aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* avformat/xmv: Make bitrate 64bitMichael Niedermayer2019-11-141-2/+2
| | | | | | | | | | | Fixes: signed integer overflow: 32 * 538976288 cannot be represented in type 'int' Fixes: 15633/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5752273981931520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 39a6a79bcbe3c2d239ed207a34c5fb3ca7bfdaf0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pngdec: Check that previous_picture has same w/h/formatMichael Niedermayer2019-11-141-0/+3
| | | | | | | | | | | Fixes: out of array access Fixes: 15540/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5684905029140480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 18c808ffbed81ea580fe6ddd6524dd7bea3f8d0e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/huffyuv: remove gray8a (the format is listed but not supported by ↵Michael Niedermayer2019-11-142-5/+0
| | | | | | | | | | | | | the implementation) Fixes: null pointer dereference Fixes: 15464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5681391150301184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6aaa01afe4fb774d0767684aa00f075b0ee5fca6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpc8: Fixes invalid shift in mpc8_decode_frame()Michael Niedermayer2019-11-141-2/+3
| | | | | | | | | | | Fixes: left shift of negative value -456 Fixes: 15561/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5758130404720640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Suggested-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1dbb67d39b21ed320edd2b1599b502518250cfd3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils, avcodec_open2: close codec on failureJames Zern2019-11-141-1/+4
| | | | | | | | | | | | | after a successful init if the function fails for another reason close the codec without requiring FF_CODEC_CAP_INIT_CLEANUP which is meant to cover init failures themselves. fixes a memory leak in those cases. BUG=oss-fuzz:15529 Signed-off-by: James Zern <jzern@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b1febda061955c6f4bfbc1a75918b5e75e7d7f80) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/golomb: Correct the doxy about get_ue_golomb() and errorsMichael Niedermayer2019-11-141-0/+2
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1bb3b3f11c6960e90bcfe685c0ad1e355a3e787e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Check timebase before use in estimate_timings()Michael Niedermayer2019-11-141-0/+1
| | | | | | | | | | Fixes: division by 0 Fixes: 15480/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5746727434321920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f57e97dfd9539bc3f4f97a76ebc001f0b055cb88) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hq_hqa: Use ff_set_dimensions()Michael Niedermayer2019-11-141-2/+4
| | | | | | | | | | Fixes: 15530/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5637370344374272 Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a6229fcd405d4135848c83df73634871260de59c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/rv10: Fix integer overflow in aspect ratio compareMichael Niedermayer2019-11-141-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2040 * 1187872 cannot be represented in type 'int' Fixes: 15368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV20_fuzzer-5681657136283648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 14fcf42958608223a0be6558fb6e323419c9fc27) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/4xm: Fix signed integer overflows in idct()Michael Niedermayer2019-11-141-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int' Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2bbea155bf7c6ce6d5ae53cc41e44798cad2f39c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdm2: Check checksum_size for 0Michael Niedermayer2019-11-141-2/+2
| | | | | | | | | | Fixes: Infinite loop Fixes: 15337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5757428949319680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7b2ebf89a411d957ca999f1e7a919ff617fbfd56) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdm2: error out of qdm2_fft_decode_tones() before entering endless loopMichael Niedermayer2019-11-141-0/+4
| | | | | | | | | | | Fixes: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int' Fixes: infinite loop Fixes: 15396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5116605501014016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 694be24bd6c4cc9c62222f4583260bf79056e4c1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdm2: Do not read out of array in fix_coding_method_array()Michael Niedermayer2019-11-141-1/+6
| | | | | | | | | | | | Instead we ask for a sample, its unclear what to do in this case. Fixes: index 30 out of bounds for type 'int8_t [30][64]' Fixes: 15339/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5749441484554240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ae021c1239ec3bc0a30dc5a4720569071599ece4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/svq3: Use ff_set_dimension()Michael Niedermayer2019-11-141-16/+20
| | | | | | | | | | Fixes: OOM Fixes: 15410/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5659464805384192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7b114d76878f1a542bcb75456492cc43e6414f8b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/iff: Check ham vs bppMichael Niedermayer2019-11-141-3/+10
| | | | | | | | | | | | | | This checks the ham value much stricter and avoids hitting cases which cannot be reached with data from the libavformat demuxer. Fixes: out of array access Fixes: 15320/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5080476840099840 Fixes: 15423/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5630765833912320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f76d7352e05526fde7c607b9a9db536a5760af29) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: use uint32_t to compute difference, it is enoughMichael Niedermayer2019-11-141-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 6494225984479297536 - -6043795377581187040 cannot be represented in type 'long' Fixes: 15285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5632780307791872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e9dd3c7126097d7c8d4f137db9957b81a219aa2c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative caseMichael Niedermayer2019-11-141-9/+3
| | | | | | | | | | Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Fixes: 15289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5709034499342336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c022099351c04ae21e0b8696ea71a690ed03cd2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Fix backward lcg_seek()Michael Niedermayer2019-11-141-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cf2bd3ce79b12256d7d129b2ada5ee649b9a27eb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/flicvideo: Fix off by 1 error in flic_decode_frame_24BPP()Michael Niedermayer2019-11-141-1/+1
| | | | | | | | | | | Fixes: out of array access Fixes: 15360/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5653837190266880 Fixes: 15412/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5740537648250880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 37708cbae8d6887b80f58a70a1dfa01af6ea2c85) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: Check for vlc error in vc1_decode_ac_coeff()Michael Niedermayer2019-11-141-8/+26
| | | | | | | | | | Fixes: index -1 out of bounds for type 'const uint8_t [185][2]' Fixes: 15250/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5648992869810176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 79204a1fc8f1988f7d7e6cae2c3b68f513444d38) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alac: Check lpc_quantMichael Niedermayer2019-11-141-1/+1
| | | | | | | | | | | | | | | | lpc_quant of 0 produces undefined behavior, thus disallow this. If valid samples use this then such a sample would be quite usefull to confirm the correct&lossles handling of this. Fixes: libavcodec/alac.c:218:25: runtime error: shift exponent -1 is negative Fixes: 15273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5656388535058432 Fixes: 15276/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5761238417539072 Fixes: 15315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5767260766994432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a6474b899c1153e3bb95e399b6605c3507aea0d0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Add FF_CODEC_CAP_INIT_CLEANUPMichael Niedermayer2019-11-141-1/+1
| | | | | | | | | | Fixes: multiple memleaks Fixes: 15293/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5642409288925184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b7b6ddd59693008c35b3247496ecc946331d0856) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fix integer overflow with buffer numberMichael Niedermayer2019-11-141-0/+2
| | | | | | | | | | Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int' Fixes: 15290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5738074249625600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f64f6058e0c23641a68ce7dfe47b1f55efd401c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fixes signed integer overflow in LSB additionMichael Niedermayer2019-11-141-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 8 * 536870912 cannot be represented in type 'int' Fixes: 15281/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5744458785619968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7f527021df73b4792323f38f84a4bf2fbe5a2052) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Check opt_order / sb_length in ra_block handlingMichael Niedermayer2019-11-141-2/+8
| | | | | | | | | | | Fixes: out of array access Fixes: 15277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5184853437317120 Fixes: 15280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5741062137577472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0794494c8f2f756e3c9384dba21c54f7d4ba9286) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fix integer overflow with shifting samplesMichael Niedermayer2019-11-141-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -346039050 * 8 cannot be represented in type 'int' Fixes: 15283/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5692700268953600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a3bd4b260eb9f0d5817f9b3d672844f127c51a0b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fix undefined behavior in decode_rice()Michael Niedermayer2019-11-141-1/+1
| | | | | | | | | | Fixes: left shift of 72 by 26 places cannot be represented in type 'int' Fixes: 15279/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5700665621348352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 51f6870c37cc29e1ea7e0c66df2fe505938b7561) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fixes invalid shifts in read_var_block_data() and ↵Michael Niedermayer2019-11-141-6/+6
| | | | | | | | | | | | | | INTERLEAVE_OUTPUT() Fixes: left shift of negative value -6 Fixes: 15275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5742361767837696 Fixes: signed integer overflow: 41582592 * 256 cannot be represented in type 'int' Fixes: 15296/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5739558227935232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e131568752ad41222946304c61eadb87b0a24791) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_ps: Change num_tile_rows/columns checks to sps->ctb_height/weightMichael Niedermayer2019-11-141-2/+2
| | | | | | | | Suggested-by: James Almer <jamrial@gmail.com> Reviewed-by: James Almer <jamrial@gmail.com Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3b2082c663dac93fd722289a540c1b1e24a12564) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columnsMichael Niedermayer2019-11-142-12/+15
| | | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 14880/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5130977304641536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c692051252693155c4eecd16f4f8a79caf66cd54) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a checkMichael Niedermayer2019-11-141-1/+1
| | | | | | | | | | Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264 Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3d4f4f4a15e79c96c3613e5c252b2f5cc4190e18) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aviobuf: Delay buffer downsizing until asserts are metMichael Niedermayer2019-11-141-2/+1
| | | | | | | | | | | Fixes: Assertion failure Fixes: 15151/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5757079496687616 Fixes: 15205/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5767573242642432 May fix: Ticket7094 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0334632d5c02720f1829d59cd20c009584b5b163) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fitsdec: Check data_min/maxMichael Niedermayer2019-11-141-0/+8
| | | | | | | | | | Fixes: division by 0 Fixes: 15206/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5657260212092928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit eb82d19f035f59edf0aee215f02baaea908875de) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/m101: Fix off be 2 errorMichael Niedermayer2019-11-141-1/+1
| | | | | | | | | | Fixes: out of array read Fixes: 15263/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_M101_fuzzer-5728999453491200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 89b96900fa7c17d0770c9af26af7c3ae36ae0253) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdm2: Move fft_order check upMichael Niedermayer2019-11-141-5/+6
| | | | | | | | | | | | This avoids undefined computations with unchecked values Fixes: shift exponent -21 is negative Fixes: 15262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5651261753393152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8d8b8c4ac6fb5b5d40bd131f2d2ea9d85b8759a6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/libvorbisdec: Check extradata sizeMichael Niedermayer2019-11-141-0/+8
| | | | | | | | | | Fixes: out of array read Fixes: 15261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_fuzzer-5764908467093504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cf3c245566e8a8d45ed2ad9fdff9ef50327ba2d3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/vqf: Check header_sizeMichael Niedermayer2019-11-141-1/+4
| | | | | | | | | | Fixes: 15271/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5735262606327808 Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7c30ff38880570377168096417f714b21102b343) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Check bits_per_coded_sampleMichael Niedermayer2019-11-141-0/+4
| | | | | | | | | | | | | This avoids the need for each decoder separately having to handle this case Fixes: shift exponent -100663046 is negative Fixes: out of array access Fixes: 15270/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5727829913763840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d33414d2ad27a5d2193c9ab0948ba7a282c2f910) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/videodsp_template: Fix overflow of additionMichael Niedermayer2019-11-141-1/+2
| | | | | | | | | | | Fixes: addition of unsigned offset to 0x7f56fc26a9b6 overflowed to 0x7f56fc26a8be* Fixes: clusterfuzz-testcase-minimized-mediasource_MP4_AVC1_pipeline_integration_fuzzer-4917949056679936 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 247a1de7f7d9c5628cf188e677d10ce9e12bd2f2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fix invalid shift in multiply()Michael Niedermayer2019-11-141-0/+3
| | | | | | | | | | Fixes: shift exponent -24 is negative Fixes: 15292/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5768533318828032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f30be1ec9856551d96f3876eec5f8b8abf456b81) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Check ts_end - ts_start for overflowMichael Niedermayer2019-11-141-1/+4
| | | | | | | | | | Fixes: signed integer overflow: 2314885530818453536 - -8926099139098304480 cannot be represented in type 'long' Fixes: 15259/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5764366093254656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2db7a3bc4acdd293ed10b71e55f16a45ca28b629) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1dsp: Avoid undefined shifts in vc1_v_s_overlap_c / vc1_h_s_overlap_cMichael Niedermayer2019-11-141-8/+8
| | | | | | | | | | Fixes: left shift of negative value -13 Fixes: 15260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5702076048343040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 507ca66ee41aa8a95b75654163f77af0a99a25b1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tta: Fix undefined shiftMichael Niedermayer2019-11-141-1/+1
| | | | | | | | | | Fixes: left shift of negative value -4483 Fixes: 15256/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5738691617619968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ebccd2f778a861b41ad38a8464ea120d4f16b2d7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdmc: Fix integer overflows in PRNGMichael Niedermayer2019-11-141-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 214013 * 2531011 cannot be represented in type 'int' Fixes: 15254/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDMC_fuzzer-5698137026461696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2921b45a388a81968d946996bb32e72d7bb5d5b7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/bintext: Check font heightMichael Niedermayer2019-11-141-0/+4
| | | | | | | | | | Fixes: division by zero Fixes: 15257/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINTEXT_fuzzer-5757352881422336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bfb58bdd7015a6df2d130c92cf284d6a2362f3df) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/binkdsp: Fix integer overflows in idctMichael Niedermayer2019-11-141-5/+7
| | | | | | | | | | | | Fixes: signed integer overflow: 3784 * 682038 cannot be represented in type 'int' Fixes: 15265/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5088311799971840 Fixes: 15268/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5666502344179712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7a072fbcc4c6f8ddbf37b131c2d141589118abcd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/motionpixels: Check for vlc error in mp_get_vlc()Michael Niedermayer2019-11-141-0/+2
| | | | | | | | | | Fixes: 15246/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5168534407086080 Fixes: runtime error: index -1 out of bounds for type 'HuffCode [16]' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 930cdef80ab695132d3de2128c3c23f2d698918b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/loco: Limit lossy parameter so it is sane and does not overflowMichael Niedermayer2019-11-141-0/+5
| | | | | | | | | | Fixes: 15248/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5087440458481664 Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ce3b0b9066b433564ed3ee3eed3a1e8f2c0834a1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Set fragment.found_tfhd only after TFHD has been parsedMichael Niedermayer2019-11-141-2/+1
| | | | | | | | | | | Fixes: Assertion failure Fixes: crbug971646.mp4 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 696312c487d9d8c49a087017a829d1cdcbd68651) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/xpmdec: Do not use context dimensions as temporary variablesMichael Niedermayer2019-11-141-2/+3
| | | | | | | | | | Fixes: Integer overflow Fixes: 15134/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5722635939348480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5ea7f2050050fd6a9177a9b618f2bb2d4add9230) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-27 12:15:09 +0000