ffmpeg

mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-01-06 14:15:29 +01:00

Author	SHA1	Message	Date
Michael Niedermayer	a9fba357e5	avcodec/loco: Fix integer overflow with large values from loco_get_rice() Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int' Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3ddc5e1f3c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-07 19:29:28 +02:00
Michael Niedermayer	ad609996e6	avformat/smjpegdec: Check the existence of referred streams Fixes: Assertion failure Fixes: 23758/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5160954605338624.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `321ea59dac`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-07 19:28:34 +02:00
Michael Niedermayer	adffd9d909	avcodec/pnmdec: Fix misaligned reads Found-by: "Steinar H. Gunderson" <steinar+ffmpeg@gunderson.no> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ea28ce9bc1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-06 01:51:19 +02:00
Michael Niedermayer	98ce6fd8e7	Update for 2.8.17	2020-07-05 13:01:36 +02:00
Michael Niedermayer	542bfa483c	avformat/utils: reorder duration computation to avoid overflow Fixes: signed integer overflow: 8 * 9223372036854774783 cannot be represented in type 'long' Fixes: 23381/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4818340509122560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `10cc82c35b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 13:01:36 +02:00
Michael Niedermayer	8cae3778ea	avcodec/pngdec: Check for fctl after idat Fixes: out of array access Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `65b1ba680f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 13:01:36 +02:00
Ronald S. Bultje	453519af0d	png: split header state and data state in two separate variables. Fixes a reported (but false) race condition in tsan for fate-apng: WARNING: ThreadSanitizer: data race (pid=6274) Read of size 4 at 0x7d680001ec78 by main thread (mutexes: write M1338): #0 update_thread_context src/libavcodec/pngdec.c:1456 (ffmpeg+0x000000dacf0c) [..] Previous write of size 4 at 0x7d680001ec78 by thread T1 (mutexes: write M1335): #0 decode_idat_chunk src/libavcodec/pngdec.c:737 (ffmpeg+0x000000dae951) (cherry picked from commit `478f1c3d5e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 13:01:36 +02:00
Michael Niedermayer	0f6fa27b24	avformat/hls: Pass a copy of the URL for probing The segments / url can be modified by the io read when reloading This may be an alternative or additional fix for Ticket8673 as a further alternative the reload stuff could be disabled during probing Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b5e39880fb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 13:01:36 +02:00
Steven Liu	6959358683	avformat/hls: check segment duration value of EXTINF fix ticket: 8673 set the default EXTINF duration to 1ms if duration is smaller than 1ms Signed-off-by: Steven Liu <lq@chinaffmpeg.org> (cherry picked from commit `9dfb19baeb`)	2020-07-05 13:01:36 +02:00
Michael Niedermayer	449bdf05f8	avutil/common: Fix integer overflow in av_ceil_log2_c() Fixes: left shift of 1913647649 by 1 places cannot be represented in type 'int' Fixes: 23572/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5082619795734528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e409262837`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	204a7255fa	avformat/microdvddec: skip malformed lines without frame number. Fixes: signed integer overflow: 1 - -9223372036854775808 cannot be represented in type 'long' Fixes: 23490/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5133490093031424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a8fb7612a9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	22669e38e4	avformat/4xm: Check that a video stream was created before returning packets for it Fixes: assertion failure Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c517c3f474`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	30242bcb00	avcodec/ffwavesynth: Avoid undefined operation on ts overflow Alternatively these conditions could be treated as errors Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896 Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long') Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `584d334afd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	425c0eafae	avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv() Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int' Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e361785ee0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	c11634ad75	avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c() Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int' Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c0dfe134be`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	bb5e4743d9	avcodec/sonic: Fix several integer overflows Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int' Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `75d520e337`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	c837abe0a9	avcodec/iff: Fix off by x error Fixes: out of array access Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `51225dee0a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	08f49d5085	avcodec/wmalosslessdec: Check block_align maximum Fixes: Assertion failure Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `314d10f7a6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	5663dd6662	avcodec/loco: Fix signed integer overflow in loco_get_rice() Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `aa88cdfd90`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	f46d338341	avformat/thp: Check fps Fixes: division by zero Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0e15b01b4e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	60568d2841	avformat/mpl2dec: Fix integer overflow with duration Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long' Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9a42a67c5c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	a1cfe7baed	avcodec/mpeg12dec: remove outdated comments Found-by: Kieran Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `48de8f5816`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	0d92707437	avcodec/snowdec: Avoid integer overflow with huge qlog Fixes: integer overflow Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `38fbf33c72`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	02361a13ef	avcodec/mpeg12dec: Fix got_output This makes got_output consistent with the code in slice_end() which sets the output in slice_end() if (s->pict_type == AV_PICTURE_TYPE_B \|\| s->low_delay) { int ret = av_frame_ref(pict, s->current_picture_ptr->f); ... } else { Fixes: assertion failure Fixes: 22178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5664234440753152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4f33a9803a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	13f9cfbf2b	avformat/4xm: Cleanup on GET_LIST_HEADER() failure Fixes: memleak Fixes: 23142/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5932860820422656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a5313ce654`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	39806a275e	avformat/mlvdec: fail reading a packet with 0 streams Fixes: NULL pointer dereference Fixes: 22604/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5667739074297856.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5bd5c31087`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	2d29c01766	avformat/thp: Check compcount Fixes: out of array access Fixes: 22520/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5100297658826752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1ba8484559`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	387ba3cb35	avcodec/adpcm: XA: Check shift similar to filter Fixes: negative shift Fixes: 22499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5765452130418688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6d96bae9c4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	9b432f0e85	avcodec/huffyuvdec: Test vertical coordinate more often Fixes: out of array access Fixes: 22892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5135996772679680.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a1223ddc56`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	849affacb2	avcodec/hq_hqa: Check info size Fixes: assertion failure Fixes: 21079/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5737046523248640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cf28521fee`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	2c44582d1f	avcodec/wmalosslessdec: Fix integer overflow in mclms_predict() Fixes: signed integer overflow: 2147483636 + 2048 cannot be represented in type 'int' Fixes: 22016/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5109395618004992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c42ed06695`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	2383c88baa	avcodec/vp9dsp_template: Fix integer overflow(s) in iadst16_1d() Fixes: signed integer overflow: 1080285923 - -1130879337 cannot be represented in type 'int' Fixes: 22002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-6260237310099456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `071e293723`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	6b58eaac4d	avcodec/h264dec: Disable forced small_padding on flag2 fast Fixes: 20978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5746381832847360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	a317af2deb	avcodec/pnmdec: Use unsigned for maxval rescaling Fixes: signed integer overflow: 65535 * 55335 cannot be represented in type 'int' Fixes: 21955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5669206981083136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `49459aca47`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	9161063248	avcodec/ivi: Clear got_p_frame before decoding a new frame using it Fixes: assertion failure Fixes: 21666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5706468994318336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1d633e6a0a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	b35b3dfc25	avcodec/dsddec: Check channels Fixes: division by zero Fixes: 21677/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_MSBF_fuzzer-5712547983654912 Fixes: 21751/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_LSBF_fuzzer-5197097180856320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2570a8777e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	9fd634161f	avcodec/xvididct: Fix integer overflow in idct_row() Fixes: signed integer overflow: -1238335488 + -1003634688 cannot be represented in type 'int' Fixes: 21649/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5112005765890048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `620236e4d2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	d8a1e0a79e	avcodec/wmalosslessdec: Fix integer overflows in revert_inter_ch_decorr() Fixes: signed integer overflow: -717241856 + -1434459904 cannot be represented in type 'int' Fixes: 21405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5677143666458624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e9a4c4fe99`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	40a039fee4	avformat/mpegenc: Fix integer overflow with AV_NOPTS_VALUE Fixes: signed integer overflow: -9223372036854775808 - 45000 cannot be represented in type 'long' Fixes: ticket8187 Found-by: Suhwan Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9874815b1a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	104e38464b	avformat/aadec: Check toc_size to contain the minimum to demuxer uses Fixes: out of array access Fixes: stack-buffer-overflow-READ-0x0831fff1 Found-by: GalyCannon <galycannon@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `daa2482871`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Dale Curtis	832ae51f9b	avformat/mov: Don't allow negative sample sizes. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2d8d554f15`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Vitaly Buka	72a8f82844	mpeg4videoenc: Don't crash with -fsanitize=bounds Also the patch makes this code consistent with mpeg4videodec.c Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f163d30de2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	0c914ee968	avcodec/binkaudio: Fix 2Ghz sample_rate Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 19950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_DCT_fuzzer-5765514337189888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Suggested-by: Paul Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f603d10b1e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	40e54383a2	avcodec/adpcm: Fix integer overflow in ADPCM THP The reference (thp.txt) uses floats so wrap around would seem incorrect. Fixes: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int' Fixes: 20658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_THP_fuzzer-5646302555930624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b12b05374f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	f8da048589	avcodec/ralf: Check num_blocks before use Fixes: out of array access Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5739471895265280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f0c0471075`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	2a9ed44fe2	avcodec/utvideodec: Fix integer overflow in decode_plane() Fixes: signed integer overflow: 2147483594 + 142 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-5658568101724160 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `876cfa67f3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	186599c86f	avcodec/ralf: Fix integer overflow in decode_block() Fixes: signed integer overflow: 289082077 - -2003141111 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5196077752123392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0c4330847c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	24f824af86	avcodec/nuv: widen buf_size type Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5740176118906880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1ac106bf56`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	8970824856	avcodec/g729postfilter: Clip gain before scaling with AGC_FAC1 The fixed point integer reference specifies the multiplication used to have 16bit input and clips so we need to clip the input The floating point implementation does not seem to do that. Fixes: signed integer overflow: 6317568 * 410 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5700189272932352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `82d4c7b95e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00
Michael Niedermayer	8880343974	avformat/thp: Require a video stream The demuxer code assumes the existence of a video stream Fixes: assertion failure Fixes: 21512/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5699660783288320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `97c78caf3e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-05 12:43:08 +02:00

1 2 3 4 5 ...

76410 Commits