Andreas Rheinhardt
4cdd6cac1f
avformat/mpegts: Don't leave context in inconsistent state upon error
...
Up until now, opening a section filter works as follows: A filter is
opened and (on success) attached to the MpegTSContext. Then a buffer for
said filter is allocated and upon success attached to the section
filter; on error, the filter is simply freed without removing it from
the MpegTSContext, leaving the latter in an inconsistent state. This
leads to use-after-frees lateron.
This commit fixes this by allocating the buffer first; the filter is
only opened if the buffer could be successfully allocated.
Reviewed-by: Marton Balint <cus@passwd.hu >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 1ead176d87
2021-02-22 22:00:29 +01:00
Andreas Rheinhardt
ea42edb933
avformat/sierravmd: Don't return packets for non-existing stream
...
It leads to an assert in ff_read_packet().
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit ea8f8d28d0
2021-02-22 22:00:15 +01:00
Andreas Rheinhardt
f66647daa6
avformat/vividas: Check allocation for success
...
Reviewed-by: Zane van Iperen <zane@zanevaniperen.com >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit c4a4fe938d
2021-02-22 21:59:42 +01:00
Andreas Rheinhardt
ffa5b1f116
avformat/vividas: Check return value before storing it in smaller type
...
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit a3dced69c8
2021-02-22 21:59:32 +01:00
Andreas Rheinhardt
22cb13d4c5
avformat/webmdashenc: Avoid allocations, fix memleak
...
When using the WebM DASH Manifest muxer, every stream of each adaptation
set has to contain a metadata entry containing the filename of the
source file. In case of live stream manifests, said filename has to
conform to a pattern of
<file_description>_<representation_id>.<extension>. These pieces are
used to create the other strings that are actually output. Up until now,
these other strings would be allocated, used once and then freed
directly after usage. This commit changes this: The function that
allocated and assembled these strings now returns pointers to the '_'
and '.' delimiters and so that the caller can easily pick substrings
from it without needing to copy the string.
Avoiding allocations also fixes a memleak: One of the allocated strings
would leak upon a subsequent allocation failure.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit f163b2eb27
2021-02-22 21:57:27 +01:00
Andreas Rheinhardt
9d5c7e0675
avformat/webmdashenc: Fix segfault when no filename is given when live
...
by checking a bit earlier.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit c1fab8637e
2021-02-22 21:57:08 +01:00
Andreas Rheinhardt
e114a337be
avformat/matroskadec: Avoid undefined pointer arithmetic
...
The Matroska demuxer currently always opens a GetByteContext to read the
content of the projection's private data buffer; it does this even if
there is no private data buffer in which case opening the GetByteContext
will lead to a NULL + 0 which is undefined behaviour.
Furthermore, in this case the code relied both on the implicit checks
of the bytestream2 API as well as on the fact that it returns zero
if there is not enough data available.
Both of these issues have been addressed by not using the bytestream API
any more; instead the data is simply read directly by using AV_RB. This
is possible because the offsets are constants.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 880519c1de
2021-02-22 21:56:57 +01:00
Andreas Rheinhardt
f25caec87f
avformat/mxfdec: Fix memleak upon repeating tags
...
When parsing MXF encountering some tags leads to allocations. And when
these tags were encountered repeatedly, this could lead to memleaks,
because the pointer to the old data got simply overwritten with a
pointer to the new data (or to NULL on allocation failure). This has
been fixed.
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 28ce651c6d
2021-02-22 21:55:42 +01:00
Andreas Rheinhardt
6918d1281c
avformat/mxfdec: Fix memleak when parsing tag fails
...
The MXF demuxer uses an array of pointers to different structures of
metadata (all containing a common initial sequence containing a type
field to distinguish them) and some of these structures contain pointers
to separately allocated subelements. If an error happens while reading
and creating the tags, the semi-finished new tag is freed using the
function to free these tags. But this function doesn't free the already
allocated subelements, because the type has not been set yet. This commit
changes this.
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 78f21cab18
2021-02-22 21:54:57 +01:00
Andreas Rheinhardt
8e7eedf294
avformat/mxfdec: Fix memleak when adding element to array fails
...
Said array contains pointers to other structs and both the designated
new element as well as other stuff contained in it (e.g. strings) leak
if the new element can't be added to the array.
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 49e78548c3
2021-02-22 21:54:11 +01:00
Michael Niedermayer
f719f86990
Changelog: update
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2021-02-20 14:22:23 +01:00
Michael Niedermayer
a3d147899c
avcodec/hapdec: Change compressed_offset to unsigned 32bit
...
Fixes: out of array access
Fixes: 29345/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5401813482340352
Fixes: 30745/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5762798221131776
Suggested-by: Anton
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 89fe1935b1michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
aff56aa499
avformat/rmdec: Check codec_length without overflow
...
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 30333/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5175286983426048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d558c9f237michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
959d2eb7c2
avformat/mov: Check element count in mov_metadata_hmmt()
...
Fixes: Timeout
Fixes: 30325/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6048395703746560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1d277b92famichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
c4ae8618f4
avcodec/vp8: Move end check into MB loop in vp78_decode_mv_mb_modes()
...
Fixes: Timeout (long -> 5sec)
Fixes: 30269/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP7_fuzzer-5430325004075008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6a797ceafemichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
2d155dcb7e
avcodec/fits: Check gcount and pcount being non negative
...
Fixes: signed integer overflow: 9223372036854775807 - -30069403896 cannot be represented in type 'long'
Fixes: 30046/clusterfuzz-testcase-minimized-ffmpeg_dem_FITS_fuzzer-5807144773484544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c000a91288michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
a4bb9b5aad
avformat/nutdec: Check timebase count against main header length
...
Fixes: Timeout (long -> 3ms)
Fixes: 28514/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6078669009321984
Fixes: 30095/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-5074433016463360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c425198558michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
19312b8372
avformat/electronicarts: Clear partial_packet on error
...
Fixes: Infinite loop
Fixes: 30165/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6224642371092480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 59bb9dc2a6michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
32454c40fa
avformat/r3d: Check samples before computing duration
...
Fixes: signed integer overflow: -4611686024827895807 + -4611686016279904256 cannot be represented in type 'long'
Fixes: 30161/clusterfuzz-testcase-minimized-ffmpeg_dem_R3D_fuzzer-5694406713802752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7a2aa5dc2amichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
12b329a51d
avcodec/pnm_parser: Check av_image_get_buffer_size() for failure
...
Fixes: out of array access
Fixes: 30135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-4997145650397184
Fixes: 30208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5605891665690624.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5314a4996cmichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
8a88150ffc
avformat/wavdec: Consider AV_INPUT_BUFFER_PADDING_SIZE in set_spdif()
...
The buffer is read by using the bit reader
Fixes: out of array read
Fixes: 27539/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5650565572591616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0a7c648e2dmichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
b81c4dd4f9
avformat/rmdec: Check remaining space in debug av_log() loop
...
Fixes: Timeout (long -> 2 ms)
Fixes: 26709/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5665833403285504
Fixes: 27522/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-6321071221112832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a8fe78decdmichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
73bc98119c
avformat/flvdec: Treat high ts byte as unsigned
...
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 27516/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5152854660349952
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f514113cfamichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
4e08ecb7a4
avformat/samidec: Sanity check pts
...
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 29743/clusterfuzz-testcase-minimized-ffmpeg_dem_SAMI_fuzzer-5499256859394048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2014b01352michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
186df3419c
avcodec/jpeg2000dec: Check atom_size in jp2_find_codestream()
...
Fixes: Infinite loop
Fixes: 29722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6412228041506816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2a2082a41bmichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
fc22600d5c
avformat/avidec: Use 64bit in get_duration()
...
Fixes: signed integer overflow: 2147483424 + 8224 cannot be represented in type 'int'
Fixes: 29619/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5191424373030912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a0ceb0cdd4michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
6112b1b6e4
avformat/mov: Check for duplicate st3d
...
Fixes: memleak
Fixes: 29585/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6594188688490496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 658f0606cbmichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
ff6a6b9417
avformat/mvdec: Check for EOF in read_index()
...
Fixes: Timeout
Fixes: 29550/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5094307193290752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6c64351bb1michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
4a4f4cc814
avcodec/jpeglsdec: Fix k=16 in ls_get_code_regular()
...
Fixes: Timeout
Fixes: left shift of 33046 by 16 places cannot be represented in type 'int'
Fixes: 29258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-4889231489105920
Fixes: 29515/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-6161940391002112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 980900d991michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
499970980f
avformat/id3v2: Check the return from avio_get_str()
...
Fixes: out of array access
Fixes: 29446/clusterfuzz-testcase-minimized-ffmpeg_dem_AAC_fuzzer-5096222622875648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 25f240fcb3michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
fc0453d3e4
avcodec/hevc_sei: Check payload size in decode_nal_sei_message()
...
Fixes: out of array access
Fixes: 29392/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4821602850177024.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0791a515d3michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
aaa74324ca
libavutil/eval: Remove CONFIG_TRAPV special handling
...
Fixes: division by zero
Fixes: 29555/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVO_fuzzer-5149951447400448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8574fcbfc7michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
f678e8196c
avformat/wtvdec: Check len in parse_chunks() to avoid overflow
...
Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int'
Fixes: 30084/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6192261941559296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5552ceaf56michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
a5f1321f81
avformat/asfdec_f: Add an additional check for the extradata size
...
Fixes: OOM
Fixes: 30066/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6182309126602752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2c8cd4490amichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
81735671c2
avformat/3dostr: Check sample_rate
...
Fixes: signed integer overflow: -1268324762623155200 * 8 cannot be represented in type 'long'
Fixes: 30123/clusterfuzz-testcase-minimized-ffmpeg_dem_THREEDOSTR_fuzzer-6710765123928064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7e5034f97emichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
8373b3baa0
avformat/4xm: Make audio_frame_count 64bit
...
Fixes: signed integer overflow: 2099257366 * 2 cannot be represented in type 'int'
Fixes: 27486/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-5112179134824448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 842c268c64michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
b368f9cc8d
avformat/mov: Use av_mul_q() to avoid integer overflows
...
Fixes: signed integer overflow: 538976288 * 538976288 cannot be represented in type 'int'
Fixes: 27473/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5758978289827840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f70e1ec0cmichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
ad7c1ed262
avcodec/vp9dsp_template: Fix integer overflows in itxfm_wrapper
...
Fixes: signed integer overflow: 2147483641 + 32 cannot be represented in type 'int'
Fixes: 27452/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5078752576667648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4dfb7ff528michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
9797f8dba3
avformat/rmdec: Reorder operations to avoid overflow
...
Fixes: signed integer overflow: -2147483648 - 14 cannot be represented in type 'int'
Fixes: 27659/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5697250168406016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b12e713b80michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
506406b803
avcodec/mxpegdec: fix SOF counting
...
Fixes: Timeout (>10sec -> 15ms)
Fixes: 27652/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5125920868007936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 401495def6michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
77f3b32708
avcodec/rscc: Check inflated_buf size whan it is used
...
Fixes: out of array access
Fixes: 27434/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RSCC_fuzzer-5196757675540480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
(cherry picked from commit a5ed6da9bdmichael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Michael Niedermayer
1563042dc3
avformat/mvdec: Sanity check SAMPLE_WIDTH
...
Fixes: signed integer overflow: 999999999 * 8 cannot be represented in type 'int'
Fixes: 30048/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5864289917337600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ab82c10578michael@niedermayer.cc >
2021-02-20 14:21:24 +01:00
Timo Rothenpieler
93061bc90c
avcodec/nvenc: fix timestamp offset ticks logic
2021-02-19 22:17:34 +01:00
Michael Niedermayer
d08bcbffff
Update for 4.3.2
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2021-02-02 14:55:32 +01:00
Michael Niedermayer
b6b21c9bb0
avformat/rmdec: Fix codecdata_length overflow check
...
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 28509/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-6310969680723968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3c41d0bfd6michael@niedermayer.cc >
2021-02-02 14:18:22 +01:00
Michael Niedermayer
9bdf7c4823
avcodec/simple_idct: Fix undefined integer overflow in idct4row()
...
Fixes: signed integer overflow: -1498310196 - 902891776 cannot be represented in type 'int'
Fixes: 28445/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5075163389493248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 57f7e5caa3michael@niedermayer.cc >
2021-02-02 14:18:22 +01:00
Michael Niedermayer
9c6a0fa8f1
avformat/wavdec: Check block_align vs. channels before combining them
...
Fixes: signed integer overflow: 65535 * 65312 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6606935226974208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0af0a80cefmichael@niedermayer.cc >
2021-02-02 14:18:22 +01:00
Michael Niedermayer
a296ecaa71
avformat/tta: Use 64bit intermediate for index
...
Fixes: signed integer overflow: 42032 * 51092 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-6679539648430080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fd61b42b4cmichael@niedermayer.cc >
2021-02-02 14:18:22 +01:00
Michael Niedermayer
d4e071be5c
avformat/soxdec: Check channels to be positive
...
Fixes: signed integer overflow: 32 * -1795162112 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SOX_fuzzer-6724151473340416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b0588b73damichael@niedermayer.cc >
2021-02-02 14:18:22 +01:00
Michael Niedermayer
bbb5494801
avformat/smacker: Check for too small pts_inc
...
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-6705429132476416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f54aab94a3michael@niedermayer.cc >
2021-02-02 14:18:22 +01:00
