Michael Niedermayer
ae4bfed934
avcodec/fitsdec: Prevent division by 0 with huge data_max
...
Fixes: division by 0
Fixes: 15657/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5738154838982656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cfa1937791michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
3ba1413f04
avcodec/dstdec: Fix integer overflow in samples_per_frame computation
...
Fixes: Timeout (? -> 2ms)
Fixes: 17616/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5198057947267072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7dc0943d4amichael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
ea8d459fc9
avcodec/g729_parser: Check block_size
...
Fixes: Infinite loop
Fixes: 17611/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5765134928052224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 972a0a818fmichael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
b5d6694cb7
avcodec/sbcdec: Initialize number of channels
...
Fixes: out of array access
Fixes: 17609/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SBC_fuzzer-5758729319874560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Reviewed-by: Moritz Barsnick <barsnick@gmx.net >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 02fb6a2147michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
4bd6253313
avcodec/utils: Optimize ff_color_frame() using memcpy()
...
4650975 -> 4493240 dezicycles
This optimizes lines 2 and later. Line 1 still uses av_memcpy_backptr()
This change originally fixed ossfuzz 10790 but this is now fixed by other
optimizations already
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 95e5396919michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
c6b6f2b342
avcodec/aacdec: Check if we run out of input in read_stream_mux_config()
...
Fixes: Infinite loop
Fixes: 16920/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5653421289373696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3dce4d03d5michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
0d47567d0b
avcodec/utils: Use av_memcpy_backptr() in ff_color_frame()
...
Fixes: Timeout (191sec -> 53sec)
Fixes: 16908/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5711207859748864
Fixes: 10709/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5630617975259136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 340ab13504michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
d7cb0d2205
avcodec/smacker: Fix integer overflow in signed int multiply in SMK_BLK_FILL
...
Fixes: signed integer overflow: 238 * 16843009 cannot be represented in type 'int'
Fixes: 16958/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5193905355620352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 033d2c4884michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
d01ab37867
avcodec/alac: Fix invalid shifts in 20/24 bps
...
Fixes: left shift of negative value -256
Fixes: 16892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-4880802642395136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b30c07cc2bmichael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
c87327f4a5
avcodec/alac: fix undefined behavior with INT_MIN in lpc_prediction()
...
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 16786/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5632818851348480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0831cbfe09michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
cc178d0e4d
avcodec/ffwavesynth: Fix integer overflow in timestamps
...
Fixes: signed integer overflow: 9223371075321077760 * 2 cannot be represented in type 'long'
Fixes: 16447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5698937431785472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c7ccbf40edmichael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
cc4cdecc61
avcodec/dxv: Check op_offset in both directions
...
Fixes: signed integer overflow: 61 + 2147483647 cannot be represented in type 'int'
Fixes: 15311/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5742552826773504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8c7d5fcfc3michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
59f5d232dc
avcodec/adpcm: Check number of channels for MTAF
...
Fixes: out of array access
Fixes: 17608/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_MTAF_fuzzer-5074936267276288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 74bbf9bc82michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
d918e45760
avcodec/sunrast: Fix indention
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0728d64497michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
942dcae517
avcodec/sunrast: Fix return type for "unsupported (compression) type"
...
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0e8b7709a9michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
f8a4c39b2f
avformat/mov: Check for EOF in mov_read_meta()
...
Fixes: Timeout (195sec -> 2ms)
Fixes: 16735/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5090676403863552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 093d1f4250michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
cb3286d663
avcodec/hevcdec: Fix memleak of a53_caption
...
Fixes: 15295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5675655187922944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ef50cf7b32michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
c87ccb476f
avformat/cdxl: Fix integer overflow in intermediate
...
Fixes: signed integer overflow: 65535 * 65312 cannot be represented in type 'int'
Fixes: 16704/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6294115603447808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5c5575c8dcmichael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
c9173f8787
avcodec/hevcdec: repeat character in skiped
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d2d8e797ccmichael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
0d1e3b33ed
avcodec/gdv: Replace assert() checking bitstream by if()
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a9fae76370michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
4b68a455e2
libavcodec/utils: Free threads on init failure
...
Fixes: Multiple memleaks
Fixes: ffmpeg-memory-leak
Found-by: Francis Provencher <francis@protekresearchlab.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 61b055bed0michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
eeb50e42ba
avcodec/htmlsubtitles: Avoid locale dependant isdigit()
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b94cf549e2michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
97f04bc6e5
avcodec/alsdec: Check k from being outside what our implementation can handle
...
The specification does not seem to list what the maximum valid
value is
Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int'
Fixes: 16268/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5638164544225280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e125578994michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
5ac0f94427
avcodec/takdec: Fix integer overflow in decorrelate()
...
Fixes: signed integer overflow: -2424832 - 2145653689 cannot be represented in type 'int'
Fixes: 16138/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5643451346976768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f119273649michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
3862f64d8a
avcodec/aacps: Fix integer overflows in hybrid_synthesis()
...
Fixes: signed integer overflow: -822667928 + -1399761199 cannot be represented in type 'int'
Fixes: 15756/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5645182051024896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ec749ed222michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
b718098a1e
avcodec/mpeg4videodec: Fix integer overflow in mpeg4_decode_studio_block()
...
Fixes: signed integer overflow: 24023040 * 112 cannot be represented in type 'int'
Fixes: 16570/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5173275211071488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Kieran Kunhya <kierank@obe.tv >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0e4a0e962cmichael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
033013f83d
avcodec/vp56rac: delay signaling an error on truncated input
...
A threshold of 1 is sufficient for simple_dump_cut.webm, 10 is used
just to be sure the next truncated file doesnt cause the same issue
Obvious alternative fixes are to simply accept that the file is broken or to
write some advanced error concealment or to
simply accept that the decoder wont stop at the end of input.
Fixes: Ticket 8069 (artifacts not the differing md5 which was there before 1afd2469601afd246960michael@niedermayer.cc >
(cherry picked from commit b6b9ac5698michael@niedermayer.cc >
(cherry picked from commit 70fb3fa990d604211d5b24fc43cdfe31560de250)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
2b937a41d4
avcodec/vp5/6/8: use vpX_rac_is_end()
...
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ab56e62e8fmichael@niedermayer.cc >
(cherry picked from commit 1dd89192c59df0d6655e9308a0782d8c7b259b18)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
a9a2075247
avcodec/vp56: Add vpX_rac_is_end() to check for the end of input
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0fb83b4c91michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
68ec113dae
avcodec/qdm2: Check frame size
...
Fixes: index 2304 out of bounds for type 'float [2304]'
Fixes: 16332/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5679142481166336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 12b909ba31michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
c2848b4916
avcodec/vc1_pred: Fix refdist in scaleforopp()
...
Fixes: out of array access
Fixes: 16601/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5656105392275456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 413e0f2516michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
51dcaf6a29
avcodec/vorbisdec: fix FASTDIV usage for vr_type == 2
...
This reverts a hunk from f1ca40ee00https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 722fd46965michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
28230cb91c
avcodec/iff: Check for overlap in cmap_read_palette()
...
Fixes: undefined memcpy() use
Fixes: 16302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5678750575886336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit dfa5d1a366michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
c2c1843dcd
avcodec/apedec: Fix 32bit int overflow in do_apply_filter()
...
Fixes: signed integer overflow: 2147480546 + 4096 cannot be represented in type 'int'
Fixes: 16280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5123442566758400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9d3ddef519michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
69a17c38a7
avcodec/ralf: fix undefined shift in extend_code()
...
Fixes: left shift of negative value -3
Fixes: 16147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5658392722407424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4778407ab3michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
965c902627
avcodec/ralf: fix undefined shift
...
Fixes: left shift of negative value -2
Fixes: 16145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5146671058518016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0ee886988emichael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
56d45271d0
avcodec/bgmc: Check input space in ff_bgmc_decode_init()
...
Fixes: Infinite loop
Fixes: 16608/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5636229827133440
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b54031a6e9michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
8ba17766a6
avcodec/truemotion2: Fix multiple integer overflows in tm2_null_res_block()
...
Fixes: signed integer overflow: 1795032576 + 598344192 cannot be represented in type 'int'
Fixes: 16196/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5636723419119616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cc78783ce5michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
8fed01d713
avcodec/vc1dec: Require res_sprite for wmv3images
...
non res_sprite leads to decoder delay which leads to assertion failure
Fixes: Assertion failure
Fixes: 16402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5704510034411520
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: 16425/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5692858838810624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9c6b400492michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
ffaa89b5ad
avcodec/vc1_block: Check for double escapes
...
Fixes: out of array read
Fixes: 16331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5672735195267072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6962fd586emichael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
77b92f757a
avcodec/vorbisdec: Check get_vlc2() failure
...
Fixes: out of array read
Fixes: 16510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5754510382727168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 07b948fe60michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
faeeb2e1d7
avcodec/tta: Fix integer overflow in prediction
...
Fixes: signed integer overflow: -395281576 + -1827578048 cannot be represented in type 'int'
Fixes: 16038/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5646109705240576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7e9aecc9f3michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
2996100334
avcodec/vb: Check input packet size to be large enough to contain flags
...
Fixes: Timeout (->9sec)
Fixes: 16292/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VB_fuzzer-5747063496638464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit dea2591d4fmichael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
f57fd95be9
avcodec/cavsdec: Limit the number of access units per packet to 2
...
Fixes: Timeout (122sec -> 13ms)
Fixes: 15978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5148925004087296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 37bc8e3249michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
2bef13cc45
avcodec/alac: Check for bps of 0
...
Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int'
Fixes: 15764/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5102101203517440
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8f49176e84michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
505a44513f
avcodec/alac: Fix multiple integer overflows in lpc_prediction()
...
Fixes: signed integer overflow: 2088795537 + 2147254401 cannot be represented in type 'int'
Fixes: signed integer overflow: -1500363496 + -1295351808 cannot be represented in type 'int'
Fixes: signed integer overflow: -79560 * 32640 cannot be represented in type 'int'
Fixes: signed integer overflow: 2088910005 + 2088796058 cannot be represented in type 'int'
Fixes: signed integer overflow: -117258064 - 2088725225 cannot be represented in type 'int'
Fixes: signed integer overflow: 2088725225 - -117258064 cannot be represented in type 'int'
Fixes: 15739/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5630664122040320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ae3d6a337amichael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
7b6d80c94f
avcodec/rl2: set dimensions
...
The dimensions are always 320x200 they are hardcoded in the demuxer.
Hardcode them instead in the decoder.
Fixes: Timeout (16sec -> 400ms)
Fixes: 15574/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RL2_fuzzer-5158614072819712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 965e766e48michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
0a1d92cdd1
avcodec/aacdec: Add FF_CODEC_CAP_INIT_CLEANUP
...
Fixes: memleaks
Fixes: 16289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5200695692623872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 48b86dd8a6michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
2f81dc8ce0
avcodec/idcinvideo: Add 320x240 default maximum resolution
...
Fixes: Timeout (128sec -> 2ms)
Fixes: 16568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IDCIN_fuzzer-5675004095627264
See: [FFmpeg-devel] [PATCH 4/4] tools/target_dec_fuzzer: Adjust max_pixels for IDCIN
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c9fcf881e6michael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
Michael Niedermayer
8827dd34ac
avformat/realtextdec: free queue on error
...
Fixes: memleak
Fixes: 16277/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5696629440512000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 493438fafcmichael@niedermayer.cc >
2019-11-11 20:18:47 +01:00
