Michael Niedermayer
7fcac5c8c3
avcodec/utils: Check for integer overflow in get_audio_frame_duration() for ADPCM_DTK
...
Fixes: signed integer overflow: 131203586 * 28 cannot be represented in type 'int'
Fixes: 26817/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6296902548848640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2488ba85a0michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
24ca658ea6
avcodec/wmaprodec: Check packet size
...
Fixes: left shift of negative value -25824
Fixes: 27754/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5760255962906624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 69aeba8a19michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
6b0eacc1c2
avcodec/rasc: Check frame before clearing
...
Fixes: null pointer dereference
Fixes: 27737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RASC_fuzzer-5769028685266944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 380a3a0adfmichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
273f53e57d
avcodec/alsdec: Fix integer overflow with quant_cof
...
Fixes: signed integer overflow: -210824 * 16384 cannot be represented in type 'int'
Fixes: 28670/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5682310846480384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7ce40dde03michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
dcb07bee75
avcodec/ffv1dec: Fix off by 1 error with quant tables
...
Fixes: assertion failure
Fixes: 28447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5369575948550144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5cae71d2b7michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
d84bc6850e
avcodec/utils: Check bitrate for overflow in get_bit_rate()
...
Fixes: signed integer overflow: 617890810133996544 * 16 cannot be represented in type 'long'
Fixes: 26565/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5092054700654592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8aadae670fmichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
781f4fc448
avcodec/hevc_ps: check scaling_list_dc_coef
...
Fixes: signed integer overflow: 2147483640 + 8 cannot be represented in type 'int'
Fixes: 28449/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5686013259284480
Reviewed-by: James Almer <jamrial@gmail.com >
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f1700bd8bbmichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
2d73ff7004
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
...
Fixes: signed integer overflow: -2105540608 - 2105540608 cannot be represented in type 'int'
Fixes: 26870/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5656647567147008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 51dfd6f1bdmichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
6718c814aa
avcodec/hevc_cabac: Limit value in coeff_abs_level_remaining_decode() tighter
...
The max depth is 16bps, the max allowed coefficient depth is depth+6
Fixes: signed integer overflow: 1074266112 + 1073725439 cannot be represented in type 'int'
Fixes: 26493/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657763331702784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7cf852b03cmichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
4810fe7936
avcodec/exr: Check ymin vs. h
...
Fixes: out of array access
Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344
Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3e5959b345michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
df388f600d
avcodec/vp3dsp: Use unsigned constant to avoid undefined integer overflow in ff_vp3dsp_set_bounding_values()
...
Fixes: signed integer overflow: 64 * 33686018 cannot be represented in type 'int'
Fixes: 26911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-4904975073017856
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c7e775f712michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
49c220f93b
avcodec/utils: Check sample rate before use for AV_CODEC_ID_BINKAUDIO_DCT in get_audio_frame_duration()
...
Fixes: shift exponent 95 is too large for 32-bit type 'int'
Fixes: 26590/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-5120609937522688
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ec7e0d4288michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
ca6118797e
avcodec/dirac_parser: do not offset AV_NOPTS_OFFSET
...
Fixes: signed integer overflow: -9223372036854775807 - 48000 cannot be represented in type 'long long'
Fixes: 26521/clusterfuzz-testcase-minimized-ffmpeg_dem_DIRAC_fuzzer-5635536506847232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 343c3149abmichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
4d5d82314f
avcodec/vp9dsp_template: Fix some overflows in iadst8_1d()
...
Fixes: signed integer overflow: 190587 * 11585 cannot be represented in type 'int'
Fixes: 26407/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5086348408782848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bca0735be5michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
d3595579ca
avcodec/fits: Check bscale
...
Fixes: division by 0
Fixes: 26208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-6270472117026816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c2ccd76fd0michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
b98d0d4d33
avcodec/magicyuv: Check slice size before reading flags and pred
...
Fixes: heap-buffer-overflow
Fixes: 26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0dc42147b6michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
c863e7e600
avcodec/decode/ff_get_buffer: Check for overflow in FFALIGN()
...
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 26218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5734075396259840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 939b72b02emichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
d09c9a7162
avcodec/exr: Check limits to avoid overflow in delta computation
...
Fixes: signed integer overflow: 553590816 - -2145378049 cannot be represented in type 'int'
Fixes: 26315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5938755121446912
Fixes: 26340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5644316208529408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6910e0f4e5michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
f62da97dfc
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
...
Fixes: signed integer overflow: 241173056 + 1953511200 cannot be represented in type 'int'
Fixes: 26086/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5068366420901888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d198362839michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
f419c855b1
avcodec/aacdec_fixed: Limit index in vector_pow43()
...
Fixes: out of array access
Fixes: 26087/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5724825462767616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f83a53638michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
182a1902f7
avcodec/smacker: Check remaining bits in SMK_BLK_FULL
...
Fixes: out of array access
Fixes: 26047/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5083031667474432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 42ded4d1e6michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
b77c294c9a
avcodec/cook: Check subpacket index against max
...
Fixes: off by 1 error
Fixes: index 5 out of bounds for type 'COOKSubpacket [5]'
Fixes: 25772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5762459498184704.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5a2a7604damichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
317b5bdcf2
avcodec/utils: Check for overflow with ATRAC* in get_audio_frame_duration()
...
Fixes: signed integer overflow: 1024 * 13129048 cannot be represented in type 'int'
Fixes: 26378/clusterfuzz-testcase-minimized-ffmpeg_dem_CODEC2RAW_fuzzer-5634018353348608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 01bb12f883michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
9bd5b897db
avcodec/hevcpred_template: Fix diagonal chroma availability in 4:2:2 edge case in intra_pred
...
Fixes: pixel decode issue.ts
Fixes: raw frame.hevc
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3fbf873792michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
55698d3ef2
avcodec/exr: Fix overflow with many blocks
...
Fixes: signed integer overflow: 1073741827 * 8 cannot be represented in type 'int'
Fixes: 25621/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6304841641754624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7265b7d904michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
139729ca62
avcodec/vp9dsp_template: Fix integer overflows in idct16_1d()
...
Fixes: signed integer overflow: -190760 * 11585 cannot be represented in type 'int'
Fixes: 25471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5743354917421056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 394e8bb385michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
51625c3a41
avcodec/ansi: Check initial dimensions
...
Fixes: Timeout (minutes to less than 1sec)
Fixes: 25682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ANSI_fuzzer-6320712032452608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 949f0a6be9michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
6730fc755b
avcodec/hevcdec: Check slice_cb_qp_offset / slice_cr_qp_offset
...
Fixes: signed integer overflow: 29 + 2147483640 cannot be represented in type 'int'
Fixes: 25413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5697909331591168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 106f11f68amichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
e5e60759bb
avcodec/sonic: Check for overread
...
Fixes: Timeout (too long -> 1.3 sec)
Fixes: 24358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5107284099989504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit eeabdef1bfmichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
f1e4fe95bc
avcodec/exr: Check line size for overflow
...
Fixes: signed integer overflow: 570425356 * 6 cannot be represented in type 'int
Fixes: 25929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5099197739827200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9b72cea446michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
20256685ac
avcodec/exr: Check xdelta, ydelta
...
Fixes: assertion failure
Fixes: 25617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5648746061496320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6949df35d0michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
7ec4c95d94
avcodec/celp_filters: Avoid invalid negation in ff_celp_lp_synthesis_filter()
...
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 25675/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-4786580731199488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 11a6347f9emichael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
c9d831808b
avcodec/takdsp: Fix negative shift in decorrelate_sf()
...
Fixes: left shift of negative value -4
Fixes: 25723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6250580752990208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f54f53003michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
0e7b7fdbdf
avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420()
...
Fixes: left shift of negative value -640
Fixes: 26044/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5631057602543616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3291d994b7michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
49eb5761b6
avcodec/vc1_block: Fix integer overflow in ac value
...
Fixes: signed integer overflow: 25488 * 87381 cannot be represented in type 'int'
Fixes: 24765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5108259565076480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3056e19e68michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
f38d86df9d
avcodec/dxtory: Fix negative shift in dx2_decode_slice_410()
...
Fixes: left shift of negative value -768
Fixes: 25574/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-6012596027916288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit abebd87764michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
8ab1d3e7f0
avcodec/sonic: Check channels before deallocating
...
Fixes: heap-buffer-overflow
Fixes: 25744/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5172961169113088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f249981976michael@niedermayer.cc >
2021-09-10 16:04:26 +02:00
Michael Niedermayer
653bd4f135
avcodec/ansi: Check nb_args for overflow
...
Fixes: Integer overflow (no testcase)
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bc0e776c9amichael@niedermayer.cc >
2020-10-20 10:33:45 +02:00
Michael Niedermayer
3bdeb977e1
avcodec/diracdsp: Fix integer anomaly in dequant_subband_*
...
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 23760/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-604209011412172
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ca3c6c981amichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
6e1af591d5
avcodec/wmalosslessdec: Check remaining space before padding and channel residue
...
Fixes: Timeout (1101sec -> 0.4sec)
Fixes: 24491/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5725337036783616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c467adf3bfmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
3a876338f1
avcodec/mpc: Fix multiple numerical overflows in ff_mpc_dequantize_and_synth()
...
Fixes: -2.4187e+09 is outside the range of representable values of type 'int'
Fixes: signed integer overflow: -14512205 + -2147483648 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Fixes: 23528/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2b9f39689amichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
8af33f41f7
avcodec/agm: Fix off by 1 error in decode_inter_plane()
...
Fixes: Regression since 1f20969457onemda@gmail.com >
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6d71a25cc4michael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
5030a9cca1
avcodec/ffwavesynth: Fix integer overflow in wavesynth_synth_sample / WS_SINE
...
Fixes: signed integer overflow: -1429092 * -32596 cannot be represented in type 'int'
Fixes: 24419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5157849974702080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a0da95df77michael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
a74d895bbd
avcodec/vp9dsp_template: Fix integer overflow in iadst8_1d()
...
Fixes: signed integer overflow: 998938090 + 1169275991 cannot be represented in type 'int'
Fixes: 23411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-4644692330545152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d182d8f10cmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
0ce90738fc
avcodec/cfhd: Check transform type
...
Fixes: out of array access
Fixes: 24823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4855119863349248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 659658d08bmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
71b1422ee9
avcodec/tiff: Restrict tag order based on specification
...
"The entries in an IFD must be sorted in ascending order by Tag. Note that this is
not the order in which the fields are described in this document."
This way various dimensions, sample and bit sizes cannot be changed at
arbitrary times which reduces the potential for bugs.
The tag reading code also on various places assumes that numerically previous
tags have already been parsed, so this needs to be enforced one way or another.
If this commit causes problems with real world files which are not easy to fix
then some other form of checks are needed to ensure the various dependencies
in the tag reading are not violated.
Fixes: out of array access
Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ad29f9e47cmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
8ae6def1e0
avcodec/tiff: Check bpp/bppcount for 0
...
Fixes: division by zero
Fixes: 24253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6250318007107584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit be090da25fmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
f955b6efab
avcodec/snowdec: Sanity check hcoeff
...
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 24011/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5486376610168832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d51d569cf6michael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
185a720a4d
avcodec/alac: Check decorr_shift to avoid invalid shift
...
Later the decorrelate_stereo call is guarded by channels == 2
and non-zero decorr_left_weight. Make sure decorr_shift is in
the expected shift range for that case.
Fixes: shift exponent 128 is too large for 32-bit type 'int'
Fixes: 23860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5751138914402304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Alexander Strasser <eclipse7@gmx.net >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4333718b35michael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
Michael Niedermayer
fdaead7e23
avcodec/tdsc: Fix tile checks
...
Fixes: out of array access
Fixes: crash.asf
Found-by: anton listov <greyfarn7@yandex.ru >
Reviewed-by: anton listov <greyfarn7@yandex.ru >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 081e3001edmichael@niedermayer.cc >
2020-10-05 21:28:08 +02:00
