FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-19 05:49:09 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	8470f8fd81	avcodec/mxpegdec: Check for multiple SOF Fixes: Timeout (14sec -> 9ms) Fixes: 18598/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5726095261564928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75b64e5aa36e7796a0460415a1f3fd7372029525) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	c005d08103	avcodec/nuv: Move comptype check up Fixes: Timeout (23sec -> 5ms) Fixes: 18517/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5753135536013312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1138cdecbe0164ab1f07768418e794fddfdc636d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	22b24fe8ae	avcodec/wmavoice: Fix integer overflow in synth_frame() Fixes: left shift of negative value -3 Fixes: 18518/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-6560514359951360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cf323f4d38f5756ecdb8fb4f72c80a8069da832e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	98510f3c84	avutil/lfg: Correct index increment type to avoid undefined behavior Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 18333/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COMFORTNOISE_fuzzer-5668481831272448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6014bcf1b74e903f535461ade4aa5fb44dbf5d8b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	1e57ce1dd5	avcodec/cngdec: Remove AV_CODEC_CAP_DELAY As is the decoder will never stop, it will cause an infinite loop. The RFC seems only to speak of non empty packets so endlessly generating noise from the last empty flush packets seems wrong. Fixes: infinite loop Fixes: 18333/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COMFORTNOISE_fuzzer-5668481831272448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 327a968817a366c24d1513526258a3dbbcf888a7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	aa8498c417	avcodec/iff: Move index use after check in decodeplane8() Fixes: index 9 out of bounds for type 'const uint64_t [8][256]' Fixes: 18409/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5767030560522240 Fixes: 18720/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5651995784642560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1f8b36cc45406f66aac635a4db32d2a5cc29f43) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	67103c565c	avcodec/atrac3: Check for huge block aligns The largest documented frame size = block align is 1024 bytes (https://wiki.multimedia.cx/index.php/ATRAC3) Without a limit this can allocate arbitrary memory and trigger OOM Fixes: OOM Fixes: 18337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3_fuzzer-5763861478637568 Fixes: 18556/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3AL_fuzzer-5646183334936576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f09151fff9c754fbc1d2560adf18b14957f8b181) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	6248ed92fd	avcodec/ralf: use multiply instead of shift to avoid undefined behavior in decode_block() Fixes: left shift of negative value -249 Fixes: 18566/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5649394561187840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1b7d02642b2096622cee6165fea1301bb9ad54ff) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	b48dcc5613	avcodec/wmadec: Require previous exponents for reuse Fixes: division by zero Fixes: 18474/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5764986962182144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c54b9fc42fee613e2c4c0dae2052ff94cd15e254) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	40872346be	avcodec/vc1_block: Fix undefined behavior in ac prediction rescaling The intermediates are required to fit in 12bit (8.1.3.9 Coefficient Scaling) See SMPTE 421M-2006 and Amendment 1-2007 Fixes: signed integer overflow: -20691 * 262144 cannot be represented in type 'int' Fixes: 18479/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5128912371187712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7fc1baf0ca83ef06014878290339a59735603959) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	0e40a839bb	avcodec/apedec: Fixes integer overflow of res+*data in do_apply_filter() Fixes: signed integer overflow: 7400 + 2147482786 cannot be represented in type 'int' Fixes: 18405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5708834760294400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dc3f327e7403a34c88a900f0b8de55b4afd7cf6c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	e710fd6a83	avcodec/sonic: Fix integer overflow in predictor_calc_error() Fixes: signed integer overflow: 5 * -1094995529 cannot be represented in type 'int' Fixes: 18346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5709623893426176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c8c17b8cef77dc052e8845e5fd86daf2983fd7dd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Carl Eugen Hoyos	fbc6717495	lavc/tableprint_vlc: Remove avpriv_request_sample() from included files. Fixes compilation with --enable-hardcoded-tables. Fixes ticket #7962. (cherry picked from commit c8232e50074f6f9f9b0674d0a5433f49d73a4e50) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	c8f306fc0b	avcodec/adpcm: Fix undefined behavior with negative predictions in IMA OKI Fixes: left shift of negative value -30 Fixes: 18392/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_OKI_fuzzer-5631771831435264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7786f6c30e77a393b72ded01baa4250738925509) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	e53182c467	avcodec/cook: Move up and extend block_align check Fixes: signed integer overflow: 2046820356 * 8 cannot be represented in type 'int' Fixes: 18391/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5631674666188800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1c63edcdd208bf18a3be66e94deb6ac115f6364e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:58 +01:00
Michael Niedermayer	20facd705e	avcodec/twinvq: Check block_align Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int' Fixes: 18348/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_METASOUND_fuzzer-6681325716635648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 97f778e9c55328e8b48f4b8b4171245e5f2232f6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	6ef666f4a6	avcodec/cook: Enlarge gain table Fixes: index 25 out of bounds for type 'float [23]' Fixes: 18355/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5641398941908992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 50001cd440ac89ed125f0154dedbcfa2718d2d68) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	6f4c963d61	avcodec/atrac3plus: Check split point in fill mode 3 Fixes: index 32 out of bounds for type 'int [32]' Fixes: 18350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3P_fuzzer-5643794862571520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit de5102fd92de8d353fdf060375ed3ce859c83977) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	f1b32668dc	avcodec/wmavoice: Check sample_rate Fixes: left shift of 538976288 by 8 places cannot be represented in type 'int' Fixes: 18376/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5741645391200256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 55c97a763783540ee48a326a3e82fbdea42f8280) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	f5fdab6b0e	avcodec/apedec: Fix integer overflow in filter_3800() Fixes: signed integer overflow: 2117181180 + 60483298 cannot be represented in type 'int' Fixes: 18344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5685327791915008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1c038c5c63375883a8a94332cffd701c4cb1301a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	31ae31c21e	avcodec/ffv1dec: Use a different error message for the slice level CRC This way they can be told apart easily Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit df498cf544fd4690e5a246925e4de1125b57795b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	7a5c2173fe	avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830() Fixes: signed integer overflow: -1094995529 * 2 cannot be represented in type 'int' Fixes: 18281/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5692589180715008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1d1719a44dd43b2d9d8ccd26e3b2854e675a7bd7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	ef9340a9dc	avcodec/snowenc: Fix 2 undefined shifts Fixes: Ticket7990 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8802e329c8317ca5ceb929df48a23eb0f9e852b2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	5729bbfdc7	avformat/nutenc: Do not pass NULL to memcmp() in get_needed_flags() This compared to the other suggestions is cleaner and easier to understand keeping the condition in the if() simple. This affects alot of fate tests. See: [FFmpeg-devel] [PATCH 05/11] avformat/nutenc: Don't pass NULL to memcmp See: [FFmpeg-devel] [PATCH]lavf/nutenc: Do not call memcmp() with NULL argument Fixes: Ticket 7980 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e4fdeb3fcefeb98f2225f7ccded156fb175959c5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	d7ebf3a074	avcodec/truemotion2: Fix several integer overflows in tm2_low_res_block() Fixes: signed integer overflow: 1077952576 + 1355863565 cannot be represented in type 'int' Fixes: 16196/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5679842317565952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2b655f55eaf09eb99b5e694dba2c0cf73fa2c646) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	5ebb902caf	avcodec/adpcm: Fix invalid shifts in ADPCM DTK Fixes: left shift of negative value -1 Fixes: 18397/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_DTK_fuzzer-5675653487132672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 34e701ff93b664703e1bc1b1a6073fa058b02f34) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	1f183e8cc8	avcodec/apedec: Only clear the needed buffer space, instead of all Fixes: Timeout (15sec -> 0.4sec) Fixes: 18396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5730080487112704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f17ea0200178a4dae446a6bec2f68312f41714a0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	62eced0903	avcodec/libvorbisdec: Fix insufficient input checks leading to out of array reads Fixes: 16144/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_fuzzer-5638618940440576 Fixes: out of array read Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 069be4aa5ddce4479b18896d80a852b144e680df) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	f1a20096f7	avcodec/vp5: Check render_x/y Fixes: Timeout (15sec -> 91ms) Fixes: 18353/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP5_fuzzer-5704150326706176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 698e042c77ecb5b0d616de254adc783e8b61b9c4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	08a0c3cd17	avcodec/ralf: Skip initializing unused filter variables Fixes: left shift of negative value -1 Fixes: 17890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5643307467669504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f4ecf6c39de9a7cc1dae70cf87c225771001e883) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	cf5945613f	avformat/pjsdec: Check duration for overflow Fixes: signed integer overflow: -3 - 9223372036854775807 cannot be represented in type 'long' Fixes: 17828/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5645915116797952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1efaac69328bdc17680924c71be7ec990f0e8f2c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	d85af33e05	avcodec/ptx: Check that the input contains at least one line Fixes: Timeout (19sec -> 44ms) Fixes: 17816/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PTX_fuzzer-5704459950227456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a6ad328256fe6a6ace7d1e15f3515afccf1247fc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	50947f65e0	avcodec/alac: Fix integer overflow in LPC Fixes: signed integer overflow: 2147483628 + 128 cannot be represented in type 'int' Fixes: 17783/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5146470595952640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 44b73a0568f8ad5993ec79b29873151f316bf95c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	684fbde543	avcodec/smacker: Fix integer overflows in pred[] in smka_decode_frame() Fixes: signed integer overflow: -2147481503 + -32732 cannot be represented in type 'int' Fixes: 17782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5769672225456128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a76897e19ca96127e07f5acc5a773b904dcf6124) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	cdb193839a	avcodec/aliaspixdec: Check input size against minimal picture size Fixes: Timeout (15sec -> 72ms) Fixes: 17774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALIAS_PIX_fuzzer-5193929107963904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c693104779830028bd5f76bf32a93e059c04d2c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	77847fd19e	avcodec/ffwavesynth: Fix integer overflows in pink noise addition Fixes: signed integer overflow: -1795675744 + -1926578528 cannot be represented in type 'int' Fixes: 17741/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5131336402075648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7916b6863caec55d7e64758a1bfe436834f2faf6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	d9123585d1	avcodec/vc1_block: Fixes integer overflow in vc1_decode_i_block_adv() Fixes: signed integer overflow: 62220 * 262144 cannot be represented in type 'int' Fixes: 17145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5667394743173120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6fdeb208172dc95b29b965a0cc365ca0925e151e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	a3692f4041	avcodec/wmalosslessdec: Check block_align Fixes: NULL pointer dereference Fixes: 18331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5652847445671936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c1c799271eefb8afe22804a710baa5cbaad57d91) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	366cfe1615	avcodec/g729postfilter: Fix left shift of negative value Fixes: Ticket8176 Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	8b462c958a	avcodec/binkaudio: Check sample rate Fixes: signed integer overflow: 1092624416 * 2 cannot be represented in type 'int' Fixes: 18045/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_RDFT_fuzzer-5718519492116480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2fca09bce49c7de590560d9517fd2414b6c0c14f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	68a8bdf5f1	avcodec/adpcm: Check initial predictor for ADPCM_IMA_EA_EACS Fixes: signed integer overflow: -2147483360 - 631 cannot be represented in type 'int' Fixes: 17701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_EA_EACS_fuzzer-5711517319692288 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2f66e8436d89963362acf533a60ed4fedb42546e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	dad5ed01a8	avcodec/apedec: Fix integer overflow in predictor_update_3930() Fixes: signed integer overflow: -69555262 * 31 cannot be represented in type 'int' Fixes: 17698/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728970447781888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5c072c9ed7c6f173b8a0a886fb7fe1e8e4c1fadd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	7187b14d9b	avcodec/g729postfilter: Fix undefined intermediate pointers Fixes: index -49 out of bounds for type 'int16_t [192]' Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0c61661a2cbe1b8b284c80ada1c2fdddf4992cad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	79532fa945	avcodec/g729postfilter: Fix undefined shifts Fixes: left shift of negative value -12 Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6a4fdbf112385824fc9b7d7739685359213b579a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	23d226fe42	avcodec/lsp: Fix undefined shifts in lsp2poly() Fixes: left shift of negative value -30635 Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2b93f52cd635f372b7b22396939e840c63e8edf3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	68b62e36eb	avcodec/adpcm: Fix left shifts in AV_CODEC_ID_ADPCM_EA Fixes: left shift of negative value -1 Fixes: 17683/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_EA_R2_fuzzer-5111690013704192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8695fbec573b0d434cf2e703a0d45742a09a5d94) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	560770d32b	avfilter/vf_geq: Use av_clipd() instead of av_clipf() With floats we cannot represent all 32bit integer dimensions Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c8813b1a984714f0027cabeea2394035df20cf38) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	bd5a214c3c	avcodec/ituh263dec: Check input for minimal frame size Fixes: Timeout (28sec -> 3sec) Fixes: 17559/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H263_fuzzer-5681050776240128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7f0498ed461987b62bb97ff6463b4df108d60d78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	9c6e76eee7	avcodec/truemotion1: Check that the input has enough space for a minimal index_stream Fixes: Timeout (18sec -> 0.4sec) Fixes: 17585/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION1_fuzzer-5117015135617024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4a660fac9899191d4121cde02f2a98977b1303b6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00
Michael Niedermayer	5591681af1	avformat/mpsubdec: Clear queue on error Fixes: Memleaks Fixes: 17219/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5720539124989952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9a0d36e562d53716cf000895c2f892fb1f48165d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-12-06 20:30:57 +01:00

... 2 3 4 5 6 ...

76406 Commits