ffmpeg

mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-02-08 10:50:02 +00:00

Author	SHA1	Message	Date
Timo Rothenpieler	a39e922fb7	avcodec/nvdec: reset bitstream_len/nb_slices when resetting bitstream pointer	2024-03-30 00:18:39 +01:00
Jan Ekström	511b844423	avcodec/av1dec: fix matrix coefficients exposed by codec context `colorspace` in avcodec terms means `matrix coefficients`. Reviewed-by: James Almer <jamrial@gmail.com> (cherry picked from commit `37936b09ce`)	2024-02-20 21:13:05 +02:00
James Almer	178575bdc1	avcodec/nvdec: don't free NVDECContext->bitstream Ensure all hwaccels that allocate a buffer use NVDECContext->bitstream_internal instead. Otherwise, if FFHWAccel->end_frame() isn't called before FFHWAccel->uninit(), an attempt to free a stale pointer to memory not owned by the hwaccel could take place. Reviewed-by: Timo Rothenpieler <timo@rothenpieler.org> Signed-off-by: James Almer <jamrial@gmail.com>	2024-02-07 11:35:58 -03:00
Anton Khirnov	133069b434	lavc/dvdsubenc: only check canvas size when it is actually set Fixes #10650 (cherry picked from commit `5230257ea1`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2023-12-02 11:46:10 +01:00
Michael Niedermayer	1f61aad00d	avcodec/4xm: Check for cfrm exhaustion Fixes: index -1 out of bounds for type 'CFrameBuffer [100]' Fixes: 63877/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5854263397711872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bb0a684d93`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-11-10 00:25:37 +01:00
Michael Niedermayer	66caaeec13	avcodec/dovi_rpu: Use 64 bit in get_us/se_coeff() Fixes: shift exponent 32 is too large for 32-bit type 'int' Fixes: 63151/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5067531154751488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2817efbba3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-11-03 23:33:45 +01:00
Michael Niedermayer	e770922e30	avcodec/jpeg2000dec: Check image offset Fixes: left shift of negative value -538967841 Fixes: 62447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6427134337613824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `88453250db`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 20:15:29 +02:00
Michael Niedermayer	b902f5113e	avcodec/h2645_parse: Avoid EAGAIN EAGAIN causes an assertion failure when it is returned from the decoder Fixes: Assertion consumed != (-(11)) failed at libavcodec/decode.c:462 Fixes: assertion_IOT_instruction_decode_c_462/poc Found-by: Hardik Shah of Vehere (Dawn Treaders team) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5ddab49d48`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 20:15:29 +02:00
Michael Niedermayer	1079565e8e	avcodec/xvididct: Make c* unsigned to avoid undefined overflows Fixes: signed integer overflow: 1496950099 + 728014168 cannot be represented in type 'int' Fixes: 62667/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-6511785170305024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f7e5537dc1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 20:15:29 +02:00
Michael Niedermayer	6d25672afa	avcodec/bonk: Fix undefined overflow in predictor_calc_error() Fixes: signed integer overflow: -2146469728 - 1488954 cannot be represented in type 'int' Fixes: 62490/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5612782399389696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cd66606a8f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 20:15:29 +02:00
Michael Niedermayer	55769812f7	avcodec/h264_parser: saturate dts a bit Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6112289464123392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7fedbc7606`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 20:15:29 +02:00
Michael Niedermayer	f630725cb0	avcodec/escape124: Do not return random numbers Fixes: out of array access Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-6035022714634240 Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-6422176201572352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fe6d46490f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 20:15:29 +02:00
Michael Niedermayer	303afea1a8	avcodec/apedec: Fix an integer overflow in predictor_update_filter() Fixes: signed integer overflow: -2147483506 + -801380 cannot be represented in type 'int' Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6578985923117056 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `515c0247a3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 20:15:29 +02:00
Michael Niedermayer	3b822405cd	avcodec/wavarc: Allocate AV_INPUT_BUFFER_PADDING_SIZE Fixes: overread Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5963163952349184 Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6048030137909248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dbcf285abd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 20:15:29 +02:00
Michael Niedermayer	0ae86db6ba	avcodec/wavarc: Fix integer overflwo in do_stereo() Fixes: signed integer overflow: 148676193 - -2006512262 cannot be represented in type 'int' Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5963163952349184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f3c986200d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 20:15:29 +02:00
Michael Niedermayer	f16d72dfeb	avcodec/aacdec_template: Better avoidance of signed integer overflow in imdct_and_windowing_eld() Fixes: 62171/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5644657180409856 Fixes: signed integer overflow: 2 * 1079352273 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7f4fed5216`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 20:15:29 +02:00
Michael Niedermayer	f23f0ba87c	avcodec/flacdec: Fix integer overflow in "33bit" DECODER_SUBFRAME_FIXED_WIDE() Fixes: signed integer overflow: 4 * 2307917133220067266 cannot be represented in type 'long' Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-6307690022043648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `112a077d06`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:07 +02:00
Michael Niedermayer	8c5b391c63	avcodec/flacdec: Fix overflow in "33bit" decorrelate Fixes: signed integer overflow: 538976288 - -9223372036854775808 cannot be represented in type 'long' Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-6275845531238400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `35e6960a6b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:07 +02:00
Michael Niedermayer	342121cd35	avcodec/lcldec: Make PNG filter addressing match the code afterwards Also update check accordingly Fixes: tickets/10237/mszh_306_306_yuv422_nocompress.avi Fixes: tickets/10237/mszh_306_306_yuv411_nocompress.avi Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d11b8bd0c6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:06 +02:00
Michael Niedermayer	ea918615a1	avcodec/xvididct: Fix integer overflow in idct_row() Fixes: signed integer overflow: 1871429831 + 343006811 cannot be represented in type 'int' Fixes: 61784/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5372151001120768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b12444fe72`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:04 +02:00
Michael Niedermayer	4917892af7	avcodec/celp_math: avoid overflow in shift by making gain unsigned we have 1 bit more available alternatively we can clip twice as in the g729 reference Fixes: left shift of 23404 by 17 places cannot be represented in type 'int' Fixes: 61728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-6280412547383296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6580a7b2b2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:04 +02:00
Michael Niedermayer	38bc713c6d	avcodec/bonk: Fix integer overflow in predictor_calc_error() Fixes: signed integer overflow: -2147483300 - 12285 cannot be represented in type 'int' Fixes: 59462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5714298807386112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2b25a5168e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:03 +02:00
Michael Niedermayer	ebc4d0a310	avcodec/jpeg2000dec: jpeg2000 has its own lowres option jpeg2000 overrides the global lowres variable with a lowres field called reduction_factor ffmpeg -lowres X causes the reduction_factor to be set ffplay -lowres X causes both lowres and the reduction_factor to be set ossfuss sets only lowres only the ffmpeg variant works. This patch tries to make the other 2 work. Alternative we could just error out if things are inconsistent. More complex restructuring should be limited to the master branch to keep this reasonably easy to backport Fixes: out of array access Fixes: 59672/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c012d1f2bb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:02 +02:00
Michael Niedermayer	47bd650d68	avcodec/huffyuvdec: avoid undefined behavior with get_vlc2() failure Fixes: left shift of negative value -1 Fixes: 59889/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HUFFYUV_fuzzer-5472742275940352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `90647a9249`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:02 +02:00
Michael Niedermayer	58c8e61703	avcodec/cscd: Fix "CamStudio Lossless Codec 1.0" gzip files Fixes: tickets/10241/cscd_1_0_306_306_gzip.avi Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ab7d38f970`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:02 +02:00
Michael Niedermayer	e1a05fdb58	avcodec/cscd: Check for CamStudio Lossless Codec 1.0 behavior in end check of LZO files Alternatively the check could be simply made more tolerant Fixes: Ticket10227 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d2a0464fc2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:01 +02:00
Michael Niedermayer	24be4134fd	avcodec/mpeg4videodec: consider lowres in dest_pcm[] Fixes: out of array access Fixes: 59999/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5767982157266944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d48476183f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:01 +02:00
Michael Niedermayer	45d113af3a	avcodec/hevcdec: Fix undefined memcpy() There is likely a better way to fix this, this is mainly to show the problem Fixes: MC within same frame resulting in overlapping memcpy() Fixes: 60189/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4992746590175232 Fixes: 61753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5022150806077440 Fixes: 58062/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4717458841010176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `94bd1796ff`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:01 +02:00
Michael Niedermayer	2631c7c7ce	avcodec/mpeg4videodec: more unsigned in amv computation Fixes: signed integer overflow: -2147483648 + -1048576 cannot be represented in type 'int' Fixes: 59365/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-642654923954585 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0adaa90d89`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:00 +02:00
Michael Niedermayer	3fa5039012	avcodec/tta: fix signed overflow in decorrelate Fixes: signed integer overflow: 2079654542 - -139267653 cannot be represented in type 'int' Fixes: 60811/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5915858409750528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `283bf5c35b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:00 +02:00
Michael Niedermayer	b7a55ae0a8	avcodec/apedec: remove unused variable Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7995e175b8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:05:00 +02:00
Michael Niedermayer	e4dbe25f3b	avcodec/apedec: Fix 48khz 24bit below insane level Fixes: Ticket9816 Fixes: vlc.ape and APE_48K_24bit_2CH_02_01.ape Regression since: `ed0001482a`. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `80ad0e2198`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:59 +02:00
Michael Niedermayer	e0cd8ac126	avcodec/apedec: Fix CRC for 24bps and bigendian Fixes CRC for vlc.ape and APE_48K_24bit_2CH_02_01.ape Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `696e161919`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:59 +02:00
Michael Niedermayer	60e46128f7	avcodec/wavarc: Check that nb_samples is not negative It is currently probably not possible for it to be negative as the needed 2Mb input buf size is not achievable. But it is more robust to check for it too. If it would become negative than code like s->samples[0][n] = s->samples[0][s->nb_samples + n]; would crash Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5f5a1ccd04`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:59 +02:00
Michael Niedermayer	d57b29ff2b	avcodec/wavarc: Check shift Fixes: shift exponent 1285 is too large for 32-bit type 'int' Fixes: 60870/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5332050340347904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1a81a40de2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:58 +02:00
Michael Niedermayer	ab1981b445	avcodec/xvididct: Fix integer overflow in idct_row() Fixes: signed integer overflow: -1403461578 + -843974775 cannot be represented in type 'int' Fixes: 60868/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-4599793035378688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0ce322a51e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:58 +02:00
Michael Niedermayer	13438a6900	avcodec/aacdec_template: Fix undefined signed interger operations Fixed: signed integer overflow: -2 * -1085502286 cannot be represented in type 'int' Fixed: 57986/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5123651145170944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `87f76d3bee`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:57 +02:00
Michael Niedermayer	cea882ef99	avcodec/wavarc: Fix k limit The implementation does not support k=32 Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int' Fixes: 57976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5911925807775744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `40cec0b465`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:56 +02:00
Michael Niedermayer	8bce6ca582	avcodec/rka: Fix integer overflow in decode_filter() Fixes: signed integer overflow: 2147443649 + 65535 cannot be represented in type 'int' Fixes: 60054/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-5095674572832768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f9b29451e4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:56 +02:00
Michael Niedermayer	1bee64983e	avcodec/pcm: allow Changing parameters SDR needs this for switching between mono and stereo stations Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `94d44dbe21`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:55 +02:00
Michael Niedermayer	68604c9dee	avcodec/jpeg2000dec: Check for reduction factor and image offset This combination is not working (it writes out of array) Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9b6d191a66`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:55 +02:00
Michael Niedermayer	09e888a5b4	avcodec/utils: fix 2 integer overflows in get_audio_frame_duration() Fixes: signed integer overflow: 256 * 668003712 cannot be represented in type 'int' Fixes: 59819/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4674636538052608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a4bf559683`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:53 +02:00
Michael Niedermayer	aef59048e6	avcodec/hevcdec: Avoid null pointer dereferences in MC Fixes: runtime error: pointer index expression with base 0x000000000000 overflowed to 0xfffffffffffffff8 Fixes: 58440/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5956015530311680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a0f4d4e650`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:53 +02:00
Michael Niedermayer	4c906c5867	avcodec/takdsp: Fix integer overflows Fixes: avcodec/takdsp.c:44:23: runtime error: signed integer overflow: -2097158 - 2147012608 cannot be represented in type 'int' Fixes: 58417/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5268919664640000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ff8a496d41`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:53 +02:00
Michael Niedermayer	52dd7a9f7a	avcodec/mpegvideo_dec: consider interlaced lowres 4:2:0 chroma in edge emulation check better Fixes: out of array read Fixes: 59673/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5194311374077952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d7d3f1af2a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:52 +02:00
Michael Niedermayer	85cb7abb4c	avcodec/rka: use unsigned for buf0 additions Fixes: signed integer overflow: -38912000 + -2109276160 cannot be represented in type 'int' Fixes: 59670/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-4987563245699072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e736238b35`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:52 +02:00
Michael Niedermayer	819e9068af	avcodec/rka: Avoid undefined left shift Fixes: left shift of 34136248 by 6 places cannot be represented in type 'int' Fixes: 58429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-5692211592560640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1ee303f1e1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:52 +02:00
Michael Niedermayer	a66733a8c9	avcodec: Ignoring errors is only possible before the input end Fixes: out of array read Fixes: Ticket 10308 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fead656a7b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:51 +02:00
Michael Niedermayer	33ee9ab941	avcodec/noise_bsf: Check for wrapped frames Wrapped frames contain pointers so they need specific code to noise them, the generic code would lead to segfaults Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0889ebc577`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:50 +02:00
Michael Niedermayer	426117bb7e	avcodec/rka: avoid undefined multiply in cmode==0 Fixes: signed integer overflow: -182838 * 32768 cannot be represented in type 'int' Fixes: 58179/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-5333265899978752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b168aeb734`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-10-28 19:04:49 +02:00

1 2 3 4 5 ...

48038 commits