FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-07-11 14:30:22 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	12a53bf673	avformat/asfdec_f: Fix overflow check in get_tag() Fixes: signed integer overflow: 2 * 1210064928 cannot be represented in type 'int' Fixes: 20873/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5761116909338624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c8140fe732`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	dee744a8c4	avformat/nsvdec: Fix memleaks on errors while reading the header Fixes: memleaks Fixes: 21084/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5655975492321280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `96c0469455`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	e121488dc8	avcodec/ffwavesynth: Fix integer overflow in computation of ddphi Fixes: signed integer overflow: 1302123111085380114 - -8319005078741256972 cannot be represented in type 'long' Fixes: 20991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5148554161291264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c85bf16318`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	a3a3730b54	avcodec/cbs_jpeg: Check length for SOS Fixes: out of array access Fixes: 19734/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5673507031875584 Fixes: 19353/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5703944462663680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1812352d76`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	8640db14e7	avcodec/adpcm: Fix invalid shift in AV_CODEC_ID_ADPCM_PSX Fixes: left shift of negative value -1 Fixes: 20859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_PSX_fuzzer-5720391507247104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0a11ef68f0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	b66f444683	avcodec/mpeg12dec: Fix invalid shift in mpeg2_fast_decode_block_intra() Fixes: left shift of negative value -695 Fixes: 19232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5702856963522560 Fixes: 19555/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5741218147598336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c40df2166c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Andreas Rheinhardt	73374013ff	avcodec/cbs_h2645: Treat slices without data as invalid Slices that end after their header (meaning slices after the header without any data before the rbsp_stop_one_bit or possibly without any rbsp_stop_one_bit at all) are invalid and are now dropped. This ensures that one doesn't run into two asserts in cbs_h2645_write_slice_data(). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Fixes: 19629/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5676822528524288 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `66fac1ff7c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Andreas Rheinhardt	107345d0a1	avcodec/cbs_h2645: Remove dead code to delete trailing zeroes Trailing zeroes are already discarded when splitting a fragment, which makes the code to remove them when decomposing slices dead code. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8f701932b3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	f94ca27470	avcodec/cbs_av1_syntax_template: Set seen_frame_header only after successfull uncompressed_header() Fixes: assertion failure Fixes: 19301/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_MERGE_fuzzer-5743212006473728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a2e4879432`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	c5419a53ac	avcodec/mpegaudioenc_template: fix invalid shift of sample Fixes: Ticket8010 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a2c97a8342`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	eb64c10a4b	avcodec/motion_est_template: Fix invalid shifts in no_sub_motion_search() Fixes: Ticket8167 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e13eee37ee`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	1170ec748b	libavformat/avienc: Check bits per sample for PAL8 Fixes: assertion failure Fixes: Ticket 8172 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3595878281`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	6faa32dd6c	avformat/mpegts: Improve the position determination for avpriv_mpegts_parse_packet() Fixes: assertion failure Fixes: Ticket 8005 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e5bb48ae59`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	59a4a990fc	avcodec/magicyuv: Check that there are enough lines for interlacing to be possible Fixes: out of array access Fixes: 20763/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5759562508664832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f8a0e9f9f7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	366929ab4e	avformat/mvdec: Check stream numbers Fixes: null pointer dereference Fixes: 20768/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5638648978735104.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `618a9bea65`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	a7dabc18ea	avcodec/pcm: Fix invalid shift in AV_CODEC_ID_PCM_LXF Fixes: left shift of 233 by 24 places cannot be represented in type 'int' Fixes: 20736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_LXF_fuzzer-4829212685107200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `051d11f659`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	4e2dd06d27	avcodec/qdm2: Check fft_coefs_index Fixes: out of array access Fixes: 20660/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5658290216501248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9fc73bf022`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	31098af56d	avformat/utils: Fix integer overflow with complex time bases in avformat_find_stream_info() Fixes: signed integer overflow: 2045163756 * 2 cannot be represented in type 'int' Fixes: Ticket5132 Found-by: tsmith Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f3d8f517db`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	4b7a304b6e	avformat/avidec: Avoid integer overflow in NI switch check Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long' Fixes: Ticket8149 Found-by: Suhwan Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `347920ca21`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	6a300f6a90	fftools/ffmpeg: Fix integer overflow in duration computation in seek_to_start() Fixes: signed integer overflow: -9223372036854775808 - 9223372036854775807 cannot be represented in type 'long' Fixes: Ticket8142 Found-by: Suhwan Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4f4ad33d96`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	555d2ab5a5	avfilter/vf_aspect: Fix integer overflow in compute_dar() Fixes: signed integer overflow: 1562273630 * 17 cannot be represented in type 'int' Fixes: Ticket8323 Found-by: Suhwan Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0c0ca0f244`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	55f147c2ba	avcodec/apedec: Fix invalid shift with 24 bps Fixes: left shift of negative value -463 Fixes: 20542/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5688714435231744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8e27867229`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Dale Curtis	b89759ea54	avformat/utils: Fix undefined behavior in ff_configure_buffers_for_index() When e2_pts == INT64_MIN and e1_pts >= 0 the calculation of e2_pts - e1_pts will overflow an int64_t. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f15007afa9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	27db9c8288	avcodec/dpcm: Fix integer overflow in AV_CODEC_ID_GREMLIN_DPCM Fixes: signed integer overflow: -2147479324 + -32568 cannot be represented in type 'int' Fixes: 20103/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GREMLIN_DPCM_fuzzer-5667667579240448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b1aecad9ea`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	52b9e7f530	avcodec/wmalosslessdec: Fix integer overflow with sliding in padding bits Fixes: signed integer overflow: -53716100 * 256 cannot be represented in type 'int' Fixes: 20143/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5716604000403456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b8a0be9352`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	3653108a5c	avcodec/wmalosslessdec: Fix loop in revert_acfilter() Fixes: out of array read Fixes: 20059/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5691776237305856 No testcase except the fuzzed one. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5584c0bb94`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	c4dccb509d	avcodec/lagarith: Sanity check scale A value of 24 and above can collaps the range to 0 which would not work. Fixes: Timeout (75sec -> 21sec) Fixes: 18707/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-5708950892969984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fb3855342b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	d75d754b84	avcodec/apedec: Fix integer overflows in predictor_decode_mono_3950() Fixes: signed integer overflow: -2147407150 + -1871606 cannot be represented in type 'int' Fixes: 18702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679095417667584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `eb64a5c6f9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	9f30a1694c	avcodec/ralf: Fix integer overflow in apply_lpc() Fixes: signed integer overflow: 2147482897 + 2048 cannot be represented in type 'int' Fixes: 19240/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5743240326414336 Fixes: 19869/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5150136636538880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fd313d8cf8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	af1bfe5bc3	avcodec/dca_lbr: Fix some error codes and error passing Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bfea054a75`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	9f30473846	avcodec/wmavoice: Fix rounding and integer anomalies in calc_input_response() Fixes: out of array access Fixes: inf is outside the range of representable values of type 'int' Fixes: signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long' Fixes: 19316/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5677369365102592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `38d3758444`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	20c0ea160e	avcodec/wmavoice: sanity check block_align This limit is roughly based on the bitreader limit, its likely a much tighter limit could be used Fixes: left shift of 1965039647 by 1 places cannot be represented in type 'int' Fixes: 19545/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5695391899320320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6847e22c8c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	958db2c438	avcodec/pcm: Fix invalid shift in pcm_decode_frame for LXF Fixes: left shift of 32 by 28 places cannot be represented in type 'int' Fixes: 19472/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_LXF_fuzzer-5704364320096256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `985d3666f6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	bc77d29d9e	avcodec/snappy: Sanity check bytestream2_get_levarint() Fixes: left shift of 79 by 28 places cannot be represented in type 'int' Fixes: 20202/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5719004081815552 Fixes: 20219/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5641738677125120 Fixes: 20389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5680721517871104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `be54da2117`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	5e83098085	avcodec/mlpdsp: Fix a invalid shift in ff_mlp_rematrix_channel() Fixes: left shift of negative value -2 Fixes: 20305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5677196618498048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Jai Luthra <me@jailuthra.in> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fcc9f13717`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	51c084bf72	avcodec/avdct: Clear IDCTDSPContext context Fixes use of uninitialized variable and segfault Reviewed-by: Paul B Mahol <onemda@gmail.com> Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b82825eba8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	9ed9c8cc51	avcodec/x86/diracdsp: Fix high bits on Windows x86_64 Found-by: james (cherry picked from commit `24af459d1e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	e1146c8b72	avformat/mov: Check STCO location Fixes: bypassing of checks and assertion failure Fixes: asan_1003879.mp4 Found-by: Clusterfuzz + asan Reported-by: Thomas Guilbert <tguilbert@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1cd4184020`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	862c0048ec	avcodec/wmalosslessdec: Fix multiple integer overflows Fixes: left shift of 3329 by 20 places cannot be represented in type 'int' Fixes: signed integer overflow: -199378355 + -1948950833 cannot be represented in type 'int' Fixes: 19837/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5752565837070336 Fixes: 19839/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5767483265122304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `422202516c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	109cab1487	avcodec/apedec: Fix undefined integer overflow in decode_array_0000() Fixes: signed integer overflow: -2143289344 - 6246400 cannot be represented in type 'int' Fixes: 19239/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5173755680915456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a3655bb02c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	b7c2f4d298	avcodec/smacker: Check space before decoding type Fixes: Timeout (232sec -> 280ms) Fixes: 19682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5654129649385472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6f5c18da59`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	3f42af0342	avcodec/rawdec: Use linesize in b64a Fixes: out of array access Fixes: 19750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RAWVIDEO_fuzzer-5074834119983104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2b5b9d5dac`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	57278dac15	avcodec/iff: Over-allocate ham_palbuf for HAM6 IFF-PBM IFF-PBM-HAM6 can read out of array without this overallocation Fixes: Out of array read Fixes: 19752/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5675331403120640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8652f4e7a1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	e1bea6d412	avcodec/x86/diracdsp: Fix incorrect src addressing in dequant_subband_32() Fixes: Segfault (not reproducable with asm, which made this hard to debug) Fixes: decoding errors Fixes: 19854/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5729372837511168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0694b60b7b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	7a7be53ac5	avfilter/vf_find_rect: Remove assert A score of 0 is possible Fixes: Ticket8500 Reviewed-by: Paul B Mahol <onemda@gmail.com> Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dfc4714886`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	b7b8aeef13	avfilter/vf_find_rect: Increase worst case score score could be 1.0 which lead to uninitialized values Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6ff2474e02`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	cfd165dda7	swscale/input: Fix several invalid shifts related to rgb2yuv constants Fixes: Invalid shifts Fixes: #8140 Fixes: #8146 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d48e510124`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	f541744f73	swscale/output: Fix several invalid shifts in yuv2rgb_full_1_c_template() Fixes: Invalid shifts Fixes: #8320 Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7b7f97532b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	0ec11133d9	swscale/swscale: Fix several invalid shifts related to vChrDrop Fixes: Invalid shifts Fixes: #8166 Fixes: filter-crop_scale_vflip FATE-test Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a6ca22c118`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00
Michael Niedermayer	88326e29dc	avcodec/hevc_mp4toannexb_bsf: check that nalu size doesnt overflow Fixes: Out of array access Fixes: 19299/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_MP4TOANNEXB_fuzzer-5169193398042624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a8ceb2a72f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +02:00

1 2 3 4 5 ...

93045 Commits