44823 Commits

Author	SHA1	Message	Date
Michael Niedermayer	1abb9ab266	avcodec/apedec: Use 64bit to avoid overflow ... Fixes: runtime error: signed integer overflow: 727298502 * 3 cannot be represented in type 'int' Fixes: 39172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-638602483033702 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f059b56195) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-21 19:21:14 +02:00
Michael Niedermayer	bda2d49896	avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830() ... Fixes: signed integer overflow: -2145648640 - 3357696 cannot be represented in type 'int' Fixes: 38899/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5358815017566208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ad517ee6e4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-21 19:21:14 +02:00
Michael Niedermayer	6825af5c07	avcodec/apedec: Fix integer overflow in filter_fast_3320() ... Fixes: signed integer overflow: 2145649668 + 3956526 cannot be represented in type 'int' Fixes: 38351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-4647077926273024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0e45886e6e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-05 23:19:40 +02:00
Michael Niedermayer	58fdd476f9	avcodec/mxpegdec: Check for AVDISCARD_ALL ... Fixes: Fixes NULL pointer dereference Fixes: 36610/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6052641783283712 Fixes: 37907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-4725170850365440 Fixes: 37904/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6367889262247936 Fixes: 38085/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5175270823297024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 20afd3a63a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-05 23:19:40 +02:00
Michael Niedermayer	97f3abe294	avcodec/flicvideo: Check remaining bytes in FLI*COPY ... Fixes: Timeout Fixes: 37795/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-4846536543043584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f835efbca) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-05 23:19:39 +02:00
Michael Niedermayer	7d313a14a1	avcodec/utils: ARGO writes 4x4 blocks without regard to the image dimensions ... Fixes: out of array access Fixes: 37197/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5877046382297088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 018b611b4b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-05 23:19:39 +02:00
Michael Niedermayer	b90ce02f81	avcodec/cbs_h265_syntax_template: Limit sps_num_palette_predictor_initializer_minus1 to 127 ... Fixes: index 128 out of bounds for type 'uint16_t [128]' Fixes: 38651/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-6296416058736640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 85413a5ae6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-05 23:19:39 +02:00
Michael Niedermayer	a0e38aceba	avcodec/snowdec: Maintain avmv buffer ... This avoids reallocating per frame Fixes: Assertion failure Fixes: 36359/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6733238591684608 Fixes: 38623/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6098656512573440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0faf04e807) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-05 23:19:39 +02:00
Michael Niedermayer	02fd9353f2	avcodec/mpeg12dec: Do not put mpeg_f_code into an invalid state on error return ... Fixes: invalid shift Fixes: 37018/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-5290280902328320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5a95abcce4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-05 23:19:39 +02:00
Michael Niedermayer	c524a8b4be	avcodec/mpegvideo_enc: Limit bitrate tolerance to the representable ... Fixes: error: 1.66789e+11 is outside the range of representable values of type 'int' Fixes: Ticket8201 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 245017ec8a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-05 23:19:39 +02:00
Michael Niedermayer	bea287bdad	avcodec/apedec: Fix integer overflow in intermediate ... Fixes: signed integer overflow: 559334865 * 4 cannot be represented in type 'int' Fixes: 37929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6751932295806976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 90da43557f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-05 23:19:39 +02:00
Michael Niedermayer	be267aa08b	avcodec/exr: Fix undefined integer multiplication ... Fixes: signed integer overflow: 7020950083487072256 * 2 cannot be represented in type 'long long' Fixes: 37523/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5133634955771904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e67deaf86c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-10-05 23:19:39 +02:00
Stéphane Cerveau	79c114e1b2	avcodec/wmadec: handle run_level_decode error ... Consider data as invalid if ff_wma_run_level_decode gets out with an error. It avoids an unpleasant sound distorsion. See http://trac.ffmpeg.org/ticket/9358 (cherry picked from commit f9fbe2f9a9)	2021-09-21 23:20:37 -03:00
Olivier Crête	6f24f503ef	avcodec/wma: Return specific error code ... This way, the calling function can just forward it instead of making it up. Signed-off-by: Olivier Crête <olivier.crete@collabora.com> (cherry picked from commit 521388edb7)	2021-09-21 23:20:29 -03:00
Tong Wu	df288deb9b	avcodec/dxva2_av1: fix superres_denom parameter ... Defined in spec 5.9.8. When superres is enabled, SuperresDenom equals "coded_denom + SUPERRES_DENOM_MIN" instead of coded_denom. Signed-off-by: Tong Wu <tong1.wu@intel.com> Signed-off-by: Hendrik Leppkes <h.leppkes@gmail.com> (cherry picked from commit f31033c6ca)	2021-09-14 23:51:42 +02:00
James Almer	5e61fce832	avcodec/libdav1d: fix compilation after recent libdav1d API changes ... They were done in preparation for an upcoming 1.0 release. Keep supporting previous releases for the time being. Reviewed-by: BBB Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit e204846ec1)	2021-09-09 09:31:53 -03:00
James Almer	07dec5b0c3	avcodec/utils: don't return negative values in av_get_audio_frame_duration() ... In some extrme cases, like with adpcm_ms samples with an extremely high channel count, get_audio_frame_duration() may return a negative frame duration value. Don't propagate it, and instead return 0, signaling that a duration could not be determined. Fixes ticket #9312 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit e01d306c64) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 23:12:50 +02:00
Michael Niedermayer	b3e21be8e1	avcodec/jpeg2000dec: Check that atom header is within bytsetream ... Fixes: Infinite loop Fixes: 36666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5912760671141888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3c659f8618) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	7d58def70a	avcodec/apedec: Fix 2 integer overflows in filter_3800() ... Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int' Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 33feb527ff) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	baefa5385e	avcodec/xpmdec: Move allocations down after more error checks ... Fixes: Timeout Fixes: 37035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5142718576721920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e58692837c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	34aad02457	avcodec/argo: Move U, fix shift ... Fixes: left shift of 255 by 24 places cannot be represented in type 'int' Fixes: 37249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5754862984888320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 26659fe53e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	fa4ac6b43a	avcodec/mjpegbdec: Skip SOS on AVDISCARD_ALL as does mjpeg ... Fixes: NULL pointer dereference Fixes: 36342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-4579188072906752 Fixes: 36344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-5049579300061184 Fixes: 36345/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-5301149845553152 Fixes: 36374/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-6056312352931840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 104a8399ae) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	af8de920b7	avcodec/mjpegdec: Check for bits left in mjpeg_decode_scan_progressive_ac() ... Fixes: Timeout Fixes: 36262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4969052454912000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 909faca929) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	671e182cc4	avcodec/webp: Check available space in loop in decode_entropy_coded_image() ... Fixes: Timeout Fixes: 35401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5714401821851648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5e00eab611) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	fa6d6cc810	avcodec/h264dec: use picture parameters in ff_print_debug_info2() ... Fixes: out of array read Fixes: 36341/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6737583085322240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65892516d5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	82fe7775a8	avcodec/vc1dec: ff_print_debug_info() does not support WMV3 field_mode ... Fixes: out of array read Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c59b5e3d1e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	4254dbe20f	avcodec/frame_thread_encoder: Free AVCodecContext structure on error during init ... Fixes: MemLeak Fixes: 8281 Fixes: PoC_option158.jpg Fixes: CVE-2020-22037 Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7bba0dd638) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	f6f682f5aa	avcodec/faxcompr: Check for end of input in cmode == 1 in decode_group3_2d_line() ... Fixes: Infinite loop Fixes: 35591/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4503764022198272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f803635c4f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	674adf0a02	avcodec/vc1dec: Disable error concealment for *IMAGE ... The existing error concealment makes no sense for the image formats, they use transformed source images which is different from keyframe + MC+difference for which the error concealment is designed. Of course feel free to re-enable this if you have a case where it works and improves vissual results Fixes: Timeout Fixes: 36234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6300306743885824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 643b2d49bf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	f25834ab07	avcodec/sbrdsp_fixed: Fix negation overflow in sbr_neg_odd_64_c() ... Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 35593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5182217725804544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8f2856a1da) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	725a0446b4	avcodec/argo: Check for even dimensions ... Fixes: reading over the end Fixes: 36346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5366943107383296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c2f5e9ff3c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	fbf576417a	avcodec/exr: Check ac_count ... Fixes: signed integer overflow: -9223372036854775808 * 2 cannot be represented in type 'long long' Fixes: 36244/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6090656186499072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9bc32d7c4b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	3a67e33368	avcodec/aaccoder: Add minimal bias in search_for_ms() ... Fixes: floating point division by 0 Fixes: Ticket8218 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75a099fc73) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
maryam ebr	46bbf194c4	avcodec/dnxhddec: check and propagate function return value ... Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed. crafted DNxHD data can cause unspecified impact. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 7150f95756) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	6a5d7fd8ad	avcodec/aacdec_template: Avoid some invalid values to be set by decode_audio_specific_config_gb() ... Fixes: NULL pointer dereference Fixes: decode_spectrum_and_dequant.mp4 Found-by: Rafael Dutra <rafael.dutra@cispa.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit eaec4df63f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	1196932f1c	avcodec/lpc: check for zero err in normalization in compute_lpc_coefs() ... Fixes: floating point division by 0 Fixes: Ticket8213 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 70874e024a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	09f47af747	avcodec/j2kenc: Check for av_strtok() failure ... Fixes: CID1466601 Dereference null return value Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6a6a765fa4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	8f0d442434	avcodec/cpia: Fix missing src_size update ... Fixes: out of array read Fixes: 35210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5669199688105984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cea05864e6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	7b5308045e	avcodec/exr: Better size checks ... Fixes: signed integer overflow: 3530839700044513368 + 8386093932303352321 cannot be represented in type 'long long' Fixes: 35182/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5398383270428672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 18b0dd0738) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	bb1d2cf898	avcodec/clearvideo: Check tile_size to be not too large ... Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 35023/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-6740166587842560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 11fac9613e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	417bc2a5b0	avcodec/utils: Use 64bit for intermediate in AV_CODEC_ID_ADPCM_THP* duration calculation ... Fixes: signed integer overflow: 486539264 * 14 cannot be represented in type 'int' Fixes: 35281/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6068262742917120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 00ae9b77ef) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	b49039b23e	avcodec/hevc_sei: Use get_bits_long() for time_offset_value ... Fixes: assertion failure Fixes: crash_1 Found-by: Thuan Pham <tpham.unimelb@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d866787dac) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
Michael Niedermayer	b01534293e	avcodec/iff: Only write palette to plane 1 if its PAL8 ... Fixes: null pointer passed as argument 1, which is declared to never be null Fixes: 33791/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5107575256383488.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 216eb60b85) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-08 21:31:50 +02:00
James Almer	bf87bdd3f6	avcodec/h264_slice: clear old slice POC values on parsing failure ... If a slice header fails to parse, and the next one uses different Sequence and Picture parameter sets, certain values may not be read if they are not coded, resulting in the previous slice values being used. Signed-off-by: James Almer <jamrial@gmail.com>	2021-08-10 15:22:12 -03:00
James Almer	3f06be77ac	avcodec/crystalhd: signal that the decoder sets all output frame properties ... Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit ec8e95296e)	2021-06-23 11:24:56 -03:00
James Almer	6136f1398a	avcodec/cuviddec: signal that the decoder sets all output frame properties ... Fixes memleaks described in ticket #9082. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 6b4805686c)	2021-06-23 11:24:53 -03:00
James Almer	4a953e5c81	avcodec/decode: reindent after the previous commit ... Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit b4c2ff3e41)	2021-06-23 11:21:09 -03:00
James Almer	28e803d637	avcodec/decode: add an internal codec flag to signal a decoder sets all output frame properties ... Decoders like cuviddec ignore and overwrite all the properties set by the generic code as derived from AVCodecInternal.last_pkt_props. This flag ensures libavcodec will not store and potentially queue input packets that ultimately will not be used. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 7b9610ebd8)	2021-06-23 11:17:06 -03:00
James Almer	7015704640	avcodec/decode: fetch packets from the pkt_props FIFO on every frame returned ... Fixes memleaks on decoders that don't call ff_decode_frame_props(), like libdav1d. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit a4fb03563a)	2021-06-21 16:31:26 -03:00
Michael Niedermayer	29d3e924a6	avcodec/faxcompr: Check available bits in decode_uncompressed() ... Fixes: Timeout Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112 Fixes: 34966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4587409334468608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ff56c139e0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-06-18 20:53:56 +02:00