virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-02-14 22:22:59 +02:00
Code Issues Releases Activity
88,049 Commits 37 Branches 400 Tags
Commit Graph

88049 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
c91f199f5d avcodec/g723_1dec: Clip bits2 in both directions 
Fixes: shift exponent 33 is too large for 32-bit type 'int'
Fixes: 6743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5823772687859712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 53f241218d9eac368e2e1c58bcca9bbdf10fd0e1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
bd1fd3ff4b avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header() 
Fixes truncation
Fixes Assertion n <= 31 && value < (1U << n) failed at libavcodec/put_bits.h:169
Fixes: ffmpeg_crash_2.avi

Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e1182fac1afba92a4975917823a5f644bee7e6e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
4cbd92baa3 avcodec/mlpdec: Only change noise_type if the related fields are valid 
Fixes: inconsistency
Fixes:runtime error: index 8 out of bounds for type 'int32_t [8]'
Fixes: 6686/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5191383498358784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 63c4a4b0d692bc86142790276358ba35129f2290)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
9d3ae90516 indeo4: Decode all or nothing of a band header. 
This avoids inconsistent value combinations.
Alternatively it would be possible to add more checks and careful use of
temporary variables, but my try of this quickly seemed to become
a rather large change.
The disadvantage of this, is that the struct is copied back and forth.

Fixes: index 6 out of bounds for type 'const uint16_t [5][16]'
Fixes: 6557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-4787296550256640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 10c8521265da86118597336c5589e26de377a374)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
3712d4da1e avformat/mov: Only fail for STCO/STSC contradictions if both exist 
Fixes regression with playback of GF9720Repeal20the20Eighth20with20Helen20Linehan.m4a
See: crbug 822666

Found-by: "Mattias Wadman <mattias.wadman@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c2d689c56646cce64d02a3b75f61c12c5589260)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
22b3e924df avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0 
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int');
Fixes: 6500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-4523620274536448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cb944fc7f1327443a0cf449afbce5a3e8712f90f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
14cea44018 avcodec/fic: Check available input space for cursor 
Fixes: out of array read
Fixes: 6546/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-6317064647081984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cb2f7ea96b4f6e03ebf0c0563677745fc65f148e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
b802baadfd avcodec/g2meet: Check RGB upper limit 
Fixes: runtime error: left shift of 1876744317 by 16 places cannot be represented in type 'int'
Fixes: 6799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5115274731716608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4dd2c8b9ea46b4e008a8bfc2077834428cd5a17c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
022c8c07f8 avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case 
Fixes: shift exponent 47 is too large for 32-bit type 'int'
Fixes: 7955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6016721977606144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 652ba72ed3124f201f98eea9bafb2232b535f549)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
f4d90a36c5 avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done 
Fixes: assertion failure
Fixes: 7949/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-4819602782552064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a96c131eb53b00de154f4773d96a3b323ea3daed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
2cb3dff0f9 avcodec/g2meet: Change order of operations to avoid undefined behavior 
Fixes: signed integer overflow: 65280 * 196032 cannot be represented in type 'int'
Fixes: 7279/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5977332473921536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0a4745145840d97619c424961c1b5c625dbf516c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
5d1c783bf0 avcodec/flac_parser: Fix infinite loop 
Fixes: crbug/827204

Reported-by: Frank Liberato <liberato@google.com>
Reviewed-by: Frank Liberato <liberato@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15a2e35e9e74bba5a27e39c26da5be2361f27945)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
909c1aa0ec avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED() 
Fixes: runtime error: signed integer overflow: 2147483637 + 128 cannot be represented in type 'int'
Fixes: 6701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5358324934508544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e95d80e6fae978f8a44afc24b0c5097a062719f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
c437510d5c avcodec/wavpack: Fix integer overflow in wv_unpack_stereo() 
Fixes: runtime error: signed integer overflow: 2147483531 + 16384 cannot be represented in type 'int'
Fixes: 6615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5165715515506688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit da038c07f02dfc10380001c11b3d047eca7cb8c9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
30ec2357c9 avcodec/error_resilience: Fix integer overflow in filter181() 
Fixes: runtime error: signed integer overflow: 197710 * 10923 cannot be represented in type 'int'
Fixes: 7010/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5667127596941312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1c97035e3b1677d6f0c5b6161ebfeffcf7bb638d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
3b23dd4b91 avcodec/h263dec: Check slice_ret in mspeg4 slice loop 
Fixes infinite loop
Fixes: 6858/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_MSMPEG4V3_fuzzer-4681563766784000
Fixes: 6890/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_WMV1_fuzzer-4756103142309888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit de841fbea7655b74a9663001e01008a86c88779a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
24947b3f7d avcodec/elsdec: Fix memleaks 
Fixes: 6798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5135899701542912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0bd0401336df4e4ca7f3da6a7e226904fd7d5add)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
f31ead3f76 avcodec/vc1_block: simplify ac_val computation 
also fixes: runtime error: index 1456 out of bounds for type 'int16_t [16]'

Found-by: durandal_1707
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d06b01fc2d4f5e031d45f9460d1eea610d23d6c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Michael Niedermayer
be9c4cc0e6 avcodec/ffv1enc: Check that the crc + version combination is supported 
The crc flag is only stored since version 3 thus before this crcs do not
work. We increase the version as needed same as we do with pix_fmts

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d9706f79c17a33bf97e51a7d6ab211ce83a463ee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:04 +02:00
Stephan Holljes
1d5694ba11 lavf/http.c: Free allocated client URLContext in case of error. 
Signed-off-by: Stephan Holljes <klaxa1337@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b6b8c92652d6683d97515352e4a9a4147b7da7c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
f93d7a0c0a avcodec/dsicinvideo: Fail if there is only a small fraction of the data available that comprises a full frame 
Fixes: Timeout
Fixes: 6306/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSICINVIDEO_fuzzer-5079253549842432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5549488bbf3a23c0fb9833cefc6354f97055dd96)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
81d8bd6f42 avcodec/dsicinvideo: Propagate errors from cin_decode_rle() 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 942217b153a9bff2d17463957abd772fcd72b400)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
86c7035646 avcodec/dfa: Check dimension against maximum 
The headers from where the dimensions are read in actual files
are limited to 16bit per component.

Fixes: Timeout
Fixes: 6305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-4824270749302784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9d5a4fcfbb51edc871bdb1c67a88223cbfb1c0e4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
a6db663a31 avcodec/cinepak: Skip empty frames 
Speeds up decoding from 3 to 0.1 seconds for 6302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5626371985375232
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9033920bec9ccf17de205fc17c2b330906b200f5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
205e93fa0d avcodec/cinepak: move some checks prior to frame allocation 
Speeds up decoding from 8 to 3 seconds for 6302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5626371985375232
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2324ef1ff32e5effd6f295bca80580ae4816be0b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Rahul Chaudhry
47c3d2459e swresample/arm: remove unintentional relocation. 
Branch to global symbol results in reference to PLT, and when compiling
for THUMB-2 - in a R_ARM_THM_JUMP19 relocation. Some linkers don't
support this relocation (ld.gold), while others can end up truncating
the relocation to fit (ld.bfd).

Convert this branch through PLT into a direct branch that the assembler
can resolve locally.

See https://github.com/android-ndk/ndk/issues/337 for background.

The current workaround is to disable neon during gstreamer build,
which is not optimal and can be reverted after this patch:
41556c4157

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b22db4f465c9adb2cf1489e04f7b65ef6bb55b8b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
86a6e700e1 doc/APIchanges: Fix typos in hashes 
Thanks-to: Moritz Barsnick <barsnick@gmx.net> for finding the correct ones

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec8a5262b03f85158d722dbc8b8f30cb6bd67e0f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
0b5a2c9a52 avformat/utils: Check cur_dts in update_initial_timestamps() more 
Fixes: runtime error: signed integer overflow: 18133149658382192 - -9223090561878065151 cannot be represented in type 'long long'
Fixes: crbug 831552

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 37d46dc21d708192b12aa13617ebe6a117b07363)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
22a4b599f0 avcodec/utils: Enforce minimum width also for VP5/6 
Fixes: out of array access
Fixes: poc_0411

Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Tested-by: GwanYeong Kim <gy741.kim@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 544324827e0131e43af1a54fb790a48a25fd7ba4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
8d05a802dd avcodec/truemotion2: Propagate out of bounds error from GET_TOK() 
Fixes: Timeout
Fixes: 6389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5695918121680896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f6304af2341d0cee51c2116766622e3ac567b7a0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
ca119e9456 avformat/utils: Fix integer overflow in end time calculation in update_stream_timings() 
Fixes: crbug 829153

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c48ceff786bdc96fdc64417118c457d03bd19871)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
78c8e77c86 avcodec/mjpegdec: Check input buffer size. 
Fixes: Timeout
Fixes: 6381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5665032743419904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8d381b57fd9d17fb5c3a851ca46c738b3afc33a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
fffc77b472 avcodec/h264_slice: Fix integer overflow with last_poc 
Fixes: signed integer overflow: 2147483646 - -2816 cannot be represented in type 'int'
Fixes: crbug 823145

Reported-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c02cd8ca097871dcd00cf8e08ce51660873f405)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
0f868badcf avformat/mov: Fix extradata memleak 
Fixes: crbug 822705

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0a8133119ca5d087c7c7140d100406ff84c477ee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Matt Wolenetz
ae136f8d64 lavc/libopusdec: Allow avcodec_open2 to call .close 
If there is a decoder initialization failure detected in avcodec_open2
after .init is called, allow graceful decoder .close to prevent leaking
libopus decoder allocations.

BUG=828526

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e43e97f0e0f0596b56ceb2f887fe7414f202f081)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
c44244424f avcodec/movtextdec: Check style_start/end 
Limits based on 3GPP TS 26.245 V14.0.0
Fixes: Timeout
Fixes: 6377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5175929115508736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 249aca8f98ff7fb09c12ea68e23c862c62203b95)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
053b9766b4 avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble() 
Fixes: runtime error: signed integer overflow: 2052929346 + 204817098 cannot be represented in type 'int'

This was missed in b1bef755f617af9685b592d866b3eb7f3c4b02b1
Fixes: 5275/clusterfuzz-testcase-minimized-5367635958038528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c837918f50a7bbd6150afd340857ea43fe4717c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
c8f700975e libavcodec/rv34: error out earlier on missing references 
Fixes visual corruption on seeking

Fixes: downloadTest_clip_24M.rmvb

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6cd81d68c5e4b0ff00288970c4151ff4031c0ea9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Hendrik Schreiber
3e6adf0842 swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering. 
Removed +len1 in call to s->mix_2_1_f() as I found no logical explanation for it. After removal, problem was gone.

Signed-off-by: Hendrik Schreiber <hs@tagtraum.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 647fd4b8292e3bfae30b1086aa842a5ee47ee868)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
46db1182da avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed() 
I was not able to reproduce this, this fix is based on just the fuzzer log.
Fixes: 4959/clusterfuzz-testcase-minimized-6035350934781952

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 197a4e8feed45b2e5868760240e83636818f32a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
f4e01b87f2 avcodec/cscd: Error out when LZ* decompression fails 
Fixes: Timeout
Fixes: 6304/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-5754772461191168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d52be5d4e91871a22dac70af3e0ab429e95a2d10)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
heimdallr
2c2ab85562 avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list() 
example:

AVPixelFormat pixFmts[] = { AV_PIX_FMT_RGB24, AV_PIX_FMT_RGBA };
int loss = 0;
AVPixelFormat best = avcodec_find_best_pix_fmt_of_list(pixFmts, AV_PIX_FMT_BGRA, 1, &loss);

best is AV_PIX_FMT_RGB24. But AV_PIX_FMT_RGBA is better.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 354b26a3945eadd4ed8fcd801dfefad2566241de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
43916494f8 avfilter/vf_signature: use av_strlcpy() 
Fixes: out of array access

Found-by: Kira <kira_cxy@foxmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 35eeff30caf34df835206f1c12bcf4b7c2bd6758)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
51035698bd avcodec/utvideodec: Set pro flag based on fourcc 
This avoids mixing 8bit variants with pro and 10bit with non pro mode.
Fixes: out of array read
Fixes: poc_03_30.avi

Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47b7c68ae54560e2308bdb6be4fb076c73b93081)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
fdf56c5654 avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame() 
Fixes: 2018_03_23_poc.wav
Found-by: GwanYeong Kim <gy741.kim@gmail.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea15915b2dc5aaa80c91879fbd183475a7e66e54)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
2be397e234 avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables 
Found-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5c75438b893539dd17998c489fb4c540fc5a6e48)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
9b2ce61155 avformat/mov: Move +1 in check to avoid hypothetical overflow in add_ctts_entry() 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eb60b9d3aaaa42265fb1960be6fff6383cfdbf37)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
26fcff1eb4 avcodec/get_bits: Make sure the input bitstream with padding can be addressed 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e529fe7633762cb26a665fb6dee3be29b15285cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
e26ae6e6ce avformat/mov: Check STSC and remove invalid entries 
Fixes assertion failure
Fixes: crbug 822547, crbug 822666 and crbug 823009

Affects: aark15sd_9A62E2FA.mp4

Found-by: ClusterFuzz
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e67447a4ffacf28af8bace33faf3ea432ddc43e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00
Michael Niedermayer
46ed4d5282 avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it 
Fixes: Timeout
Fixes: 6297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-4882404863901696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 939440ad1aa820bed51f54d273b4fa6c5016d9f9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-18 01:16:03 +02:00