511cab32393315) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fix integer overflow in decode_var_block_data()Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: 1927975249 - -514719744 cannot be represented in type 'int' Fixes: 16413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5651206856245248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 661a9b274b0181b2e36ff21fd13840f35992bea6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Limit maximum channels to 512Michael Niedermayer2020-01-061-0/+5
| | | | | | | | | | | | | | | | | There seems to be no limit in the specification and upto 64k could be stored 512 is choosen as limit as thats the maximum in a conformance sample An alternative to this patch would be a max_channels variable Fixes: OOM Fixes: 16200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5764788793114624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Suggested-by: Thilo Borgmann <thilo.borgmann@mail.de> Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f51e4d026cc762ff2d47d6107658dbff42ba5ea8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/anm: Check input size for a frame with just a stop codeMichael Niedermayer2020-01-061-0/+3
| | | | | | | | | | | Fixes: Timeout (11sec -> 6sec) Fixes: 16344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ANM_fuzzer-5673032000995328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1965161ef6d2aac8d3b034570c3da69dabca9e71) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/flicvideo: Optimize and Simplify FLI_COPY in ↵Michael Niedermayer2020-01-061-8/+1
| | | | | | | | | | | | | flic_decode_frame_24BPP() by using bytestream2_get_buffer() Fixes: Timeout (31sec -> 22sec) Fixes: 16217/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5658084189405184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e301736862f18a449c317a47d0d60d3484e41667) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/loco: Check left column valueMichael Niedermayer2020-01-061-0/+2
| | | | | | | | | | | Fixes: Timeout (42sec -> 379 ms) Fixes: 16323/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5679178099195904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c812db814ebd603106220854e343558ec1115e57) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Fixes invalid shift with pink noise seekingMichael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | Fixes: left shift of negative value -961533698048 Fixes: 16242/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5738550670131200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cdea0206efeca83a0a9b57d0764b177b2e11ab7c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Fix integer overflow for some corner case valuesMichael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: left shift of negative value -14671840 Fixes: 16000/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5145977817661440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c4a88fb546b64179aff12c169239285932e570ac) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/indeo2: Check remaining input more oftenMichael Niedermayer2020-01-061-5/+6
| | | | | | | | | | Fixes: Timeout (95sec -> 30ms) Fixes: 14765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO2_fuzzer-5692455527120896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 52939a2c5772ec00101d293695d0a96dcccf99d9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Check that slices are fewer than pixelsMichael Niedermayer2020-01-061-1/+3
| | | | | | | | | | Fixes: Timeout (197sec ->144ms) Fixes: 15034/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5733549405110272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fbbc8ba67f19d55380b1bc8b5f057328c266d747) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp56: Consider the alpha start as end of the prior headerMichael Niedermayer2020-01-061-2/+2
| | | | | | | | | | | Fixes: Timeout (23sec -> 71ms) Fixes: 15661/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP6A_fuzzer-6257865947348992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit db78bc1297ebaa51cfe5c80775808ec11ed7512b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/4xm: Check for end of input in decode_p_block()Michael Niedermayer2020-01-061-0/+2
| | | | | | | | | | | Fixes: Timeout (81sec -> 0.2sec) Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8f92eb05e063e6c4d6e36521020620d4e6e1c21d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdec: Check delta_luma_weight_l0/1Michael Niedermayer2020-01-061-0/+4
| | | | | | | | | | | Fixes: signed integer overflow: 1 + 2147483647 cannot be represented in type 'int' Fixes: 16041/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5685680656613376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 021f29506b493376d62cdb5b9cb66a6b85e5361f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hnm4video: Optimize postprocess_current_frame()Michael Niedermayer2020-01-061-5/+8
| | | | | | | | | | | Improves: Timeout (220sec -> 108sec) Improves: 15570/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HNM4_VIDEO_fuzzer-5085482213441536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cd460f4da04c05d6ba93ccbbe294e948768f0937) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_refs: Optimize 16bit generate_missing_ref()Michael Niedermayer2020-01-061-6/+6
| | | | | | | | | | Fixes: Timeout (86sec -> 8sec) [these numbers assume also "[FFmpeg-devel] [PATCH 2/5] [RFC] avcodec/hevcdec: Check for overread in hls_decode_entry()"] Fixes: 15702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657764929470464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit da8936969fe695a042282d5686e12227745d299a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/scpr: Use av_memcpy_backptr() in type 17 and 33Michael Niedermayer2020-01-061-4/+3
| | | | | | | | | | | | | | This makes the changed code-path faster. Change not tested except with the fuzzer testcase as I found no other testcase. Improves: Timeout (136sec -> 74sec) Improves: 16040/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5705876062601216 Reviewed-by: Paul B Mahol <onemda@gmail.com> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg (cherry picked from commit 950a21e83c742714d6afbecd3e3fd1887e80fa40) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dds: Use ff_set_dimensions()Michael Niedermayer2020-01-061-3/+4
| | | | | | | | | | | Fixes: signed integer overflow: 2082471995 * 36 cannot be represented in type 'int' Fixes: 16025/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DDS_fuzzer-5136663778426880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9cd1e939cf26e7a53f28cbbda22d27535981b9db) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpc8: Fix 32bit mask/enumMichael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 15817/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5636626409062400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e8bb949ade4078ca318a9b3475cb7a6cfc7e4639) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fix integer overflows of raw_samples in decode_var_block_data()Michael Niedermayer2020-01-061-2/+2
| | | | | | | | | | | | | This also makes the code consistent with the existing similar MUL64() in decode_var_block_data() Fixes: signed integer overflow: -7277630735906765035 + -3272193951413647896 cannot be represented in type 'long' Fixes: 16015/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5666552818434048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fad3ec89b7a664b93b5e29bdb0db0cab0272a0c4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fix integer overflow of raw_samples in decode_blocks()Michael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2147483424 - -1772303236 cannot be represented in type 'int' Fixes: 15708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5067890362941440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ce652324062a2c72f92e40699797630ef7f1ec5a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: fix mantisse shiftMichael Niedermayer2020-01-061-1/+5
| | | | | | | | | | Fixes: shift exponent -1 is negative Fixes: 16039/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5656825657032704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 02346292a334a51f6da802146b782bdb01ae9b4e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: Fix invalid shifts in vc1_decode_i_blocks()Michael Niedermayer2020-01-061-2/+2
| | | | | | | | | | | Fixes: left shift of negative value -9 Fixes: 15299/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS2_fuzzer-5660922678345728 Fixes: 15557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5673351911047168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c9415e815a996d287850a3572ce2c1d663b9f657) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: fix invalid shift in vc1_decode_p_mb()Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: left shift of negative value -5 Fixes: 15294/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5733921754447872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b153ba1c2e03d3148766a3ebf0e9c485197f30de) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_template: fix integer overflow in imdct_and_windowing()Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483645 + 4 cannot be represented in type 'int' Fixes: 15418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5685269069561856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit da93e2b14218c4ab0fda60e21882a4633aac5748) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavcodec/iff: Use unsigned to avoid undefined behaviourAndreas Rheinhardt2020-01-061-17/+17
| | | | | | | | | | | | | The initialization of the uint32_t plane32_lut matrix uses left shifts of the form 1 << plane; plane can be as big as 31 which means that this is undefined behaviour as 1 will be simply an int. So make it unsigned to avoid this. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f12e662a3d3f489eec887b5f2ab20a550caed9cf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Check for block_length <= 0 in read_var_block_data()Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: left shift of negative value -1 Fixes: 15719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5685731105701888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit be4fb282f9fb00d9c267dcc477745e2e468e758f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vqavideo: Set video sizeMichael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: out of array access Fixes: 15919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-5657368257363968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 02f909dc24b1f05cfbba75077c7707b905e63cd2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sanm: Check extradata_size before allocationsMichael Niedermayer2020-01-061-5/+5
| | | | | | | | | | Fixes: Leaks Fixes: 15349/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-5102530557640704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 172a43ce36e671fdab63afe1c06876bba91445b3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 10:00:26 +0000