Fixes: signed integer overflow: 65535 * 65312 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6606935226974208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 42032 * 51092 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-6679539648430080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 32 * -1795162112 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SOX_fuzzer-6724151473340416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-6705429132476416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 92237203 * 33 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SCC_fuzzer-6603769487949824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of memory
Fixes: 29985/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-6424425392111616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It is only valid for the target, not the host and therefore it must not
be included when building the tables when hardcoded tables are enabled.
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Tags can be marked "not used" upfront, saving some space in the primer.
av_asserts0() is used to enforce that only tags that are in the primer can actually be written.
Sharing of MasteringDisplay ULs is now done via macros.
Fixes: signed integer overflow: 7279992792120000000 + 4611686018427387904 cannot be represented in type 'long long'
Fixes: 29744/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6434060249464832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Besides avoiding allocations this also fixes a design defect of
ff_rtp_send_punch_packets: It did not return an error in case of
these allocations failed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Fixes: Timeout
Fixes: 29226/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-6195092572471296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 29195/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5037853281222656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Set the sample rate when parsing the header instead and only copy the
value in the decoder and the parser.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
convert_input, a nontrivial auxiliary function used by both the general
parsing code as well as the decoder itself, has been duplicated in
c7016e35a624a75bb5b82bee932ddfe28d013b3f; this commit removes said
duplication.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
These two functions are always called after another; after all, what
ff_dolby_e_parse_init does is obviously part of parsing the frame header.
Also move the DolbyEHeaderInfo into DBEContext so that parsing the frame
header only needs one struct (both users used a DBEContext immediately
followed by a separate DolbyEHeaderInfo).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Parsers are not forced to use a ParseContext and the other stuff from
parser.h which is just designed to help parsers recombining frames. But
this parser does not do this at all, i.e. the ParseContext is unused.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Fixes: index 26981 out of bounds for type 'ASFStreamData [128]'
Fixes: 27334/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6197611002068992
Alternatively the array could be increased in size or the cases not fitting be ignored
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 9223372036854710272 - -541165944832 cannot be represented in type 'long'
Fixes: 27000/clusterfuzz-testcase-minimized-ffmpeg_dem_IVF_fuzzer-5643670608674816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -2147483648 - 4 cannot be represented in type 'int'
Fixes: 26907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5746202330267648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1111111111111111111 * 10 cannot be represented in type 'long'
Fixes: 26892/clusterfuzz-testcase-minimized-ffmpeg_dem_TEDCAPTIONS_fuzzer-5756045055754240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Said table was unused in case libvorbis was disabled.
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
ff_init_ff_cos_tabs is only used for the floating point FFT and only
if hardcoded tables are disabled.
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
ff_fill_line_with_color and ff_draw_rectangle are unused since
19c8f2271423281c9b876b984076a6467c455904; ff_copy_rectangle
is unused since 53b7a3fe08.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Both motion vector tables have the same number of elements, hence one
can inline said number and remove the field containing the number of
elements from the structure.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Fixes: signed integer overflow: -3468545475927866368 * 4 cannot be represented in type 'long'
Fixes: 28879/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-6303367307591680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The entry read is not used in subsequent computation, thus its
value is not important.
Fixes: out of array read
Fixes: 28578/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SIREN_fuzzer-6332019122503680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>