FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-02-04 06:08:26 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	7e211d001f	avcodec/scpr: Test bx before use Fixes: out of array access on 32bit Fixes: 54850/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5302669294305280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1b59de3770b2e3f7f44ec4adba27c88b79adaaec) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-22 00:10:15 +01:00
Michael Niedermayer	87e6221d53	avformat/mxfdec: Use 64bit in remainder Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int' Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 64a04fc165d453fe49906b228ac16385eda28564) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-22 00:03:43 +01:00
Michael Niedermayer	8f4e355416	avcodec/sunrast: Fix maplength check Fixes: out of bounds read Found-by: Ibrahim Mohamed <ielsayed@meta.com> Reviewed-by; Ibrahim Mohamed <ielsayed@meta.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f8a2a65078eaac37eae4a0d7ef440849a9d8f5b5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 23:53:32 +01:00
Michael Niedermayer	194a9429b2	avcodec/wavpack: Avoid undefined shift in get_tail() Fixes: left shift of 1208485947 by 1 places cannot be represented in type 'int' Fixes: 54058/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5827521084260352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8374a747af247d45eb466fcb4aee90f3ae798aad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 23:43:56 +01:00
Michael Niedermayer	7d2360f8d6	avcodec/wavpack: Check for end of input in wv_unpack_dsd_high() Fixes: Timeout Fixes: 50793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-4980185027444736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ad7403bcee47e7c5e99a9c0266935e0da50c9d2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 23:41:55 +01:00
Michael Niedermayer	3aee1b1ec3	avformat/id3v2: Check taglen in read_uslt() Fixes: Timeout (read mostly the same data repeatly) Fixes: 52457/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-6610706313379840 Fixes: 53098/clusterfuzz-testcase-minimized-ffmpeg_dem_SOL_fuzzer-6481382981632000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a798af91d7d1fc31cfc1ae09cc6ab3907304f44f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 23:37:11 +01:00
Michael Niedermayer	46a1e9e386	avcodec/tiff: Ignore tile_count Fixes: out of array access Fixes: 52427/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4849108968144896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65ce417828cc6f5209d8467bc7755f0c59e9aa49) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 23:36:26 +01:00
Michael Niedermayer	16b8de719e	avcodec/ffv1dec: restructure slice coordinate reading a bit Fixes: signed integer overflow: -1094995528 * 8224 cannot be represented in type 'int' Fixes: 53508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-474551033462784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 74b6ac7ebb5c1e06a5fdfa29f79a18599942dbfa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 23:30:42 +01:00
Michael Niedermayer	7c5b975f6f	avcodec/mlpdec: Check max matrix instead of max channel in noise check This is a regression since: adaa06581c5444c94eef72d61b8166f096e2687a Before this, max_channel and max_matrix_channel where compared for equality Fixes: out of array access Fixes: 53340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-514959011885875 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa79560de5e9596ada0345e5d12aa00dbeddaaa6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:41:57 +01:00
Michael Niedermayer	c1780eeccf	avutil/tx: Use unsigned in ff_tx_fft_sr_combine() to avoid undefined behavior Fixes: signed integer overflow: -1284837070 - 982101618 cannot be represented in type 'int' Fixes: 53105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-4848015827664896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7792825ad6b84f54f5a7fd7f90a907291363c419) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:41:29 +01:00
Michael Niedermayer	f291b241a3	swscale/input: Use more unsigned intermediates Same principle as previous commit, with sufficiently huge rgb2yuv table values this produces wrong results and undefined behavior. The unsigned produces the same incorrect results. That is probably ok as these cases with huge values seem not to occur in any real use case. Fixes: signed integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ba209e3d5142fd31bb6c3e05c5b183118a278afc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:37:06 +01:00
Michael Niedermayer	e475ea86f2	avcodec/alsdec: Check bits left before block decoding in non multi channel coding loop Fixes: Timeout Fixes: 52161/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-6440216563154944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg (cherry picked from commit 1dc8d82da910972d308aebc1ee722044f83b9ccc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:33:01 +01:00
Michael Niedermayer	bb7e683a21	avcodec/alsdec: The minimal block is at least 7 bits Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5280947fb6db37063334eae5b467cecd2417b063) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:31:08 +01:00
Michael Niedermayer	71b40b2645	avformat/replaygain: avoid undefined / negative abs Fixes: signed integer overflow: -2147483648 * 100000 cannot be represented in type 'int' Fixes: 52060/clusterfuzz-testcase-minimized-ffmpeg_dem_MP3_fuzzer-5131616708329472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2532b20b17ec557f1b925bfc41c00e7d4e17356c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:30:35 +01:00
Michael Niedermayer	8b09afb86e	swscale/output: Bias 16bps output calculations to improve non overflowing range for GBRP16/GBRPF32 Fixes: integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b74f89caaef2174b0bfb2791ea88e44960dba11f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:29:01 +01:00
Michael Niedermayer	e17632834d	swscale/output: Bias 16bps output calculations to improve non overflowing range Fixes: integer overflow Fixes: ./ffmpeg -f rawvideo -video_size 66x64 -pixel_format yuva420p10le -i ~/videos/overflow_input_w66h64.yuva420p10le -filter_complex "scale=flags=bicubic+full_chroma_int+full_chroma_inp+bitexact+accurate_rnd:in_color_matrix=bt2020:out_color_matrix=bt2020:in_range=full:out_range=full,format=rgba64[out]" -pixel_format rgba64 -map '[out]' -y overflow_w66h64.png Found-by: Drew Dunne <asdunne@google.com> Tested-by: Drew Dunne <asdunne@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0f0afc7fb5d30c40108d81b320823d8f5c9fbedc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:28:24 +01:00
Michael Niedermayer	aca17a8f89	avcodec/speedhq: Check buf_size to be big enough for DC Fixes: Timeout Fixes: 51919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-6023716480090112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9184d3d7b64459e975f26284a7b2e26cbf76480b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:27:53 +01:00
Michael Niedermayer	3314bababf	avcodec/ffv1dec: Fail earlier if prior context is corrupted Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4df91e2215a79546a7f08faa457c05182646b302) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-21 00:27:14 +01:00
Michael Niedermayer	4b0d23902f	avcodec/speexdec: Check channels > 2 More than 2 channels seems unsupported, the code seems to just output empty extra channels Fixes: Timeout Fixes: 51569/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEX_fuzzer-5511509165342720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 77164b2344eb67d61f973ebbbc8e0b88aaae027b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-11 11:51:37 +01:00
Michael Niedermayer	11d07808bc	avformat/vividas: Check packet size Fixes: signed integer overflow: 119760682 - -2084600173 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6745781167587328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f44489cc5d4f3767f6ad2ad067ee6a3f78374bb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-02-11 11:51:11 +01:00
Lynne	7268323193	hwcontext_vulkan: remove optional encode/decode extensions from the list They're not currently used, so they don't need to be there. Vulkan stabilized the decode extensions less than a week ago, and their name prefixes were changed from EXT to KHR. It's a bit too soon to be depending on it, so rather than bumping, just remove these for now. (cherry picked from commit eb0455d64690eed0068e5cb202f72ecdf899837c)	2023-02-06 17:43:33 +02:00
Leo Izen	30d432f205	avcodec/libjxldec: fix gamma22 and gamma28 recognition Gamma 2.2 and Gamma 2.8 are tagged in the file as 0.45455 and 0.35714, respectively (i.e. 1/2.2 and 1/2.8). Trying to identify them as 2.2 and 2.8 instead of these values will cause the transfer function to not properly be recognized. This patch fixes this. (cherry picked from commit 9d5e66942c5bae578926e29efebec348199798df)	2023-01-22 17:05:42 +02:00
Thierry Foucu	070b38167c	avcodec/mpeg12dec: use init_get_bits8 and check the return value Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit efbe84eb1b74a80cd12174feaaa37da2e8fb1e66)	2023-01-04 16:19:56 -03:00
Timo Rothenpieler	807afa59cc	avcodec/nvenc: fix vbv buffer size in cq mode The CQ calculation gets thrown off and behaves very nonsensical if it isn't set to 0.	2022-12-08 12:38:46 +01:00
James Almer	5746987bad	avcodec/mjpegenc: take into account component count when writing the SOF header size Fixes ticket #10069 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 100939695307743396e30e6310d2ea9cf42f9aab)	2022-11-28 08:41:10 -03:00
Martin Storsjö	a6e26053c2	swscale: aarch64: Fix yuv2rgb with negative strides Treat the 32 bit stride registers as signed. Alternatively, we could make the stride arguments ptrdiff_t instead of int, and changing all of the assembly to operate on these registers with their full 64 bit width, but that's a much larger and more intrusive change (and risks missing some operation, which would clamp the intermediates to 32 bit still). Fixes: https://trac.ffmpeg.org/ticket/9985 Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit cb803a0072cb98945dcd3f1660bd2a975650ce42) Signed-off-by: Martin Storsjö <martin@martin.st>	2022-11-04 14:28:11 +02:00
James Almer	b4a4a31499	avcodec/atrac3plus: reorder channels to match the output layout The order in which the channels are coded in the bitstream do not always follow the native, bitmask-based order of channels both signaled by the WAV container and forced by this same decoder. This is the case with layouts containing an LFE channel, as it's always coded last. Fixes ticket #9964. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 3819719099df601c470e961b9d49b9100c65641b)	2022-11-04 09:14:51 -03:00
James Almer	fe2d8f1872	avcodec/aacdec: fix parsing streams with channel configuration 11 Set the correct amount of tags in tags_per_config[]. Also, there are no channels that correspond to a side element in this configuration, so reflect this in the list of known/supported channel layouts. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 8c7d3b43cc1e41de62733eb90dda7e061778f390)	2022-11-04 09:14:51 -03:00
Chema Gonzalez	f5455889fd	libswscale: force a minimum size of the slide for bayer sources Bayer sources are read in groups of 2 lines (e.g. for a BGGR flavor, the first row contains only B and G samples, while the second row contains only G and R samples). They need to be read as a whole. Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit bf64a75c5ae58ed575303f70b2ab9b2208ded339) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2022-10-14 12:24:21 +02:00
Guangyu Sun	e7dd643419	lavf/async: Fix ring_write return value This fixes a regression from commit 36117968ad. wrapped_url_read() used to be able to return positive number from ffurl_read(). It relies on the result to check if EOF is reached in async_buffer_task(). But FIFO callbacks must return 0 on success. This should be handled in ring_write() instead. Test case: ffmpeg -f lavfi -i testsrc -t 1 test.mp4 ffmpeg -i async:test.mp4 Signed-off-by: Guangyu Sun <gsun@roblox.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit fc6f7e2a3b2fff6c4df957684d939586a3de448f) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2022-10-14 12:24:21 +02:00
Steven Liu	79bd6a21a0	avcodec/audiotoolboxenc: return AVERROR_EXTERNAL immediately when encode error Just return AVERROR_EXTERNAL immediately when encode error. The other logic should keep the old behavior before commit 7c05b7951. Suggested-By: Zhao Zhili <zhilizhao@tencent.com> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>	2022-10-05 23:21:04 +08:00
Leo Izen	05d6157aab	avcodec/libjxlenc: avoid hard failure with unspecified primaries This patch prevents the libjxl encoder wrapper from failing to encode images when the input video has untagged primaries. It will instead assume BT.709/sRGB primaries and print a warning. Signed-off-by: Leo Izen <leo.izen@gmail.com> (cherry picked from commit 940169b8aab406a8b1ccee4a9705a1e06b76d035)	2022-09-25 11:15:57 -03:00
Michael Niedermayer	eacfcbae69	Update for 5.1.2 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> n5.1.2	2022-09-24 22:59:48 +02:00
Michael Niedermayer	6bbe4d1f4f	avcodec/dstdec: Check for overflow in build_filter() Fixes: signed integer overflow: 1917019860 + 265558963 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-4833165046317056 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8008940da5aa43895fd4574114309c3324249eab) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:24 +02:00
Michael Niedermayer	9658d1da59	avformat/spdifdec: Use 64bit to compute bit rate Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4075f0cec1830a7ac081b1a23bd3f5c4e266fe26) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:24 +02:00
Michael Niedermayer	67648acb76	avformat/rpl: Use 64bit for duration computation Fixes: signed integer overflow: 24709512 * 88 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6737973728641024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 529f64b2eb98e0c3ae4944abd5d01fa7c1def047) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:23 +02:00
Michael Niedermayer	c54161e199	avformat/xwma: Use av_rescale() for duration computation Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c789f753c3657be9041307f9c03749f5ba5a6bb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:23 +02:00
Michael Niedermayer	e443e2e210	avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa8eb1bed075931b0ce0a8bc9a8ff5882830044c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:23 +02:00
Michael Niedermayer	ad56da7634	avformat/sbgdec: Check ts_int in genrate_intervals There is probably a better place to check for this, but better here than nowhere Fixes: signed integer overflow: -9223372036824775808 - 86400000000 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6601162580688896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f529e9147a5c5c8ecf8d5ef0dd569194ce30eed) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:22 +02:00
Michael Niedermayer	3e2b970b00	avformat/sbgdec: clamp end_ts Fixes: signed integer overflow: 9223372036851135042 + 15666854 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6573717339111424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 981f5e46afa3673dfa43eb2bf5017680d5df25dd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:22 +02:00
Michael Niedermayer	77628600aa	avformat/rmdec: check tag_size Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2cb7ee8a36bddd3425897135db514ca62fec6e44) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:22 +02:00
Michael Niedermayer	de79299bf0	avformat/nutdec: Check fields Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c146406eac06f3d3cd3d981c29e7affd834cb4d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:21 +02:00
Michael Niedermayer	1c3c25491a	avformat/flvdec: Use 64bit for sum_flv_tag_size Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7124f10c1d521096042ba3c9c519828147f78c46) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:21 +02:00
Michael Niedermayer	740a71b583	avformat/jacosubdec: Fix overflow in get_shift() Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-6722544461283328 Fixes: signed integer overflow: 48214448 * 60 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b1a68127bbcd3d638363fa0249982c494e87c9e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:21 +02:00
Michael Niedermayer	4038dfc1d1	avformat/genh: Check nb_channels for IMA ADPCM The check could be made more strict Fixes: signed integer overflow: 36 * 538976288 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-6539389873815552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0345a885455dea52fcc570b97f5dc5c75372a39c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:20 +02:00
Michael Niedermayer	c38fde3b9d	avformat/dxa: avoid bpc overflows Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 93db0f0740cacd64ae07b5e8606b70021e48d364) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:20 +02:00
Michael Niedermayer	48acb06c78	avformat/dhav: Use 64bit seek_back Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-6604736532447232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 10453f5192869b63b071aee3962ae2c712f9bfd3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:20 +02:00
Michael Niedermayer	ef0a505126	avformat/cafdec: Check that nb_frasmes fits within 64bit Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:19 +02:00
Michael Niedermayer	01834eaec2	avformat/asfdec_o: Limit packet offset avoids overflows with it Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136 Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 736e9e69d5dbbe1d81885dfef59917eb915d2f96) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:19 +02:00
Michael Niedermayer	08047db178	avformat/apm: Use 64bit for bit_rate computation Fixes: signed integer overflow: -1155522528 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APM_fuzzer-6580670570299392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5b23cab5c769d6611a3fe111546d65809046a4d8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-09-24 22:58:19 +02:00

... 2 3 4 5 6 ...

107676 Commits