Stowage/ffmpeg
2
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-02-16 20:40:24 +00:00
Code Issues Projects Releases Packages Wiki Activity
93161 commits 38 branches 415 tags 291 MiB
Commit graph

41520 commits

Author SHA1 Message Date
Michael Niedermayer
8636ff4bdf avcodec/alac: Check decorr_shift to avoid invalid shift 
Later the decorrelate_stereo call is guarded by channels == 2
and non-zero decorr_left_weight. Make sure decorr_shift is in
the expected shift range for that case.

Fixes: shift exponent 128 is too large for 32-bit type 'int'
Fixes: 23860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5751138914402304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4333718b35)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
bd5e97fd6b avcodec/tdsc: Fix tile checks 
Fixes: out of array access
Fixes: crash.asf

Found-by: anton listov <greyfarn7@yandex.ru>
Reviewed-by: anton listov <greyfarn7@yandex.ru>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 081e3001ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
14a4be8fb4 avcodec/cbs_jpeg: Fix uninitialized end index in cbs_jpeg_split_fragment() 
Fixes: Out of array read
Fixes: 24043/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5084566275751936.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a10bc8f6f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
41049b0d76 avcodec/apedec: Fix undefined integer overflow with 24bit 
Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int'
Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9f7b252cdf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
bf0b15d76a avcodec/loco: Fix integer overflow with large values from loco_get_rice() 
Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int'
Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3ddc5e1f3c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
Michael Niedermayer
34f9c735ad avcodec/pnmdec: Fix misaligned reads 
Found-by: "Steinar H. Gunderson" <steinar+ffmpeg@gunderson.no>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea28ce9bc1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-09-09 13:37:20 +02:00
James Almer
347bcf6054 avcodec/h264_slice: clear old slice POC values on parsing failure 
If a slice header fails to parse, and the next one uses different Sequence and
Picture parameter sets, certain values may not be read if they are not coded,
resulting in the previous slice values being used.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit ce4a31cd1f)
 2021-08-11 12:01:14 -03:00
Timo Rothenpieler
d44da66fac avcodec/cuviddec: backport extradata fixes 2020-10-01 22:09:25 +02:00
Timo Rothenpieler
7f0db52c53 avcodec/cuviddec: handle arbitrarily sized extradata 2020-09-30 14:14:30 +02:00
Andreas Rheinhardt
3df2eab778 avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input 
The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit
is so big that it extends beyond the end of the input packet; it does so
only implicitly by using the checked version of the bytestream2 API.
But this has downsides compared to real checks: It can lead to huge
allocations (up to 2GiB) even when the input packet is just a few bytes.
And furthermore it leads to uninitialized data being output.
So add a check to error out early if it happens.

Also check directly whether there is enough data for the length field.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit ea1b71e82f)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
 2020-07-03 17:11:15 +02:00
Michael Niedermayer
850bbc0f78 avcodec/dstdec: Replace AC overread check by sample rate check 
Real files do skip coding 0 bits at the end, thus this kind of check
does not work reliable.

Fixes: Ticket 8770
Fixes: dst-256fs44-6ch-refdstencoder.dff

The samplerate is specified in ISO/IEC 14496-3:2005(E) as one of 3 fixed
values, this also can be used to limit the duration and avoid the timeout

This reverts commit f6df99dba1.

(cherry picked from commit 1679f23beb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
c095e870d8 avcodec/pngdec: Check for fctl after idat 
Fixes: out of array access
Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 65b1ba680f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
55e76ddb7a avcodec/wmalosslessdec: fix overflow with pred in revert_cdlms 
Fixes: signed integer overflow: 2048 + 2147483646 cannot be represented in type 'int'
Fixes: 23538/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5227567073460224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 21598d711d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
1f64119c8a avcodec/ffwavesynth: Avoid undefined operation on ts overflow 
Alternatively these conditions could be treated as errors
Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long')

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 584d334afd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
0e5ac35745 avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv() 
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int'
Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e361785ee0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
0c0c9d15ce avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c() 
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int'
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0dfe134be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
ba6fc75d5a avcodec/sonic: Fix several integer overflows 
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int'
Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 75d520e337)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
f1e0ca3709 avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile 
Fixes: out of array access
Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e53235f06c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
b02ff15402 avcodec/pixlet: Fix log(0) check 
Fixes: passing zero to clz(), which is not a valid argument
Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bd0f81526d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
99d2024b18 avcodec/iff: Fix off by x error 
Fixes: out of array access
Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 51225dee0a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
c15b6bfd79 avcodec/wmalosslessdec: Check block_align maximum 
Fixes: Assertion failure
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 314d10f7a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
24fd6136df avcodec/loco: Fix signed integer overflow in loco_get_rice() 
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa88cdfd90)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
c5535532f8 avcodec/mpeg12dec: remove outdated comments 
Found-by: Kieran
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 48de8f5816)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
86ae1ff10f avcodec/snowdec: Avoid integer overflow with huge qlog 
Fixes: integer overflow
Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38fbf33c72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
4fdf23df7d avcodec/mpeg12dec: Fix got_output 
This makes got_output consistent with the code in slice_end() which sets the output

in slice_end()
 if (s->pict_type == AV_PICTURE_TYPE_B || s->low_delay) {
     int ret = av_frame_ref(pict, s->current_picture_ptr->f);
     ...
 } else {

Fixes: assertion failure
Fixes: 22178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5664234440753152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f33a9803a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
c3eaff820a avcodec/lzf: Consider the needed size in reallocation 
Fixes: NULL pointer dereference
Fixes: 22381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5659879921680384.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 292b9b93a5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
dd6147888c avcodec/adpcm: XA: Check shift similar to filter 
Fixes: negative shift
Fixes: 22499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5765452130418688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6d96bae9c4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
8935ae4395 avcodec/huffyuvdec: Test vertical coordinate more often 
Fixes: out of array access
Fixes: 22892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5135996772679680.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a1223ddc56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
011c9cfab1 avcodec/hq_hqa: Check info size 
Fixes: assertion failure
Fixes: 21079/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5737046523248640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf28521fee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
9ff5fd6537 avcodec/wmalosslessdec: Fix integer overflow in mclms_predict() 
Fixes: signed integer overflow: 2147483636 + 2048 cannot be represented in type 'int'
Fixes: 22016/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5109395618004992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c42ed06695)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
1ba97da44b avcodec/vp9dsp_template: Fix integer overflow(s) in iadst16_1d() 
Fixes: signed integer overflow: 1080285923 - -1130879337 cannot be represented in type 'int'
Fixes: 22002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-6260237310099456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 071e293723)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
6be68e6994 avcodec/h264dec: Disable forced small_padding on flag2 fast 
Fixes: 20978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5746381832847360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
d1eb5516bb avcodec/pnmdec: Use unsigned for maxval rescaling 
Fixes: signed integer overflow: 65535 * 55335 cannot be represented in type 'int'
Fixes: 21955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5669206981083136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 49459aca47)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
dad19158aa avcodec/ivi: Clear got_p_frame before decoding a new frame using it 
Fixes: assertion failure
Fixes: 21666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5706468994318336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1d633e6a0a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
e7262c1f19 avcodec/dsddec: Check channels 
Fixes: division by zero
Fixes: 21677/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_MSBF_fuzzer-5712547983654912
Fixes: 21751/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_LSBF_fuzzer-5197097180856320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2570a8777e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
05e2de8291 avcodec/xvididct: Fix integer overflow in idct_row() 
Fixes: signed integer overflow: -1238335488 + -1003634688 cannot be represented in type 'int'
Fixes: 21649/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5112005765890048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 620236e4d2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
296d4bf22e avcodec/wmalosslessdec: Fix integer overflows in revert_inter_ch_decorr() 
Fixes: signed integer overflow: -717241856 + -1434459904 cannot be represented in type 'int'
Fixes: 21405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5677143666458624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e9a4c4fe99)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
02656f5570 avcodec/cbs_jpeg: Fix infinite loop in cbs_jpeg_split_fragment() 
Fixes: Timeout
Fixes: 21104/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5129580475318272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a3dc67c984)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
6f582f69df avcodec/cbs_h265_syntax_template: Limit num_long_term_pics more strictly 
The limit is based on hevcdec.c
Fixes: 20854/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-5160442882424832
Fixes: out of array access

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 435fa373d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Vitaly Buka
13adaa31a9 mpeg4videoenc: Don't crash with -fsanitize=bounds 
Also the patch makes this code consistent with mpeg4videodec.c

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f163d30de2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
ddaee77e3c avcodec/binkaudio: Fix 2Ghz sample_rate 
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 19950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_DCT_fuzzer-5765514337189888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: Paul
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f603d10b1e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
a19dd37e2d avcodec/adpcm: Fix integer overflow in ADPCM THP 
The reference (thp.txt) uses floats so wrap around would seem incorrect.

Fixes: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'
Fixes: 20658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_THP_fuzzer-5646302555930624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b12b05374f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
1e31295ea2 avcodec/ralf: Check num_blocks before use 
Fixes: out of array access
Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5739471895265280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f0c0471075)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
36ea0ddc75 avcodec/iff: Test video_size being non zero 
Fixes: Out of array access
Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5658548592967680
Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723561177382912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a035fd88ae)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
75fb0d8276 avcodec/utvideodec: Fix integer overflow in decode_plane() 
Fixes: signed integer overflow: 2147483594 + 142 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-5658568101724160

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 876cfa67f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
d01f5a4dc6 avcodec/ttadsp: Fix several integer overflows in tta_filter_process_c() 
Fixes: signed integer overflow: 1931744255 + 252497024 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5763348114440192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8627885172)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
c04b6048f5 avcodec/ralf: Fix integer overflow in decode_block() 
Fixes: signed integer overflow: 289082077 - -2003141111 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5196077752123392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c4330847c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
428c542b45 avcodec/nuv: widen buf_size type 
Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5740176118906880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1ac106bf56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
240b5f73f1 avcodec/iff: Fix several integer overflows 
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int32_t' (aka 'int')
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5764066459254784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7a92147f87)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00
Michael Niedermayer
dd83573043 avcodec/g729postfilter: Clip gain before scaling with AGC_FAC1 
The fixed point integer reference specifies the multiplication used
to have 16bit input and clips so we need to clip the input
The floating point implementation does not seem to do that.

Fixes: signed integer overflow: 6317568 * 410 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5700189272932352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 82d4c7b95e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-03 12:10:24 +02:00