Fixes: Timeout (same growing chunk is decoded to failure repeatedly)
Fixes: 42582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-6531195591065600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d8ea7a67ba62f5d4520e75e56b9954d80e7ff223)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -16777216 * 131 cannot be represented in type 'int'
Fixes: 23835/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5669943160078336
Fixes: 41101/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-4636330705944576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 68457c1e85122ffcadb0c909070dd210095fd2cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd949124793c722ed55dead9da245574ace81968)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 9223372036200463215 + 1109914409 cannot be represented in type 'long'
Fixes: 41480/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6553086177443840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 562021e2fd4d74589905d9c566c686394d2b0526)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf1e93bdc9aaa4fd5c231030b5368aae0df018ee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: 40284/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP3_fuzzer-4599568176644096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 96caa01f130526cb420d0706a40fb63695153128)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -776522110086937600 * 16 cannot be represented in type 'long'
Fixes: 40563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644829447127040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a64a4c58255d45e05eff80c9464ad3bdc2d6463)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: integer overflow
Fixes: 40313/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4814761406103552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 905588df975071c03c00b2e923c311b4de65a8f4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93f7776921ed8c5219732210067016c3457e864d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b04836dff9958e8bfdbed2746b8c40b1e119ecc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out if array read
Fixes: 40109/clusterfuzz-testcase-minimized-ffmpeg_dem_FLAC_fuzzer-4805686811295744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Mattias Wadman <mattias.wadman@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
We still own it on failure, and there's no point trying to feed it again.
This should address the issue reported in dav1d #383 and part of VLC #26259.
Signed-off-by: James Almer <jamrial@gmail.com>
Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Fixes: signed integer overflow: 822841647 + 1647055738 cannot be represented in type 'int'
Fixes: 39935/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-4592657142251520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f24028c798397af720acb838357785aa705a8122)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The calling code does not handle failures and will fail with assertion failures later.
Seeking can always fail even when the position was previously read.
Fixes: Assertion failure
Fixes: 35253/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4693059982983168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d115eec97929e23fd1b06df2d95f48cf5000eb87)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: signed integer overflow: 727298502 * 3 cannot be represented in type 'int'
Fixes: 39172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-638602483033702
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f059b56195da9c0e2c11a5f7f357a3d6101e6bf0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -2145648640 - 3357696 cannot be represented in type 'int'
Fixes: 38899/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5358815017566208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad517ee6e44f093e28021ffd51c7eb2e1394b1a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 255a7b423ed5e07536bdc72e993056daa4efe009)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06d67265881249566f385309e2fb5a9449720b6e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2145649668 + 3956526 cannot be represented in type 'int'
Fixes: 38351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-4647077926273024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0e45886e6ea272f453cb949e95c3bfd8380974c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: index 128 out of bounds for type 'uint16_t [128]'
Fixes: 38651/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-6296416058736640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 85413a5ae6948a1d6e4e947a4fca984b8c686016)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This avoids reallocating per frame
Fixes: Assertion failure
Fixes: 36359/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6733238591684608
Fixes: 38623/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6098656512573440
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0faf04e807fc09bb3d72a034c284fe44b54fa76b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: error: 1.66789e+11 is outside the range of representable values of type 'int'
Fixes: Ticket8201
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 245017ec8a87d6e4c764d06afeca37100b980d85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 559334865 * 4 cannot be represented in type 'int'
Fixes: 37929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6751932295806976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 90da43557f7257d72e95504f63ae6504406d6eab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -682581959642593728 * 16 cannot be represented in type 'long'
Fixes: 37883/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5311691517198336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 737e6bf2162b89d396f4d477bfe8c99f1dd885de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 4611686025627387904 + 4611686025627387904 cannot be represented in type 'long'
Fixes: 35489/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-4862678601433088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f624c92d4c6fa73dfa95959d886090af6790bc36)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: signed integer overflow: 65312 * 65535 cannot be represented in type 'int'
Fixes: 32832/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-4817710040088576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e2c2872393f25253aa40861a9707934c4b83a3af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2788626175500000000 + 7118941284000000000 cannot be represented in type 'long'
Fixes: 35215/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6123272247836672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2768928624793f66694f7f2b0824f052e69e3557)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 34651/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5157941012463616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 989febfbd0c986e9e3e0f269a6b22778bf79147b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Out of array access
Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3dd5a8a13510d08a4e25e8f138d718672a0fed4a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
In some extrme cases, like with adpcm_ms samples with an extremely high channel
count, get_audio_frame_duration() may return a negative frame duration value.
Don't propagate it, and instead return 0, signaling that a duration could not
be determined.
Fixes ticket #9312
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e01d306c647b5827102260b885faa223b646d2d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
