summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* libavformat/oggdec.c: Check return value from avio_read()John Rummell2020-07-031-1/+2
| | | | | | | | | | If the buffer doesn't contain enough bytes when reading a stream, fail rather than continuing on with unitialized data. Caught by Chromium fuzzers (crbug.com/1054229). Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b7c67b1ae3657058b32b9235119d07529ad5cce1) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/asfdec_f: Fix overflow check in get_tag()Michael Niedermayer2020-07-031-2/+13
| | | | | | | | | | | Fixes: signed integer overflow: 2 * 1210064928 cannot be represented in type 'int' Fixes: 20873/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5761116909338624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c8140fe7324f264faacf7395b27e12531d1f13f7) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/nsvdec: Fix memleaks on errors while reading the headerMichael Niedermayer2020-07-031-6/+14
| | | | | | | | | | | Fixes: memleaks Fixes: 21084/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5655975492321280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 96c04694550999cc214cae8c4a16d2d7ac0958bc) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/ffwavesynth: Fix integer overflow in computation of ddphiMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: 1302123111085380114 - -8319005078741256972 cannot be represented in type 'long' Fixes: 20991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5148554161291264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c85bf1631823e9089e59a474d5c6c0efc708c507) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/cbs_jpeg: Check length for SOSMichael Niedermayer2020-07-031-0/+3
| | | | | | | | | | | Fixes: out of array access Fixes: 19734/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5673507031875584 Fixes: 19353/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5703944462663680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 1812352d767ccf5431aa440123e2e260a4db2726) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/adpcm: Fix invalid shift in AV_CODEC_ID_ADPCM_PSXMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: left shift of negative value -1 Fixes: 20859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_PSX_fuzzer-5720391507247104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0a11ef68f0a85905e704e503b433f5aa645d59ac) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mpeg12dec: Fix invalid shift in mpeg2_fast_decode_block_intra()Michael Niedermayer2020-07-031-1/+1
| | | | | | | | | | | Fixes: left shift of negative value -695 Fixes: 19232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5702856963522560 Fixes: 19555/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5741218147598336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c40df2166c7925fc81e1ef22563c2e32124cf1d6) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/cbs_h2645: Treat slices without data as invalidAndreas Rheinhardt2020-07-031-0/+6
| | | | | | | | | | | | | Slices that end after their header (meaning slices after the header without any data before the rbsp_stop_one_bit or possibly without any rbsp_stop_one_bit at all) are invalid and are now dropped. This ensures that one doesn't run into two asserts in cbs_h2645_write_slice_data(). Signed-off-by: Andreas Rheinhardt <[email protected]> Fixes: 19629/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5676822528524288 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 66fac1ff7ccbc4fb6a3aa6b9a95de7b6bc31d14e) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/cbs_h2645: Remove dead code to delete trailing zeroesAndreas Rheinhardt2020-07-031-14/+0
| | | | | | | | | | Trailing zeroes are already discarded when splitting a fragment, which makes the code to remove them when decomposing slices dead code. Signed-off-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8f701932b39a6345f2a8bab85f48d555a98802e3) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/cbs_av1_syntax_template: Set seen_frame_header only after ↵Michael Niedermayer2020-07-031-2/+0
| | | | | | | | | | | | successfull uncompressed_header() Fixes: assertion failure Fixes: 19301/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_MERGE_fuzzer-5743212006473728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a2e4879432b9de6aa899b85aebbc0eb6a8b5f37f) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mpegaudioenc_template: fix invalid shift of sampleMichael Niedermayer2020-07-031-1/+1
| | | | | | | | Fixes: Ticket8010 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a2c97a8342fab6393280cc2f0e2ffb39c381d29c) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/motion_est_template: Fix invalid shifts in no_sub_motion_search()Michael Niedermayer2020-07-031-2/+2
| | | | | | | | Fixes: Ticket8167 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e13eee37ee3268b0a985ddc74a9bde0179bd553c) Signed-off-by: Michael Niedermayer <[email protected]>
* libavformat/avienc: Check bits per sample for PAL8Michael Niedermayer2020-07-031-0/+8
| | | | | | | | | Fixes: assertion failure Fixes: Ticket 8172 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 35958782819c00211e247332ab18fbf2f28267e1) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mpegts: Improve the position determination for ↵Michael Niedermayer2020-07-031-5/+3
| | | | | | | | | | | avpriv_mpegts_parse_packet() Fixes: assertion failure Fixes: Ticket 8005 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e5bb48ae5990347dff22fc38ff5a1c1f7f60a1c5) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/magicyuv: Check that there are enough lines for interlacing to be ↵Michael Niedermayer2020-07-031-0/+11
| | | | | | | | | | | | | possible Fixes: out of array access Fixes: 20763/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5759562508664832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f8a0e9f9f71cf5650bdc250ff7475e0f7d8e8420) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mvdec: Check stream numbersMichael Niedermayer2020-07-031-0/+6
| | | | | | | | | | | Fixes: null pointer dereference Fixes: 20768/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5638648978735104.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 618a9bea65112a27a106e02ada3ae475cc8ac1ac) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/pcm: Fix invalid shift in AV_CODEC_ID_PCM_LXFMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | | Fixes: left shift of 233 by 24 places cannot be represented in type 'int' Fixes: 20736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_LXF_fuzzer-4829212685107200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 051d11f659455f38be7ce40e2dc9d03b082dcd4d) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/qdm2: Check fft_coefs_indexMichael Niedermayer2020-07-031-0/+3
| | | | | | | | | | | Fixes: out of array access Fixes: 20660/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5658290216501248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9fc73bf022eb781eea7f685e2d2e9de4ba8898ca) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/utils: Fix integer overflow with complex time bases in ↵Michael Niedermayer2020-07-031-1/+1
| | | | | | | | | | | | | avformat_find_stream_info() Fixes: signed integer overflow: 2045163756 * 2 cannot be represented in type 'int' Fixes: Ticket5132 Found-by: tsmith Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f3d8f517dbc42de8e2f97cc01bf5171bb05fbcc7) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/avidec: Avoid integer overflow in NI switch checkMichael Niedermayer2020-07-031-3/+4
| | | | | | | | | | | Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long' Fixes: Ticket8149 Found-by: Suhwan Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 347920ca2102d762e4713f101a2e75811791e2b3) Signed-off-by: Michael Niedermayer <[email protected]>
* fftools/ffmpeg: Fix integer overflow in duration computation in seek_to_start()Michael Niedermayer2020-07-031-1/+2
| | | | | | | | | | | Fixes: signed integer overflow: -9223372036854775808 - 9223372036854775807 cannot be represented in type 'long' Fixes: Ticket8142 Found-by: Suhwan Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 4f4ad33d96a01d82edf56d58599017cb0ae5bfa8) Signed-off-by: Michael Niedermayer <[email protected]>
* avfilter/vf_aspect: Fix integer overflow in compute_dar()Michael Niedermayer2020-07-031-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: 1562273630 * 17 cannot be represented in type 'int' Fixes: Ticket8323 Found-by: Suhwan Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0c0ca0f244b823238e5a4f5584168e620da84899) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/apedec: Fix invalid shift with 24 bpsMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | | Fixes: left shift of negative value -463 Fixes: 20542/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5688714435231744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8e278672294f28a3feaba0a38460afd51f0fadda) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/utils: Fix undefined behavior in ff_configure_buffers_for_index()Dale Curtis2020-07-031-1/+3
| | | | | | | | | | When e2_pts == INT64_MIN and e1_pts >= 0 the calculation of e2_pts - e1_pts will overflow an int64_t. Signed-off-by: Dale Curtis <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f15007afa90a3eb3639848d9702c1cc3ac3e896b) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/dpcm: Fix integer overflow in AV_CODEC_ID_GREMLIN_DPCMMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -2147479324 + -32568 cannot be represented in type 'int' Fixes: 20103/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GREMLIN_DPCM_fuzzer-5667667579240448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b1aecad9eae900b9c3054392994d150d5ae572c5) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmalosslessdec: Fix integer overflow with sliding in padding bitsMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -53716100 * 256 cannot be represented in type 'int' Fixes: 20143/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5716604000403456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b8a0be93528187721a2414f66abbc252a258afa3) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmalosslessdec: Fix loop in revert_acfilter()Michael Niedermayer2020-07-031-2/+5
| | | | | | | | | | | | Fixes: out of array read Fixes: 20059/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5691776237305856 No testcase except the fuzzed one. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 5584c0bb945d6010a9d8c22ef3270792022e1761) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/lagarith: Sanity check scaleMichael Niedermayer2020-07-031-0/+3
| | | | | | | | | | | | A value of 24 and above can collaps the range to 0 which would not work. Fixes: Timeout (75sec -> 21sec) Fixes: 18707/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-5708950892969984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit fb3855342b9e4c577c63b38a7a5a574830a21934) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/apedec: Fix integer overflows in predictor_decode_mono_3950()Michael Niedermayer2020-07-031-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147407150 + -1871606 cannot be represented in type 'int' Fixes: 18702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679095417667584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit eb64a5c6f94981e4a68ad65a6e445557e11c08fc) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/ralf: Fix integer overflow in apply_lpc()Michael Niedermayer2020-07-031-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: 2147482897 + 2048 cannot be represented in type 'int' Fixes: 19240/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5743240326414336 Fixes: 19869/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5150136636538880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit fd313d8cf8368918882b6de0880e44ae25cc7394) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/dca_lbr: Fix some error codes and error passingMichael Niedermayer2020-07-031-69/+93
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit bfea054a75f17d140f2f171056a801c4c89f6d26) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmavoice: Fix rounding and integer anomalies in calc_input_response()Michael Niedermayer2020-07-031-2/+4
| | | | | | | | | | | | Fixes: out of array access Fixes: inf is outside the range of representable values of type 'int' Fixes: signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long' Fixes: 19316/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5677369365102592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 38d37584448731f90977132b838d50ff1a28811b) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmavoice: sanity check block_alignMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | | | | This limit is roughly based on the bitreader limit, its likely a much tighter limit could be used Fixes: left shift of 1965039647 by 1 places cannot be represented in type 'int' Fixes: 19545/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5695391899320320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 6847e22c8c85b80bf1d25ec66f77f7ccbcf43aed) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/pcm: Fix invalid shift in pcm_decode_frame for LXFMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: left shift of 32 by 28 places cannot be represented in type 'int' Fixes: 19472/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_LXF_fuzzer-5704364320096256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 985d3666f672781152f4b68093740ea6a9888194) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/snappy: Sanity check bytestream2_get_levarint()Michael Niedermayer2020-07-031-0/+2
| | | | | | | | | | | | Fixes: left shift of 79 by 28 places cannot be represented in type 'int' Fixes: 20202/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5719004081815552 Fixes: 20219/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5641738677125120 Fixes: 20389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5680721517871104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit be54da2117a6f58c14283f2511e71fda8d3bfe9d) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mlpdsp: Fix a invalid shift in ff_mlp_rematrix_channel()Michael Niedermayer2020-07-031-1/+1
| | | | | | | | | | | Fixes: left shift of negative value -2 Fixes: 20305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5677196618498048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Jai Luthra <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit fcc9f13717c8c3fe08ca5caf957c39e76ea35e4f) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/avdct: Clear IDCTDSPContext contextMichael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes use of uninitialized variable and segfault Reviewed-by: Paul B Mahol <[email protected]> Reviewed-by: James Almer <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b82825eba837f7cbb24c1d66e93285d029307417) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/x86/diracdsp: Fix high bits on Windows x86_64Michael Niedermayer2020-07-031-1/+1
| | | | | | Found-by: james (cherry picked from commit 24af459d1e568fd134476f305f4fba23bf2c386a) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mov: Check STCO locationMichael Niedermayer2020-07-031-0/+4
| | | | | | | | | | | Fixes: bypassing of checks and assertion failure Fixes: asan_1003879.mp4 Found-by: Clusterfuzz + asan Reported-by: Thomas Guilbert <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 1cd41840208bce7e690a4ccc48077567418a0aa8) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/wmalosslessdec: Fix multiple integer overflowsMichael Niedermayer2020-07-031-2/+3
| | | | | | | | | | | | Fixes: left shift of 3329 by 20 places cannot be represented in type 'int' Fixes: signed integer overflow: -199378355 + -1948950833 cannot be represented in type 'int' Fixes: 19837/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5752565837070336 Fixes: 19839/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5767483265122304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 422202516cfb6239abb4e20db9f628f3899a76e2) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/apedec: Fix undefined integer overflow in decode_array_0000()Michael Niedermayer2020-07-031-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -2143289344 - 6246400 cannot be represented in type 'int' Fixes: 19239/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5173755680915456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a3655bb02c21e70573335e9396632f64b2589536) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/smacker: Check space before decoding typeMichael Niedermayer2020-07-031-0/+4
| | | | | | | | | | Fixes: Timeout (232sec -> 280ms) Fixes: 19682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5654129649385472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 6f5c18da5977a3214e1ea30e6b0c0d9d858ce83d) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/rawdec: Use linesize in b64aMichael Niedermayer2020-07-031-4/+7
| | | | | | | | | | Fixes: out of array access Fixes: 19750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RAWVIDEO_fuzzer-5074834119983104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 2b5b9d5dac9a3525d7330662724c0e9045078bfb) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/iff: Over-allocate ham_palbuf for HAM6 IFF-PBMMichael Niedermayer2020-07-031-1/+5
| | | | | | | | | | | IFF-PBM-HAM6 can read out of array without this overallocation Fixes: Out of array read Fixes: 19752/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5675331403120640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 8652f4e7a15e56fadf9697188c1ed42c9981db82) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/x86/diracdsp: Fix incorrect src addressing in dequant_subband_32()Michael Niedermayer2020-07-031-1/+2
| | | | | | | | | | | | Fixes: Segfault (not reproducable with asm, which made this hard to debug) Fixes: decoding errors Fixes: 19854/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5729372837511168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0694b60b7b4892eac1d6e2aca64de9e0cb096486) Signed-off-by: Michael Niedermayer <[email protected]>
* avfilter/vf_find_rect: Remove assertMichael Niedermayer2020-07-031-2/+0
| | | | | | | | | | | A score of 0 is possible Fixes: Ticket8500 Reviewed-by: Paul B Mahol <[email protected]> Reviewed-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit dfc471488675aa257183745502d0074055db3bd2) Signed-off-by: Michael Niedermayer <[email protected]>
* avfilter/vf_find_rect: Increase worst case scoreMichael Niedermayer2020-07-031-2/+2
| | | | | | | | score could be 1.0 which lead to uninitialized values Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 6ff2474e02200dce7abdea3fd211fcaf49691c2c) Signed-off-by: Michael Niedermayer <[email protected]>
* swscale/input: Fix several invalid shifts related to rgb2yuv constantsMichael Niedermayer2020-07-031-4/+4
| | | | | | | | | | Fixes: Invalid shifts Fixes: #8140 Fixes: #8146 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d48e510124d0fea24e2ec27271687c92e4428a18) Signed-off-by: Michael Niedermayer <[email protected]>
* swscale/output: Fix several invalid shifts in yuv2rgb_full_1_c_template()Michael Niedermayer2020-07-031-4/+4
| | | | | | | | | | Fixes: Invalid shifts Fixes: #8320 Reviewed-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7b7f97532b2ac8836d8d8e3c71dd026e35ae1ca7) Signed-off-by: Michael Niedermayer <[email protected]>
* swscale/swscale: Fix several invalid shifts related to vChrDropMichael Niedermayer2020-07-031-2/+2
| | | | | | | | | | | Fixes: Invalid shifts Fixes: #8166 Fixes: filter-crop_scale_vflip FATE-test Reviewed-by: Andreas Rheinhardt <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a6ca22c11834c0ff075592e3f051d41068c407db) Signed-off-by: Michael Niedermayer <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-23 13:28:38 +0000