Commit Graph

38198 Commits

Author SHA1 Message Date
Michael Niedermayer
983e3fbcc5 avcodec/samidec: Check ff_htmlmarkup_to_ass() return code
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 17:02:02 +02:00
Michael Niedermayer
f4ae3cce64 avcodec/htmlsubtitles: Check for string truncation and return error
Fixes out of array access
Fixes: 1354/clusterfuzz-testcase-minimized-5520132195483648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 17:02:02 +02:00
Michael Niedermayer
aaeec1c654 avcodec/wavpack: Fix signed integer overflow: 1285114081 * 2 cannot be represented in type 'int'
Fixes: 945/clusterfuzz-testcase-6037937588273152
Fixes: integer overflow

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 17:02:02 +02:00
James Almer
2cb656ad11 avcodec/mjpegenc: move ff_mjpeg_encode_picture_frame to mjpegenc_common
Fixes compilation of ljpeg encoder if mjpeg and amv encoders are disabled
2017-05-08 11:33:57 -03:00
Michael Niedermayer
29692023b2 avcodec/bmvvideo: Fix runtime error: left shift of 137 by 24 places cannot be represented in type 'int'
Fixes: 1411/clusterfuzz-testcase-minimized-5776085184675840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 15:47:29 +02:00
Michael Niedermayer
ea59ef0c03 avcodec/dss_sp: Fix multiple runtime error: signed integer overflow: -15699 * -164039 cannot be represented in type 'int'
Fixed: 1409/clusterfuzz-testcase-minimized-5237365020819456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 15:41:15 +02:00
Michael Niedermayer
0075d9eced avcodec/dvbsubdec: check region dimensions
Fixes: 1408/clusterfuzz-testcase-minimized-6529985844084736
Fixes: integer overflow

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 15:28:26 +02:00
Michael Niedermayer
8824b7370a avcodec/vp8dsp: Fixes: runtime error: signed integer overflow: 1330143360 - -1023040530 cannot be represented in type 'int'
Fixes: 1406/clusterfuzz-testcase-minimized-5064865125236736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 12:30:09 +02:00
Michael Niedermayer
5d5118f81b avcodec/hqxdsp: Fix multiple runtime error: signed integer overflow: 248220 * 21407 cannot be represented in type 'int' in idct_col()
Fixes: 1405/clusterfuzz-testcase-minimized-5011491835084800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 12:30:09 +02:00
Michael Niedermayer
279420b5a6 avcodec/cavsdec: Check sym_factor
Fixes: runtime error: signed integer overflow: 25984 * 130560 cannot be represented in type 'int'

Fixes: 1404/clusterfuzz-testcase-minimized-5000441286885376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 12:30:09 +02:00
Michael Niedermayer
1e42736b95 avcodec/cdxl: Check format for BGR24
Fixes: out of array access
Fixes: 1427/clusterfuzz-testcase-minimized-5020737339392000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 12:30:09 +02:00
Daniil Cherednik
b8c2b9c392 avcodec/dcaenc: Initial implementation of ADPCM encoding for DCA encoder 2017-05-08 05:56:14 +01:00
Michael Niedermayer
5f928c5201 avcodec/rangecoder: Test for invalid corner case
Fixes runtime error: left shift of 1912602815 by 8 places cannot be represented in type 'int'
Fixes: 1403/clusterfuzz-testcase-minimized-4724820484816896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 03:25:17 +02:00
Michael Niedermayer
3a4d387195 avcodec/ffv1dec: Fix copying planes of paletted formats
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 03:25:17 +02:00
Michael Niedermayer
8b1f66cf5c avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -12156865 cannot be represented in type 'int'
Fixes: 1401/clusterfuzz-testcase-minimized-6526248148795392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-08 03:25:17 +02:00
Michael Niedermayer
441026fcb1 avcodec/xwddec: Check bpp more completely
Fixes out of array access
Fixes: 1399/clusterfuzz-testcase-minimized-4866094172995584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 19:32:33 +02:00
Michael Niedermayer
a5e0dbf530 avcodec/aacdec_template: Do not decode 2nd PCE if it will lead to failure
Fixes: out of array read
Fixes: 1072/clusterfuzz-testcase-6456688074817536
Fixes: 1398/clusterfuzz-testcase-minimized-4576913622302720

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 19:32:33 +02:00
Michael Niedermayer
a38e9797cb avcodec/s302m: Fix left shift of 8 by 28 places cannot be represented in type 'int'
Fixes: 1395/clusterfuzz-testcase-minimized-5330939741732864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 19:32:33 +02:00
Michael Niedermayer
0ac1c87194 avcodec/eamad: Fix runtime error: signed integer overflow: 49674 * 49858 cannot be represented in type 'int'
Fixes: 1394/clusterfuzz-testcase-minimized-6493376885030912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 19:32:33 +02:00
Michael Niedermayer
c04aa14882 avcodec/g726: Fix runtime error: left shift of negative value -2
Fixes: 1393/clusterfuzz-testcase-minimized-5948366791901184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 19:32:33 +02:00
Michael Niedermayer
2162b862eb avcodec/magicyuv: Check len to be supported
Fixes: shift exponent -1 is negative
Fixes: 1390/clusterfuzz-testcase-minimized-5452757630713856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 15:31:00 +02:00
Michael Niedermayer
78bf446852 avcodec/ra144: Fix runtime error: left shift of negative value -798
Fixes: 1388/clusterfuzz-testcase-minimized-6680800936329216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 15:31:00 +02:00
Michael Niedermayer
464c4b86ee avcodec/mss34dsp: Fix multiple signed integer overflow
Fixes: 1387/clusterfuzz-testcase-minimized-4802757766676480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 15:31:00 +02:00
Timo Rothenpieler
f89a89c550 avcodec/nvenc: use frames hwctx when registering a frame 2017-05-07 13:38:30 +02:00
Timo Rothenpieler
dad6f44bbd avcodec/nvenc: support external context in sw mode 2017-05-07 13:35:25 +02:00
Michael Niedermayer
3e56db8926 avcodec/targa_y216dec: Fix width type
Fixes out of array access
Fixes: 1376/clusterfuzz-testcase-minimized-6361794975105024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 04:11:21 +02:00
Michael Niedermayer
e92fb2bea1 avcodec/texturedsp: Fix multiple runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 1386/clusterfuzz-testcase-minimized-5323086394032128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 04:11:21 +02:00
Michael Niedermayer
9e88cc94e5 avcodec/ivi_dsp: Fix multiple left shift of negative value -2
Fixes: 1385/clusterfuzz-testcase-minimized-5552882663292928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 04:11:21 +02:00
Michael Niedermayer
669419939c avcodec/svq3: Fix multiple runtime error: signed integer overflow: 44161 * 61694 cannot be represented in type 'int'
Fixes: 1382/clusterfuzz-testcase-minimized-6013445293998080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 04:11:21 +02:00
Michael Niedermayer
1121d92707 avcodec/msmpeg4dec: Correct table depth
Fixes undefined shift
Fixes: 1381/clusterfuzz-testcase-minimized-5513944540119040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-07 04:11:21 +02:00
James Almer
fb0f29f9aa avcodec/hevc_sei: actually propagate error codes 2017-05-06 22:57:43 -03:00
Michael Niedermayer
8a8335de03 avcodec/dds: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 1380/clusterfuzz-testcase-minimized-650122545122508

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 23:23:39 +02:00
Michael Niedermayer
e1b60aad77 avcodec/cdxl: Check format parameter
Fixes out of array access
Fixes: 1378/clusterfuzz-testcase-minimized-5715088008806400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 23:23:39 +02:00
Michael Niedermayer
df8575584d avcodec/shorten: Check residual size
Fixes assertion failure

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 19:53:25 +02:00
Michael Niedermayer
1283c42447 avcodec/hq_hqa: Fix runtime error: left shift of negative value -207
Fixes: 1375/clusterfuzz-testcase-minimized-6070134701555712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 19:12:14 +02:00
Michael Niedermayer
2ef0f39271 avcodec/mss3: Change types in rac_get_model_sym() to match the types they are initialized from
Fixes integer overflow
Fixes: 1372/clusterfuzz-testcase-minimized-5712192982745088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 19:10:50 +02:00
Michael Niedermayer
7b6a51f59c avcodec/shorten: Check k in get_uint()
Fixes: undefined shift
Fixes: 1371/clusterfuzz-testcase-minimized-5770822591447040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 18:28:57 +02:00
Michael Niedermayer
0884b1c5ff avcodec/golomb: Assert that k is valid in get_ur_golomb_jpegls()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 18:25:02 +02:00
Michael Niedermayer
9bf4523e40 avcodec/webp: Fix null pointer dereference
Fixes: 1369/clusterfuzz-testcase-minimized-5048908029886464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 16:44:25 +02:00
Michael Niedermayer
12936a4585 avcodec/dfa: Fix signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 1368/clusterfuzz-testcase-minimized-4507293276176384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 16:40:29 +02:00
Michael Niedermayer
4ace2d2219 avcodec/g723_1: Fix multiple runtime error: left shift of negative value
Fixes: 1367/clusterfuzz-testcase-minimized-571496882346393

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 16:33:31 +02:00
Michael Niedermayer
fc2c420b82 avcodec/mimic: Fix runtime error: left shift of negative value -1
Fixes: 1365/clusterfuzz-testcase-minimized-5624158450876416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 15:18:00 +02:00
Michael Niedermayer
4654baff12 avcodec/opus_silk: Fix integer overflow and out of array read
Fixes: 1362/clusterfuzz-testcase-minimized-6097275002552320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 14:29:12 +02:00
Michael Niedermayer
c0ffcb34c7 avcodec/clearvideo: Fix multiple runtime error: left shift of negative value -1024
Fixes: 1360/clusterfuzz-testcase-minimized-5606472043986944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 12:17:54 +02:00
Michael Niedermayer
b20c71409b avcodec/fic: Fix multiple left shift of negative value -15
Fixes: 1356/clusterfuzz-testcase-minimized-6008489086287872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 12:11:43 +02:00
Michael Niedermayer
c535436cbe avcodec/mlpdec: Fix runtime error: left shift of negative value -22
Fixes: 1355/clusterfuzz-testcase-minimized-6662205472768000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 12:08:14 +02:00
Michael Niedermayer
e813df4fa3 avcodec: Avoid splitting side data repeatedly
Fixes Timeout
Fixes: 508/clusterfuzz-testcase-6245747678773248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 03:54:17 +02:00
Michael Niedermayer
523205ce1e avcodec/snowdec: Check qbias
Fixes: signed integer overflow: -1094995529 * 131 cannot be represented in type 'int'
Fixes: 1353/clusterfuzz-testcase-minimized-5208180449607680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 02:11:34 +02:00
James Almer
859cc5c8e6 avcodec/hevc_parser: cosmetics
Reduces differences with libav slightly.

Signed-off-by: James Almer <jamrial@gmail.com>
2017-05-05 20:10:17 -03:00
James Almer
214f4133c4 avcodec/hevc_parser: move hevc_find_frame_end() down in the file
Reduces differences with libav.
2017-05-05 20:10:17 -03:00