FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	53e3119d0f	avcodec/jpeg2000dec: Check for reduction factor and image offset This combination is not working (it writes out of array) Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9b6d191a66a8d9b3064efecc79a9f44fb14d7875) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:26 +02:00
Michael Niedermayer	949636ca60	avutil/softfloat: Basic documentation for av_sincos_sf() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4aa1a42a91438b7107d2d77db1fc5ca95c27740c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:25 +02:00
Michael Niedermayer	2c57b7c65b	avutil/softfloat: fix av_sincos_sf() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d84677abd8ffb8ca8ad94eced6d9e03928f35d79) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:25 +02:00
Michael Niedermayer	5524362efb	avcodec/utils: fix 2 integer overflows in get_audio_frame_duration() Fixes: signed integer overflow: 256 * 668003712 cannot be represented in type 'int' Fixes: 59819/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4674636538052608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a4bf559683a999c8faa408fdd8f29bd28a6a47ea) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:25 +02:00
Michael Niedermayer	99c01fa0df	avcodec/hevcdec: Avoid null pointer dereferences in MC Fixes: runtime error: pointer index expression with base 0x000000000000 overflowed to 0xfffffffffffffff8 Fixes: 58440/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5956015530311680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a0f4d4e65093a4cb627f05d09b19c922e88cfac1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:24 +02:00
Michael Niedermayer	9280883d98	avcodec/takdsp: Fix integer overflows Fixes: avcodec/takdsp.c:44:23: runtime error: signed integer overflow: -2097158 - 2147012608 cannot be represented in type 'int' Fixes: 58417/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5268919664640000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ff8a496d41422b694f66684ada97dcf49e167782) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:24 +02:00
Michael Niedermayer	72c57f8938	avcodec: Ignoring errors is only possible before the input end Fixes: out of array read Fixes: Ticket 10308 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fead656a7bf523d448fe8bd39c1f2ea36be98fb9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:24 +02:00
Michael Niedermayer	2dcc7dbba8	avcodec/noise_bsf: Check for wrapped frames Wrapped frames contain pointers so they need specific code to noise them, the generic code would lead to segfaults Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0889ebc577749ee6abc620bc9030d2002487935f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:23 +02:00
Michael Niedermayer	724f2b3fbd	avformat/oggparsetheora: clip duration within 64bit Fixes: signed integer overflow: 9079256848778919936 - -288230376151711746 cannot be represented in type 'long' Fixes: 58248/clusterfuzz-testcase-minimized-ffmpeg_dem_OGG_fuzzer-6326851353313280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b1c3d81e71f78e4b3b2c2901ac4649cb74aec272) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:23 +02:00
Michael Niedermayer	006ac8b4b5	avformat/wavdec: Check that smv block fits in available space Fixes: OOM Fixes: 56271/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5290810045497344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a76efafdb9be966ae3ad52b32370dc644dd582bf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:23 +02:00
Michael Niedermayer	b56dc43f8f	avcodec/tiff: add a zero DNG_LINEARIZATION_TABLE check Fixes: index 4294967295 out of bounds for type 'uint16_t [65536]' Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5950405086674944 Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6666195176914944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6e98cf0280cd693ef82c4444fe15bc7aef8771b3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:22 +02:00
Michael Niedermayer	98310766fc	avcodec/tak: Check remaining bits in ff_tak_decode_frame_header() Fixes: out of array access Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6682195323650048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 19b66b89da4b4ff086dc1fc79bbf540e82bdbcb4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:22 +02:00
Michael Niedermayer	cfdd9a59ff	avcodec/utils: the IFF_ILBM implementation assumes that there are a multiple of 16 allocated Fixes: out of array access Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5124452659888128 Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6362836707442688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 34056a94eab5f8fbc7e0b8510f7c9851931f23b7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:22 +02:00
Michael Niedermayer	8d93e90c6d	avcodec/pngdec: Do not pass AVFrame into global header decode The global header should not contain a frame, and decoding it would result in leaks Fixes: memleak Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-6603443149340672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d31d4f32283f765c79d6e127d31ee2c37a0acef7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:21 +02:00
Michael Niedermayer	941c6191fc	avcodec/vorbisdec: Check codebook float values to be finite Fixes: Timeout Fixes: 55116/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-4572159970508800 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cadd7e7a7589b5c118ad1648a09c629a6b65a3be) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:21 +02:00
Michael Niedermayer	8b8c610821	avcodec/g2meet: Replace fake allocation avoidance for framebuf framebuf is only allocated when the new width/height are larger than the old but nothing sets the old so its always allocated. Use av_fast_mallocz() instead. Fixes: Timeout Fixes: 55094/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5116909932904448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38adbc6eebd7f2f34ecf1b0b18019e88bad9d9f4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:21 +02:00
Michael Niedermayer	22106d274b	avcodec/lcldec: More space for rgb24 Fixes: Ticket 10239 Fixes: zlib_306_306_rgb24.av Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e2c3aa8e2b800c5b860315277b3ea426b8b23393) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:20 +02:00
Michael Niedermayer	d4966d6324	avcodec/lcldec: Support 4:1:1 and 4:2:2 with odd width Fixes: Ticket10240 Fixes: zlib_306_306_yuv422.avi Fixes: zlib_306_306_yuv411.avi Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0cf1ac905d2d97355a389c3baa4e132824b29f21) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:20 +02:00
Michael Niedermayer	99e0f485a5	libavcodec/lcldec: width and height should not be unsigned Computations like col < width - 3 will not work with unsigned width=1 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3eb4e28c26c3bce608214f392ab1fe6ee28ec1df) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-14 21:19:20 +02:00
Rémi Denis-Courmont	93ecf08934	avcodec/x86/mathops: clip constants used with shift instructions within inline assembly Fixes assembling with binutil as >= 2.41 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit effadce6c756247ea8bae32dc13bb3e6f464f0eb)	2024-04-03 18:50:26 -03:00
Anton Khirnov	031c9601d0	lavc/pthread_frame: avoid leaving stale hwaccel state in worker threads This state is not refcounted, so make sure it always has a well-defined owner. Remove the block added in 091341f2ab5bd35ca1a2aae90503adc74f8d3523, as this commit also solves that issue in a more general way. (cherry picked from commit cc867f2c09d2b69cee8a0eccd62aff002cbbfe11) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 3bc28e9d1ab33627cea3c632dd6b0c33e22e93ba) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit d4b7b3c03ee2baf0166ce49dff17ec9beff684db)	2024-04-03 18:50:26 -03:00
Eugene Zemtsov	cda5d4698c	avformat/mov: Check if a key is longer than the atom containing it Stop reading keys and return AVERROR_INVALIDDATA if key_size is larger than the amount of space left in the atom. Bug: https://crbug.com/41496983 Signed-off-by: Eugene Zemtsov <eugene@chromium.org> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 8a23a145d85964950123952d897b89c2c2b1b8c5)	2024-04-02 09:20:11 -03:00
Timo Rothenpieler	fa9a0e7f3e	avcodec/nvdec: reset bitstream_len/nb_slices when resetting bitstream pointer	2024-03-30 00:26:32 +01:00
James Almer	4d2cc90fa4	avformat/mov: don't abort on duplicate Mastering Display Metadata boxes The VP9 spec defines a SmDm box for this information, and the ISOBMFF spec defines a mdvc one. If both are present, just ignore one of them. This is in line with clli and CoLL boxes. Fixes ticket #10711. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 189c32f53659b8f9dc402765905fc12a321ab1ac)	2024-03-27 13:57:02 -03:00
Hendrik Leppkes	f74196e146	avcodec/vdpau_mpeg4: fix order of quant matrix coefficients The matrix coefficients are stored permutated for the IDCT, rather then in plain raster order, and need to be un-permutated for the hardware.	2023-05-15 18:48:57 +02:00
Hendrik Leppkes	74d424470c	avcodec/vdpau_mpeg12: fix order of quant matrix coefficients The matrix coefficients are stored permutated for the IDCT, rather then in plain raster order, and need to be un-permutated for the hardware.	2023-05-15 18:48:57 +02:00
Hendrik Leppkes	410ccbbe8c	avcodec/nvdec_mpeg4: fix order of quant matrix coefficients The matrix coefficients are stored permutated for the IDCT, rather then in plain raster order, and need to be un-permutated for the hardware.	2023-05-15 18:48:57 +02:00
Hendrik Leppkes	865eca9321	avcodec/nvdec_mpeg2: fix order of quant matrix coefficients The matrix coefficients are stored permutated for the IDCT, rather then in plain raster order, and need to be un-permutated for the hardware.	2023-05-15 18:48:57 +02:00
Jiasheng Jiang	d811434b5d	avformat/nutdec: Add check for avformat_new_stream Check for failure of avformat_new_stream() and propagate the error code. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9cf652cef49d74afe3d454f27d49eb1a1394951e)	2023-04-16 10:51:12 -03:00
Michael Niedermayer	91b54b3bba	Update for FFmpeg 4.3.6 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> n4.3.6	2023-04-16 02:22:28 +02:00
Michael Niedermayer	538fe62224	avcodec/escape124: Check that blocks are allocated before use Fixes: NULL pointer dereference Fixes: 57819/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-5077280228769792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5366ae12b9ba60404822f6b39b41f6c0d98a7c8a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:13 +02:00
Michael Niedermayer	07990a8d62	avcodec/huffyuvdec: Fix undefined behavior with shift Fixes: left shift of negative value -1 Fixes: 57554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFVHUFF_fuzzer-4853603839115264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 27e7857bd1127974ffe1512293abee83b1035194) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:13 +02:00
Michael Niedermayer	9db48c5bc7	avcodec/j2kenc: Replace RGB24 special case by generic test This fixes RGB48 with libavcodec as decoder Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ad4d647591dbd953a5cf3a32a779ee5e42465bbb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:12 +02:00
Michael Niedermayer	40c0e965c6	avcodec/j2kenc: Fix funky bpno errors on decoding Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 816676085e3d32f27d4001d9b95590046c487eb6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:12 +02:00
Michael Niedermayer	e25d8a4228	avcodec/j2kenc: remove misleading pred value This field is only checked for being 0 or not and not zero means 5/3 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0adb375377f369b69b24d86bbfe674b7693ccf3c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:12 +02:00
Michael Niedermayer	b66b297e58	avcodec/j2kenc: fix 5/3 DWT identifer Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f6955b6df4b599ff5604e82987b96957414f8dd5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:11 +02:00
Michael Niedermayer	abddc911ff	avcodec/vp3: Check width to avoid assertion failure Fixes: Assertion failure on x86-32 av_assert2(block_w * sizeof(pixel) <= FFABS(buf_linesize)); in ff_emulated_edge_mc() Fixes: 39641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5925660741206016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dab1cd2dc0471d497f481736059b2023c5b7986a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:11 +02:00
Michael Niedermayer	8ee94724df	avcodec/g729postfilter: Limit shift in long term filter Fixes: shift exponent 34 is too large for 32-bit type 'int' Fixes: 57389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-6229522659016704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6d1d8609ac1054017ea3d11b325ed94a1205e9fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:11 +02:00
Lynne	382347055d	configure: update copyright year (cherry picked from commit 62da0b4a741a064f118a0eece496d6bcc437ec91) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:10 +02:00
Michael Niedermayer	f6961854f6	avcodec/tests/snowenc: Fix 2nd test (cherry picked from commit 163013c72452621624f634c706824c77222b77c5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:10 +02:00
Michael Niedermayer	6363556eba	avcodec/tests/snowenc: return a failure if DWT/IDWT mismatches Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 771c266c0be29e6a1001fbd6795dd343147da1f2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:10 +02:00
Michael Niedermayer	f682b22cef	avcodec/snowenc: Fix visual weight calculation Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5b5fcadea059ab458a886261a5b7a1cc134b517a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:09 +02:00
Michael Niedermayer	a7eca40cb8	avcodec/tests/snowenc: unbreak DWT tests the IDWT data type mismatched current code Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8b3351bbead47f7f306621b45c8f2391b6bd23d2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:09 +02:00
Michael Niedermayer	ebbf85def8	avcodec/escape124: Fix some return codes Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 98df605f7a8e80471a113f7beb0983c90aa84525) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:09 +02:00
Michael Niedermayer	c561d93039	avcodec/escape124: fix signdness of end of input check Fixes: Timeout Fixes: 56561/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-5560363635834880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 87ad0a5dd7d12c91badc215c3b5d6745fa7acb02) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:08 +02:00
Michael Niedermayer	1e6706193f	Use https for repository links Reviewed-by: Stefano Sabatini <stefasab@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 011f30fc8205eff8e775d04afb98e02685cd8a7a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:08 +02:00
Michael Niedermayer	4bd974e426	avcodec/motionpixels: Mask pixels to valid values Fixes: out of array access Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-6724203352555520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ac6eec1fc258efce219e4fccb84312a1b13a7a23) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:08 +02:00
Michael Niedermayer	f07f46121a	avcodec/xpmdec: Check size before allocation to avoid truncation Fixes:OOM Fixes:out of array access (no testcase) Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-6573323838685184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 95f0f84dae4f040d91f1e60dc5438612c58e8906) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:07 +02:00
Michael Niedermayer	1ddfac5fad	avcodec/bink: Avoid undefined out of array end pointers in binkb_decode_plane() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ea9deafd3b13233802c4548c4c58a707d76805a3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:07 +02:00
Michael Niedermayer	bc8b9111d3	avcodec/bink: Fix off by 1 error in ref end Fixes: out of array access Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6657932926517248 Alterantivly to this it is possibly to allocate a bigger array Note: oss-fuzz assigned this issue to a unrelated theora bug so the bug number matches that Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 49487045dde6f69194332aac51fd4e598e19c7b6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-04-15 22:38:07 +02:00

1 2 3 4 5 ...

99010 Commits