Michael Niedermayer
bbc6bfae37
avcodec/truemotion2: Fix passing null pointer to memset()
...
Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c901627918michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
b1777d92f9
avcodec/truemotion2: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
...
Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c9e884f3d9michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
33aed7bb76
avcodec/ra144: Fix runtime error: signed integer overflow: -2449 * 1398101 cannot be represented in type 'int'
...
Fixes: 1885/clusterfuzz-testcase-minimized-5336328549957632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7c845450d2michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
a7878fe247
avcodec/ra144: Fix runtime error: signed integer overflow: 11184810 * 404 cannot be represented in type 'int'
...
Fixes: 1884/clusterfuzz-testcase-minimized-4637425835966464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4c472c5252michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
ba3bc22940
avcodec/aac_defines: Add missing () to AAC_HALF_SUM() macro
...
Fixes: runtime error: shift exponent 1073741848 is too large for 32-bit type 'INTFLOAT' (aka 'int')
Fixes: 1880/clusterfuzz-testcase-minimized-4900645322620928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 872bac8159michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
3fe7d4c403
avcodec/webp: Fixes null pointer dereference
...
Fixes: 1470/clusterfuzz-testcase-minimized-5404421666111488
Fixes: 1472/clusterfuzz-testcase-minimized-5677426430443520
Fixes: 1875/clusterfuzz-testcase-minimized-5536474562822144
Approved-by: BBB
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 67020711b7michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
5ee31596fa
avcodec/aacdec_fixed: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
...
Fixes: 1878/clusterfuzz-testcase-minimized-6441918630199296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6b9cb5d26amichael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
1d88ec2fb0
avcodec/snow: Fix runtime error: signed integer overflow: 1086573993 + 1086573994 cannot be represented in type 'int'
...
Fixes: 1871/clusterfuzz-testcase-minimized-5719950331215872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b9c032ebc0michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
65f38d1285
avcodec/jpeg2000: Fix runtime error: signed integer overflow: 4185 + 2147483394 cannot be represented in type 'int'
...
Fixes: 1870/clusterfuzz-testcase-minimized-4686788029317120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 781f88bb26michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
0103b3ea92
avcodec/jpeg2000dec: Check tile offsets more completely
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9c1812491fmichael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
7b1d93ce9c
avcodec/aacdec_fixed: Fix multiple runtime error: shift exponent 127 is too large for 32-bit type 'int'
...
Fixes: 1851/clusterfuzz-testcase-minimized-5692607495667712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6c3a63fc3dmichael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
19556586d5
avcodec/wnv1: More strict buffer size check
...
This requires at least 25% of a picture to allocate and decode it
Fixes: Timeout
Fixes: 1845/clusterfuzz-testcase-minimized-5075974343360512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7f50c25124michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
8fbe1f634f
avcodec/libfdk-aacdec: Correct buffer_size parameter
...
the timeDataSize argument to aacDecoder_DecodeFrame() seems undocumented and until
2016 04 (203e3f28fbebec7011342017fafc2a0bda0ce530) unused.
after that commit libfdk-aacdec interprets it as size in sample units and memsets that on error.
FFmpeg as well as others (like GStreamer) did interpret it as size in bytes
Fixes: 1442/clusterfuzz-testcase-minimized-4540199973421056 (This requires recent libfdk to reproduce)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ca6776a993michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
492099f9c4
avcodec/sbrdsp_template: Fix: runtime error: signed integer overflow: 849815297 + 1315389781 cannot be represented in type 'int'
...
Fixes: 1770/clusterfuzz-testcase-minimized-5285511235108864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7c36ee216fmichael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
259582feaa
avcodec/ivi_dsp: Fix runtime error: left shift of negative value -2
...
Fixes: 1839/clusterfuzz-testcase-minimized-6238490993885184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 357f2316a0michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Kevin Mark
fde04ca718
doc/filters: Clarify scale2ref example
...
Signed-off-by: Kevin Mark <kmark937@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 114e871621michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
59436dc8f8
avcodec/mlpdec: Do not leave invalid values in matrix_out_ch[] on error
...
Fixes: runtime error: index 12 out of bounds for type 'uint8_t [8]'
Fixes: 1832/clusterfuzz-testcase-minimized-6574546079449088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ac8dfcbd89michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
50fb6addc9
avcodec/ra144dec: Fix runtime error: left shift of negative value -17
...
Fixes: 1830/clusterfuzz-testcase-minimized-5828293733384192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 53c0c637d3michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
fc449d70cf
avformat/mux: Fix copy an paste typo
...
Found-by: Roger Scott <rscott@grammatech.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1a36354698michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
6025edc0c7
avutil/internal: Do not enable CHECKED with DEBUG
...
This avoids potential undefined behavior in debug mode while still allowing
developers which want to check for potential additional overflows to do so
by manually enabling this.
Reviewed-by: wm4
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a44b3abb4cmichael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
1341713550
avcodec/aacdec_fixed: Fix runtime error: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
...
Fixes: 1825/clusterfuzz-testcase-minimized-6002833050566656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8e87d146d7michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
5529a67817
avcodec/smc: Check remaining input
...
Fixes: Timeout
Fixes: 1818/clusterfuzz-testcase-minimized-5039166473633792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 356194fcb1michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
345f296135
avcodec/jpeg2000dec: Fix copy and paste error
...
Found-by: jamrial
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5782e0ba8cmichael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
75d32ff24d
avcodec/jpeg2000dec: Check tile offsets
...
Fixes: runtime error: signed integer overflow: 4096 - -2147483648 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 89325417e7michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Max Justicz
87c13e4e88
avcodec/sanm: Fix uninitialized reference frames
...
Fixes: poc.snm
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ca616b0f72michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
52e470097a
avcodec/jpeglsdec: Check get_bits_left() before decoding a picture
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4bc3008d04michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
5148395e86
avcodec/ivi_dsp: Fix multiple runtime error: left shift of negative value -71
...
Fixes: 1734/clusterfuzz-testcase-minimized-5385630815092736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8fb00b3e85michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
32ac3f1b1f
avcodec/mjpegdec: Fix runtime error: signed integer overflow: -32767 * 130560 cannot be represented in type 'int'
...
Fixes: 1724/clusterfuzz-testcase-minimized-4842395432648704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 40fa6a2fa2michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
dd373b4027
avcodec/aacdec_fixed: Fix runtime error: shift exponent 34 is too large for 32-bit type 'int'
...
Fixes: 1721/clusterfuzz-testcase-minimized-4719352135811072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b5228e44c7michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
8bc5e90bb2
avcodec/mpeg4videodec: Check for multiple VOL headers
...
Fixes multiple: runtime error: signed integer overflow: 2147115008 + 413696 cannot be represented in type 'int'
Fixes: 1723/clusterfuzz-testcase-minimized-5309409372667904
Fixes: 1727/clusterfuzz-testcase-minimized-5900685306494976
Fixes: 1737/clusterfuzz-testcase-minimized-5922321338466304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit efeb47fd5dmichael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
5ceb27b0eb
avcodec/vmnc: Check location before use
...
Fixes: runtime error: signed integer overflow: 65535 * 64256 cannot be represented in type 'int'
Fixes: 1717/clusterfuzz-testcase-minimized-5491696676634624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ec2b76aab4michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
ea4b807c0a
avcodec/takdec: Fix runtime error: signed integer overflow: 8192 * 524308 cannot be represented in type 'int'
...
Fixes: 1630/clusterfuzz-testcase-minimized-6326111917047808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 955db41192michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
0155d1c1cb
avcodec/aac_defines: Fix: runtime error: left shift of negative value -2
...
Fixes: 1716/clusterfuzz-testcase-minimized-4691012196761600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c3547dcbc3michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
45c9fe61d9
avcodec/takdec: Fix runtime error: left shift of negative value -63
...
Fixes: 1713/clusterfuzz-testcase-minimized-5791887476654080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d66193252bmichael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
11e2bdd53e
avcodec/mlpdsp: Fix runtime error: signed integer overflow: -24419392 * 128 cannot be represented in type 'int'
...
Fixes: 1711/clusterfuzz-testcase-minimized-5248503515185152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1d04fc94e1michael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
7d61e21953
avcodec/sbrdsp_fixed: fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
...
Fixes: part of 1709/clusterfuzz-testcase-minimized-4513580554649600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 384508b2ffmichael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
Michael Niedermayer
88fabd8016
avcodec/aacsbr_fixed: Fix multiple runtime error: shift exponent 170 is too large for 32-bit type 'int'
...
Fixes part of 1709/clusterfuzz-testcase-minimized-4513580554649600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6310fc714dmichael@niedermayer.cc >
2017-06-05 23:16:54 +02:00
James Almer
24d744cabe
avcodec/hevc_sei: fix amount of bits skipped when reading picture timing SEI message
...
The code was skipping the entire reported SEI message size regardless of
the amount of bits read.
While in theory safe for NALU where the picture timing SEI message is alone
or at the end as we're using the checked bitstream reader, it isn't in any
other situation, where every SEI message in the NALU after the picture
timing one would potentially fail to parse.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit f738140807
2017-05-19 23:38:04 -03:00
James Almer
870f1e3836
avformat/concatdec: fix the h264 annexb extradata check
...
The start code can be either in the first three or four bytes.
(cherry picked from commit b4330a0e02
2017-05-19 23:37:59 -03:00
Aaron Levinson
0109a152a1
avformat/utils: free AVStream.codec properly in free_stream()
...
Fixes memory leaks.
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit b9d2005ea5
2017-05-19 23:37:49 -03:00
James Almer
1c302b606e
avcodec/options: do a more thorough clean up in avcodec_copy_context()
...
Free coded_frame to prevent potential leaks.
Reviewed-by: Aaron Levinson <alevinsn@aracnet.com >
Tested-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit cac8de2da5
2017-05-19 23:37:03 -03:00
James Almer
4122e5fcb3
avcodec/options: factorize avcodec_copy_context() cleanup code
...
Reviewed-by: Aaron Levinson <alevinsn@aracnet.com >
Tested-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 54a4c9b4e9
2017-05-19 23:22:23 -03:00
Michael Niedermayer
4117f19f2f
avcodec/mlpdec: Do not leave a invalid num_primitive_matrices in the context
...
Fixes: runtime error: index 8 out of bounds for type 'uint8_t [8]'
Fixes: 1699/clusterfuzz-testcase-minimized-6327177438035968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 64ea4d102amichael@niedermayer.cc >
2017-05-20 03:41:34 +02:00
Michael Niedermayer
3ecff1b7e5
avcodec/aacsbr_fixed: Fix multiple runtime error: shift exponent 150 is too large for 32-bit type 'int'
...
Fixes: 1681/clusterfuzz-testcase-minimized-5970545365483520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3fb104f447michael@niedermayer.cc >
2017-05-20 03:41:34 +02:00
Michael Niedermayer
860ff3c447
avcodec/mimic: Use ff_set_dimensions() to set the dimensions
...
Fixes: OOM
Fixes: 1671/clusterfuzz-testcase-minimized-4759078033162240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e434840fd4michael@niedermayer.cc >
2017-05-20 03:41:34 +02:00
Michael Niedermayer
1397c7f616
avcodec/fic: Fix multiple runtime error: signed integer overflow: 5793 * 419752 cannot be represented in type 'int'
...
Fixes: 1669/clusterfuzz-testcase-minimized-5287529198649344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a173f484b5michael@niedermayer.cc >
2017-05-20 03:41:34 +02:00
Michael Niedermayer
346e2d1663
avcodec/mlpdec: Fix: runtime error: left shift of negative value -8
...
Fixes: 1658/clusterfuzz-testcase-minimized-4889937130291200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 25c81e4b73michael@niedermayer.cc >
2017-05-20 03:41:34 +02:00
Michael Niedermayer
9e62e1cded
avcodec/dfa: Fix: runtime error: signed integer overflow: -14202 * 196877 cannot be represented in type 'int'
...
Fixes: 1657/clusterfuzz-testcase-minimized-4710000079405056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 58ac7fb9c3michael@niedermayer.cc >
2017-05-20 03:41:34 +02:00
Michael Niedermayer
afc0b559f6
avcodec/aacdec: Fix runtime error: signed integer overflow: 2147483520 + 255 cannot be represented in type 'int'
...
Fixes: 1656/clusterfuzz-testcase-minimized-5900404925661184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 94d05ff159michael@niedermayer.cc >
2017-05-20 03:41:34 +02:00
Michael Niedermayer
f76c1554f6
avcodec/aacdec_template: Fix fixed point scale in decode_cce()
...
Fixes: runtime error: shift exponent 1073741824 is too large for 32-bit type 'int'
Fixes: 1654/clusterfuzz-testcase-minimized-5151903795118080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 53a502206amichael@niedermayer.cc >
2017-05-20 03:41:34 +02:00
