Fixes: signed integer overflow: -1795675744 + -1926578528 cannot be represented in type 'int'
Fixes: 17741/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5131336402075648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7916b6863caec55d7e64758a1bfe436834f2faf6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 62220 * 262144 cannot be represented in type 'int'
Fixes: 17145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5667394743173120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6fdeb208172dc95b29b965a0cc365ca0925e151e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: NULL pointer dereference
Fixes: 18331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5652847445671936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1c799271eefb8afe22804a710baa5cbaad57d91)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Ticket8176
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1092624416 * 2 cannot be represented in type 'int'
Fixes: 18045/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_RDFT_fuzzer-5718519492116480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2fca09bce49c7de590560d9517fd2414b6c0c14f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -2147483360 - 631 cannot be represented in type 'int'
Fixes: 17701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_EA_EACS_fuzzer-5711517319692288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f66e8436d89963362acf533a60ed4fedb42546e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: shift exponent 1008 is too large for 32-bit type 'int'
Fixes: 17700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5707633436131328
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07732f12a43ac3048e44c086c9a8c811452ba31c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -69555262 * 31 cannot be represented in type 'int'
Fixes: 17698/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728970447781888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5c072c9ed7c6f173b8a0a886fb7fe1e8e4c1fadd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: index -49 out of bounds for type 'int16_t [192]'
Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c61661a2cbe1b8b284c80ada1c2fdddf4992cad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -12
Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6a4fdbf112385824fc9b7d7739685359213b579a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -30635
Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2b93f52cd635f372b7b22396939e840c63e8edf3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -1
Fixes: 17683/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_EA_R2_fuzzer-5111690013704192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8695fbec573b0d434cf2e703a0d45742a09a5d94)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
With floats we cannot represent all 32bit integer dimensions
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8813b1a984714f0027cabeea2394035df20cf38)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Timeout (125sec -> 0.4sec)
Fixes: 18059/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDMC_fuzzer-5656195825664000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c7975fe6f5c734fce9c59e8418c7f2de15a558d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: shift exponent -2 is negative
Fixes: 17736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_F16LE_fuzzer-5742815929171968
Fixes: 17998/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_F24LE_fuzzer-5716980383875072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5de19160a3c0dedb3cefd00e863a8d8f74ca2ad0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 711ad71aea7847883662bf95e01640d9745b313b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: null pointer dereference
Fixes: signed integer overflow: 512 * 2147483647 cannot be represented in type 'int'
Fixes: 17809/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5634409947987968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b533de28eb19c660c75823ff2af2f8549c4095a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This basically checks if a pixel that was coded with prediction
and residual could have been stored using a previous case.
This avoids basically a string of 0 symbols stored in less than
50 bytes to hit a O(n²) codepath.
Fixes: Timeout (too slow to wait -> immediately)
Fixes: 8668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-4895946310680576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c84c162e9f9f000ef47d4fcd07354805f38d455)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Assertion failure
Fixes: 17770/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5700606668308480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4de49edc4652e2f17c8747a6dd9b36ff362017a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2 * -1306460384 cannot be represented in type 'int'
Fixes: 17685/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_fuzzer-5747390337777664
Fixes: 17688/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5739287210885120
Fixes: 17699/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5678394531905536
Fixes: 17738/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5763415733174272
Fixes: 17746/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_RDFT_fuzzer-5703008159006720
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 75fefb1fb7ac8b423e08a8dca19b19884a325ebf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
header.data_max and header.data_min are not necessarely set on all decoding scenarios.
Fixes a Valgrind reported regression since cfa193779103c97bbfc28273a0ab12c114b6786d.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e3f0ecfc57889de0e0a359ec30b77851d53cea87)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -1094995519 * 64 cannot be represented in type 'int'
Fixes: 17030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5640695838146560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fbb314b6f2c2b77608442966f28aac20343a1cae)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: 16976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-4847262047404032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e75e7fe1601b97c31e3ce90473ab71b9a0667573)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -2
Fixes: 16964/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5757853565976576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ced9a1cd0ab76a65e509b0d7c56965d61ea1df84)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -7
Fixes: 16959/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5200360825683968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c722a69253a280b86b1d2a4ca00c89345a796781)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: overflow in aspect ratio calculation
Fixes: signed integer overflow: 393215 * 14594 cannot be represented in type 'int'
Fixes: 15728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5661588893204480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 181e138da7207523b387eabc28d24e74a46248bc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
"9.1.1.43 P Reference Distance (REFDIST)"
"The value of REFDIST shall be less than, or equal to, 16."
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7f7af9e294f8bc00756922ab088430ea5b9d7498)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: signed integer overflow: -14527961 - 2147483425 cannot be represented in type 'int'
Fixes: 16380/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5645957131141120
Fixes: 16968/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5716169901735936
Fixes: 17074/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5198710497083392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1e95a3e8a7250060befd9a5fba69151bb2a6690c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Values larger would fail subsequent tests.
Fixes: signed integer overflow: 5 + 2147483646 cannot be represented in type 'int'
Fixes: 16966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5695709549953024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f63cd1963e36bc70211e072bac7eb3606cf85f14)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Infinite loop
Fixes: signed integer overflow: 2147483644 + 16 cannot be represented in type 'int'
Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584
Fixes: 16782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5743163859271680
Fixes: 17641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5711603562971136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 87ddf9f1ef17726fd4235f2e7aed8334d0ff231b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Infinite loop
Fixes: 17620/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3_fuzzer-5086123012915200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2acbbe262325187d87e8881c2984d203fb54207e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This makes the decoder faster
Improves/Fixes: Timeout (22sec -> 20sec)
Testcase: 17619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5078510820917248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 581a895c5c8b464a7fc7ebbaa6d9f565c10bae62)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: division by 0
Fixes: 15657/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5738154838982656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cfa193779103c97bbfc28273a0ab12c114b6786d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Timeout (? -> 2ms)
Fixes: 17616/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5198057947267072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7dc0943d4aa014e616e2f2a4802cb3da829f9420)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Infinite loop
Fixes: 17611/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5765134928052224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 972a0a818ff7a9b33c7f37e08783f4b6082f9aa2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4650975 -> 4493240 dezicycles
This optimizes lines 2 and later. Line 1 still uses av_memcpy_backptr()
This change originally fixed ossfuzz 10790 but this is now fixed by other
optimizations already
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 95e5396919b13a00264466b5d766f80f1a4f7fdc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 238 * 16843009 cannot be represented in type 'int'
Fixes: 16958/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5193905355620352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 033d2c4884eca3f4f80047bff93255b0cc4fa7a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
