Fixes: signed integer overflow: 20 * 2314885530818453759 cannot be represented in type 'long'
Fixes: 69098/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-6107989688778752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0993ef675f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 69083/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-5608202363273216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 69e90491f1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of 1431634944 by 2 places cannot be represented in type 'int'
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: 69061/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC2_fuzzer-6325700826038272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit af99358353)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 69098/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-6107989688778752
Fixes: 69599/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4848626296225792.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c8881cb35)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1604593 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66d6b8033b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Helps with: CID1439572 Uninitialized pointer read
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 19a5a8997c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1439581 Result is not floating-point
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec18ec9fc1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The pointer is used before the check
Fixes: CID1591884 Dereference before null check
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 989e11acb6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Maybe Fixes: CID1598557 Explicit null dereferenced
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c2e727088)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591931 Explicit null dereferenced
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 175c191668)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1598550 Resource leak
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 25f9211bdd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591929 Copy into fixed size buffer
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit daf61dddc8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Helps: CID1454676 Out-of-bounds read
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9af348bd1a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found by reviewing code related to CID1604365 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0474614e6c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1604552 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f18b442370)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1604495 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d553276843)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1604400 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b989986641)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1604356 Overflowed constant
Fixes: CID1604573 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e4c037833)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is more a style fix than a bugfix (CID1604392 Overflowed constant)
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cfe66dfebb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found by code review related to CID1604563 Overflowed return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b2aaeb81f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found while reviewing code related to CID1604409 Overflowed return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7cf5b83f6f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found by code review related to CID1604386 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e5af1c6e91)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1604394 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 69dcd123f1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1604490 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 96fd9417e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
width and height > 32bit is not supported and its easier to check in a central place
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba63e32957)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found through code review related to CID1604493 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e6c0c5731e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -208
Fixes: 69073/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_KS_fuzzer-4745020002336768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93e0265e27)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found while reviewing: CID1494441 Untrusted value as argument
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f13ae63259)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found while reviewing: CID1530313 Untrusted loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cedbef0394)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It is not entirely clear what would prevent such overflow so even if it is
not possible, it is better to use 64bit
Fixes: CID1491898 Unintentional integer overflow
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 665be4fa2f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591930 Wrong sizeof argument
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Steve Lhomme <robux4@ycbcr.xyz>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e9e8bea2e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591944 Wrong sizeof argument
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Steve Lhomme <robux4@ycbcr.xyz>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 628ba061c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1598558 Resource leak
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Steve Lhomme <robux4@ycbcr.xyz>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf22f944d5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591909 Wrong sizeof argument
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Steve Lhomme <robux4@ycbcr.xyz>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 698ed0d5a5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1604548 Unused value
Sponsored-by: Sovereign Tech Fund
Reviewed-by: "Xiang, Haihao" <haihao.xiang-at-intel.com@ffmpeg.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e4bfff211)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591881 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f022afea77)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This may help CID1452449 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 426d8c84c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found while reviewing CID1452449 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a0a7d964b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1473554 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8200d3825)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It seems reply1 is initialized by ff_rtsp_send_cmd() in most cases but there
are code paths like "continue" which look like they could skip it but even if not
writing this so a complex loop after several layers of calls initialized a local
variable through a pointer is just bad design.
This patch simply initialized the variable.
Fixes: CID1473532 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 498ce4e8b8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found while reviewing CID1473532 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9bb38ba2b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1452585 Untrusted loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7a9ddb7051)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1197065 Resource leak
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 382e9e79f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is unlikely to make a difference
Fixes: CID1591896 Unintentional integer overflow
Fixes: CID1591901 Unintentional integer overflow
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66b60bae68)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1500281 Out-of-bounds write
Fixes: CID1500331 Out-of-bounds write
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5fe8bf4aa5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The spec allows at least thirty-two zero bits followed by a one to mean
2^32-1, with no constraint on the number of zeroes. The libaom
reference decoder does not match this, instead reading thirty-two zeroes
but not the following one to mean 2^32-1. These two interpretations are
incompatible and other implementations may follow one or the other.
Therefore reject thirty-two zeroes because the intended behaviour is not
clear.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7110a36ba0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1422217 Result is not floating-point
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d0d502ff1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Maybe Helps: CID1503077 Bad bit shift operation
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cef720ab42)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1503078 Resource leak
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7a0ea15c7a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
