aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/hevc_ps: Check delta_pocs in ff_hevc_decode_short_term_rps()Michael Niedermayer2017-08-241-0/+12
| | | | | | | | | | Fixes: integer overflow Fixes: 2893/clusterfuzz-testcase-minimized-5809330567774208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2b44dcbc44e99daf9515753e9fd4c2e1ea53a2fa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_template: Fix running cleanup in decode_ics_info()Michael Niedermayer2017-08-231-4/+9
| | | | | | | | | | | | Fixes: out of array read Fixes: 2873/clusterfuzz-testcase-minimized-5924145713905664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Previous version reviewed-by: Alex Converse <alex.converse@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6f03ffb47d51368a4bbc87702df8446e4660845d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/me_cmp: Fix crashes on ARM due to misalignmentMichael Niedermayer2017-08-214-5/+13
| | | | | | | | | | Adds a diff_pixels_unaligned() Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872503 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bc488ec28aec4bc91ba47283c49c9f7f25696eaa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fic: Fixes signed integer overflowMichael Niedermayer2017-08-211-6/+6
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 1037142357 + 1227025305 cannot be represented in type 'int' Fixes: 3024/clusterfuzz-testcase-minimized-5885660323905536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0c9d5b015c2022e8deebb93367f8ee8a8eb779e8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowdec: Fix off by 1 errorMichael Niedermayer2017-08-211-1/+1
| | | | | | | | | | Fixes: runtime error: index 4 out of bounds for type 'int8_t [4]' Fixes: 3023/clusterfuzz-testcase-minimized-6421736130084864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d132683ddd4050d3fe103ca88c73258c3442dc34) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Check perspective_exp and zrs_exp.Michael Niedermayer2017-08-171-0/+4
| | | | | | | | | | | Fixes: undefined shift Fixes: runtime error: shift exponent 264 is too large for 32-bit type 'int' Fixes: 2860/clusterfuzz-testcase-minimized-4672811689836544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1e6cab874512070b36267a5a53fd053f90072fa2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Clear mcsel before decoding an imageMichael Niedermayer2017-08-131-0/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2146467840 + 1032192 cannot be represented in type 'int' Fixes: 2826/clusterfuzz-testcase-minimized-5901511613743104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7735ed29741d985e1e670249ca56e7a1ce18b729) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt: Fixes integer overflows in COMPOSE_DAUB97*Michael Niedermayer2017-08-081-4/+4
| | | | | | | | | | Fix multiple: runtime error: signed integer overflow: 6497 * 3409630 cannot be represented in type 'int' Fixes: 2819/clusterfuzz-testcase-minimized-4743700301217792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a5380f9c1c460acccb2edaa8609e4a57c0456088) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_fixed: fix invalid shift in predict()Michael Niedermayer2017-08-081-2/+6
| | | | | | | | | | Fixes: runtime error: shift exponent -2 is negative Fixes: 2818/clusterfuzz-testcase-minimized-5062943676825600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1e443051b277f73b94a2f660d3fd31a1a7beab52) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_slice: Fix overflow in slice offsetMichael Niedermayer2017-08-081-7/+9
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 1610612736 * 2 cannot be represented in type 'int' Fixes: 2817/clusterfuzz-testcase-minimized-5289691240726528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1f53bde6d817ae13a47748f321adbdfa79e15982) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt: Fix multiple integer overflows in COMPOSE_DD97iH0()Michael Niedermayer2017-07-291-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 9 * 335544320 cannot be represented in type 'int' Fixes: 2739/clusterfuzz-testcase-minimized-6737297955356672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bf8ab72ae95bb11f2c281d464594c2f6ba70326b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fix integer overflow in divide3()Michael Niedermayer2017-07-291-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -1073746548 * 21845 cannot be represented in type 'int' Fixes: 2729/clusterfuzz-testcase-minimized-5902915464069120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c0220c768c7fc933a76c863ebbb0abdf68a88533) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/takdec: Fix integer overflow in decode_subframe()Michael Niedermayer2017-07-291-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -536870912 - 1972191120 cannot be represented in type 'int' Fixes: 2711/clusterfuzz-testcase-minimized-4975142398590976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c630d159ffe8a9822e81f9c041652762b37e068) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_ps: fix integer overflow in log2_parallel_merge_level_minus2Michael Niedermayer2017-07-261-3/+5
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -2147483647 - 2 cannot be represented in type 'int' Fixes: 2702/clusterfuzz-testcase-minimized-4511932591636480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 74c1c22d7f0d25f527ed2ebf62493be5ad52c972) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacps: Fix multiple integer overflow in map_val_34_to_20()Michael Niedermayer2017-07-261-4/+4
| | | | | | | | | | Fixes: avcodec/aacps.c:511:40: runtime error: signed integer overflow: 1509077651 + 758068176 cannot be represented in type 'int' Fixes: 2678/clusterfuzz-testcase-minimized-4702787684270080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0764fe1d09833ae4dcf9e427df09378d0d6a3386) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_fixed: fix: left shift of negative value -1Michael Niedermayer2017-07-261-1/+1
| | | | | | | | | Fixes: 2699/clusterfuzz-testcase-minimized-5631303862976512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2dfb8c417891e0cc3670f8e0791ea0c7071314fe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_template (fixed point): Check gain in decode_cce() to avoid ↵Michael Niedermayer2017-07-191-0/+8
| | | | | | | | | | | | undefined shifts later Fixes: runtime error: shift exponent 47 is too large for 32-bit type 'int' Fixes: 2581/clusterfuzz-testcase-minimized-4681474395602944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2886142e0c3b5f4304c6e2a2bd282770a8a47f93) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Clip DC also on the negative side.Michael Niedermayer2017-07-191-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -16711425 + -2130772346 cannot be represented in type 'int' Fixes: 2533/clusterfuzz-testcase-minimized-5372857678823424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c28f648b19dd36ff9bc869ad527a1569a0b623e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacps (fixed point): Fix multiple signed integer overflowsMichael Niedermayer2017-07-191-17/+8
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 1421978265 - -1810326882 cannot be represented in type 'int' Fixes: 2527/clusterfuzz-testcase-minimized-5260915396050944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 80b9e40b6f1e15db9f36c195e7375e65f6b4924f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sbrdsp_fixed: Fix integer overflow in sbr_hf_apply_noise()Michael Niedermayer2017-07-191-2/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -2049425300 + -117591631 cannot be represented in type 'int' Fixes: part of 2096/clusterfuzz-testcase-minimized-4901566068817920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2061de8a3f73f14806e5f6ccaf9a635f740a54e6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix invalid shiftMichael Niedermayer2017-07-191-2/+2
| | | | | | | | | | Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 2377/clusterfuzz-testcase-minimized-6108505935183872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c07af720984acaafaa273369080b458d73975775) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_ps: Fix integer overflow with beta/tc offsetsMichael Niedermayer2017-07-191-6/+8
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2113929216 * 2 cannot be represented in type 'int' Fixes: 2422/clusterfuzz-testcase-minimized-5242114713583616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit de54a37c1dfa2817b5838720fac44e82312ccbfd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vb: Check vertical GMC component before multiplyMichael Niedermayer2017-07-191-0/+4
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 8224 * 663584 cannot be represented in type 'int' Fixes: 2393/clusterfuzz-testcase-minimized-6128334993883136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bc6ab72bc7af27189e7b524b97e45c6fcadab5cf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()Michael Niedermayer2017-07-191-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -163654656 * 256 cannot be represented in type 'int' Fixes: 2367/clusterfuzz-testcase-minimized-4648678897745920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ea5366670e26b2c6c396e6a5f49827a2b71e6dd6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflowMichael Niedermayer2017-07-161-3/+5
| | | | | | | | | | Fixes: out of array access Fixes: PoC.ape and others Found-by: Bingchang, Liu@VARAS of IIE Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ba4beaf6149f7241c8bd85fe853318c2f6837ad0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix integer overflow in wv_unpack_stereo()Michael Niedermayer2017-06-251-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2080374785 + 2080374784 cannot be represented in type 'int' Fixes: 2351/clusterfuzz-testcase-minimized-5359403240783872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 73ea2a028e12a7d779834f78dc496c8c4b08361f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Fix GMC with videos of dimension 1Michael Niedermayer2017-06-251-1/+1
| | | | | | | | | | Fixes: runtime error: shift exponent -1 is negative Fixes: 2338/clusterfuzz-testcase-minimized-5153426541379584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4976a3411f71518d17a57e373b62517f066648fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix integer overflowMichael Niedermayer2017-06-231-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 227511904 + 1964113935 cannot be represented in type 'int' Fixes: 2331/clusterfuzz-testcase-minimized-6182185830711296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 24e95f9d4de012f51fdd5767dff0b3142e13ec3a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/takdec: Fix integer overflowMichael Niedermayer2017-06-231-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 512 + 2147483146 cannot be represented in type 'int' Fixes: 2314/clusterfuzz-testcase-minimized-4519333877252096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0c2ef4f6b4d52a7b7184c747ffea3576926ea1b1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Update pointer only when the result is usedMichael Niedermayer2017-06-231-1/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 538976288 * 32 cannot be represented in type 'int' Fixes: 2310/clusterfuzz-testcase-minimized-4534784887881728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 27f80ab0160d2e64007e1c9799ffd4504cc13eb5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_filter: Fix invalid shiftMichael Niedermayer2017-06-221-1/+1
| | | | | | | | | | | Fixes: runtime error: left shift of negative value -1 Fixes: 2299/clusterfuzz-testcase-minimized-4843509351710720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d7b3d5c3f2e2ff1994762b5e09c05fbc33790b5b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Fix overflow in virtual_ref computationMichael Niedermayer2017-06-221-8/+8
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 262144 * -16120 cannot be represented in type 'int' Fixes: 2292/clusterfuzz-testcase-minimized-6156080415506432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5443c4bdf4828ac5b7b19cf54feb496c2da40079) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix undefined integer negationMichael Niedermayer2017-06-221-2/+2
| | | | | | | | | | Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 2291/clusterfuzz-testcase-minimized-5538453481586688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f89747086af741ddc34e2378cde8519b8faee78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_fixed: Check s for being too smallMichael Niedermayer2017-06-221-2/+3
| | | | | | | | | | Fixes: runtime error: shift exponent -8 is negative Fixes: 2286/clusterfuzz-testcase-minimized-5711764169687040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cf7edbd6c5d48d7302877352f7b60092d5b65243) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264: Fix mix of lossless and lossy MBs decodingAnton Mitrofanov2017-06-202-16/+16
| | | | | | Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit cf231b68da1150c100114f2c5671b7ed740f917a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_mb: Fix 8x8dct in lossless for new versions of x264Anton Mitrofanov2017-06-201-1/+1
| | | | | | Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 06dda70f1e7c69a3b1684af5e6930431c62c527a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_cabac: Fix CABAC+8x8dct in 4:4:4Anton Mitrofanov2017-06-201-14/+33
| | | | | | | | | Use the correct ctxIdxInc calculation for coded_block_flag. Keep old behavior for old versions of x264 for backward compatibility. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 840b41b2a643fc8f0617c0370125a19c02c6b586) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/takdec: Fixes: integer overflow in AV_SAMPLE_FMT_U8P outputMichael Niedermayer2017-06-181-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2147483543 + 128 cannot be represented in type 'int' Fixes: 2234/clusterfuzz-testcase-minimized-6266896041115648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 27c20068054d8c6786833234f7b6db19f1e98362) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dsp: Reorder operations in ict_int() to avoid 2 integer ↵Michael Niedermayer2017-06-171-2/+2
| | | | | | | | | | | | overflows Fixes: runtime error: signed integer overflow: 58065 * 51981 cannot be represented in type 'int' Fixes: 2271/clusterfuzz-testcase-minimized-5778297776504832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c746f92a8e03d5a062359fba836eba4b3530687e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcpred_template: Fix left shift of negative valueMichael Niedermayer2017-06-171-1/+1
| | | | | | | | | | Fixes: runtime error: left shift of negative value -1 Fixes: 2250/clusterfuzz-testcase-minimized-5693382112313344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c94326c1fc2fb5719c6f28fe1b95c0c74417998b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdec: Fix signed integer overflow in decode_lt_rps()Michael Niedermayer2017-06-171-2/+6
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2147483647 + 6 cannot be represented in type 'int' Fixes: 2263/clusterfuzz-testcase-minimized-4800359627227136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1edbf5e20c75f06d6987bc823e63aa4e649ccddd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Check nonzerobits more completelyMichael Niedermayer2017-06-171-2/+2
| | | | | | | | | | Fixes: runtime error: shift exponent 36 is too large for 32-bit type 'int' Fixes: 2239/clusterfuzz-testcase-minimized-5639766592716800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dfb61ea2630029b7aec7911aade769bf1a914eea) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Sanity check maxnlpcMichael Niedermayer2017-06-171-0/+4
| | | | | | | | | | Fixes OOM Fixes: 2131/clusterfuzz-testcase-minimized-4718045157130240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e77ddd31a8e14bcf5eccd6008d866ae90b4b0d4c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000: Fixes integer overflow in ff_jpeg2000_ceildivpow2()Michael Niedermayer2017-06-161-1/+1
| | | | | | | | | | Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 2231/clusterfuzz-testcase-minimized-4565181982048256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e3fadc57c5c170f31455abacbcbd67115d7321d7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdec: Check nb_spsMichael Niedermayer2017-06-161-0/+2
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bc406744620710911de9157eafa3e61d0246566f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_refs: Check nb_refs in add_candidate_ref()Michael Niedermayer2017-06-161-1/+1
| | | | | | | | | | Fixes: runtime error: index 16 out of bounds for type 'int [16]' Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1cb4ef526dd1e5f547d0354efb0831d07e967919) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Check sprite delta upshift against overflowing.Michael Niedermayer2017-06-161-8/+10
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -268386304 * 16 cannot be represented in type 'int' Fixes: 2204/clusterfuzz-testcase-minimized-5616756909408256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 12245ab1f677074b8ff83e87f76a41aba692ccd6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 caseMichael Niedermayer2017-06-161-20/+20
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 131072 + 2147352576 cannot be represented in type 'int' Fixes: 2192/clusterfuzz-testcase-minimized-5370387988742144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0a87be404ab7e3f47e67e79160dcc9623e36835b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacsbr_fixed: Check shift in sbr_hf_assemble()Michael Niedermayer2017-06-161-5/+13
| | | | | | | | | Fixes: runtime error: shift exponent -10 is negative Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d1992448d37f7cfa2acda5cc729dc0ff1b019390) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sbrdsp_fixed: Return an error from sbr_hf_apply_noise() if ↵Michael Niedermayer2017-06-161-3/+10
| | | | | | | | | | | operations are impossible Fixes: 1775/clusterfuzz-testcase-minimized-5330288148217856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d549f026d8b64b879c3ce3b8c7d153c82aa5eb52) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 16:37:06 +0000