Fixes: CID1559901 Resource leak
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 20e59af07e5e9a73cb3227355fe0a78afffdfe45)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found through code review related to CID1604493 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e6c0c5731e85f00b5840d9a7d14e38cc3e07d5bc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -208
Fixes: 69073/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_KS_fuzzer-4745020002336768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93e0265e27e6dd567812a8661988109421c5447a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found while reviewing: CID1494441 Untrusted value as argument
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f13ae632591b043cb69b66de01e8b178037cdd0e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found by reviewing: CID1530166 Free of array-typed value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38c2e6a2c7c993d2076984de4ddd9776259397db)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found while reviewing: CID1530313 Untrusted loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cedbef03946625bc0f7f96e9f77ad59c512b9900)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It is not entirely clear what would prevent such overflow so even if it is
not possible, it is better to use 64bit
Fixes: CID1491898 Unintentional integer overflow
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 665be4fa2f47910bf85a6f17b6cac9dabc6591f0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591930 Wrong sizeof argument
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Steve Lhomme <robux4@ycbcr.xyz>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e9e8bea2e79bc3c481a6f81f75f6c871e3e0f367)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591944 Wrong sizeof argument
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Steve Lhomme <robux4@ycbcr.xyz>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 628ba061c8d5ae018c3e8aa8ce05b8dfcdfd8410)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1598558 Resource leak
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Steve Lhomme <robux4@ycbcr.xyz>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf22f944d55c8eb0119fb20354a625f8c41eb11f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591909 Wrong sizeof argument
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Steve Lhomme <robux4@ycbcr.xyz>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 698ed0d5a5a3a1219179facb5538eea463fae13f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Not a bugfix, but might fix CID1604361 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Nuo Mi <nuomi2021@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eb552ecd543ad656c40849c6b2bcaf5fd667c9b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1604548 Unused value
Sponsored-by: Sovereign Tech Fund
Reviewed-by: "Xiang, Haihao" <haihao.xiang-at-intel.com@ffmpeg.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e4bfff21192aed328c906c85424737128b108f1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1551685 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06191386396344ee1906c6016b7d94ee8754fd61)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591881 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f022afea77ced5067f511530dd8ff137967db1d9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This may help CID1452449 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 426d8c84c37064eef93bbcfaffd886d00a9a4ee8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found while reviewing CID1452449 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a0a7d964bfd5da8859c715627eeb7a048bddb79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1473554 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8200d382503f5fd839a72af7ba93d53880ad4b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It seems reply1 is initialized by ff_rtsp_send_cmd() in most cases but there
are code paths like "continue" which look like they could skip it but even if not
writing this so a complex loop after several layers of calls initialized a local
variable through a pointer is just bad design.
This patch simply initialized the variable.
Fixes: CID1473532 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 498ce4e8b82e2312690613df45f87e592dcb91a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found while reviewing CID1473532 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9bb38ba2b782cdb6052ddcb415ef1554b0462401)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1452585 Untrusted loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7a9ddb705152d5090d2cb815f905bf592cc487f5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1197065 Resource leak
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 382e9e79f3a0011d93af4b11ca6ba6b85113a09a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is unlikely to make a difference
Fixes: CID1591896 Unintentional integer overflow
Fixes: CID1591901 Unintentional integer overflow
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66b60bae68a3124fb176b0c2d4580f0f76c31dc4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1503088 Resource leak
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 62d4414d54f57612ac444643a92de7d10455b6c6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Maybe helps: CID1516805 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5c815f937a80d7689bc0f2deb3ac968f2630176)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1500281 Out-of-bounds write
Fixes: CID1500331 Out-of-bounds write
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5fe8bf4aa51350b14d0babd47b0314232e703caf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The spec allows at least thirty-two zero bits followed by a one to mean
2^32-1, with no constraint on the number of zeroes. The libaom
reference decoder does not match this, instead reading thirty-two zeroes
but not the following one to mean 2^32-1. These two interpretations are
incompatible and other implementations may follow one or the other.
Therefore reject thirty-two zeroes because the intended behaviour is not
clear.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7110a36ba07f85ca2996d3b99898a4819e72d9bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1422217 Result is not floating-point
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d0d502ff10378e545a1fe42a9503ab44d19fa67)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Maybe Helps: CID1503077 Bad bit shift operation
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cef720ab429244ac9e56f48d983d6086e0a227a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1503078 Resource leak
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7a0ea15c7afb8abd823303b9a525cc5e6572f199)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 380a8213b165d1fda419c566241d2641cb6f5c3c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1551694 Use after free (false positive based on assuming that out == in and one is freed and one used)
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c296d4fdec198a32ea3995e312cede7be83352c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1496940 Logically dead code
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 34f821e44821804e1954ca6eb38269183978a62c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1539147 Unused value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aab0c344c5d1d5b1020f87c62da3e523161a660f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1473553 Untrusted loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0d0373de3bc6aa6fa5c71247191afccfaf20723d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1473590 Untrusted loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca237a841e9e78ac02694124d81ff78c74b0bf72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1524681 Logically dead code
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a469e48b6dd8c9dfd0cd7dba7b28d1987168ed8b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591939 Logically dead code
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c285bb2789667bcf014ede8b0ab06ebbbee833f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591911 Logically dead code
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 86cd7c68bc65df6703391f0cdcdbf7c57d6c4780)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1435168
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 63ecce9ba87867b21a7cdcd677bb268c0d807db1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1560040 Logically dead code
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 97ae47f9e928f6163dfbfbe30415c253ae8780bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1560041 'Constant' variable guards dead code
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d22a33710acb004f90c7454daf8145c3943ecbeb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Help coverity with CID1500302 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4824156fa06bd60b27f9f0673fbd6a3cfc780e56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The checked entity should be alone on one side of the check, this avoids
complex considerations of overflows.
This fixes a issue of bad style in our code and a coverity issue.
Fixes: CID1439654 Untrusted pointer read
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 385784a148d2886884aac69acc31bf179fac3ac2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1550133 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4bca1474157f19cbf80a64f055ecd655060f9f1b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1591439 Uninitialized pointer read
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 935d9a57120b5b322555af611d3871ce3084bbf1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1520677 Uninitialized pointer read
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 462bd44b032c660abb8d450d342adea3aba89e06)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-while-revieweing: CID1520670 Dereference after null check
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 97b2ab15de964d9455aa902ab616881f76d2cb67)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 67492/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5778297231310848
Fixes: signed integer overflow: 2314885530818453536 + 7782220156096217088 cannot be represented in type 'long'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2882d30e3acfc3155e2be11db653c7c721f94f34)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
