virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-10-30 23:18:11 +02:00
Code Issues Releases Activity
91,193 Commits 38 Branches 411 Tags
a1ac448d02642a164aca44d5ace724b16797851a
Commit Graph

91193 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
a1ac448d02 avcodec/alsdec: fix undefined shift in multiply() 
Fixes: left shift of negative value -6
Fixes: 15564/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5701655938465792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b880b3b236)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
e3ec20a664 avcodec/alsdec: Fix 2 integer overflows 
Fixes: signed integer overflow: 1270564968 + 904828220 cannot be represented in type 'int'
Fixes: 15402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5755426823471104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9cd0d94f59)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
67a92c8f09 avcodec/flicvideo: Make line_packets int 
Fixes: signed integer overflow: -32768 * 196032 cannot be represented in type 'int'
Fixes: 15300/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5733319519502336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 54bd47f861)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
e8aef980f5 avcodec/dvbsubdec: Use ff_set_dimensions() 
Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int'
Fixes: 15740/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5641749164195840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5941b7f615)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
922c84a4f6 avcodec/ffwavesynth: Check if there is enough extradata before allocation 
Fixes: OOM
Fixes: 15750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5702090367696896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 65bac4a782)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
597b8aa7b9 avcodec/ffwavesynth: More correct cast in wavesynth_seek() 
Fixes: signed integer overflow: 553590816 - -9223372036315799520 cannot be represented in type 'long'
Fixes: 15743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5705835377852416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4605770af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
205fa4092a avcodec/ffwavesynth: Check sample rate before use 
Fixes: division by zero
Fixes: 15725/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5641231956180992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c95857a423)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
ddda370a97 avcodec/dnxhd_parser: Fix parser when input does not have nicely sized packets 
Fixes: out of array access
Fixes: 15522/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DNXHD_fuzzer-5747756078989312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d900d8fe0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
2e20f02df4 avcodec/dnxhd_parser: remove unneeded code 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1707dbdf49)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
c7e33d7833 avformat/utils: Check rfps_duration_sum for overflow 
Fixes: signed integer overflow: 9151595917793558550 + 297519050751678697 cannot be represented in type 'long'
Fixes: 15496/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5722866475073536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5c46fdf305)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
9b75fd8607 avcodec/h264_refs: Also check reference in ff_h264_build_ref_list() 
Fixes: out of array read
Fixes: 15409/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5758846959616000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7d3581e6bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
8f1eb713c6 avcodec/parser: Check next index validity in ff_combine_frame() 
Fixes: out of array access
Fixes: 15522/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DNXHD_fuzzer-5747756078989312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15008db0fa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
59c578f5fa avcodec/ivi: Ask for samples with odd tiles 
Fixes: Assertion failure
Fixes: 15422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5676625481433088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a7e02cf3ad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
917dd7e1fb avformat/xmv: Make bitrate 64bit 
Fixes: signed integer overflow: 32 * 538976288 cannot be represented in type 'int'
Fixes: 15633/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5752273981931520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 39a6a79bcb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
183602db89 avcodec/pngdec: Check that previous_picture has same w/h/format 
Fixes: out of array access
Fixes: 15540/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5684905029140480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 18c808ffbe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
2ace949ee6 avcodec/huffyuv: remove gray8a (the format is listed but not supported by the implementation) 
Fixes: null pointer dereference
Fixes: 15464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5681391150301184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6aaa01afe4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
3e20174267 avcodec/mpc8: Fixes invalid shift in mpc8_decode_frame() 
Fixes: left shift of negative value -456
Fixes: 15561/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5758130404720640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1dbb67d39b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
James Zern
ac8c0c5bd1 avcodec/utils, avcodec_open2: close codec on failure 
after a successful init if the function fails for another reason close
the codec without requiring FF_CODEC_CAP_INIT_CLEANUP which is meant to
cover init failures themselves. fixes a memory leak in those cases.

BUG=oss-fuzz:15529

Signed-off-by: James Zern <jzern@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b1febda061)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
e3e762fb52 avcodec/golomb: Correct the doxy about get_ue_golomb() and errors 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1bb3b3f11c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
6950acc1d7 avformat/utils: Check timebase before use in estimate_timings() 
Fixes: division by 0
Fixes: 15480/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5746727434321920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f57e97dfd9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
aa63e8f8e2 avcodec/hq_hqa: Use ff_set_dimensions() 
Fixes: 15530/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5637370344374272
Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a6229fcd40)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
0c9085a664 avcodec/rv10: Fix integer overflow in aspect ratio compare 
Fixes: signed integer overflow: 2040 * 1187872 cannot be represented in type 'int'
Fixes: 15368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV20_fuzzer-5681657136283648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 14fcf42958)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
560ba6feba avcodec/4xm: Fix signed integer overflows in idct() 
Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int'
Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bbea155bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
96121b01f0 avcodec/qdm2: Check checksum_size for 0 
Fixes: Infinite loop
Fixes: 15337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5757428949319680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b2ebf89a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
eb76fa15af avcodec/qdm2: error out of qdm2_fft_decode_tones() before entering endless loop 
Fixes: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int'
Fixes: infinite loop
Fixes: 15396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5116605501014016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 694be24bd6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
b7c871906b avcodec/qdm2: Do not read out of array in fix_coding_method_array() 
Instead we ask for a sample, its unclear what to do in this case.

Fixes: index 30 out of bounds for type 'int8_t [30][64]'
Fixes: 15339/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5749441484554240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ae021c1239)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
3244391053 avcodec/svq3: Use ff_set_dimension() 
Fixes: OOM
Fixes: 15410/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5659464805384192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b114d7687)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
d4154e42e6 avcodec/iff: Check ham vs bpp 
This checks the ham value much stricter and avoids hitting cases which cannot be reached
with data from the libavformat demuxer.

Fixes: out of array access
Fixes: 15320/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5080476840099840
Fixes: 15423/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5630765833912320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f76d7352e0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
274b3e1ec3 avcodec/ffwavesynth: use uint32_t to compute difference, it is enough 
Fixes: signed integer overflow: 6494225984479297536 - -6043795377581187040 cannot be represented in type 'long'
Fixes: 15285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5632780307791872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e9dd3c7126)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
cd256485da avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative case 
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 15289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5709034499342336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c02209935)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
142c7ccb25 avcodec/ffwavesynth: Fix backward lcg_seek() 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf2bd3ce79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
f3487260a1 avcodec/flicvideo: Fix off by 1 error in flic_decode_frame_24BPP() 
Fixes: out of array access
Fixes: 15360/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5653837190266880
Fixes: 15412/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5740537648250880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 37708cbae8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
89c3387e30 avcodec/vc1_block: Check for vlc error in vc1_decode_ac_coeff() 
Fixes: index -1 out of bounds for type 'const uint8_t [185][2]'
Fixes: 15250/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5648992869810176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79204a1fc8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
2f4b8dab94 avcodec/alac: Check lpc_quant 
lpc_quant of 0 produces undefined behavior, thus disallow this.
If valid samples use this then such a sample would be quite
usefull to confirm the correct&lossles handling of this.

Fixes: libavcodec/alac.c:218:25: runtime error: shift exponent -1 is negative
Fixes: 15273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5656388535058432
Fixes: 15276/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5761238417539072
Fixes: 15315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5767260766994432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a6474b899c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
4c189f633e avcodec/dxv: Initialize tex_funct to NULL 
Fixes: Various anomalies
Fixes: 14493/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5071018000908288
Fixes: 14630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5714888963391488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e96b7a8ba6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
b2896eb3a4 avcodec/alsdec: Add FF_CODEC_CAP_INIT_CLEANUP 
Fixes: multiple memleaks
Fixes: 15293/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5642409288925184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b7b6ddd596)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
b4870b81a3 avcodec/alsdec: Fix integer overflow with buffer number 
Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int'
Fixes: 15290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5738074249625600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f64f6058e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
a9e4ef620c avcodec/alsdec: Fixes signed integer overflow in LSB addition 
Fixes: signed integer overflow: 8 * 536870912 cannot be represented in type 'int'
Fixes: 15281/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5744458785619968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7f527021df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
c5fd0c5446 avcodec/alsdec: Check opt_order / sb_length in ra_block handling 
Fixes: out of array access
Fixes: 15277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5184853437317120
Fixes: 15280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5741062137577472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0794494c8f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
18a05c2acd avcodec/alsdec: Fix integer overflow with shifting samples 
Fixes: signed integer overflow: -346039050 * 8 cannot be represented in type 'int'
Fixes: 15283/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5692700268953600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a3bd4b260e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
268dfc0dd5 avcodec/alsdec: Fix undefined behavior in decode_rice() 
Fixes: left shift of 72 by 26 places cannot be represented in type 'int'
Fixes: 15279/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5700665621348352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 51f6870c37)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
1157ba81cf avcodec/alsdec: Fixes invalid shifts in read_var_block_data() and INTERLEAVE_OUTPUT() 
Fixes: left shift of negative value -6
Fixes: 15275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5742361767837696
Fixes: signed integer overflow: 41582592 * 256 cannot be represented in type 'int'
Fixes: 15296/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5739558227935232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e131568752)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
864190828c avcodec/hevc_ps: Change num_tile_rows/columns checks to sps->ctb_height/weight 
Suggested-by: James Almer <jamrial@gmail.com>
Reviewed-by: James Almer <jamrial@gmail.com
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3b2082c663)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
5aed312d73 avcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columns 
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 14880/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5130977304641536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c692051252)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
d0d93ef0d5 avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check 
Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d4f4f4a15)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
05493d7d43 avformat/aviobuf: Delay buffer downsizing until asserts are met 
Fixes: Assertion failure
Fixes: 15151/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5757079496687616
Fixes: 15205/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5767573242642432
May fix: Ticket7094

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0334632d5c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
8819aa775b avcodec/fitsdec: Check data_min/max 
Fixes: division by 0
Fixes: 15206/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5657260212092928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eb82d19f03)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
2248084e8f avcodec/m101: Fix off be 2 error 
Fixes: out of array read
Fixes: 15263/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_M101_fuzzer-5728999453491200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 89b96900fa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
25710f9563 avcodec/qdm2: Move fft_order check up 
This avoids undefined computations with unchecked values

Fixes: shift exponent -21 is negative
Fixes: 15262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5651261753393152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8d8b8c4ac6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00
Michael Niedermayer
f2b03beef0 avcodec/libvorbisdec: Check extradata size 
Fixes: out of array read
Fixes: 15261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_fuzzer-5764908467093504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf3c245566)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-11-11 20:18:46 +01:00