FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-03 05:10:03 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	12043b8a6b	avcodec/fmvc: Move frame allocation to a later stage This way more things are checked before allocation Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9783749c66`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:55 +02:00
Michael Niedermayer	16ab46b4fc	avfilter/vf_showinfo: remove backspaces They mess with storing editing and comparing the results Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `31581ae7ee`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:54 +02:00
Michael Niedermayer	c7f723ddb6	avcodec/speedhq: Check width Fixes: out of array access Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400 Alternatively the buffer size can be increased Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f0395f9ef6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:54 +02:00
Michael Niedermayer	85f5aaa15f	avcodec/bink: disallow odd positioned scaled blocks Fixes: out of array access Fixes: 47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b14104a637`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:54 +02:00
Michael Niedermayer	3ce3d5ea9c	avformat/asfdec_o: limit recursion depth in asf_read_unknown() The threshold of 5 is arbitrary, both smaller and larger should work fine Fixes: Stack overflow Fixes: 50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1f1a368169`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:53 +02:00
Michael Niedermayer	b21ebecec1	doc/git-howto.texi: Document commit signing Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ced0dc807e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:53 +02:00
Michael Niedermayer	399670d668	libavcodec/8bps: Check that line lengths fit within the buffer Fixes: Timeout Fixes: undefined pointer arithmetic Fixes: 50330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5436287485607936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2316d5ec1a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:53 +02:00
Michael Niedermayer	7e2559982f	avcodec/midivid: Perform lzss_uncompress() before ff_reget_buffer() This would avoid regeting the frame on lzss errors Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `628fb97efb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:52 +02:00
Michael Niedermayer	7c00e515a0	libavformat/iff: Check for overflow in body_end calculation Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 cannot be represented in type 'long' Fixes: 50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bcb4690304`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:52 +02:00
Michael Niedermayer	df0d34caaf	avformat/avidec: Prevent entity expansion attacks Fixes: Timeout Fixes no testcase, this is the same idea as similar attacks against XML parsers Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f3e823c2aa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:52 +02:00
Michael Niedermayer	eb252776d8	avcodec/h263dec: Sanity check against minimal I/P frame size Fixes: Timeout Fixes: 49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ca4ff9c21c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:51 +02:00
Michael Niedermayer	5b9b498e1b	avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccel This is somewhat redundant with the is_decoded check. Maybe there is a nicer solution Fixes: Null pointer dereference Fixes: 49584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5297367351427072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3b51e19922`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:51 +02:00
Michael Niedermayer	8b644b85f4	avcodec/mpegaudiodec_template: use unsigned shift in handle_crc() Fixes: left shift of 192 by 24 places cannot be represented in type 'int' Fixes: 49577/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP1FLOAT_fuzzer-5205996678545408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7086491fa0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:51 +02:00
Michael Niedermayer	fe87396f35	avformat/subviewerdec: Make read_ts() more flexible Fixes: signed integer overflow: -1948269928 * 10 cannot be represented in type 'int' Fixes: 49451/clusterfuzz-testcase-minimized-ffmpeg_dem_SUBVIEWER_fuzzer-6344614822412288 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg (cherry picked from commit `58a8e739ef`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:50 +02:00
Michael Niedermayer	0035e034c0	avcodec/mjpegdec: bayer and rct are incompatible Fixes: out of array read Fixes: 49434/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5208501080686592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a44f5a5212`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:50 +02:00
Michael Niedermayer	9363a18e49	MAINTAINERS: Add ED25519 key for signing my commits in the future Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `05225180be`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:50 +02:00
Michael Niedermayer	1882734fe1	avcodec/hevc_filter: copy_CTB() only within width&height Fixes: out of array access Fixes: 49271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5424984922652672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `009ef35d38`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:49 +02:00
Michael Niedermayer	cd76f3ed59	avcodec/tiff: Check tile_length and tile_width Fixes: Division by 0 Fixes: 49235/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5495613847896064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `76112c2b41`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:49 +02:00
Michael Niedermayer	ff6d408ac0	avcodec/mss4: Check image size with av_image_check_size2() Fixes: Timeout Fixes: 48418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MTS2_fuzzer-4834851466903552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4e145f1dcd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:49 +02:00
Michael Niedermayer	815efd3f68	avformat/flvdec: Check for EOF in index reading Fixes: Timeout Fixes: 47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ceff5d7b74`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:48 +02:00
Michael Niedermayer	46f74da439	avformat/nutdec: Check get_packetheader() in mainheader Fixes; Timeout Fixes: 48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b5de084aa6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:48 +02:00
Michael Niedermayer	3ab3a39ec6	avformat/asfdec_f: Use 64bit for packet start time Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 49014/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6314973315334144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8ed78486fc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:48 +02:00
Michael Niedermayer	f18d625883	avcodec/exr: Check x/ysize Fixes: OOM Fixes: 48911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6352002510094336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `614a4d1476`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:47 +02:00
Michael Niedermayer	52accf7310	tools/target_dec_fuzzer: Adjust threshold for MMVIDEO Fixes: Timeout Fixes: 49003/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MMVIDEO_fuzzer-5550368423018496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3592b05c84`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:47 +02:00
Michael Niedermayer	d46f1d89f1	avcodec/lagarith: Check dst/src in zero run code Fixes: out of array access Fixes: 48799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-4764457825337344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9450f75974`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:47 +02:00
Michael Niedermayer	48957599a5	avcodec/h264dec: Skip late SEI Fixes: Race condition Fixes: clusterfuzz-testcase-minimized-mediasource_MP2T_AVC_pipeline_integration_fuzzer-6282675434094592 Found-by: google ClusterFuzz Tested-by: Dan Sanders <sandersd@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f7dd408d64`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:46 +02:00
Michael Niedermayer	3092b4d271	avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c() Fixes: signed integer overflow: 2147483645 + 16 cannot be represented in type 'int' Fixes: 46993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4759025234870272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1537f40516`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:46 +02:00
Michael Niedermayer	b1deea36aa	avfilter/vf_signature: Fix integer overflow in filter_frame() Fixes: CID1403233 The second of the 2 changes may be unneeded but will help coverity Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dd6040675e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:46 +02:00
Michael Niedermayer	d3e208f5f5	avformat/rtsp: break on unknown protocols This function needs more cleanup and it lacks error handling Fixes: use of uninitialized memory Fixes: CID700776 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `73c0fd27c5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:45 +02:00
Michael Niedermayer	93f5b347e6	avcodec/hevcdsp_template: stay within tables in sao_band_filter() Fixes: out of array read Fixes: 47875/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5719393113341952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9c5250a561`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:45 +02:00
Michael Niedermayer	6bc0cf403e	avcodec/tiff: Check pixel format types for dng Fixes: out of array access Fixes: 48271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6149705769287680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `75f3d1b822`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:45 +02:00
Michael Niedermayer	0b4c403f2a	avcodec/qpeldsp: copy less for the mc0x cases Fixes: out of array access Fixes: 47936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5745039940124672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e690d4edf5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:44 +02:00
Michael Niedermayer	23fb7097ee	avformat/aaxdec: Check for empty segments Fixes: Timeout Fixes: 48154/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5149094353436672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `db31b3ea86`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:44 +02:00
Michael Niedermayer	7fe75d51fe	avcodec/ffv1dec: Limit golomb rice coded slices to width 8M This limit is possibly not reachable due to other restrictions on buffers but the decoder run table is too small beyond this, so explicitly check for it. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b4431399ec`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:44 +02:00
Michael Niedermayer	8063b5e289	avformat/iff: simplify duration calculation Fixes: signed integer overflow: 315680096256 * 134215943 cannot be represented in type 'long long' Fixes: 48713/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5886272312311808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0740641e93`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:43 +02:00
Michael Niedermayer	8f9b6ac0e8	avcodec/wnv1: Check for width =1 The decoder only outputs pixels for width >1 images, fail early Fixes: Timeout Fixes: 48298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WNV1_fuzzer-6198626319204352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d98d5a436a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:43 +02:00
Michael Niedermayer	572568cff4	avcodec/ffv1dec_template: fix indention Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `eee7364c90`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:43 +02:00
Michael Niedermayer	d1fa43d5b9	avformat/sctp: close socket on errors This is untested as i have no testcase Fixes: CID1302709 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c9a2996544`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:42 +02:00
Michael Niedermayer	a9f13f883d	avcodec/aasc: Fix indention Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `af2ed09220`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:42 +02:00
Michael Niedermayer	e5c8b53c68	avcodec/qdrw: adjust max colors to array size Fixes: out of array access Fixes: 48429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDRAW_fuzzer-4608329791438848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cd847f86d3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:42 +02:00
Michael Niedermayer	4ecf6ca450	avcodec/alacdsp: Make intermediates unsigned Fixes: signed integer overflow: -14914387 + -2147418648 cannot be represented in type 'int' Fixes: 46464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-474307197311385 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8709f4c10a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:41 +02:00
Michael Niedermayer	40065896ec	avformat/aiffdec: cleanup size handling for extreem cases Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c6f1e48b86`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:41 +02:00
Michael Niedermayer	732d39e353	avformat/matroskadec: avoid integer overflows in SAR computation This ignores >64bit Alternatively we could support that if it occurs in reality Fixes: negation of -9223372036854775808 Fixes: integer overflows Fixes: 46072/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5029840966778880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e6cad01122`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:41 +02:00
Michael Niedermayer	0f5afdda0a	avcodec/jpeglsdec: fix end check for xfrm Fixes: out of array access Fixes: 47871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-5646305956855808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6a82412bf3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:40 +02:00
Michael Niedermayer	f368a6cf68	avcodec/cdgraphics: limit scrolling to the line Fixes: out of array access Fixes: 47877/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5690504626438144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b7e30a13d4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:40 +02:00
Michael Niedermayer	35ccd5a569	avformat/hls: Limit start_seq_no to one bit less This avoids overflow checks on additions with 32bit numbers Fixes: signed integer overflow: 9223372036854775806 + 2 cannot be represented in type 'long' Fixes: 44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-4747770734444544 Fixes: 48065/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5372410355908608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d8ee014254`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:40 +02:00
Michael Niedermayer	58e57ef180	avformat/aiffdec: avoid integer overflow in get_meta() Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 45891/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6159183893889024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6a02de2127`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:39 +02:00
Michael Niedermayer	a71c87e4b5	avformat/ape: more bits in size for less overflows Fixes: signed integer overflow: 2147483647 + 3 cannot be represented in type 'int' Fixes: 46184/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-4678059519770624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e5f6707a7b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:39 +02:00
Michael Niedermayer	e3a733ba8e	avformat/aviobuf: Check buf_size in ffio_ensure_seekback() buffer_size is an int Fixes: signed integer overflow: 9223372036854775754 + 32767 cannot be represented in type 'long' Fixes: 45691/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5263458831040512 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c4b130e876`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:39 +02:00
Michael Niedermayer	2ccfbc888c	avformat/bfi: Check offsets better Fixes: signed integer overflow: -2145378272 - 538976288 cannot be represented in type 'int' Fixes: 45690/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5015496544616448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `35dc93ab44`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-25 13:51:38 +02:00

1 2 3 4 5 ...

102157 Commits