aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/atrac9dec: Set channelsMichael Niedermayer2020-01-061-0/+1
| | | | | | | | | | | Fixes: null pointer dereference Fixes: 18341/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5681203490848768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Lynne <dev@lynne.ee> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e85eb7cb04cefa37c7f8e78aac381aa8377dea0f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Check that input space for header exists in ↵Michael Niedermayer2020-01-061-0/+3
| | | | | | | | | | | | read_diff_float_data() Fixes: Timeout (21sec -> 8sec) Fixes: 17832/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5737092172218368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 09581f7923ed9af7719762868e8f1ff626ea8374) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/pjsdec: Check duration for overflowMichael Niedermayer2020-01-061-0/+2
| | | | | | | | | | Fixes: signed integer overflow: -3 - 9223372036854775807 cannot be represented in type 'long' Fixes: 17828/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5645915116797952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1efaac69328bdc17680924c71be7ec990f0e8f2c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ptx: Check that the input contains at least one lineMichael Niedermayer2020-01-061-0/+3
| | | | | | | | | | Fixes: Timeout (19sec -> 44ms) Fixes: 17816/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PTX_fuzzer-5704459950227456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a6ad328256fe6a6ace7d1e15f3515afccf1247fc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alac: Fix integer overflow in LPCMichael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483628 + 128 cannot be represented in type 'int' Fixes: 17783/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5146470595952640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 44b73a0568f8ad5993ec79b29873151f316bf95c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/smacker: Fix integer overflows in pred[] in smka_decode_frame()Michael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147481503 + -32732 cannot be represented in type 'int' Fixes: 17782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5769672225456128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a76897e19ca96127e07f5acc5a773b904dcf6124) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aliaspixdec: Check input size against minimal picture sizeMichael Niedermayer2020-01-061-0/+3
| | | | | | | | | | Fixes: Timeout (15sec -> 72ms) Fixes: 17774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALIAS_PIX_fuzzer-5193929107963904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c693104779830028bd5f76bf32a93e059c04d2c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Fix integer overflows in pink noise additionMichael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -1795675744 + -1926578528 cannot be represented in type 'int' Fixes: 17741/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5131336402075648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7916b6863caec55d7e64758a1bfe436834f2faf6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: Fixes integer overflow in vc1_decode_i_block_adv()Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 62220 * 262144 cannot be represented in type 'int' Fixes: 17145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5667394743173120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6fdeb208172dc95b29b965a0cc365ca0925e151e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Check block_alignMichael Niedermayer2020-01-061-2/+2
| | | | | | | | | | | Fixes: NULL pointer dereference Fixes: 18331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5652847445671936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c1c799271eefb8afe22804a710baa5cbaad57d91) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g729postfilter: Fix left shift of negative valueMichael Niedermayer2020-01-061-3/+3
| | | | | | | | | Fixes: Ticket8176 Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/binkaudio: Check sample rateMichael Niedermayer2020-01-061-0/+2
| | | | | | | | | | | | Fixes: signed integer overflow: 1092624416 * 2 cannot be represented in type 'int' Fixes: 18045/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_RDFT_fuzzer-5718519492116480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2fca09bce49c7de590560d9517fd2414b6c0c14f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sbcdec: Fix integer overflows in sbc_synthesize_eight()Michael Niedermayer2020-01-061-18/+18
| | | | | | | | | | Fixes: signed integer overflow: 518484152 + 1868182638 cannot be represented in type 'int' Fixes: 17732/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SBC_fuzzer-5663738132168704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c70d547751cb3b536f9bca8b060d94f527695b71) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/adpcm: Check initial predictor for ADPCM_IMA_EA_EACSMichael Niedermayer2020-01-061-1/+4
| | | | | | | | | | Fixes: signed integer overflow: -2147483360 - 631 cannot be represented in type 'int' Fixes: 17701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_EA_EACS_fuzzer-5711517319692288 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2f66e8436d89963362acf533a60ed4fedb42546e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g723_1dec: Fix overflow in shiftMichael Niedermayer2020-01-061-0/+2
| | | | | | | | | | Fixes: shift exponent 1008 is too large for 32-bit type 'int' Fixes: 17700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5707633436131328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 07732f12a43ac3048e44c086c9a8c811452ba31c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflow in predictor_update_3930()Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -69555262 * 31 cannot be represented in type 'int' Fixes: 17698/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728970447781888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5c072c9ed7c6f173b8a0a886fb7fe1e8e4c1fadd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g729postfilter: Fix undefined intermediate pointersMichael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: index -49 out of bounds for type 'int16_t [192]' Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0c61661a2cbe1b8b284c80ada1c2fdddf4992cad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g729postfilter: Fix undefined shiftsMichael Niedermayer2020-01-061-5/+5
| | | | | | | | | | Fixes: left shift of negative value -12 Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6a4fdbf112385824fc9b7d7739685359213b579a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/lsp: Fix undefined shifts in lsp2poly()Michael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: left shift of negative value -30635 Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2b93f52cd635f372b7b22396939e840c63e8edf3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/adpcm: Fix left shifts in AV_CODEC_ID_ADPCM_EAMichael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: left shift of negative value -1 Fixes: 17683/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_EA_R2_fuzzer-5111690013704192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8695fbec573b0d434cf2e703a0d45742a09a5d94) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/shortendec: Check k in probeMichael Niedermayer2020-01-061-1/+7
| | | | | | | | | | Fixes: Assertion failure Fixes: 17640/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5708767475269632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ea770eb55941a6ed7b86828d6ea2f4e718a4b337) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_geq: Use av_clipd() instead of av_clipf()Michael Niedermayer2020-01-061-2/+2
| | | | | | | | | With floats we cannot represent all 32bit integer dimensions Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c8813b1a984714f0027cabeea2394035df20cf38) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmaprodec: Check that the streams channels do not exceed the overall ↵Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | | | | channels Fixes: NULL pointer dereference Fixes: 18075/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5708262036471808 Fixes: 18087/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5740627634946048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e418b315ddd0505e707860f8cc8b796ce06f3458) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdmc: Check input space in qdmc_get_vlc()Michael Niedermayer2020-01-061-0/+2
| | | | | | | | | | | Fixes: Timeout (125sec -> 0.4sec) Fixes: 18059/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDMC_fuzzer-5656195825664000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c7975fe6f5c734fce9c59e8418c7f2de15a558d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pcm: Check bits_per_coded_sampleMichael Niedermayer2020-01-061-0/+3
| | | | | | | | | | | | Fixes: shift exponent -2 is negative Fixes: 17736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_F16LE_fuzzer-5742815929171968 Fixes: 17998/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_F24LE_fuzzer-5716980383875072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5de19160a3c0dedb3cefd00e863a8d8f74ca2ad0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Allow duplicate use of channel indexesMichael Niedermayer2020-01-061-3/+6
| | | | | | | | | Fixes: Ticket #8203 Reported-by: durandal_1707 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 080819b3b4b59ef498511ac349414af85728349c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fitsdec: Fail on 0 naxisnMichael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | Fixes: Timeout (100+ sec -> 23ms) Fixes: 17769/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5678314672357376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4a3303d52096337dc109fbd523ecb4b46cddace1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dxv: Subtract 12 earlier in dxv_decompress_cocg()Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | the data_start is after reading 12 bytes and if its subtracted at the very end the intermediate might overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dd9e6d077ea3259cc6c1896334bbbc7f948979b7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavcodec/dxv: Remove redundant seekMichael Niedermayer2020-01-061-1/+0
| | | | | | | | | This seeks to the position the previous call to dxv_decompress_opcodes() positioned us in case of success Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c371e50b4f125361eb183ac3c226f4044ae64b08) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ituh263dec: Check input for minimal frame sizeMichael Niedermayer2020-01-061-0/+5
| | | | | | | | | | Fixes: Timeout (28sec -> 3sec) Fixes: 17559/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H263_fuzzer-5681050776240128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7f0498ed461987b62bb97ff6463b4df108d60d78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/truemotion1: Check that the input has enough space for a minimal ↵Michael Niedermayer2020-01-061-0/+2
| | | | | | | | | | | | index_stream Fixes: Timeout (18sec -> 0.4sec) Fixes: 17585/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION1_fuzzer-5117015135617024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4a660fac9899191d4121cde02f2a98977b1303b6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpsubdec: Clear queue on errorMichael Niedermayer2020-01-061-0/+3
| | | | | | | | | | Fixes: Memleaks Fixes: 17219/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5720539124989952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9a0d36e562d53716cf000895c2f892fb1f48165d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sunrast: Check that the input is large enough for the maximally ↵Michael Niedermayer2020-01-061-5/+5
| | | | | | | | | | | | | compressed image Fixes: Timeout (17sec -> 15ms) Fixes: 17224/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SUNRAST_fuzzer-5663218491457536 Fixes: 17224/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SUNRAST_fuzzer-5735590015795200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bf0ba75c4a9231ed62afe60bed5bde2728971e30) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sunrast: Check for availability of maplength before allocating imageMichael Niedermayer2020-01-061-3/+3
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 711ad71aea7847883662bf95e01640d9745b313b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/subtitles: Check nb_subs in ff_subtitles_queue_finalize()Michael Niedermayer2020-01-061-0/+3
| | | | | | | | | | | Fixes: null pointer dereference Fixes: 17828/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5645915116797952 Fixes: Ticket8147 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 81b53913bbb97234e22187d1122948c351a3466d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: Fix invalid left shift in vc1_decode_p_mb()Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | Fixes: left shift of negative value -6 Fixes: 17810/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5638541240958976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2f588ccfb70cba54a7ea8e740110953da604c0e6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmaprodec: Check if there is a streamMichael Niedermayer2020-01-061-1/+3
| | | | | | | | | | | | Fixes: null pointer dereference Fixes: signed integer overflow: 512 * 2147483647 cannot be represented in type 'int' Fixes: 17809/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5634409947987968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9b533de28eb19c660c75823ff2af2f8549c4095a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g2meet: Check for end of input in jpg_decode_block()Michael Niedermayer2020-01-061-0/+3
| | | | | | | | | | Fixes: Timeout (100sec -> 0.7sec) Fixes: 8668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5174143888130048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 61dd2e07be7ca636e1d3d868f90dde1b10985f4c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g2meet: Check if adjusted pixel was on the stackMichael Niedermayer2020-01-061-0/+3
| | | | | | | | | | | | | | | This basically checks if a pixel that was coded with prediction and residual could have been stored using a previous case. This avoids basically a string of 0 symbols stored in less than 50 bytes to hit a O(n²) codepath. Fixes: Timeout (too slow to wait -> immediately) Fixes: 8668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-4895946310680576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9c84c162e9f9f000ef47d4fcd07354805f38d455) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/electronicarts: If no packet has been read at the end do not treat ↵Michael Niedermayer2020-01-061-2/+6
| | | | | | | | | | | | | it as if theres a packet Fixes: Assertion failure Fixes: 17770/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5700606668308480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c4de49edc4652e2f17c8747a6dd9b36ff362017a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dxv: Check op_offset in dxv_decompress_yo()Michael Niedermayer2020-01-061-0/+3
| | | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Fixes: 17745/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5734628463214592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 97450d2b6a08769cbc4665bc66f6db9e8c5da2a4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Check sample_rate before opening the decoderMichael Niedermayer2020-01-061-0/+5
| | | | | | | | | | | | | | | Fixes: signed integer overflow: 2 * -1306460384 cannot be represented in type 'int' Fixes: 17685/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_fuzzer-5747390337777664 Fixes: 17688/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5739287210885120 Fixes: 17699/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5678394531905536 Fixes: 17738/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5763415733174272 Fixes: 17746/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_RDFT_fuzzer-5703008159006720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75fefb1fb7ac8b423e08a8dca19b19884a325ebf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aptx: Fix multiple shift anomaliesMichael Niedermayer2020-01-061-8/+8
| | | | | | | | | | | Fixes: left shift of negative value -24576 Fixes: 17719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APTX_fuzzer-5710508002377728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 675f62a202be7cfe9576b48679b8e6bc1183e84e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fitsdec: fix use of uninitialised valuesJames Almer2020-01-061-7/+7
| | | | | | | | | | | header.data_max and header.data_min are not necessarely set on all decoding scenarios. Fixes a Valgrind reported regression since cfa193779103c97bbfc28273a0ab12c114b6786d. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit e3f0ecfc57889de0e0a359ec30b77851d53cea87) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/motionpixels: Mark 2 functions as always_inlineMichael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: Timeout (30sec -> 25sec) Fixes: 17050/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5719149803732992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 017884bdc3975528cacd5d23001558952cbdbabb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ituh263dec: Make the condition for the studio slice start code match ↵Michael Niedermayer2020-01-061-1/+1
| | | | | | | | | | | | | between ff_h263_resync() and ff_mpeg4_decode_studio_slice_header() If they mismatch an infinite loop can occur Fixes: Timeout (infinite loop) Fixes: 17043/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5695051748868096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8335ba8ae99941422bef0e16ea8cf1ebe2e9a7b3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ralf: Fix integer overflow in decode_channel()Michael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -1094995519 * 64 cannot be represented in type 'int' Fixes: 17030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5640695838146560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fbb314b6f2c2b77608442966f28aac20343a1cae) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* vcodec/vc1: compute rangex/y only for P/B framesMichael Niedermayer2020-01-061-4/+5
| | | | | | | | | | Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int' Fixes: 16976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-4847262047404032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e75e7fe1601b97c31e3ce90473ab71b9a0667573) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_pred: Fix invalid shifts in scaleforopp()Michael Niedermayer2020-01-061-2/+2
| | | | | | | | | | Fixes: left shift of negative value -2 Fixes: 16964/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5757853565976576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ced9a1cd0ab76a65e509b0d7c56965d61ea1df84) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: Fix invalid shift with rangeredfrmMichael Niedermayer2020-01-061-1/+1
| | | | | | | | | | Fixes: left shift of negative value -7 Fixes: 16959/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5200360825683968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c722a69253a280b86b1d2a4ca00c89345a796781) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-14 01:41:34 +0000