virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-02-04 06:08:26 +02:00
Code Issues Releases Activity
85,446 Commits 37 Branches 400 Tags
Commit Graph

85446 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Brice Waegeneire
4627033a23 doc/filters: typo in frei0r 
Signed-off-by: Brice Waegeneire <brice.wge@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6a6eec485d23b0c47a7cfeb94995db1be91c0e1a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-23 15:01:03 +02:00
Vodyannikov Aleksandr
20c440edbc avcodec/cfhd: Fix decoding regression due to height check 
Fixes: Ticket6546

Regression since: 54aaadf648073149f1ac34f56cbde4e6c5aa22ef

Reviewed-by: Muhammad Faiz <mfcc64@gmail.com>
Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47c93657249f1a4bc8a7aaf2f9f3a33510bee38c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-23 15:00:51 +02:00
Michael Niedermayer
ab81ea1035 Update for 3.3.3 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:28:08 +02:00
Michael Niedermayer
2f2904030f avcodec/aacdec_template (fixed point): Check gain in decode_cce() to avoid undefined shifts later 
Fixes: runtime error: shift exponent 47 is too large for 32-bit type 'int'
Fixes: 2581/clusterfuzz-testcase-minimized-4681474395602944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2886142e0c3b5f4304c6e2a2bd282770a8a47f93)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
064d0c6462 avcodec/ffv1dec_template: Fix signed integer overflow 
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 2634/clusterfuzz-testcase-minimized-4540890636877824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4de4308d2aa3bfaa286ab566caf087d523cf9a85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
9ce4350c48 avcodec/aacdec_template: Fix undefined integer overflow in apply_tns() 
Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 cannot be represented in type 'int'
Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ef8f03133a0bd83c74200a8cf30982c0f574016)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
6ae1b70cb4 avcodec/magicyuv: Check that vlc len is not too large 
Fixes: runtime error: shift exponent -95 is negative
Fixes: 2568/clusterfuzz-testcase-minimized-4926115716005888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 341f01290c2353669ed2263f56e1a9f4c67cc597)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
dbb121688c avcodec/mjpegdec: Clip DC also on the negative side. 
Fixes: runtime error: signed integer overflow: -16711425 + -2130772346 cannot be represented in type 'int'
Fixes: 2533/clusterfuzz-testcase-minimized-5372857678823424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c28f648b19dd36ff9bc869ad527a1569a0b623e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
1667b3ea0f avcodec/aacps (fixed point): Fix multiple signed integer overflows 
Fixes: runtime error: signed integer overflow: 1421978265 - -1810326882 cannot be represented in type 'int'
Fixes: 2527/clusterfuzz-testcase-minimized-5260915396050944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 80b9e40b6f1e15db9f36c195e7375e65f6b4924f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
20d4514f25 avcodec/ylc: Fix vlc of 31 bits 
Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 2515/clusterfuzz-testcase-minimized-6197200012967936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fe9242204d33db070b8a9d907d93c9ead8a6f3ee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
8d3ac812ff avcodec/sbrdsp_fixed: Fix integer overflow in sbr_hf_apply_noise() 
Fixes: runtime error: signed integer overflow: -2049425300 + -117591631 cannot be represented in type 'int'
Fixes: part of 2096/clusterfuzz-testcase-minimized-4901566068817920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2061de8a3f73f14806e5f6ccaf9a635f740a54e6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
ba3a4a94bc avcodec/hevcdec: do not let updated extradata corrupt state 
Fixes: out of array access
Fixes: 2451/clusterfuzz-testcase-minimized-4781613957251072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Hendrik Leppkes <h.leppkes@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8cfbc6629c1fe5755b59a3bcfd95ad08b843a07)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
fb55620369 avcodec/wavpack: Fix invalid shift 
Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 2377/clusterfuzz-testcase-minimized-6108505935183872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c07af720984acaafaa273369080b458d73975775)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
0a36341e96 avcodec/h264_slice: Fix signed integer overflow 
Fixes: runtime error: signed integer overflow: 26 + 2147483644 cannot be represented in type 'int'
Fixes: 2456/clusterfuzz-testcase-minimized-4822695051001856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7592d97f10134422d4509ab1287796af70e003ba)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
1a21edf7b8 avcodec/hevc_ps: Fix integer overflow with beta/tc offsets 
Fixes: runtime error: signed integer overflow: 2113929216 * 2 cannot be represented in type 'int'
Fixes: 2422/clusterfuzz-testcase-minimized-5242114713583616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit de54a37c1dfa2817b5838720fac44e82312ccbfd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
94c8e53034 avcodec/cfhd: Fix invalid left shift of negative value 
Fixes: runtime error: left shift of negative value -1
Fixes: 2395/clusterfuzz-testcase-minimized-6540529313513472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c709f009dad20d99b28918f4f8d7cd394b838def)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
132037ad5b avcodec/vb: Check vertical GMC component before multiply 
Fixes: runtime error: signed integer overflow: 8224 * 663584 cannot be represented in type 'int'
Fixes: 2393/clusterfuzz-testcase-minimized-6128334993883136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc6ab72bc7af27189e7b524b97e45c6fcadab5cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
f3cb2eedeb avcodec/hevcdec: do basic validity check on delta_chroma_weight and offset 
Fixes: runtime error: signed integer overflow: 2147483520 + 128 cannot be represented in type 'int'
Fixes: 2385/clusterfuzz-testcase-minimized-6594333576790016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c874548d663225a61b9c25a8b2ce490d26b65fa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
736c73a243 avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int() 
Fixes: runtime error: signed integer overflow: -163654656 * 256 cannot be represented in type 'int'
Fixes: 2367/clusterfuzz-testcase-minimized-4648678897745920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea5366670e26b2c6c396e6a5f49827a2b71e6dd6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
0272afe70d avcodec/apedec: Fix integer overflow 
Fixes: out of array access
Fixes: PoC.ape and others

Found-by: Bingchang, Liu@VARAS of IIE
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba4beaf6149f7241c8bd85fe853318c2f6837ad0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
165b2ee692 avcodec/wavpack: Fix integer overflow in wv_unpack_stereo() 
Fixes: runtime error: signed integer overflow: 2080374785 + 2080374784 cannot be represented in type 'int'
Fixes: 2351/clusterfuzz-testcase-minimized-5359403240783872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 73ea2a028e12a7d779834f78dc496c8c4b08361f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
ea153eb52c avcodec/hevc_ps: Fix max_dec_buffer check 
Fixes: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 2339/clusterfuzz-testcase-minimized-6663164320022528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 63e7bfe78e6d764097e845248f6d77b28b2b235c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
f21e96109d avcodec/mpeg4videodec: Fix GMC with videos of dimension 1 
Fixes: runtime error: shift exponent -1 is negative
Fixes: 2338/clusterfuzz-testcase-minimized-5153426541379584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4976a3411f71518d17a57e373b62517f066648fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
94f3c06678 avcodec/wavpack: Fix integer overflow 
Fixes: runtime error: signed integer overflow: 227511904 + 1964113935 cannot be represented in type 'int'
Fixes: 2331/clusterfuzz-testcase-minimized-6182185830711296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 24e95f9d4de012f51fdd5767dff0b3142e13ec3a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
3ed986522a avcodec/takdec: Fix integer overflow 
Fixes: runtime error: signed integer overflow: 512 + 2147483146 cannot be represented in type 'int'
Fixes: 2314/clusterfuzz-testcase-minimized-4519333877252096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c2ef4f6b4d52a7b7184c747ffea3576926ea1b1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
f1116294aa avcodec/tiff: Update pointer only when the result is used 
Fixes: runtime error: signed integer overflow: 538976288 * 32 cannot be represented in type 'int'
Fixes: 2310/clusterfuzz-testcase-minimized-4534784887881728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 27f80ab0160d2e64007e1c9799ffd4504cc13eb5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
0749384f0a avcodec/cfhd: Check bpc before setting bpc in context 
Fixes: runtime error: shift exponent 32 is too large for 32-bit type 'int'
Fixes: 2306/clusterfuzz-testcase-minimized-5002997392211968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f1d2355a7e4d681bea82b4cf4280272d9fe8af3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
fe8960ab86 avcodec/cfhd: Fix undefined shift 
Fixes: runtime error: left shift of negative value -1
Fixes: 2303/clusterfuzz-testcase-minimized-5529675273076736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a950f4e32a9756391f81987246d96b6549dd447)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
5b8a97d000 avcodec/hevc_filter: Fix invalid shift 
Fixes: runtime error: left shift of negative value -1

Fixes: 2299/clusterfuzz-testcase-minimized-4843509351710720

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d7b3d5c3f2e2ff1994762b5e09c05fbc33790b5b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
ada21bca55 avcodec/mpeg4videodec: Fix overflow in virtual_ref computation 
Fixes: runtime error: signed integer overflow: 262144 * -16120 cannot be represented in type 'int'
Fixes: 2292/clusterfuzz-testcase-minimized-6156080415506432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5443c4bdf4828ac5b7b19cf54feb496c2da40079)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
72403ba2b9 avcodec/lpc: signed integer overflow in compute_lpc_coefs() (aacdec_fixed) 
Fixes: runtime error: signed integer overflow: -1575818955 + -915383657 cannot be represented in type 'int'
Fixes: 2224/clusterfuzz-testcase-minimized-6208559949807616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e95fcfe8fb28fdfdaecec465c60aad79bc340a3d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
eaf2bacca1 avcodec/wavpack: Fix undefined integer negation 
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 2291/clusterfuzz-testcase-minimized-5538453481586688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f89747086af741ddc34e2378cde8519b8faee78)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
cf61bf8107 avcodec/aacdec_fixed: Check s for being too small 
Fixes: runtime error: shift exponent -8 is negative
Fixes: 2286/clusterfuzz-testcase-minimized-5711764169687040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf7edbd6c5d48d7302877352f7b60092d5b65243)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
93456ca3ea avcodec/htmlsubtitles: Replace very slow redundant sscanf() calls by cleaner and faster code 
This reduces the worst case from O(n²) to O(n) time

Fixes Timeout
Fixes: 2127/clusterfuzz-testcase-minimized-6595787859427328

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4132218b87cd6fb13abd162e3037ef4563286baa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Anton Mitrofanov
b2522f35ec avcodec/h264: Fix mix of lossless and lossy MBs decoding 
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit cf231b68da1150c100114f2c5671b7ed740f917a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Anton Mitrofanov
e8558abeaf avcodec/h264_mb: Fix 8x8dct in lossless for new versions of x264 
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 06dda70f1e7c69a3b1684af5e6930431c62c527a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Anton Mitrofanov
b8d0d76740 avcodec/h264_cabac: Fix CABAC+8x8dct in 4:4:4 
Use the correct ctxIdxInc calculation for coded_block_flag.
Keep old behavior for old versions of x264 for backward compatibility.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 840b41b2a643fc8f0617c0370125a19c02c6b586)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
4384481fbc avcodec/takdec: Fixes: integer overflow in AV_SAMPLE_FMT_U8P output 
Fixes: runtime error: signed integer overflow: 2147483543 + 128 cannot be represented in type 'int'
Fixes: 2234/clusterfuzz-testcase-minimized-6266896041115648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 27c20068054d8c6786833234f7b6db19f1e98362)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
347cc89daf avcodec/jpeg2000dsp: Reorder operations in ict_int() to avoid 2 integer overflows 
Fixes: runtime error: signed integer overflow: 58065 * 51981 cannot be represented in type 'int'
Fixes: 2271/clusterfuzz-testcase-minimized-5778297776504832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c746f92a8e03d5a062359fba836eba4b3530687e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
7119574f48 avcodec/hevcpred_template: Fix left shift of negative value 
Fixes: runtime error: left shift of negative value -1
Fixes: 2250/clusterfuzz-testcase-minimized-5693382112313344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c94326c1fc2fb5719c6f28fe1b95c0c74417998b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
f17443cdcd avcodec/hevcdec: Fix signed integer overflow in decode_lt_rps() 
Fixes: runtime error: signed integer overflow: 2147483647 + 6 cannot be represented in type 'int'
Fixes: 2263/clusterfuzz-testcase-minimized-4800359627227136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1edbf5e20c75f06d6987bc823e63aa4e649ccddd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
ee2396cefd avcodec/jpeg2000dec: Check nonzerobits more completely 
Fixes: runtime error: shift exponent 36 is too large for 32-bit type 'int'
Fixes: 2239/clusterfuzz-testcase-minimized-5639766592716800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dfb61ea2630029b7aec7911aade769bf1a914eea)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
01ed8d93b2 avcodec/shorten: Sanity check maxnlpc 
Fixes OOM
Fixes: 2131/clusterfuzz-testcase-minimized-4718045157130240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e77ddd31a8e14bcf5eccd6008d866ae90b4b0d4c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
1729101c44 avcodec/truemotion2: Move skip computation after checks 
Fixes: runtime error: signed integer overflow: 630067357 * 4 cannot be represented in type 'int'
Fixes: 2233/clusterfuzz-testcase-minimized-5943031318446080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3c716682a8b69e6644a385a663aaf0e5dc808ae8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
15cc151709 avcodec/jpeg2000: Fixes integer overflow in ff_jpeg2000_ceildivpow2() 
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 2231/clusterfuzz-testcase-minimized-4565181982048256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3fadc57c5c170f31455abacbcbd67115d7321d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
0a709e2a10 avcodec/dnxhd_parser: Do not return invalid value from dnxhd_find_frame_end() on error 
Fixes: Null pointer dereference

Fixes: CVE-2017-9608
Found-by: Yihan Lian
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 611b35627488a8d0763e75c25ee0875c5b7987dd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
10d821309b avcodec/hevcdec: Check nb_sps 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc406744620710911de9157eafa3e61d0246566f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
f8a331598e avcodec/hevc_refs: Check nb_refs in add_candidate_ref() 
Fixes: runtime error: index 16 out of bounds for type 'int [16]'
Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1cb4ef526dd1e5f547d0354efb0831d07e967919)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
f33c3ccbe7 avcodec/mpeg4videodec: Check sprite delta upshift against overflowing. 
Fixes: runtime error: signed integer overflow: -268386304 * 16 cannot be represented in type 'int'
Fixes: 2204/clusterfuzz-testcase-minimized-5616756909408256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12245ab1f677074b8ff83e87f76a41aba692ccd6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00
Michael Niedermayer
7a86581afd avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 case 
Fixes: runtime error: signed integer overflow: 131072 + 2147352576 cannot be represented in type 'int'
Fixes: 2192/clusterfuzz-testcase-minimized-5370387988742144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0a87be404ab7e3f47e67e79160dcc9623e36835b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 15:26:37 +02:00