aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* avformat/genh: Check block_alignMichael Niedermayer2021-10-091-0/+3
| | | | | | | | | | Fixes: infinite loop Fixes: 26440/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5632134020333568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 37396e9ba85d8969a3b5e3314ab99ff604845628) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mvi: Check count for overflowMichael Niedermayer2021-10-091-0/+2
| | | | | | | | | | Fixes: left shift of 21378748 by 10 places cannot be represented in type 'int' Fixes: 26449/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5680463374712832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a413ed98632127342ad04b26e0ba0dc26adb70c9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/magicyuv: Check slice size before reading flags and predMichael Niedermayer2021-10-091-0/+3
| | | | | | | | | | | Fixes: heap-buffer-overflow Fixes: 26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0dc42147b6843b133d4fa46bf1c2568a837b4bec) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_f: Check for negative ext_lenMichael Niedermayer2021-10-091-0/+2
| | | | | | | | | | | | | Fixes: Infinite loop Fixes: 26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016 Fixes: 26377/clusterfuzz-testcase-minimized-ffmpeg_dem_TY_fuzzer-4838195726123008 Fixes: 26384/clusterfuzz-testcase-minimized-ffmpeg_dem_G729_fuzzer-5173450337157120 Fixes: 26396/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_S24BE_fuzzer-5071092206796800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 209b9ff5c3f337da4a3d82e59b8815eca2737ffa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/bethsoftvid: Check image dimensions before useMichael Niedermayer2021-10-091-0/+6
| | | | | | | | | | Fixes: signed integer overflow: 55255 * 53207 cannot be represented in type 'int' Fixes: 26387/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS2_fuzzer-5684222226071552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 50b29f081e9620dc39727adef707c2c323a8c095) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/genh: Check block_align for how it will be used in SDX2_DPCMMichael Niedermayer2021-10-091-1/+3
| | | | | | | | | | Fixes: signed integer overflow: 19922944 * 1024 cannot be represented in type 'int' Fixes: 26402/clusterfuzz-testcase-minimized-ffmpeg_dem_VMD_fuzzer-5745470053548032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c95b47e18fdb43a4c667ae22a5d3a5ee6cf7782d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/au: Check for EOF in au_read_annotation()Michael Niedermayer2021-10-091-0/+2
| | | | | | | | | | | Fixes: Timeout (too looong -> 1 ms) Fixes: 26366/clusterfuzz-testcase-minimized-ffmpeg_dem_SDX_fuzzer-5655584843759616 Fixes: 26391/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-5484026133217280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e680d50eb4feddafb2d8575b21fc5fc8764f4801) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/segafilm: Do not assume AV_CODEC_ID_NONE is 0Michael Niedermayer2021-10-091-6/+6
| | | | | | | Suggested-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d34e4904cd6d965693b285713660f4e84200d60b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/segafilm: Check that there is a streamMichael Niedermayer2021-10-091-0/+3
| | | | | | | | | | | Fixes: assertion failure Fixes: 26472/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5759751591559168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c0d7fd269beed030fc767fee28d9dbe111bc4427) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wtvdec: Check dir_lengthMichael Niedermayer2021-10-091-0/+5
| | | | | | | | | | | Fixes: Infinite loop Fixes: 26445/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5125558331244544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1868cb731660490beb750389266adb6e68e9123d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check limits to avoid overflow in delta computationMichael Niedermayer2021-10-091-4/+15
| | | | | | | | | | | Fixes: signed integer overflow: 553590816 - -2145378049 cannot be represented in type 'int' Fixes: 26315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5938755121446912 Fixes: 26340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5644316208529408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6910e0f4e5c40b5b902e4dd87256327d860d53f5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_f: Check name_len for overflowMichael Niedermayer2021-10-091-0/+2
| | | | | | | | | | Fixes: signed integer overflow: -1172299744 * 2 cannot be represented in type 'int' Fixes: 26258/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5672758488596480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0d088a47ca0243576078f109fff20617d1fac382) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264idct_template: Fix integer overflow in ↵Michael Niedermayer2021-10-091-1/+1
| | | | | | | | | | | | ff_h264_chroma422_dc_dequant_idct() Fixes: signed integer overflow: 241173056 + 1953511200 cannot be represented in type 'int' Fixes: 26086/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5068366420901888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d1983628394e076001cc67d85656f9842b7282a3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_fixed: Limit index in vector_pow43()Michael Niedermayer2021-10-091-2/+2
| | | | | | | | | | Fixes: out of array access Fixes: 26087/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5724825462767616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f83a536384afda45acb6d7cdd22017c8c314f9e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: sanity check coded_framesizeMichael Niedermayer2021-10-091-1/+5
| | | | | | | | | | Fixes: signed integer overflow: -14671840 * 8224 cannot be represented in type 'int' Fixes: 24793/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5101884323659776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aee8477c6ba20469ebe531448d31c642717b5f48) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flvdec: Check for EOF in amf_parse_object()Michael Niedermayer2021-10-091-0/+2
| | | | | | | | | | Fixes: Timeout (too long -> 1ms) Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 33624f4f2e1feb08f277126e637d4a28016eb07a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/smacker: Check remaining bits in SMK_BLK_FULLMichael Niedermayer2021-10-091-0/+2
| | | | | | | | | | Fixes: out of array access Fixes: 26047/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5083031667474432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 42ded4d1e6fb0086a235dc584118414ae2bf30c9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cook: Check subpacket index against maxMichael Niedermayer2021-10-091-4/+4
| | | | | | | | | | | Fixes: off by 1 error Fixes: index 5 out of bounds for type 'COOKSubpacket [5]' Fixes: 25772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5762459498184704.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5a2a7604da5f7a2fc498d1d5c90bd892edac9ce8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcpred_template: Fix diagonal chroma availability in 4:2:2 edge ↵Michael Niedermayer2021-10-091-2/+3
| | | | | | | | | | | case in intra_pred Fixes: pixel decode issue.ts Fixes: raw frame.hevc Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3fbf8737923ac49754946a2505367630544b87f1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/icodec: Change order of operations to avoid NULL dereferenceMichael Niedermayer2021-10-091-1/+3
| | | | | | | | | | | Fixes: SEGV on unknown address 0x000000000000 Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3300f5c133650ba25f94531d40ecc94c79b84457) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Fix overflow with many blocksMichael Niedermayer2021-10-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 1073741827 * 8 cannot be represented in type 'int' Fixes: 25621/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6304841641754624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7265b7d904f86ec1c681222310c739f92ba55e5e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp9dsp_template: Fix integer overflows in idct16_1d()Michael Niedermayer2021-10-091-26/+26
| | | | | | | | | | Fixes: signed integer overflow: -190760 * 11585 cannot be represented in type 'int' Fixes: 25471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5743354917421056 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 394e8bb385a351091cb1ba0be986f3bbb15039fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdec: Check slice_cb_qp_offset / slice_cr_qp_offsetMichael Niedermayer2021-10-091-0/+5
| | | | | | | | | | Fixes: signed integer overflow: 29 + 2147483640 cannot be represented in type 'int' Fixes: 25413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5697909331591168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 106f11f68af643ad1f372b840d38a0a30c6e9bcf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/subviewerdec: fail on AV_NOPTS_VALUEMichael Niedermayer2021-10-091-0/+4
| | | | | | | | | | | | Such values are not supported by ff_subtitles_queue* Fixes: signed integer overflow: 10 - -9223372036854775808 cannot be represented in type 'long' Fixes: 24193/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5714901855895552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b7f51428b1c73ab5840485ce537ce098a85d0881) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check line size for overflowMichael Niedermayer2021-10-091-0/+6
| | | | | | | | | | Fixes: signed integer overflow: 570425356 * 6 cannot be represented in type 'int Fixes: 25929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5099197739827200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9b72cea4463dd2fabcd9ba1454a0855e521d0148) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check xdelta, ydeltaMichael Niedermayer2021-10-091-1/+3
| | | | | | | | | | Fixes: assertion failure Fixes: 25617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5648746061496320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6949df35d0c69ae91bb0f49069e0703deb9bd676) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/takdsp: Fix negative shift in decorrelate_sf()Michael Niedermayer2021-10-091-1/+1
| | | | | | | | | | Fixes: left shift of negative value -4 Fixes: 25723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6250580752990208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f54f530039db149808478796e8389c14eb73095) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420()Michael Niedermayer2021-10-091-1/+1
| | | | | | | | | | | Fixes: left shift of negative value -640 Fixes: 26044/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5631057602543616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3291d994b76db4b6e67c8467367ce68f79785e60) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_f: Change order or operations slightlyMichael Niedermayer2021-10-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 20 * 5184056935931942919 cannot be represented in type 'long' Fixes: 25466/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4798660247552000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 686f0151901849de3b2073fa73265472073e0208) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dxa: Use av_rescale() for duration computationMichael Niedermayer2021-10-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 8224000000 * 1629552639 cannot be represented in type 'long' Fixes: 24908/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4658478506049536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c313089fbe1df71b5406dd9d7e4d36361051c620) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: Fix integer overflow in ac valueMichael Niedermayer2021-10-091-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 25488 * 87381 cannot be represented in type 'int' Fixes: 24765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5108259565076480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3056e19e68122b9464b24870488f8faca4e78ea8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/iff: Check data_size not overflowing int64Michael Niedermayer2021-10-091-0/+3
| | | | | | | | | | | Fixes: Infinite loop Fixes: 25844/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5660803318153216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 24352ca79207d3311ee544fcba908a64004763ef) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dxtory: Fix negative shift in dx2_decode_slice_410()Michael Niedermayer2021-10-091-1/+1
| | | | | | | | | | | Fixes: left shift of negative value -768 Fixes: 25574/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-6012596027916288 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit abebd87764992dc22c82802bdc75d40aac14ab86) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sonic: Check channels before deallocatingMichael Niedermayer2021-10-091-3/+1
| | | | | | | | | | | Fixes: heap-buffer-overflow Fixes: 25744/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5172961169113088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f249981976b18438cfb646183d4c21fb051e1ad4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ansi: Check nb_args for overflowMichael Niedermayer2021-10-091-1/+2
| | | | | | | | | Fixes: Integer overflow (no testcase) Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bc0e776c9aaf06f437bf21e05a713fd54dc85400) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wc3movie: Move wc3_read_close() upMichael Niedermayer2021-10-091-10/+10
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0c635f2ce6c18d448e77605ee83b55bd8250f812) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdsp: Fix integer anomaly in dequant_subband_*Michael Niedermayer2021-10-091-3/+3
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself Fixes: 23760/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-604209011412172 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ca3c6c981aa5b0af8a5576020b79fdd3cdf9ae9e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/fixed_dsp: Fix integer overflows in butterflies_fixed_c()Michael Niedermayer2021-10-091-1/+2
| | | | | | | | | | Fixes: signed integer overflow: 0 - -2147483648 cannot be represented in type 'int' Fixes: 23646/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5480991098667008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4a02ae49c26395fc3ae2d38c733a2a13bd3080e7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Check remaining space before padding and channel residueMichael Niedermayer2021-10-091-0/+2
| | | | | | | | | | Fixes: Timeout (1101sec -> 0.4sec) Fixes: 24491/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5725337036783616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c467adf3bf9bb4b7fd28956ec698d884e63f145d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/cdg: Fix integer overflow in duration computationMichael Niedermayer2021-10-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 8398407 * 300 cannot be represented in type 'int' Fixes: 23914/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4702539290509312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa8935b395162f8438d1f055e671e92685ed1586) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpc: Fix multiple numerical overflows in ff_mpc_dequantize_and_synth()Michael Niedermayer2021-10-091-4/+4
| | | | | | | | | | | | Fixes: -2.4187e+09 is outside the range of representable values of type 'int' Fixes: signed integer overflow: -14512205 + -2147483648 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384 Fixes: 23528/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2b9f39689ab19c68ff37b5a4ac71e8fb7f58c487) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/electronicarts: Check if there are any streamsMichael Niedermayer2021-10-091-6/+8
| | | | | | | | | | Fixes: Assertion failure (invalid stream index) Fixes: 25120/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6565251898933248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 39a98623edbbdcf9d9b76e9d7aff3ce086ebfbfe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Fix integer overflow in wavesynth_synth_sample / WS_SINEMichael Niedermayer2021-10-091-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: -1429092 * -32596 cannot be represented in type 'int' Fixes: 24419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5157849974702080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a0da95df77a528251a326fc8b7e2ff48c60e41d0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp9dsp_template: Fix integer overflow in iadst8_1d()Michael Niedermayer2021-10-091-8/+8
| | | | | | | | | | Fixes: signed integer overflow: 998938090 + 1169275991 cannot be represented in type 'int' Fixes: 23411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-4644692330545152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d182d8f10cf69c59ef9c21df4b06e5478df063ef) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Fix io_fsize overflowMichael Niedermayer2021-10-091-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long' Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cf0c700b0c25f5d9fe50dd27086a06812822f11a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cfhd: Check transform typeMichael Niedermayer2021-10-091-0/+4
| | | | | | | | | | Fixes: out of array access Fixes: 24823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4855119863349248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 659658d08bb2e7219001795c78efd24f381446e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Restrict tag order based on specificationMichael Niedermayer2021-10-091-0/+8
| | | | | | | | | | | | | | | | | | | | | | "The entries in an IFD must be sorted in ascending order by Tag. Note that this is not the order in which the fields are described in this document." This way various dimensions, sample and bit sizes cannot be changed at arbitrary times which reduces the potential for bugs. The tag reading code also on various places assumes that numerically previous tags have already been parsed, so this needs to be enforced one way or another. If this commit causes problems with real world files which are not easy to fix then some other form of checks are needed to ensure the various dependencies in the tag reading are not violated. Fixes: out of array access Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ad29f9e47cb848e11ee1d358d2bae15cd35ef04b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/siff: Reject audio packets without audio streamMichael Niedermayer2021-10-091-0/+2
| | | | | | | | | | | Fixes: Assertion failure Fixes: 24612/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6600899842277376.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8931c55789a69f717b4a6954c5bb7acf5475a134) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpeg: Check avio_read() return value in get_pts()Michael Niedermayer2021-10-091-1/+4
| | | | | | | | | Found-by: Thierry Foucu <tfoucu@gmail.com> Fixes: Use-of-uninitialized-value Reviewed-by: Thierry Foucu <tfoucu@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e8a88a16f78e66c8d7645b5f71dc8390b033fa70) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Check bpp/bppcount for 0Michael Niedermayer2021-10-091-3/+3
| | | | | | | | | | Fixes: division by zero Fixes: 24253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6250318007107584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit be090da25f734460f3105075456877b8a66185c1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 07:32:31 +0000