virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-03 05:10:03 +02:00
Code Issues Releases Activity
79,195 Commits 37 Branches 400 Tags 467 MiB
532f0d1278
Commit Graph

79195 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
43d7b1e42f avcodec/takdec: Fix integer overflow in decode_subframe() 
Fixes: runtime error: signed integer overflow: -536870912 - 1972191120 cannot be represented in type 'int'
Fixes: 2711/clusterfuzz-testcase-minimized-4975142398590976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c630d159f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-29 14:18:35 +02:00
Michael Niedermayer
81c940b151 avformat/rtmppkt: Convert ff_amf_get_field_value() to bytestream2 
Fixes: out of array accesses

Found-by: JunDong Xie of Ant-financial Light-Year Security Lab
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ffcc82219c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-29 14:17:58 +02:00
Michael Niedermayer
2954ce9dea avformat/rtmppkt: Convert ff_amf_tag_size() to bytestream2 
Fixes: out of array accesses
Fixes: crash-9238fa9e8d4fde3beda1f279626f53812cb001cb-SEGV

Found-by: JunDong Xie of Ant-financial Light-Year Security Lab
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 08c073434e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-29 04:49:47 +02:00
Michael Niedermayer
654e157d21 avcodec/diracdec: Fix integer overflow in signed multiplication in UNPACK_ARITH() 
Fixes: runtime error: signed integer overflow: 1073741823 * 4 cannot be represented in type 'int'
Fixes: 2729/clusterfuzz-testcase-minimized-5902915464069120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8e275a74b0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-28 03:41:09 +02:00
Michael Niedermayer
f31fc4755f avcodec/dnxhddec: Move mb height check out of non hr branch 
Fixes: out of array access
Fixes: poc.dnxhd

Found-by: Bingchang, Liu@VARAS of IIE
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 296debd213)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-27 03:11:20 +02:00
Michael Niedermayer
665311ab1f avcodec/hevc_ps: fix integer overflow in log2_parallel_merge_level_minus2 
Fixes: runtime error: signed integer overflow: -2147483647 - 2 cannot be represented in type 'int'
Fixes: 2702/clusterfuzz-testcase-minimized-4511932591636480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 74c1c22d7f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-26 17:25:17 +02:00
Michael Niedermayer
8c05ac89d3 avformat/oggparsecelt: Do not re-allocate os->private 
Fixes: double free
Fixes: clusterfuzz-testcase-minimized-5080550145785856

Found-by: ClusterFuzz
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7140761481)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-26 00:15:38 +02:00
Michael Niedermayer
3fd54e4440 avcodec/aacps: Fix multiple integer overflow in map_val_34_to_20() 
Fixes: avcodec/aacps.c:511:40: runtime error: signed integer overflow: 1509077651 + 758068176 cannot be represented in type 'int'
Fixes: 2678/clusterfuzz-testcase-minimized-4702787684270080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0764fe1d09)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-26 00:14:03 +02:00
Michael Niedermayer
d4bc7fc412 avcodec/aacdec_fixed: fix: left shift of negative value -1 
Fixes: 2699/clusterfuzz-testcase-minimized-5631303862976512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2dfb8c4178)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-26 00:11:56 +02:00
Brice Waegeneire
d57345e8d0 doc/filters: typo in frei0r 
Signed-off-by: Brice Waegeneire <brice.wge@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6a6eec485d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-23 15:01:04 +02:00
Vodyannikov Aleksandr
8642322b9f avcodec/cfhd: Fix decoding regression due to height check 
Fixes: Ticket6546

Regression since: 54aaadf648

Reviewed-by: Muhammad Faiz <mfcc64@gmail.com>
Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47c9365724)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-23 15:00:53 +02:00
Michael Niedermayer
0df61711cf Changelog: update 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 13:48:31 +02:00
Michael Niedermayer
4e7ddba594 avcodec/aacdec_template (fixed point): Check gain in decode_cce() to avoid undefined shifts later 
Fixes: runtime error: shift exponent 47 is too large for 32-bit type 'int'
Fixes: 2581/clusterfuzz-testcase-minimized-4681474395602944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2886142e0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 04:03:10 +02:00
Michael Niedermayer
5e78e477fa avcodec/aacdec_template: Fix undefined integer overflow in apply_tns() 
Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 cannot be represented in type 'int'
Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ef8f03133)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 03:54:39 +02:00
Michael Niedermayer
9a2ca3cce2 avcodec/mjpegdec: Clip DC also on the negative side. 
Fixes: runtime error: signed integer overflow: -16711425 + -2130772346 cannot be represented in type 'int'
Fixes: 2533/clusterfuzz-testcase-minimized-5372857678823424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c28f648b19)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 03:48:00 +02:00
Michael Niedermayer
f1143f5dc0 avcodec/aacps (fixed point): Fix multiple signed integer overflows 
Fixes: runtime error: signed integer overflow: 1421978265 - -1810326882 cannot be represented in type 'int'
Fixes: 2527/clusterfuzz-testcase-minimized-5260915396050944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 80b9e40b6f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 03:47:45 +02:00
Michael Niedermayer
0ddff40bf8 avcodec/sbrdsp_fixed: Fix integer overflow in sbr_hf_apply_noise() 
Fixes: runtime error: signed integer overflow: -2049425300 + -117591631 cannot be represented in type 'int'
Fixes: part of 2096/clusterfuzz-testcase-minimized-4901566068817920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2061de8a3f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 03:39:53 +02:00
Michael Niedermayer
2170bdb56d avcodec/wavpack: Fix invalid shift 
Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 2377/clusterfuzz-testcase-minimized-6108505935183872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c07af72098)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 02:50:35 +02:00
Michael Niedermayer
665885bfc1 avcodec/hevc_ps: Fix integer overflow with beta/tc offsets 
Fixes: runtime error: signed integer overflow: 2113929216 * 2 cannot be represented in type 'int'
Fixes: 2422/clusterfuzz-testcase-minimized-5242114713583616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit de54a37c1d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 02:50:01 +02:00
Michael Niedermayer
7807d2478b avcodec/cfhd: Fix invalid left shift of negative value 
Fixes: runtime error: left shift of negative value -1
Fixes: 2395/clusterfuzz-testcase-minimized-6540529313513472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c709f009da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 02:49:04 +02:00
Michael Niedermayer
cc9082dce1 avcodec/vb: Check vertical GMC component before multiply 
Fixes: runtime error: signed integer overflow: 8224 * 663584 cannot be represented in type 'int'
Fixes: 2393/clusterfuzz-testcase-minimized-6128334993883136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc6ab72bc7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 02:48:40 +02:00
Michael Niedermayer
34535941ae avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int() 
Fixes: runtime error: signed integer overflow: -163654656 * 256 cannot be represented in type 'int'
Fixes: 2367/clusterfuzz-testcase-minimized-4648678897745920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea5366670e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-19 02:45:52 +02:00
Michael Niedermayer
3cae97b090 avcodec/apedec: Fix integer overflow 
Fixes: out of array access
Fixes: PoC.ape and others

Found-by: Bingchang, Liu@VARAS of IIE
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba4beaf614)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-07-16 17:02:31 +02:00
Michael Niedermayer
654ff56103 Update for 3.0.9 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-25 02:55:08 +02:00
Michael Niedermayer
0fe174fa9c avcodec/wavpack: Fix integer overflow in wv_unpack_stereo() 
Fixes: runtime error: signed integer overflow: 2080374785 + 2080374784 cannot be represented in type 'int'
Fixes: 2351/clusterfuzz-testcase-minimized-5359403240783872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 73ea2a028e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-25 02:52:41 +02:00
Michael Niedermayer
8b9e522e08 avcodec/mpeg4videodec: Fix GMC with videos of dimension 1 
Fixes: runtime error: shift exponent -1 is negative
Fixes: 2338/clusterfuzz-testcase-minimized-5153426541379584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4976a3411f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-25 02:48:01 +02:00
Michael Niedermayer
bb02e5bc09 avcodec/wavpack: Fix integer overflow 
Fixes: runtime error: signed integer overflow: 227511904 + 1964113935 cannot be represented in type 'int'
Fixes: 2331/clusterfuzz-testcase-minimized-6182185830711296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 24e95f9d4d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-23 03:05:55 +02:00
Michael Niedermayer
addf70e492 avcodec/takdec: Fix integer overflow 
Fixes: runtime error: signed integer overflow: 512 + 2147483146 cannot be represented in type 'int'
Fixes: 2314/clusterfuzz-testcase-minimized-4519333877252096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c2ef4f6b4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-23 03:05:44 +02:00
Michael Niedermayer
0879ecd4a3 avcodec/tiff: Update pointer only when the result is used 
Fixes: runtime error: signed integer overflow: 538976288 * 32 cannot be represented in type 'int'
Fixes: 2310/clusterfuzz-testcase-minimized-4534784887881728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 27f80ab016)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-23 03:05:34 +02:00
Michael Niedermayer
df11b45644 avcodec/cfhd: Check bpc before setting bpc in context 
Fixes: runtime error: shift exponent 32 is too large for 32-bit type 'int'
Fixes: 2306/clusterfuzz-testcase-minimized-5002997392211968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f1d2355a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-22 03:09:18 +02:00
Michael Niedermayer
605bc45295 avcodec/cfhd: Fix undefined shift 
Fixes: runtime error: left shift of negative value -1
Fixes: 2303/clusterfuzz-testcase-minimized-5529675273076736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a950f4e32)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-22 03:08:58 +02:00
Michael Niedermayer
eb7ad56075 avcodec/hevc_filter: Fix invalid shift 
Fixes: runtime error: left shift of negative value -1

Fixes: 2299/clusterfuzz-testcase-minimized-4843509351710720

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d7b3d5c3f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-22 03:08:45 +02:00
Michael Niedermayer
6dca67f3a6 avcodec/mpeg4videodec: Fix overflow in virtual_ref computation 
Fixes: runtime error: signed integer overflow: 262144 * -16120 cannot be represented in type 'int'
Fixes: 2292/clusterfuzz-testcase-minimized-6156080415506432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5443c4bdf4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-22 03:08:35 +02:00
Michael Niedermayer
fae49f28e6 avcodec/lpc: signed integer overflow in compute_lpc_coefs() (aacdec_fixed) 
Fixes: runtime error: signed integer overflow: -1575818955 + -915383657 cannot be represented in type 'int'
Fixes: 2224/clusterfuzz-testcase-minimized-6208559949807616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e95fcfe8fb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-22 03:08:23 +02:00
Michael Niedermayer
628e2b2dd3 avcodec/wavpack: Fix undefined integer negation 
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 2291/clusterfuzz-testcase-minimized-5538453481586688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f89747086)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-22 03:07:20 +02:00
Michael Niedermayer
784d57bb62 avcodec/aacdec_fixed: Check s for being too small 
Fixes: runtime error: shift exponent -8 is negative
Fixes: 2286/clusterfuzz-testcase-minimized-5711764169687040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf7edbd6c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-22 03:07:08 +02:00
Michael Niedermayer
9b346f12fa avcodec/htmlsubtitles: Replace very slow redundant sscanf() calls by cleaner and faster code 
This reduces the worst case from O(n²) to O(n) time

Fixes Timeout
Fixes: 2127/clusterfuzz-testcase-minimized-6595787859427328

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4132218b87)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-22 03:06:43 +02:00
Anton Mitrofanov
85e0f61b41 avcodec/h264: Fix mix of lossless and lossy MBs decoding 
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit cf231b68da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 03:09:09 +02:00
Anton Mitrofanov
273e87be3b avcodec/h264_mb: Fix 8x8dct in lossless for new versions of x264 
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 06dda70f1e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 03:04:29 +02:00
Anton Mitrofanov
48ab5a4dc0 avcodec/h264_cabac: Fix CABAC+8x8dct in 4:4:4 
Use the correct ctxIdxInc calculation for coded_block_flag.
Keep old behavior for old versions of x264 for backward compatibility.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 840b41b2a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 02:05:09 +02:00
Michael Niedermayer
d5abcaacb3 avcodec/takdec: Fixes: integer overflow in AV_SAMPLE_FMT_U8P output 
Fixes: runtime error: signed integer overflow: 2147483543 + 128 cannot be represented in type 'int'
Fixes: 2234/clusterfuzz-testcase-minimized-6266896041115648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 27c2006805)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 02:05:09 +02:00
Michael Niedermayer
e46f8c96d0 avcodec/jpeg2000dsp: Reorder operations in ict_int() to avoid 2 integer overflows 
Fixes: runtime error: signed integer overflow: 58065 * 51981 cannot be represented in type 'int'
Fixes: 2271/clusterfuzz-testcase-minimized-5778297776504832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c746f92a8e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 02:05:09 +02:00
Michael Niedermayer
fce334274b avcodec/hevcpred_template: Fix left shift of negative value 
Fixes: runtime error: left shift of negative value -1
Fixes: 2250/clusterfuzz-testcase-minimized-5693382112313344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c94326c1fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 02:05:09 +02:00
Michael Niedermayer
59d40e2d68 avcodec/hevcdec: Fix signed integer overflow in decode_lt_rps() 
Fixes: runtime error: signed integer overflow: 2147483647 + 6 cannot be represented in type 'int'
Fixes: 2263/clusterfuzz-testcase-minimized-4800359627227136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1edbf5e20c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 02:05:09 +02:00
Michael Niedermayer
e8555274b9 avcodec/jpeg2000dec: Check nonzerobits more completely 
Fixes: runtime error: shift exponent 36 is too large for 32-bit type 'int'
Fixes: 2239/clusterfuzz-testcase-minimized-5639766592716800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dfb61ea263)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 02:05:09 +02:00
Michael Niedermayer
79393f4fb1 avcodec/shorten: Sanity check maxnlpc 
Fixes OOM
Fixes: 2131/clusterfuzz-testcase-minimized-4718045157130240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e77ddd31a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 02:05:09 +02:00
Michael Niedermayer
a5feb7e9bd avcodec/truemotion2: Move skip computation after checks 
Fixes: runtime error: signed integer overflow: 630067357 * 4 cannot be represented in type 'int'
Fixes: 2233/clusterfuzz-testcase-minimized-5943031318446080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3c716682a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 02:05:09 +02:00
Michael Niedermayer
23d02b4465 avcodec/jpeg2000: Fixes integer overflow in ff_jpeg2000_ceildivpow2() 
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 2231/clusterfuzz-testcase-minimized-4565181982048256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3fadc57c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 02:05:09 +02:00
Michael Niedermayer
f19152559f avcodec/hevcdec: Check nb_sps 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc40674462)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 02:05:09 +02:00
Michael Niedermayer
7c82082ac8 avcodec/hevc_refs: Check nb_refs in add_candidate_ref() 
Fixes: runtime error: index 16 out of bounds for type 'int [16]'
Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1cb4ef526d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-06-20 02:05:09 +02:00