virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-03 05:10:03 +02:00
Code Issues Releases Activity
92,774 Commits 37 Branches 400 Tags 467 MiB
f238fcdb3e
Commit Graph

92774 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
f238fcdb3e avfilter/vf_geq: Use av_clipd() instead of av_clipf() 
With floats we cannot represent all 32bit integer dimensions

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8813b1a98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
6247243e07 avcodec/wmaprodec: Check that the streams channels do not exceed the overall channels 
Fixes: NULL pointer dereference
Fixes: 18075/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5708262036471808
Fixes: 18087/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5740627634946048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e418b315dd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
0240d56daf avcodec/qdmc: Check input space in qdmc_get_vlc() 
Fixes: Timeout (125sec -> 0.4sec)
Fixes: 18059/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDMC_fuzzer-5656195825664000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c7975fe6f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
3088c82476 avcodec/pcm: Check bits_per_coded_sample 
Fixes: shift exponent -2 is negative
Fixes: 17736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_F16LE_fuzzer-5742815929171968
Fixes: 17998/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_F24LE_fuzzer-5716980383875072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5de19160a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
25a7110651 avcodec/exr: Allow duplicate use of channel indexes 
Fixes: Ticket #8203

Reported-by: durandal_1707
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 080819b3b4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
9c2659f4ab avcodec/fitsdec: Fail on 0 naxisn 
Fixes: Timeout (100+ sec -> 23ms)
Fixes: 17769/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5678314672357376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a3303d520)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
39183277ef avcodec/dxv: Subtract 12 earlier in dxv_decompress_cocg() 
the data_start is after reading 12 bytes and if its subtracted
at the very end the intermediate might overflow

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd9e6d077e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
97244c8c62 libavcodec/dxv: Remove redundant seek 
This seeks to the position the previous call to dxv_decompress_opcodes()
positioned us in case of success

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c371e50b4f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
71e56b44ed avcodec/ituh263dec: Check input for minimal frame size 
Fixes: Timeout (28sec -> 3sec)
Fixes: 17559/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H263_fuzzer-5681050776240128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7f0498ed46)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
cc2a919086 avcodec/truemotion1: Check that the input has enough space for a minimal index_stream 
Fixes: Timeout (18sec -> 0.4sec)
Fixes: 17585/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION1_fuzzer-5117015135617024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a660fac98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
e8206b63ad avformat/mpsubdec: Clear queue on error 
Fixes: Memleaks
Fixes: 17219/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5720539124989952

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9a0d36e562)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
3a661be4c4 avcodec/sunrast: Check that the input is large enough for the maximally compressed image 
Fixes: Timeout (17sec -> 15ms)
Fixes: 17224/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SUNRAST_fuzzer-5663218491457536
Fixes: 17224/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SUNRAST_fuzzer-5735590015795200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf0ba75c4a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
b1ae124919 avcodec/sunrast: Check for availability of maplength before allocating image 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 711ad71aea)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
1da6cfeccb avformat/subtitles: Check nb_subs in ff_subtitles_queue_finalize() 
Fixes: null pointer dereference
Fixes: 17828/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5645915116797952
Fixes: Ticket8147

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 81b53913bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
317c63d3f4 avcodec/vc1_block: Fix invalid left shift in vc1_decode_p_mb() 
Fixes: left shift of negative value -6
Fixes: 17810/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5638541240958976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f588ccfb7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
3ae6eee2a7 avcodec/wmaprodec: Check if there is a stream 
Fixes: null pointer dereference
Fixes: signed integer overflow: 512 * 2147483647 cannot be represented in type 'int'
Fixes: 17809/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5634409947987968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b533de28e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
c8823d4957 avcodec/g2meet: Check for end of input in jpg_decode_block() 
Fixes: Timeout (100sec -> 0.7sec)
Fixes: 8668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5174143888130048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 61dd2e07be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
a547d59079 avcodec/g2meet: Check if adjusted pixel was on the stack 
This basically checks if a pixel that was coded with prediction
and residual could have been stored using a previous case.
This avoids basically a string of 0 symbols stored in less than
50 bytes to hit a O(n²) codepath.

Fixes: Timeout (too slow to wait -> immediately)
Fixes: 8668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-4895946310680576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c84c162e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
e644b74074 avformat/electronicarts: If no packet has been read at the end do not treat it as if theres a packet 
Fixes: Assertion failure
Fixes: 17770/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5700606668308480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4de49edc4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
45836a60f5 avcodec/dxv: Check op_offset in dxv_decompress_yo() 
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int'
Fixes: 17745/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5734628463214592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 97450d2b6a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
5e3a827e9d avcodec/utils: Check sample_rate before opening the decoder 
Fixes: signed integer overflow: 2 * -1306460384 cannot be represented in type 'int'
Fixes: 17685/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_fuzzer-5747390337777664
Fixes: 17688/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5739287210885120
Fixes: 17699/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5678394531905536
Fixes: 17738/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5763415733174272
Fixes: 17746/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_RDFT_fuzzer-5703008159006720

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 75fefb1fb7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
f5636c5b20 avcodec/aptx: Fix multiple shift anomalies 
Fixes: left shift of negative value -24576
Fixes: 17719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APTX_fuzzer-5710508002377728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 675f62a202)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
James Almer
781a4a43b5 avcodec/fitsdec: fix use of uninitialised values 
header.data_max and header.data_min are not necessarely set on all decoding scenarios.

Fixes a Valgrind reported regression since cfa1937791.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e3f0ecfc57)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
dc5760a909 avcodec/motionpixels: Mark 2 functions as always_inline 
Fixes: Timeout (30sec -> 25sec)
Fixes: 17050/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5719149803732992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 017884bdc3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
20a923a3ae avcodec/ituh263dec: Make the condition for the studio slice start code match between ff_h263_resync() and ff_mpeg4_decode_studio_slice_header() 
If they mismatch an infinite loop can occur
Fixes: Timeout (infinite loop)
Fixes: 17043/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5695051748868096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8335ba8ae9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
6b9a6088d6 avcodec/ralf: Fix integer overflow in decode_channel() 
Fixes: signed integer overflow: -1094995519 * 64 cannot be represented in type 'int'
Fixes: 17030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5640695838146560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fbb314b6f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
d3f8892249 vcodec/vc1: compute rangex/y only for P/B frames 
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: 16976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-4847262047404032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e75e7fe160)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
26db773767 avcodec/vc1_pred: Fix invalid shifts in scaleforopp() 
Fixes: left shift of negative value -2
Fixes: 16964/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5757853565976576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ced9a1cd0a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
a9788d00ee avcodec/vc1_block: Fix invalid shift with rangeredfrm 
Fixes: left shift of negative value -7
Fixes: 16959/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5200360825683968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c722a69253)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
cd949baefd avcodec/vc1: Check for excessive resolution 
Fixes: overflow in aspect ratio calculation
Fixes: signed integer overflow: 393215 * 14594 cannot be represented in type 'int'
Fixes: 15728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5661588893204480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 181e138da7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
79dffb7f2c avcodec/vc1: check REFDIST 
"9.1.1.43 P Reference Distance (REFDIST)"
"The value of REFDIST shall be less than, or equal to, 16."

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7f7af9e294)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
fe51b4d5a0 avcodec/apedec: Fix several integer overflows in predictor_update_filter() and do_apply_filter() 
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: signed integer overflow: -14527961 - 2147483425 cannot be represented in type 'int'
Fixes: 16380/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5645957131141120
Fixes: 16968/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5716169901735936
Fixes: 17074/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5198710497083392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1e95a3e8a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
588c735ce5 avcodec/hevc_cabac: Tighten the limit on k in ff_hevc_cu_qp_delta_abs() 
Values larger would fail subsequent tests.

Fixes: signed integer overflow: 5 + 2147483646 cannot be represented in type 'int'
Fixes: 16966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5695709549953024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f63cd1963e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
9691f42ae9 avcodec/4xm: Check index in decode_i_block() also in the path where its not used. 
Fixes: Infinite loop
Fixes: signed integer overflow: 2147483644 + 16 cannot be represented in type 'int'
Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584
Fixes: 16782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5743163859271680
Fixes: 17641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5711603562971136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 87ddf9f1ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
b0c5ec9ab4 avcodec/loco: Check for end of input in the first line 
Fixes: Timeout (85sec -> 0.1sec)
Fixes: 17634/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5666410809786368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c5a52eb5cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
ba148f2329 avcodec/atrac3: Check block_align 
Fixes: Infinite loop
Fixes: 17620/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3_fuzzer-5086123012915200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2acbbe2623)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
559280043d avcodec/alsdec: Avoid dereferencing context pointer in inner interleave loop 
This makes the decoder faster

Improves/Fixes: Timeout (22sec -> 20sec)
Testcase: 17619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5078510820917248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 581a895c5c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
7e4d850a9f avcodec/fitsdec: Prevent division by 0 with huge data_max 
Fixes: division by 0
Fixes: 15657/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5738154838982656

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cfa1937791)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
2567675f00 avcodec/dstdec: Fix integer overflow in samples_per_frame computation 
Fixes: Timeout (? -> 2ms)
Fixes: 17616/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5198057947267072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7dc0943d4a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
86acbb0350 avcodec/g729_parser: Check block_size 
Fixes: Infinite loop
Fixes: 17611/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5765134928052224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 972a0a818f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
a3f6f21506 avcodec/sbcdec: Initialize number of channels 
Fixes: out of array access
Fixes: 17609/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SBC_fuzzer-5758729319874560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 02fb6a2147)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
18e5ce4d0d avcodec/utils: Optimize ff_color_frame() using memcpy() 
4650975 -> 4493240 dezicycles

This optimizes lines 2 and later. Line 1 still uses av_memcpy_backptr()
This change originally fixed ossfuzz 10790 but this is now fixed by other
optimizations already

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 95e5396919)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
e6cff05bef avcodec/aacdec: Check if we run out of input in read_stream_mux_config() 
Fixes: Infinite loop
Fixes: 16920/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5653421289373696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3dce4d03d5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
5d49cf9ac2 avcodec/utils: Use av_memcpy_backptr() in ff_color_frame() 
Fixes: Timeout (191sec -> 53sec)
Fixes: 16908/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5711207859748864
Fixes: 10709/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5630617975259136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 340ab13504)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
d07669ebc6 avcodec/smacker: Fix integer overflow in signed int multiply in SMK_BLK_FILL 
Fixes: signed integer overflow: 238 * 16843009 cannot be represented in type 'int'
Fixes: 16958/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5193905355620352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 033d2c4884)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
24b0e33b8b avcodec/alac: Fix invalid shifts in 20/24 bps 
Fixes: left shift of negative value -256
Fixes: 16892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-4880802642395136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b30c07cc2b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
60993e367f avcodec/alac: fix undefined behavior with INT_MIN in lpc_prediction() 
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 16786/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5632818851348480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0831cbfe09)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
718eab1733 avcodec/ffwavesynth: Fix integer overflow in timestamps 
Fixes: signed integer overflow: 9223371075321077760 * 2 cannot be represented in type 'long'
Fixes: 16447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5698937431785472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c7ccbf40ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
07b6caa309 avcodec/dxv: Check op_offset in both directions 
Fixes: signed integer overflow: 61 + 2147483647 cannot be represented in type 'int'
Fixes: 15311/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5742552826773504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c7d5fcfc3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00
Michael Niedermayer
3f2f2b18c8 avcodec/adpcm: Check number of channels for MTAF 
Fixes: out of array access
Fixes: 17608/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_MTAF_fuzzer-5074936267276288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 74bbf9bc82)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-01-06 11:30:43 +01:00