aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* avcodec/exr: Check ac_countMichael Niedermayer2021-09-081-1/+3
| | | | | | | | | | Fixes: signed integer overflow: -9223372036854775808 * 2 cannot be represented in type 'long long' Fixes: 36244/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6090656186499072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9bc32d7c4bed836086199ce55cf4a5ddd5217f3e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wavdec: Use 64bit in new_pos computationMichael Niedermayer2021-09-081-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9b57d2f0a967195dc1c72fda8f3a983a0132a243) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sbgdec: Check for overflow in timestamp preparationMichael Niedermayer2021-09-081-0/+4
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9dbed908403b0d97ae70881fab68020f148b6b11) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dsicin: Check packet size for overflowMichael Niedermayer2021-09-081-2/+5
| | | | | | | | | | Fixes: signed integer overflow: 24672 + 2147483424 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSICIN_fuzzer-6731325979623424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9d1c47ec033d038e04578eaf0767c8983250d03d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dsfdec: Change order of operations in bitrate computationMichael Niedermayer2021-09-081-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 538976288 * 67372036 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6751696819716096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5e38eff284637e9f7c3c25d020df549ca6667e40) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/bfi: check nframesMichael Niedermayer2021-09-081-0/+2
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6737028768202752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b4e77dfca1c2970446f79277034d8e60c3fe3f4e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: fix position overflow in avi_load_index()Michael Niedermayer2021-09-081-1/+4
| | | | | | | | | | Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 527821a2dd6f19d9a4d2abe05833346ae86c66c6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/asfdec_f: Check sizeX against paddingMichael Niedermayer2021-09-081-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2147483607 + 64 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6753897878257664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f034c2e36acb7d0c11dc1849ddf8a67bde44eff4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aiffdec: Check for size overflow in header parsingMichael Niedermayer2021-09-081-0/+3
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bae2e1977744f42d56b85193d4910811de829714) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aaccoder: Add minimal bias in search_for_ms()Michael Niedermayer2021-09-081-4/+4
| | | | | | | | | Fixes: floating point division by 0 Fixes: Ticket8218 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75a099fc734a4ee2b1347d0a3d8c53d883b95174) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Fix incorrect overflow detection in mov_read_sidx()Michael Niedermayer2021-09-081-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775807 + 1442840321 cannot be represented in type 'long' Fixes: 33670/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644379491106816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 200406d930eff3202f3230f188f85f4ab9cf4525) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Avoid undefined overflow in time_offset calculationMichael Niedermayer2021-09-081-1/+5
| | | | | | | | | | Fixes: signed integer overflow: 8511838621821575200 - -3954125146725285889 cannot be represented in type 'long' Fixes: 33414/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6610119325515776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7666d588ba1af26ce479e7fb92f7dc5b3a2ca48e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/af_drmeter: Check that there is dataMichael Niedermayer2021-09-081-0/+5
| | | | | | | | | | Fixes: floating point division by 0 Fixes: -nan is outside the range of representable values of type 'int' Fixes: Ticket8307 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f49fa6abe89e2fca2585cac4c63190315972cf0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_fftdnoiz: Use lrintf() in export_row8()Michael Niedermayer2021-09-081-1/+1
| | | | | | | | | Fixes: 1.04064e+10 is outside the range of representable values of type 'int' Fixes: Ticket 8279 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1f21349d20d9bda8eeeddb23263892be0cea12e3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_mestimate: Check b_countMichael Niedermayer2021-09-081-0/+3
| | | | | | | | | Fixes: left shift of negative value -1 Fixes: Ticket8270 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 06af6e101bbd04e8ecc5337bc3b6894a5e058e14) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: do not ignore errors in mov_metadata_hmmt()Michael Niedermayer2021-09-081-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 35637/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6311060272447488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c52c99a18f6e40973e52d99d4bb29e34a66c695a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mxfdec: Check size for shrinkingMichael Niedermayer2021-09-081-1/+1
| | | | | | | | | | | av_shrink_packet() takes int size, so size must fit in int Fixes: out of array access Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65b862ab59c4bfaae98be596b84a072f52444398) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dnxhddec: check and propagate function return valuemaryam ebr2021-09-081-7/+15
| | | | | | | | | | Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed. crafted DNxHD data can cause unspecified impact. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 7150f9575671f898382c370acae35f9087a30ba1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* swscale/slice: Fix wrong return on errorMichael Niedermayer2021-09-081-1/+3
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7874d40f10cca922797a8da14189a53ee52f0156) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_template: Avoid some invalid values to be set by ↵Michael Niedermayer2021-09-081-1/+6
| | | | | | | | | | | | decode_audio_specific_config_gb() Fixes: NULL pointer dereference Fixes: decode_spectrum_and_dequant.mp4 Found-by: Rafael Dutra <rafael.dutra@cispa.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit eaec4df63f98b6d2d60d2cf441de250c5f69359e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* swscale/slice: Check slice for allocation failureMichael Niedermayer2021-09-081-1/+2
| | | | | | | | | | Fixes: null pointer dereference Fixes: alloc_slice.mp4 Found-by: Rafael Dutra <rafael.dutra@cispa.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 997f9cfc1295769be8d3180860ceebbc16f59069) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/matroskadec: Fix handling of huge default durationsMichael Niedermayer2021-09-081-1/+2
| | | | | | | | | | Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 343d950a4a8a8c32f5f7d9d4ac1fbe317cb9cc80) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/lpc: check for zero err in normalization in compute_lpc_coefs()Michael Niedermayer2021-09-081-1/+2
| | | | | | | | | Fixes: floating point division by 0 Fixes: Ticket8213 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 70874e024a6eae0f95bd8dd4b9b4367ffd937f41) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/j2kenc: Check for av_strtok() failureMichael Niedermayer2021-09-081-1/+1
| | | | | | | | Fixes: CID1466601 Dereference null return value Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6a6a765fa4ca57143453093af3bf8d1c8a52d0b0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/ftp: Check for av_strtok() failureMichael Niedermayer2021-09-081-0/+2
| | | | | | | | Fixes: CID1396258 Dereference null return value Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9d40782088cf969fbadc881e4a97ec22b8ae0177) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* tools/cws2fws: Check read() for failureMichael Niedermayer2021-09-081-0/+6
| | | | | | | | Fixes: CID1452579 Argument cannot be negative Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0b3cdd7cc2c63969e144cc3eb39d0c61260509ee) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cpia: Fix missing src_size updateMichael Niedermayer2021-09-081-0/+1
| | | | | | | | | | Fixes: out of array read Fixes: 35210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5669199688105984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cea05864e65db9a2dc8af82b2c63fb8f03c5f876) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Better size checksMichael Niedermayer2021-09-081-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 3530839700044513368 + 8386093932303352321 cannot be represented in type 'long long' Fixes: 35182/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5398383270428672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 18b0dd07384b2987f24a4d0ba7600fde2787472a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/clearvideo: Check tile_size to be not too largeMichael Niedermayer2021-09-081-2/+2
| | | | | | | | | | Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 35023/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-6740166587842560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 11fac9613e6a340d4d9968e2d8a43c3726ab57d3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Use 64bit for intermediate in AV_CODEC_ID_ADPCM_THP* duration ↵Michael Niedermayer2021-09-081-1/+1
| | | | | | | | | | | | calculation Fixes: signed integer overflow: 486539264 * 14 cannot be represented in type 'int' Fixes: 35281/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6068262742917120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 00ae9b77ef757f82660b4b3d2f490374a4f209fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aaxdec: Check avio_seek() in header readingMichael Niedermayer2021-09-081-4/+11
| | | | | | | | | | Fixes: Timeout Fixes: 32450/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-4875522262827008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 602bbf71f683dc564822c39070c42246d2c2b5e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_sei: Use get_bits_long() for time_offset_valueMichael Niedermayer2021-09-081-1/+1
| | | | | | | | | | Fixes: assertion failure Fixes: crash_1 Found-by: Thuan Pham <tpham.unimelb@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d866787dacc04079daa73a1a836e849c56cded66) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: Check old_format len for overflowMichael Niedermayer2021-09-081-3/+5
| | | | | | | | | | | | | Maybe such large values could be disallowed earlier and closer to where they are set. Fixes: signed integer overflow: 538976288 * 8224 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6704350354341888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 06d174e289eb185f03a34a738965f0042f39c038) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/realtextdec: Check the pts difference before using it for the ↵Michael Niedermayer2021-09-081-1/+2
| | | | | | | | | | | | duration computation Fixes: signed integer overflow: 5404200000 - -9223372031709351616 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-6737340551790592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe12aa689003db9b07a6e1b837031dcc57a71435) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/qcp: Avoid negative nb_ratesMichael Niedermayer2021-09-081-1/+2
| | | | | | | | | | Fixes: signed integer overflow: 2 * -1725947872 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_QCP_fuzzer-6726807632084992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1b865cc703d29cb307e1fa628aa02940d54eb42a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/pp_bnk: Use 64bit in bitrate computationMichael Niedermayer2021-09-081-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 1207959552 * 4 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_PP_BNK_fuzzer-6747301169201152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 88fc295838b3cf16b43c0bbea5766fe92b18dd17) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/nutdec: Check tmp_sizeMichael Niedermayer2021-09-081-0/+5
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6739990530883584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1ca00b5e44f21840b608e238fa135a1aab6e576b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/msf: Check that channels doesnt overflow during extradata constructionMichael Niedermayer2021-09-081-0/+2
| | | | | | | | | | Fixes: signed integer overflow: 2048 * 1122336 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6726959600107520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1a277926b49dad60d9e78c6c7a8c6b5d0d6d7c9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/subtitles: Check pts difference before useMichael Niedermayer2021-09-081-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPL2_fuzzer-6747053545881600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e7a990164f67108e99ec5adb8b2d636cd4147715) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpc8: Check for position overflow in mpc8_handle_chunk()Michael Niedermayer2021-09-081-1/+4
| | | | | | | | | | | Fixes: signed integer overflow: 15 + 9223372036854775796 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6723520756318208 Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6739833034768384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8ef25d118246bf443900033fb3588dba628d11b0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mccdec: Fix overflows in num/denMichael Niedermayer2021-09-081-2/+1
| | | | | | | | | | Fixes: signed integer overflow: 6365816 * 1000 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MCC_fuzzer-6737934184218624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ff05326081922059314b8927cf9bbc9c7e73458f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/iff: Use 64bit in duration computationMichael Niedermayer2021-09-081-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 588 * 16719904 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6748331936186368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 93d964689c3b2bae26e6e3f502c1ffc4c2e46989) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dxa: Check fps to be within the supported range more precisselyMichael Niedermayer2021-09-081-1/+1
| | | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself Fixes: assertion failure Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6744985740378112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ea494befcb5d944ce8275e6f59de1a24c25ffb6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/iff: Only write palette to plane 1 if its PAL8Michael Niedermayer2021-09-081-1/+2
| | | | | | | | | | Fixes: null pointer passed as argument 1, which is declared to never be null Fixes: 33791/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5107575256383488.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 216eb60b853e9a230c1238ab7d1c63d3fa892d34) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/tta: Check for EOF in index reading loopMichael Niedermayer2021-09-081-0/+2
| | | | | | | | | | Fixes: OOM Fixes: 33585/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-4564665830080512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b72d657b73b2aa4a2a2f72f613199e6080ad48c0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_scale: set the RGB matrix coefficients in case of RGBJan Ekström2021-09-061-7/+10
| | | | | | | This fixes the passing through of non-RGB matrix from input to output when conversion from YCbCr to RGB happens. (cherry picked from commit 2818b143929d86f6b67695b09bc7483da5cef434)
* avfilter/vf_scale: reset color matrix in case of identity & non-RGBJan Ekström2021-08-281-0/+9
| | | | | | | | | Fixes passing through mismatching metadata from the input side when RGB input (from f.ex. H.264 or HEVC) gets converted to YCbCr. Fixes #9132 (cherry picked from commit 9dd410c80416197188337e3b7e1600be41d2ea64)
* ffmpeg: fix order between field order autodetection and overrideJan Ekström2021-08-281-6/+8
| | | | | | | | | | | | | | | | | | Having the override before autodetection meant that the overridden value got overwritten by the autodetected result each time, effectively disabling the ability to utilize the `-top` option for override purposes. Somehow I missed this in fbb44bc51a647862eb05ae3f9d7d49a0be9bed57 , even though the lines were within the context. Probably the code originally being after this logic had something to do with it, but previously it only touched the avformat context's codecpar, which did not affect the encoder codec context whatsoever. Fixes #9320 Fixes #9339 (cherry picked from commit 4c694093be68d401c60819e5171817c62afef8b2)
* avcodec/h264_slice: clear old slice POC values on parsing failureJames Almer2021-08-101-0/+3
| | | | | | | | If a slice header fails to parse, and the next one uses different Sequence and Picture parameter sets, certain values may not be read if they are not coded, resulting in the previous slice values being used. Signed-off-by: James Almer <jamrial@gmail.com>
* avfilter/f_metadata: do not return the frame early if there is no metadataMarton Balint2021-07-181-3/+0
| | | | | | | | | | The early return caused isses for the "add" mode (got fixed in c95dfe5cce98cde3e7fb14fbd04b3897f3927cec) and the "select" mode needs a similar fix. It is probably better to fully remove the check, since all modes work correctly with NULL metadata. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 758e2da28939c156b18c11c3993ea068da3ea869)
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-17 08:38:31 +0000