aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/hevcdec: Check luma/chroma_log2_weight_denomMichael Niedermayer2018-06-181-3/+9
| | | | | | | | | | Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int' Fixes: 5888/clusterfuzz-testcase-minimized-5634701067812864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f82dd4c09b2decb033f1e339d4be81efd38554f1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Use av_image_check_size2()Michael Niedermayer2018-06-181-1/+1
| | | | | | | | | | Fixes: OOM Fixes: 5733/clusterfuzz-testcase-minimized-4906757966004224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 01370b31aced784593f2bc0836f4ba6fd8e7f6b3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp8: Check for bitstream end before vp7_fade_frame()Michael Niedermayer2018-06-181-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 5653/clusterfuzz-testcase-5497680018014208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit de675648cef7e451ca82fabaee0d8ec1fe653311) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check remaining bits in last get code loopMichael Niedermayer2018-06-181-1/+1
| | | | | | | | | | Fixes: runtime error: shift exponent -7 is negative Fixes: 3902/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6081926122176512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dd8351b1184b8054925c28ecc5fcb6dbbc177fad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_cabac: Tighten allowed coeff_abs rangeMichael Niedermayer2018-06-181-1/+1
| | | | | | | | | | | | Fixes: integer overflows Reported-by: "Xiaohan Wang (王消寒)" <xhwang@chromium.org> Based on limits in "8.5 Transform coefficient decoding process and picture construction process prior to deblocking filter process" Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f26a63c4ee1bdbe21d7ab462cd66f8ba20b14244) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc()Xiaohan Wang2018-06-181-0/+1
| | | | | | | | | | | | | When ff_h264_decode_mb_cavlc() failed due to wrong sl->qscale values, e.g. dquant out of range, set the qscale to be a valid value before returning -1 and exiting the function. The qscale value can be used later e.g. in loop filter. BUG=806122 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 71f39de2a57efc8db1d607b09c162c3b806cd45d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4_unpack_bframes: make sure the packet is writable when data ↵James Almer2018-03-281-1/+9
| | | | | | | | | | | needs to be changed Nothing currently guarantees that the packet passed to the bsf will be writable. Based on commit 4f2ff3a53e170d77e1dd231d7246a74e186011c9 Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/mp3_header_decompress: don't free the user provided packet on errorJames Almer2018-03-281-1/+1
| | | | | | | | It's owned by the caller. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit f18f9734694ea0761f94d57685f342b690d563b0)
* avcodec/extract_extradata: zero initalize the padding bytes in all allocated ↵James Almer2018-03-101-0/+6
| | | | | | | | buffers Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit d168e78effd170377ec57f67bca05c9f0de91bca)
* avcodec/vp3: Error out on invalid num_coeffs in unpack_vlcs()Michael Niedermayer2018-02-111-1/+3
| | | | | | | | This fixes a hypothetical integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f2318aee8ca8df1c84092f7d6691a2d0df02c474) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Ignore multiple VOL headersMichael Niedermayer2018-02-111-2/+2
| | | | | | | | Fixes: Ticket7005 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 63a4bdbf3b732504e54cc2b9ec0886e6242a90bc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp3: Check eob_runMichael Niedermayer2018-02-111-0/+3
| | | | | | | | | | | Fixes: out of array access Fixes: 5919/clusterfuzz-testcase-minimized-5859311382167552 Fixes: special case for theora (untested due to lack of sample) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 570023eab3e2962b4ad8345a157c1e18ca1a6eca) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pafvideo: Check allocated frame sizeMichael Niedermayer2018-02-111-0/+4
| | | | | | | | | | Fixes: OOM Fixes: 5549/clusterfuzz-testcase-minimized-5390553567985664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 66acb630286cf1bf03bfbdab6c7c784ff20bde61) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/scpr: Fix reading a pixel before the firstMichael Niedermayer2018-02-111-0/+4
| | | | | | | | | Fixes: 5540/clusterfuzz-testcase-minimized-6122458273808384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0fb33a82890753233225c61863fff1fcc9d970d4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg2dec: Fix field selection for skipped macroblocksNekopanda2018-02-111-0/+2
| | | | | | | | | | | | For B field pictures, the spec says, > The prediction shall be made from the field of the same parity as the field being predicted. I did it. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8b154cb3e90a3e599cadf477d815a9854b7bb4e1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/huffyuvdec: Check input buffer sizeMichael Niedermayer2018-02-111-0/+3
| | | | | | | | | | | Fixes: Timeout Fixes: 5487/clusterfuzz-testcase-4696837035393024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 08c220d26cff51ca2f6896b65aebfa3accc67290) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utvideodec: Fix bytes left check in decode_frame()Michael Niedermayer2018-02-111-1/+1
| | | | | | | | | | Fixes: out of array read Fixes: poc-2017.avi Found-by: GwanYeong Kim <gy741.kim@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 118e1b0b3370dd1c0da442901b486689efd1654b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix integer overflow in FFABSMichael Niedermayer2018-02-111-1/+1
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 5396/clusterfuzz-testcase-minimized-6558555529281536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8e50bd61e4ff97bd7fc6cbd7ec4ca514e17a70c4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacsbr_fixed: Fix overflows in rounding in sbr_hf_assemble()Michael Niedermayer2018-02-111-4/+5
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2052929346 + 204817098 cannot be represented in type 'int' Fixes: 5275/clusterfuzz-testcase-minimized-5367635958038528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b1bef755f617af9685b592d866b3eb7f3c4b02b1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Fix memleaks in decode_header()Michael Niedermayer2018-02-111-26/+56
| | | | | | | | | Fixes: 4793/clusterfuzz-testcase-minimized-5707366629638144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0a2560a9775be7c5df09c85c9908b05e711a54a3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mediacodecdec: use ff_hevc_ps_uninit()James Almer2018-01-301-0/+2
| | | | | | | Fixes memleaks. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 782e066e3e3d8015d6d64c47cda0925c10aebe08)
* avcodec/hevc_parser: use ff_hevc_uninit_parameter_sets()James Almer2018-01-301-10/+1
| | | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 2159d4bbc3e69d04242e87bac13ebea8b942d94d)
* avcodec/hevcdec: use ff_hevc_uninit_parameter_sets()James Almer2018-01-301-9/+1
| | | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 1f0cf1b2f4ef6304c343d53508193ac4b5d9c1d2)
* avcodec/hevc_ps: add a function to uninitialize parameter set buffersJames Almer2018-01-302-0/+18
| | | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 9462b2b8205397ea5972b2365c2e8db6872ef3e9)
* avcodec/dirac_dwt: Fix several integer overflowsMichael Niedermayer2018-01-302-3/+3
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -2146071175 + -268479557 cannot be represented in type 'int' Fixes: 5237/clusterfuzz-testcase-minimized-4569895275593728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe1e6c06d03432c3e9208f019533c1d701f485d0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/indeo5: Do not leave frame_type set to an invalid valueMichael Niedermayer2018-01-301-0/+1
| | | | | | | | | | Fixes: null pointer dereference Fixes: 5264/clusterfuzz-testcase-minimized-4621956621008896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2ff9f178519b68d4d1d606eb5451ad81da948efc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_ps: Check log2_sao_offset_scale_*Michael Niedermayer2018-01-301-0/+5
| | | | | | | | | | Fixes: 4868/clusterfuzz-testcase-minimized-6236542906400768 Fixes: runtime error: shift exponent 126 is too large for 32-bit type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4a75a75c62efc645ec28444e4675c325b8f2bb1a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Avoid possibly aliasing violating castsMichael Niedermayer2018-01-301-2/+5
| | | | | | | | Found-by: kierank Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d4967c04e040b3b2f937cad88599af825147ec94) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/get_bits: Document the return code of get_vlc2()Michael Niedermayer2018-01-301-0/+1
| | | | | | | | Found-by: kierank Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4a94ff4ccd4f2329c599e37cabe4152dae60359e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Check mb_num also against 0Michael Niedermayer2018-01-301-1/+1
| | | | | | | | | | The spec implies that 0 is invalid in addition to the existing checks Found-by: <kierank> Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 05f4703a168a336363750e32bcfdd6f303fbdbc3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_cabac: Check prefix so as to avoid invalid shifts in ↵Michael Niedermayer2018-01-281-1/+1
| | | | | | | | | | | | | | | coeff_abs_level_remaining_decode() I suspect that this can be limited tighter, but i failed to find anything in the spec that would confirm that. Fixes: 4833/clusterfuzz-testcase-minimized-5302840101699584 Fixes: runtime error: left shift of 134217730 by 4 places cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a026a3efaeb9c2026668dccbbda339a21ab3206b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Fix integer overflow in DC dequantizationMichael Niedermayer2018-01-281-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -65535 * 65312 cannot be represented in type 'int' Fixes: 4900/clusterfuzz-testcase-minimized-5769019744321536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1bfc1aa004950c5ad527d823a08b8a19eef34eb0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dxtory: Fix bits left checksMichael Niedermayer2018-01-281-5/+5
| | | | | | | | | | Fixes: Timeout Fixes: 4863/clusterfuzz-testcase-6347354178322432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6e1a167c5564085385488b4f579e9efb987d4bfa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_cabac: Move prefix check in coeff_abs_level_remaining_decode() downMichael Niedermayer2018-01-281-4/+7
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 94d4237a7a294ce80e1e577b38e9c93e8882aff9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/truemotion2: Fix integer overflow in TM2_RECALC_BLOCK()Michael Niedermayer2018-01-281-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 1477974040 - -1877995504 cannot be represented in type 'int' Fixes: 4861/clusterfuzz-testcase-minimized-4570316383715328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 56a53340ed4cc55898e49c07081311ebb2816630) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowdec: Fix integer overflow before htaps checkMichael Niedermayer2018-01-281-2/+3
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -1094995529 * 2 cannot be represented in type 'int' Fixes: 4828/clusterfuzz-testcase-minimized-5100849937252352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2eecf3cf8eeae67697934df326e98df2149881e5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ulti: Check number of blocks at initMichael Niedermayer2018-01-281-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 4832/clusterfuzz-testcase-4699096590843904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 725353525e73bbe5b6b4d01528252675f2417a02) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix integer overflows in wv_unpack_stereo / monoMichael Niedermayer2018-01-281-6/+6
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2146276249 + 1487583 cannot be represented in type 'int' Fixes: 4823/clusterfuzz-testcase-minimized-4551896611160064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 83e34ae3c2b36e7b20169a8866e3f49294db1f5a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000: Check sum of sizes of band->prec before allocatingMichael Niedermayer2018-01-281-0/+3
| | | | | | | | | | Fixes: OOM Fixes: 4810/clusterfuzz-testcase-minimized-6034253235093504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6887e412434776eb260ad3904f565be491dd5726) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec_fixed: Fix integer overflow in scale_coefs()Michael Niedermayer2018-01-281-2/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2147483520 + 128 cannot be represented in type 'int' Fixes: 4800/clusterfuzz-testcase-minimized-6110372403609600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1f38c75893c852cf19dcf3e4553549ba1e70950) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Avoid hardcoding duplicated types in sizeof()Michael Niedermayer2018-01-281-2/+2
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 860d991fcd715233b5b9eb1f6c7bf0aadefb6061) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/arm/sbrdsp_neon: Use a free register instead of putting 2 things in oneMichael Niedermayer2018-01-281-2/+2
| | | | | | | | | | | Fixes high pitched shriek Fixes: 25420848_1478428308873746_4255813235963330560_n.mp4 Reported-by: Dale Curtis <dalecurtis@google.com> Reviewed-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7dbbb75ee32f87108ca9e15f5551dbbe69fe2641) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264addpx_template: Fixes integer overflowsMichael Niedermayer2018-01-281-12/+12
| | | | | | | | | | Fixes: signed integer overflow: 512 + 2147483491 cannot be represented in type 'int' Fixes: 4780/clusterfuzz-testcase-minimized-4709066174627840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d6945aeee419a8417b8019c7c92227e12e45b7ad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt: Fix overflows in COMPOSE_HAARiH0/COMPOSE_HAARiL0Michael Niedermayer2018-01-281-2/+2
| | | | | | | | | | Fixes: 4830/clusterfuzz-testcase-minimized-5255392054476800 Fixes: signed integer overflow: 2147483646 - -7 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0e62a2373475f58c72c0faf5568be00b26909585) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fix integer overflow with quantMichael Niedermayer2018-01-281-5/+5
| | | | | | | | | | | Fixes: signed integer overflow: 2 + 2147483646 cannot be represented in type 'int' Fixes: 4792/clusterfuzz-testcase-minimized-6322450775146496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit eaa93175895568ef6c2542b13104874907d9c4ef) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/opus_parser: Check payload_len in parse_opus_ts_header()Michael Niedermayer2018-01-281-3/+13
| | | | | | | | | | Fixes: clusterfuzz-testcase-minimized-6134545979277312 Fixes: crbug 797469 Reported-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1bcd7fefcb3c1ec47978fdc64a9e8dfb9512ae62) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dsp: Fix integer overflows in ict_int()Michael Niedermayer2018-01-281-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 46802 * -71230 cannot be represented in type 'int' Fixes: 4756/clusterfuzz-testcase-minimized-4812495563784192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b3192c64b5bdcb0474cda437d2d5f9421d68811e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_slice: Do not attempt to render into frames already outputMichael Niedermayer2018-01-281-0/+6
| | | | | | | | | | | | Fixes: null pointer dereference Fixes: 4698/clusterfuzz-testcase-minimized-5096956322906112 This testcase does not reproduce the issue before 03b82b3ab9883cef017e513c7d0b3b986b3b3e7b Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 476665d4de989dba48ec1195215ccc8db54538f4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dnxhddec: Check dc vlcMichael Niedermayer2018-01-281-1/+5
| | | | | | | | | | | Fixes: signed integer overflow: 1024 + 2147483640 cannot be represented in type 'int' Fixes: 4671/clusterfuzz-testcase-minimized-6027464343027712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b2be76c0a472b729756ed7a91225c209d0dd1d2e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check buf_size more completelyMichael Niedermayer2018-01-281-4/+4
| | | | | | | | | | Fixes: Out of heap array read Fixes: 4683/clusterfuzz-testcase-minimized-6152313673613312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 903be5e4f66268273dc6e3c42a7fdeaab32066ef) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-15 20:26:58 +0000