aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* fftools/ffmpeg: Fix crash when flushing non-fully setup output streamAndreas Rheinhardt2021-10-081-0/+3
| | | | | | | | | | The output stream's packet may not have been allocated at that point. This happens when quitting in the following command line: $ ./ffmpeg -lavfi abuffer=sample_fmt=u8:sample_rate=48000:channel_layout=stereo -f null - Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit fb215798c7a72b32e889b72efd018f26bb3f88ce)
* avfilter/scale_npp: fix non-aligned output frame dimensionsTimo Rothenpieler2021-10-071-1/+4
|
* Revert "avformat/hlsenc: compute video_keyframe_size after write keyframe"Steven Liu2021-10-071-6/+5
| | | | | | | | | | | | This reverts commit b5ca8f2c66954614d81579082025f580efc0cffc. This commit will make new problem about tickets: 9193,9205 It flush data into file with init file context together, and it can get keyframe size, maybe need more method to get keyframe size. Signed-off-by: Steven Liu <liuqi05@kuaishou.com> (cherry picked from commit 59032494e81a1a65c0b960aaae7ec4c2cc9db35a)
* Changelog: updateMichael Niedermayer2021-10-051-0/+25
|
* swscale/alphablend: Fix slice handlingMichael Niedermayer2021-10-051-15/+17
| | | | | | | Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 06d67265881249566f385309e2fb5a9449720b6e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflow in filter_fast_3320()Michael Niedermayer2021-10-051-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2145649668 + 3956526 cannot be represented in type 'int' Fixes: 38351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-4647077926273024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0e45886e6ea272f453cb949e95c3bfd8380974c5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Fix last mfra checkMichael Niedermayer2021-10-051-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775360 + 536870912 cannot be represented in type 'long' Fixes: 37940/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6095637855207424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 451ceb5131fa67b0b380d4823981e421909c16db) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mxpegdec: Check for AVDISCARD_ALLMichael Niedermayer2021-10-051-0/+3
| | | | | | | | | | | | | Fixes: Fixes NULL pointer dereference Fixes: 36610/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6052641783283712 Fixes: 37907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-4725170850365440 Fixes: 37904/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6367889262247936 Fixes: 38085/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5175270823297024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 20afd3a63a75a160f61a98a8dcfe06f527ea19b4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/flicvideo: Check remaining bytes in FLI*COPYMichael Niedermayer2021-10-051-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 37795/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-4846536543043584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f835efbca874ad42cb954e6788588f52a57a7a2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: ARGO writes 4x4 blocks without regard to the image dimensionsMichael Niedermayer2021-10-051-0/+6
| | | | | | | | | | Fixes: out of array access Fixes: 37197/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5877046382297088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 018b611b4ba74a5cecfb8a75a637b49840e7c320) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cbs_h265_syntax_template: Limit ↵Michael Niedermayer2021-10-051-1/+1
| | | | | | | | | | | | | sps_num_palette_predictor_initializer_minus1 to 127 Fixes: index 128 out of bounds for type 'uint16_t [128]' Fixes: 38651/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-6296416058736640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 85413a5ae6948a1d6e4e947a4fca984b8c686016) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowdec: Maintain avmv bufferMichael Niedermayer2021-10-052-4/+14
| | | | | | | | | | | | | This avoids reallocating per frame Fixes: Assertion failure Fixes: 36359/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6733238591684608 Fixes: 38623/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6098656512573440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0faf04e807fc09bb3d72a034c284fe44b54fa76b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg12dec: Do not put mpeg_f_code into an invalid state on error returnMichael Niedermayer2021-10-051-4/+4
| | | | | | | | | | Fixes: invalid shift Fixes: 37018/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-5290280902328320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5a95abcce4d93f979e4b53f2220f7a54edd03312) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpegvideo_enc: Limit bitrate tolerance to the representableMichael Niedermayer2021-10-051-1/+5
| | | | | | | | | Fixes: error: 1.66789e+11 is outside the range of representable values of type 'int' Fixes: Ticket8201 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 245017ec8a87d6e4c764d06afeca37100b980d85) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflow in intermediateMichael Niedermayer2021-10-051-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 559334865 * 4 cannot be represented in type 'int' Fixes: 37929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6751932295806976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 90da43557f7257d72e95504f63ae6504406d6eab) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mvdec: Do not set invalid sample rateMichael Niedermayer2021-10-051-2/+3
| | | | | | | | | | | Fixes: signed integer overflow: -682581959642593728 * 16 cannot be represented in type 'long' Fixes: 37883/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5311691517198336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 737e6bf2162b89d396f4d477bfe8c99f1dd885de) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sbgdec: Check for t0 overflow in expand_tseq()Michael Niedermayer2021-10-051-0/+3
| | | | | | | | | | | Fixes: signed integer overflow: 4611686025627387904 + 4611686025627387904 cannot be represented in type 'long' Fixes: 35489/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-4862678601433088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f624c92d4c6fa73dfa95959d886090af6790bc36) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: Use 64bit for intermediate for DEINT_ID_INT4Michael Niedermayer2021-10-051-2/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 65312 * 65535 cannot be represented in type 'int' Fixes: 32832/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-4817710040088576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e2c2872393f25253aa40861a9707934c4b83a3af) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/sbgdec: Check opt_duration and start for overflowMichael Niedermayer2021-10-051-0/+3
| | | | | | | | | | Fixes: signed integer overflow: 2788626175500000000 + 7118941284000000000 cannot be represented in type 'long' Fixes: 35215/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6123272247836672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2768928624793f66694f7f2b0824f052e69e3557) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Fix undefined integer multiplicationMichael Niedermayer2021-10-051-2/+6
| | | | | | | | | | Fixes: signed integer overflow: 7020950083487072256 * 2 cannot be represented in type 'long long' Fixes: 37523/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5133634955771904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e67deaf86cb1a79054c4f6dcfcaab9b2c60eb8a4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Check for duplicate clliMichael Niedermayer2021-10-051-0/+5
| | | | | | | | | | Fixes: memleak Fixes: 35261/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4869656287510528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9a222f140e2674ac936b2f41c480487bc666dd95) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Ignore negative duration in codec_info_duration computationMichael Niedermayer2021-10-051-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -5994697211974418462 + -3255307777713450286 cannot be represented in type 'long' Fixes: 35332/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5868035117285376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4d81550df9580b454d2530bcb37de20b8354ad6e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/jacosubdec: Check for min in t overflow in get_shift()Michael Niedermayer2021-10-051-0/+3
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 34651/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5157941012463616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 989febfbd0c986e9e3e0f269a6b22778bf79147b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mxfdec: check channel number in mxf_get_d10_aes3_packet()Michael Niedermayer2021-10-051-0/+4
| | | | | | | | | | | Fixes: Out of array access Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3dd5a8a13510d08a4e25e8f138d718672a0fed4a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmadec: handle run_level_decode errorStéphane Cerveau2021-09-211-4/+7
| | | | | | | | | | | Consider data as invalid if ff_wma_run_level_decode gets out with an error. It avoids an unpleasant sound distorsion. See http://trac.ffmpeg.org/ticket/9358 (cherry picked from commit f9fbe2f9a9c7d2db98a6e49504a7154f743cd804)
* avcodec/wma: Return specific error codeOlivier Crête2021-09-212-7/+10
| | | | | | | | This way, the calling function can just forward it instead of making it up. Signed-off-by: Olivier Crête <olivier.crete@collabora.com> (cherry picked from commit 521388edb7d3c176b444bbc3a42723cbafab2d55)
* avcodec/dxva2_av1: fix superres_denom parameterTong Wu2021-09-141-1/+1
| | | | | | | | | Defined in spec 5.9.8. When superres is enabled, SuperresDenom equals "coded_denom + SUPERRES_DENOM_MIN" instead of coded_denom. Signed-off-by: Tong Wu <tong1.wu@intel.com> Signed-off-by: Hendrik Leppkes <h.leppkes@gmail.com> (cherry picked from commit f31033c6ca4bd88e4bb646bab0bc7fd600d4f8b2)
* avcodec/libdav1d: fix compilation after recent libdav1d API changesJames Almer2021-09-091-0/+20
| | | | | | | | | They were done in preparation for an upcoming 1.0 release. Keep supporting previous releases for the time being. Reviewed-by: BBB Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit e204846ec16c1ab34c7f3a681734cf5190433018)
* Changelog: updateMichael Niedermayer2021-09-081-0/+1
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: don't return negative values in av_get_audio_frame_duration()James Almer2021-09-081-2/+4
| | | | | | | | | | | | | In some extrme cases, like with adpcm_ms samples with an extremely high channel count, get_audio_frame_duration() may return a negative frame duration value. Don't propagate it, and instead return 0, signaling that a duration could not be determined. Fixes ticket #9312 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit e01d306c647b5827102260b885faa223b646d2d1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Update for 4.4.1Michael Niedermayer2021-09-083-2/+150
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Check that atom header is within bytsetreamMichael Niedermayer2021-09-081-0/+2
| | | | | | | | | | | Fixes: Infinite loop Fixes: 36666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5912760671141888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3c659f861856d751fe3aa1358b1cccff3117f948) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix 2 integer overflows in filter_3800()Michael Niedermayer2021-09-081-2/+2
| | | | | | | | | | | Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int' Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 33feb527fff9bf547c4118147434869875cf0c3d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/xpmdec: Move allocations down after more error checksMichael Niedermayer2021-09-081-7/+7
| | | | | | | | | | | Fixes: Timeout Fixes: 37035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5142718576721920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e58692837c20c8484a23cd9beb63ac422f82458a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/argo: Move U, fix shiftMichael Niedermayer2021-09-081-1/+1
| | | | | | | | | | | Fixes: left shift of 255 by 24 places cannot be represented in type 'int' Fixes: 37249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5754862984888320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 26659fe53ee9e51dc06ea2384321cc18229f5768) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Check dts for overflow in mov_read_trun()Michael Niedermayer2021-09-081-0/+2
| | | | | | | | | | Fixes: signed integer overflow: 9223372034248226491 + 3275247799 cannot be represented in type 'long' Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-4538729166077952 Reported-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4de4bc06fdfd0383f3d9012c6557a38408a09d28) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avidec: Use 64bit for frame number in odml index parsingMichael Niedermayer2021-09-081-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int' Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a4c98c507ed3c729fc92d641b974385f8aa37b33) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegbdec: Skip SOS on AVDISCARD_ALL as does mjpegMichael Niedermayer2021-09-081-3/+7
| | | | | | | | | | | | | Fixes: NULL pointer dereference Fixes: 36342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-4579188072906752 Fixes: 36344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-5049579300061184 Fixes: 36345/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-5301149845553152 Fixes: 36374/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-6056312352931840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 104a8399ae96f022a3662bd67668ad07e53e3093) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Check for bits left in mjpeg_decode_scan_progressive_ac()Michael Niedermayer2021-09-081-0/+3
| | | | | | | | | | Fixes: Timeout Fixes: 36262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4969052454912000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 909faca929cf30dcd439fa33479177e76fb5121d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/adtsenc: return value check for init_get_bits in adts_decode_extradatamaryam ebrahimzadeh2021-09-081-2/+4
| | | | | | | | | | As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. 'buf' is part of 'AVPacket pkt'. replace init_get_bits with init_get_bits8. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/webp: Check available space in loop in decode_entropy_coded_image()Michael Niedermayer2021-09-081-0/+3
| | | | | | | | | | Fixes: Timeout Fixes: 35401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5714401821851648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5e00eab61112c52f27a09fe77d50e6fc508f9c53) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264dec: use picture parameters in ff_print_debug_info2()Michael Niedermayer2021-09-081-1/+1
| | | | | | | | | | Fixes: out of array read Fixes: 36341/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6737583085322240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65892516d52c268bd66ef825c4b1c8050a69d732) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1dec: ff_print_debug_info() does not support WMV3 field_modeMichael Niedermayer2021-09-081-2/+4
| | | | | | | | | | Fixes: out of array read Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c59b5e3d1e0121ea23b5b326529f5bdca44cf982) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/frame_thread_encoder: Free AVCodecContext structure on error during initMichael Niedermayer2021-09-082-4/+11
| | | | | | | | | | | | Fixes: MemLeak Fixes: 8281 Fixes: PoC_option158.jpg Fixes: CVE-2020-22037 Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7bba0dd6382e30d646cb406034a66199e071d713) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/faxcompr: Check for end of input in cmode == 1 in ↵Michael Niedermayer2021-09-081-0/+2
| | | | | | | | | | | | decode_group3_2d_line() Fixes: Infinite loop Fixes: 35591/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4503764022198272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f803635c4fac761ac68b39a369272d4c26433dc1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1dec: Disable error concealment for *IMAGEMichael Niedermayer2021-09-081-1/+3
| | | | | | | | | | | | | | | | The existing error concealment makes no sense for the image formats, they use transformed source images which is different from keyframe + MC+difference for which the error concealment is designed. Of course feel free to re-enable this if you have a case where it works and improves vissual results Fixes: Timeout Fixes: 36234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6300306743885824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 643b2d49bf52d5a3205ce3db732e0c4c396bd457) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sbrdsp_fixed: Fix negation overflow in sbr_neg_odd_64_c()Michael Niedermayer2021-09-081-1/+1
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 35593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5182217725804544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8f2856a1daa4e3d5767b6efe7a70ec86926dba47) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/argo: Check for even dimensionsMichael Niedermayer2021-09-081-0/+5
| | | | | | | | | | Fixes: reading over the end Fixes: 36346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5366943107383296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c2f5e9ff3c8141fe6a2c08f3cc4e46e17b96cbb4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/wtvdec: Check for EOF before seeking back in parse_media_type()Michael Niedermayer2021-09-081-0/+2
| | | | | | | | | | | Fixes: Infinite loop Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 89505d38de989bddd579ce3b841f1c011f1d7bf2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpc8: Check first keyframe position for overflowMichael Niedermayer2021-09-081-1/+7
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775791 + 18 cannot be represented in type 'long' Fixes: 36307/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-4917863877050368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2bbef69b0ba938cce4f9d61bed46d3f3058e56c2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-16 21:09:46 +0000