This is not necessarily specific to fuzzed files
Fixes: Multiple integer overflows
Fixes: 656/clusterfuzz-testcase-6463814516080640
Fixes: 658/clusterfuzz-testcase-6691260146384896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 76ba09d18245a2a41dc5f93a60fd00cdf358cb1f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 651/clusterfuzz-testcase-5710668915277824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6871df02d973c9ffc1aa4f6d08fb4b1b63d411be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 644/clusterfuzz-testcase-4726434209726464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6179dc8aa7e5fc5358b9614306f93f1adadf22a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 639/clusterfuzz-testcase-5143866241974272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 631f7484918a9e7260377c3cea878be708609e64)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 630/clusterfuzz-testcase-6608718928019456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 956472a3236cc8eaeba5147c55b51bde6005c898)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 614/clusterfuzz-testcase-4931860079575040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 258763ad0e1efff82bbe2beb97527d3c19f40932)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 612/clusterfuzz-testcase-4707817137111040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa2b75263e17651187b1475551a02aa2f4ff65fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 611/clusterfuzz-testcase-5613455820193792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c91bdd4524815125e1f7d8dee22ee7a73173c39a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 610/clusterfuzz-testcase-4831030085156864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 067485b673f6ac4b1207d6fc975d1fd968edc68e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: timeout in 758/clusterfuzz-testcase-4720832028868608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e913f212907048d7009cf2f15551781c69b9985)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 447860.webm
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9bbc73ae9fdedc8789b2b6be65279e9a0ecd7090)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: timeout in 730/clusterfuzz-testcase-5265113739165696 (part 2 of 2)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1afd246960202917e244c844c534e9c1e3c323f5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: timeout in 730/clusterfuzz-testcase-5265113739165696 (part 1 of 2)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 55d7371fe0c44c025eb0e75215e0685870f31874)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5098a6f6275a57f122cd8f03e7ffbe5dd090b8e0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes timeout with 700/clusterfuzz-testcase-5660909504561152
Fixes timeout with 702/clusterfuzz-testcase-4553541576294400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ce4f28431623cdde4aa496fd10430f6c7bdef63)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d8094a303ba36344015a44d629bafc6d7094b4ac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes timeout with 686/clusterfuzz-testcase-5853946876788736
this shortcuts (i.e. speeds up) the error and
return-to-user when decoding a truncated frame
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Previous version reviewed by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b5ff7d57355dc608f0fd86e3ab32a2fda65e752)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c0139463c8f0a6f28e7b193c2a85608a7635bbd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 664/clusterfuzz-testcase-4917047475568640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2b8b7921c55a93049a86cfeb2fda9423d16f8ebe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4614bf2caf67a89c2d833b3368f325eab54582bc)
(cherry picked from commit e8d4eacc07c61ae24f48451073a2620d8d257d33)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3f2a09a43f6fade53227804459e6babb1c7248b3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 764/clusterfuzz-testcase-6273034652483584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a720b854b0d3f0fae2b1eac644dd39e5821cacb1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Similar code is used elsewhere in vp56 to force a more complete reinit in the future.
Fixes null pointer dereference
Fixes: 707/clusterfuzz-testcase-4717453097566208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4bed06637729ab000b79250c67d53078300e37c4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This should fix the fate failure due to a truncated last frame.
Alternatively the frame could be dropped.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d34bf886e963445350c4987f7a9ed77bd9c9a5c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 669/clusterfuzz-testcase-4847965409640448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6bd79ba59f46a8b3133f28faae53b75540469803)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 666/clusterfuzz-testcase-6581447227867136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 310d2af319d9113263f75e94f5a1b211c05260b5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 664/clusterfuzz-testcase-4917047475568640
The change to fate is due to a truncated last frames which is now detected as damaged.
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 513a3494396d0a20233273b3cadcb5ee86485d5c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 665/clusterfuzz-testcase-4863789881098240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d81616be332cca99304d0b747c2c8e2d719f349)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This also fixes several integer overflows by checking each value before
use.
Fixes: 662/clusterfuzz-testcase-4898131432964096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8696f254444c2ec24daa570f26feadbd3df911e4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 617/clusterfuzz-testcase-6413875723370496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c11d3634b07b4aa71f75478aa1bcb63b0c22e030)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: shift exponent 132 is too large for 32-bit type 'int'
Fixes: 609/clusterfuzz-testcase-4825202619842560
See 11.2.2 IHDR Image header
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4279613a2652cdf2bee564f4b7244567e5ba91ba)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 608/clusterfuzz-testcase-603978286392934
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 706757d26dd5e606c1745a4bb53fe45f6d6493cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 607/clusterfuzz-testcase-5108792465293312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12eebb845a7fe1ced91606547352cbdd93a2726d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reported-by: SleepProgger <security@gnutp.com>
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8fa18e042ad2c078f759692f1db5629d16d70595)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 874eb012f75bc18bb6d79ad4bc0912afa21751f3)
Also make it more readable while at it.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 2a8a8a2e98136c22f6e07ff669251afb8a033676)
Conflicts:
libswresample/resample.c
Core of patch is from paul@paulmehta.com
Reference https://crbug.com/643951
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Check value reduced as the code does not support values beyond INT_MAX
Also the check is moved to a more common place and before integer truncation
(cherry picked from commit 2d453188c2303da641dafb048dc1806790526dfd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Core of patch is from paul@paulmehta.com
Reference https://crbug.com/643950
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Check value reduced as the code does not support larger lengths
(cherry picked from commit fd30e4d57fe5841385f845440688505b88c0f4a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 559/clusterfuzz-testcase-6424225917173760
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c2ea3030af7b40a3c4275696fb5c76cdb80950a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Blocks are marked as key frames whenever the "reference" field is
zero. This breaks for non-keyframe Blocks with a reference timestamp
of zero.
The likelihood of reference timestamp being zero is increased by a
longstanding bug in muxing that encodes reference timestamp as the
absolute time of the referenced frame (rather than relative to the
current Block timestamp, as described in MKV spec).
Now using INT64_MIN to denote "no reference".
Reported to chromium at http://crbug.com/497889 (contains sample)
(cherry picked from commit ac25840ee32888f0c13118edeb9404a123cd3a79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: 546/clusterfuzz-testcase-4809433909559296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e477f09d0b3619f3d29173b2cd593e17e2d1978e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Fixes: 544/clusterfuzz-testcase-5936536407244800.f8bd9b24_8ba77916_70c2c7be_3df6a2ea_96cd9f14
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b1e2192007d7026049237c9ab11e05ae71bf4f42)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
