ffmpeg.git
2 years agoavcodec/h264_mvpred: Fix multiple runtime error: left shift of negative value
Michael Niedermayer [Fri, 3 Mar 2017 03:39:06 +0000 (04:39 +0100)]
avcodec/h264_mvpred: Fix multiple runtime error: left shift of negative value

Fixes: 710/clusterfuzz-testcase-5091051431788544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab998f4c7faf90d0e46b6ead38a1df1f6a31e2eb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/adxdec: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Fri, 3 Mar 2017 03:39:04 +0000 (04:39 +0100)]
avcodec/adxdec: Fix runtime error: left shift of negative value -1

Fixes: 705/clusterfuzz-testcase-5129572590813184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d23727e0420b9f77f0d4cb28b43819b402f702e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg4videodec: Improve the overflow checks in mpeg4_decode_sprite_trajectory()
Michael Niedermayer [Thu, 2 Mar 2017 02:02:07 +0000 (03:02 +0100)]
avcodec/mpeg4videodec: Improve the overflow checks in mpeg4_decode_sprite_trajectory()

Also clear the state on errors

Fixes integer overflows in 701/clusterfuzz-testcase-6594719951880192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eb41956636fc264fe2077b78ef00591d83bbbace)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mjpegdec: Fix runtime error: left shift of negative value -511
Michael Niedermayer [Wed, 1 Mar 2017 15:32:09 +0000 (16:32 +0100)]
avcodec/mjpegdec: Fix runtime error: left shift of negative value -511

Fixes: 693/clusterfuzz-testcase-6109776066904064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4b72d5cd6f9341dcafdbc1b9030166aa987b8304)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/h264_direct: Fix runtime error: left shift of negative value -14
Michael Niedermayer [Tue, 28 Feb 2017 02:13:24 +0000 (03:13 +0100)]
avcodec/h264_direct: Fix runtime error: left shift of negative value -14

Fixes: 682/clusterfuzz-testcase-4799120021651456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4bd3f1ce3e68a9348e97ec07a247048ea72ed808)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/pictordec: Check plane value before doing value/mask computations
Michael Niedermayer [Sun, 26 Feb 2017 19:28:00 +0000 (20:28 +0100)]
avcodec/pictordec: Check plane value before doing value/mask computations

Fixes integer overflow
Fixes: 675/clusterfuzz-testcase-6722971232108544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 63e400a8807dca7b0ffa3841df2e31f7419abb8d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg4videodec: Fix runtime error: left shift of negative value -2650
Michael Niedermayer [Sun, 26 Feb 2017 19:27:59 +0000 (20:27 +0100)]
avcodec/mpeg4videodec: Fix runtime error: left shift of negative value -2650

Fixes: 674/clusterfuzz-testcase-6713275880308736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 25e93aacc2142f3b57f1e63c67ca46d304f154ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/eac3dec: Fix runtime error: left shift of negative value -3
Michael Niedermayer [Sat, 25 Feb 2017 20:07:25 +0000 (21:07 +0100)]
avcodec/eac3dec: Fix runtime error: left shift of negative value -3

Fixes: 672/clusterfuzz-testcase-5595018867769344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 87eb3749708c0eb2978f4812c7be2a4af667fdb7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg12dec: Fix runtime error: left shift of negative value -2
Michael Niedermayer [Sat, 25 Feb 2017 20:07:24 +0000 (21:07 +0100)]
avcodec/mpeg12dec: Fix runtime error: left shift of negative value -2

671/clusterfuzz-testcase-4990381827555328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aff8cf18cb0b1fa4f2e3d163c3da2f25aa6d1906)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg4videodec: Check the other 3 sprite points for intermediate overflows
Michael Niedermayer [Thu, 23 Feb 2017 21:33:16 +0000 (22:33 +0100)]
avcodec/mpeg4videodec: Check the other 3 sprite points for intermediate overflows

This is not necessarily specific to fuzzed files

Fixes: Multiple integer overflows
Fixes: 656/clusterfuzz-testcase-6463814516080640
Fixes: 658/clusterfuzz-testcase-6691260146384896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 76ba09d18245a2a41dc5f93a60fd00cdf358cb1f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg4videodec: Check sprite_offset in addition to shifts
Michael Niedermayer [Wed, 22 Feb 2017 20:57:49 +0000 (21:57 +0100)]
avcodec/mpeg4videodec: Check sprite_offset in addition to shifts

Fixes: 651/clusterfuzz-testcase-5710668915277824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6871df02d973c9ffc1aa4f6d08fb4b1b63d411be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg4video: Fix runtime error: left shift of negative value
Michael Niedermayer [Wed, 22 Feb 2017 00:22:24 +0000 (01:22 +0100)]
avcodec/mpeg4video: Fix runtime error: left shift of negative value

Fixes: 644/clusterfuzz-testcase-4726434209726464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6179dc8aa7e5fc5358b9614306f93f1adadf22a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ituh263dec: Fix runtime error: left shift of negative value -22
Michael Niedermayer [Tue, 21 Feb 2017 16:32:56 +0000 (17:32 +0100)]
avcodec/ituh263dec: Fix runtime error: left shift of negative value -22

Fixes: 639/clusterfuzz-testcase-5143866241974272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 631f7484918a9e7260377c3cea878be708609e64)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/rv40: Fix runtime error: left shift of negative value
Michael Niedermayer [Tue, 21 Feb 2017 02:05:32 +0000 (03:05 +0100)]
avcodec/rv40: Fix runtime error: left shift of negative value

Fixes: 630/clusterfuzz-testcase-6608718928019456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 956472a3236cc8eaeba5147c55b51bde6005c898)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/h264_cabac: runtime error: signed integer overflow: 2147483647 + 14 cannot...
Michael Niedermayer [Sun, 19 Feb 2017 21:40:29 +0000 (22:40 +0100)]
avcodec/h264_cabac: runtime error: signed integer overflow: 2147483647 + 14 cannot be represented in type 'int'

Fixes: 614/clusterfuzz-testcase-4931860079575040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 258763ad0e1efff82bbe2beb97527d3c19f40932)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg4videodec: Fix runtime error: shift exponent -2 is negative
Michael Niedermayer [Sun, 19 Feb 2017 20:33:27 +0000 (21:33 +0100)]
avcodec/mpeg4videodec: Fix runtime error: shift exponent -2 is negative

Fixes: 612/clusterfuzz-testcase-4707817137111040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa2b75263e17651187b1475551a02aa2f4ff65fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mjpegdec: Fix runtime error: left shift of negative value -507
Michael Niedermayer [Sun, 19 Feb 2017 19:39:13 +0000 (20:39 +0100)]
avcodec/mjpegdec: Fix runtime error: left shift of negative value -507

Fixes: 611/clusterfuzz-testcase-5613455820193792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c91bdd4524815125e1f7d8dee22ee7a73173c39a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/eac3dec: Fix runtime error: left shift of negative value
Michael Niedermayer [Sun, 19 Feb 2017 19:32:48 +0000 (20:32 +0100)]
avcodec/eac3dec: Fix runtime error: left shift of negative value

Fixes: 610/clusterfuzz-testcase-4831030085156864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 067485b673f6ac4b1207d6fc975d1fd968edc68e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp6: clear dimensions on failed resolution change in vp6_parse_header()
Michael Niedermayer [Sun, 12 Mar 2017 02:04:06 +0000 (03:04 +0100)]
avcodec/vp6: clear dimensions on failed resolution change in vp6_parse_header()

Fixes: 807/clusterfuzz-testcase-6470061042696192
Fixes null pointer dereference

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 967feea5ebb744dce97ab327d33502b43fca0c7f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp56: Reset have_undamaged_frame on resolution changes
Michael Niedermayer [Thu, 9 Mar 2017 16:55:32 +0000 (17:55 +0100)]
avcodec/vp56: Reset have_undamaged_frame on resolution changes

Fixes: timeout in 758/clusterfuzz-testcase-4720832028868608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e913f212907048d7009cf2f15551781c69b9985)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp8: Fix hang with slice threads
Thomas Guilbert [Thu, 9 Mar 2017 23:15:39 +0000 (00:15 +0100)]
avcodec/vp8: Fix hang with slice threads

Fixes: 447860.webm

Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9bbc73ae9fdedc8789b2b6be65279e9a0ecd7090)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp8: Check for the bitstream end per MB in decode_mb_row_no_filter()
Michael Niedermayer [Tue, 7 Mar 2017 18:09:39 +0000 (19:09 +0100)]
avcodec/vp8: Check for the bitstream end per MB in decode_mb_row_no_filter()

Fixes: timeout in 730/clusterfuzz-testcase-5265113739165696 (part 2 of 2)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1afd246960202917e244c844c534e9c1e3c323f5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp568: Check that there is enough data for ff_vp56_init_range_decoder()
Michael Niedermayer [Tue, 7 Mar 2017 18:09:38 +0000 (19:09 +0100)]
avcodec/vp568: Check that there is enough data for ff_vp56_init_range_decoder()

Fixes: timeout in 730/clusterfuzz-testcase-5265113739165696 (part 1 of 2)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 55d7371fe0c44c025eb0e75215e0685870f31874)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp8: remove redundant check
Michael Niedermayer [Mon, 6 Mar 2017 23:53:52 +0000 (00:53 +0100)]
avcodec/vp8: remove redundant check

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5098a6f6275a57f122cd8f03e7ffbe5dd090b8e0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp56: Require a correctly decoded frame before using vp56_conceal_mb()
Michael Niedermayer [Thu, 2 Mar 2017 02:02:06 +0000 (03:02 +0100)]
avcodec/vp56: Require a correctly decoded frame before using vp56_conceal_mb()

Fixes timeout with 700/clusterfuzz-testcase-5660909504561152
Fixes timeout with 702/clusterfuzz-testcase-4553541576294400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ce4f28431623cdde4aa496fd10430f6c7bdef63)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp3: Do not return random positive values but the buf size
Michael Niedermayer [Thu, 15 Dec 2016 20:08:48 +0000 (21:08 +0100)]
avcodec/vp3: Do not return random positive values but the buf size

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d8094a303ba36344015a44d629bafc6d7094b4ac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp8: Check for bitsteam end in decode_mb_row_no_filter()
Michael Niedermayer [Tue, 28 Feb 2017 02:55:02 +0000 (03:55 +0100)]
avcodec/vp8: Check for bitsteam end in decode_mb_row_no_filter()

Fixes timeout with 686/clusterfuzz-testcase-5853946876788736

this shortcuts (i.e. speeds up) the error and
return-to-user when decoding a truncated frame

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Previous version reviewed by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b5ff7d57355dc608f0fd86e3ab32a2fda65e752)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp56: Factorize vp56_render_mb() out
Michael Niedermayer [Sat, 25 Feb 2017 20:07:22 +0000 (21:07 +0100)]
avcodec/vp56: Factorize vp56_render_mb() out

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c0139463c8f0a6f28e7b193c2a85608a7635bbd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp3dsp: Fix multiple signed integer overflow: 46341 * 47523 cannot be represe...
Michael Niedermayer [Fri, 24 Feb 2017 12:11:43 +0000 (13:11 +0100)]
avcodec/vp3dsp: Fix multiple signed integer overflow: 46341 * 47523 cannot be represented in type 'int'

Fixes: 664/clusterfuzz-testcase-4917047475568640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2b8b7921c55a93049a86cfeb2fda9423d16f8ebe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoAdd CHECK/SUINT code
Michael Niedermayer [Mon, 20 Feb 2017 18:34:54 +0000 (19:34 +0100)]
Add CHECK/SUINT code

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4614bf2caf67a89c2d833b3368f325eab54582bc)
(cherry picked from commit e8d4eacc07c61ae24f48451073a2620d8d257d33)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3f2a09a43f6fade53227804459e6babb1c7248b3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg12dec: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Sun, 12 Mar 2017 02:04:04 +0000 (03:04 +0100)]
avcodec/mpeg12dec: Fix runtime error: left shift of negative value -1

Fixes: 764/clusterfuzz-testcase-6273034652483584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a720b854b0d3f0fae2b1eac644dd39e5821cacb1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp56: Clear dimensions in case of failure in the middle of a resolution change
Michael Niedermayer [Wed, 1 Mar 2017 03:28:23 +0000 (04:28 +0100)]
avcodec/vp56: Clear dimensions in case of failure in the middle of a resolution change

Similar code is used elsewhere in vp56 to force a more complete reinit in the future.
Fixes null pointer dereference
Fixes: 707/clusterfuzz-testcase-4717453097566208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4bed06637729ab000b79250c67d53078300e37c4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp56: Implement very basic error concealment
Michael Niedermayer [Sat, 25 Feb 2017 11:37:32 +0000 (12:37 +0100)]
avcodec/vp56: Implement very basic error concealment

This should fix the fate failure due to a truncated last frame.
Alternatively the frame could be dropped.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d34bf886e963445350c4987f7a9ed77bd9c9a5c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/amrwbdec: Fix 2 runtime errors: left shift of negative value -1
Michael Niedermayer [Sat, 25 Feb 2017 01:19:43 +0000 (02:19 +0100)]
avcodec/amrwbdec: Fix 2 runtime errors: left shift of negative value -1

Fixes: 669/clusterfuzz-testcase-4847965409640448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6bd79ba59f46a8b3133f28faae53b75540469803)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/pngdec: Fix runtime error: left shift of 152 by 24 places cannot be represent...
Michael Niedermayer [Sat, 25 Feb 2017 00:43:16 +0000 (01:43 +0100)]
avcodec/pngdec: Fix runtime error: left shift of 152 by 24 places cannot be represented in type 'int'

Fixes: 666/clusterfuzz-testcase-6581447227867136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 310d2af319d9113263f75e94f5a1b211c05260b5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp56: Fix sign typo
Michael Niedermayer [Fri, 24 Feb 2017 20:05:33 +0000 (21:05 +0100)]
avcodec/vp56: Fix sign typo

Fixes: 664/clusterfuzz-testcase-4917047475568640

The change to fate is due to a truncated last frames which is now detected as damaged.

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 513a3494396d0a20233273b3cadcb5ee86485d5c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpegaudiodec_template: Correct return code on id3 tag discarding
Michael Niedermayer [Fri, 24 Feb 2017 18:04:12 +0000 (19:04 +0100)]
avcodec/mpegaudiodec_template: Correct return code on id3 tag discarding

Fixes: 665/clusterfuzz-testcase-4863789881098240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d81616be332cca99304d0b747c2c8e2d719f349)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/rv34: Simplify and factor get_slice_offset() code
Michael Niedermayer [Fri, 24 Feb 2017 11:46:28 +0000 (12:46 +0100)]
avcodec/rv34: Simplify and factor get_slice_offset() code

This also fixes several integer overflows by checking each value before
use.
Fixes: 662/clusterfuzz-testcase-4898131432964096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8696f254444c2ec24daa570f26feadbd3df911e4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/pictordec: Do not read more than nb_planes
Michael Niedermayer [Mon, 20 Feb 2017 11:31:43 +0000 (12:31 +0100)]
avcodec/pictordec: Do not read more than nb_planes

Fixes undefined behavior
Fixes: 622/clusterfuzz-testcase-5745722022428672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01d196a67dc55eb01cf3e06d6338c5d096a29b1c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/srtdec: Fix signed integer overflow: 1811992524 * 384 cannot be represented...
Michael Niedermayer [Sun, 19 Feb 2017 22:37:53 +0000 (23:37 +0100)]
avcodec/srtdec: Fix signed integer overflow: 1811992524 * 384 cannot be represented in type 'int'

Fixes: 617/clusterfuzz-testcase-6413875723370496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c11d3634b07b4aa71f75478aa1bcb63b0c22e030)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/pngdec: Check bit depth for validity
Michael Niedermayer [Sun, 19 Feb 2017 18:12:25 +0000 (19:12 +0100)]
avcodec/pngdec: Check bit depth for validity

Fixes: runtime error: shift exponent 132 is too large for 32-bit type 'int'
Fixes: 609/clusterfuzz-testcase-4825202619842560

See 11.2.2 IHDR Image header

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4279613a2652cdf2bee564f4b7244567e5ba91ba)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg12dec: Fix runtime error: left shift of negative value
Michael Niedermayer [Sun, 19 Feb 2017 17:47:13 +0000 (18:47 +0100)]
avcodec/mpeg12dec: Fix runtime error: left shift of negative value

Fixes: 608/clusterfuzz-testcase-603978286392934

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 706757d26dd5e606c1745a4bb53fe45f6d6493cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wavpacl: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Sun, 19 Feb 2017 14:09:34 +0000 (15:09 +0100)]
avcodec/wavpacl: Fix runtime error: left shift of negative value -1

Fixes: 607/clusterfuzz-testcase-5108792465293312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12eebb845a7fe1ced91606547352cbdd93a2726d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavformat/http: Check for truncated buffers in http_connect()
Michael Niedermayer [Mon, 13 Feb 2017 11:47:49 +0000 (12:47 +0100)]
avformat/http: Check for truncated buffers in http_connect()

Reported-by: SleepProgger <security@gnutp.com>
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8fa18e042ad2c078f759692f1db5629d16d70595)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavformat/apng: fix setting frame delay when max_fps is set to no limit
James Almer [Tue, 21 Mar 2017 01:53:00 +0000 (22:53 -0300)]
avformat/apng: fix setting frame delay when max_fps is set to no limit

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 874eb012f75bc18bb6d79ad4bc0912afa21751f3)

2 years agoswresample/resample: free existing ResampleContext on reinit
James Almer [Tue, 21 Mar 2017 15:03:44 +0000 (12:03 -0300)]
swresample/resample: free existing ResampleContext on reinit

Fixes memleak.

Reviewed-by: wm4 <nfxjfg@googlemail.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit db7a05dab0652d4ec6d89394c9024d02f44494a7)

2 years agoswresample/resample: move resample_free() higher in the file
James Almer [Tue, 21 Mar 2017 15:02:35 +0000 (12:02 -0300)]
swresample/resample: move resample_free() higher in the file

Also make it more readable while at it.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 2a8a8a2e98136c22f6e07ff669251afb8a033676)

Conflicts:
libswresample/resample.c

2 years agolavf/mpeg: Initialize a stack variable used by memcmp().
Carl Eugen Hoyos [Sun, 19 Feb 2017 15:15:34 +0000 (16:15 +0100)]
lavf/mpeg: Initialize a stack variable used by memcmp().

Silence a valgrind warning.

Fixes ticket #6160.
(cherry picked from commit a5c1c7a8b3d13c86b453558628951c3f52054ab4)

3 years agolavc/avpacket: Initialize a variable in error path.
Carl Eugen Hoyos [Thu, 16 Feb 2017 23:46:14 +0000 (00:46 +0100)]
lavc/avpacket: Initialize a variable in error path.

Fixes ticket #6153.

Tested-by: Tyson Smith
(cherry picked from commit 1d54be215309b8aa71a51826e4b0a1660fef9f93)

3 years agoUpdate for 2.8.11 n2.8.11
Michael Niedermayer [Wed, 8 Feb 2017 20:45:54 +0000 (21:45 +0100)]
Update for 2.8.11

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/h264_slice: Clear ref_counts on redundant slices
Michael Niedermayer [Wed, 8 Feb 2017 16:55:41 +0000 (17:55 +0100)]
avcodec/h264_slice: Clear ref_counts on redundant slices

Fixes reading freed memory
Fixes: 568/clusterfuzz-testcase-6107186067406848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c03029a835949fc0e68b4c6558ebcdc3ae137087)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agolavf/mov.c: Avoid heap allocation wrap in mov_read_uuid
Matt Wolenetz [Wed, 14 Dec 2016 23:26:19 +0000 (15:26 -0800)]
lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid

Core of patch is from paul@paulmehta.com
Reference https://crbug.com/643951

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Check value reduced as the code does not support values beyond INT_MAX
Also the check is moved to a more common place and before integer truncation

(cherry picked from commit 2d453188c2303da641dafb048dc1806790526dfd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agolavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr
Matt Wolenetz [Wed, 14 Dec 2016 23:24:42 +0000 (15:24 -0800)]
lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr

Core of patch is from paul@paulmehta.com
Reference https://crbug.com/643950

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Check value reduced as the code does not support larger lengths

(cherry picked from commit fd30e4d57fe5841385f845440688505b88c0f4a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/pictordec: Fix logic error
Michael Niedermayer [Tue, 7 Feb 2017 14:49:09 +0000 (15:49 +0100)]
avcodec/pictordec: Fix logic error

Fixes: 559/clusterfuzz-testcase-6424225917173760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c2ea3030af7b40a3c4275696fb5c76cdb80950a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/movtextdec: Fix decode_styl() cleanup
Michael Niedermayer [Mon, 6 Feb 2017 10:17:10 +0000 (11:17 +0100)]
avcodec/movtextdec: Fix decode_styl() cleanup

Fixes: null pointer dereference
Fixes: 555/clusterfuzz-testcase-5986646595993600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e248522d1b0d6dd8641f382cd5c4338d0ecd98e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agolavf/matroskadec: fix is_keyframe for early Blocks
Chris Cunningham [Fri, 3 Feb 2017 22:42:44 +0000 (14:42 -0800)]
lavf/matroskadec: fix is_keyframe for early Blocks

Blocks are marked as key frames whenever the "reference" field is
zero. This breaks for non-keyframe Blocks with a reference timestamp
of zero.

The likelihood of reference timestamp being zero is increased by a
longstanding bug in muxing that encodes reference timestamp as the
absolute time of the referenced frame (rather than relative to the
current Block timestamp, as described in MKV spec).

Now using INT64_MIN to denote "no reference".

Reported to chromium at http://crbug.com/497889 (contains sample)

(cherry picked from commit ac25840ee32888f0c13118edeb9404a123cd3a79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoconfigure: bump year
James Almer [Mon, 2 Jan 2017 04:38:03 +0000 (01:38 -0300)]
configure: bump year

Happy new year!

(cherry picked from commit d800d48fc67208819c2a4ae5eb214ca5e3ad7e82)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/pngdec: Check trns more completely
Michael Niedermayer [Sat, 4 Feb 2017 11:24:14 +0000 (12:24 +0100)]
avcodec/pngdec: Check trns more completely

Fixes out of array access
Fixes: 546/clusterfuzz-testcase-4809433909559296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e477f09d0b3619f3d29173b2cd593e17e2d1978e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/interplayvideo: Move parameter change check up
Michael Niedermayer [Sat, 4 Feb 2017 01:45:02 +0000 (02:45 +0100)]
avcodec/interplayvideo: Move parameter change check up

Fixes out of array read
Fixes: 544/clusterfuzz-testcase-5936536407244800.f8bd9b24_8ba77916_70c2c7be_3df6a2ea_96cd9f14

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b1e2192007d7026049237c9ab11e05ae71bf4f42)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/mjpegdec: Check for for the bitstream end in mjpeg_decode_scan_progressive_ac()
Michael Niedermayer [Wed, 1 Feb 2017 00:32:37 +0000 (01:32 +0100)]
avcodec/mjpegdec: Check for for the bitstream end in mjpeg_decode_scan_progressive_ac()

Fixes timeout
Fixes: 496/clusterfuzz-testcase-5805083497332736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3782656631fa8262528c07794acf7e9c2aab000d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/flacdec: Check avio_read result when reading flac block header.
Frank Liberato [Tue, 24 Jan 2017 18:58:17 +0000 (10:58 -0800)]
avformat/flacdec: Check avio_read result when reading flac block header.

Return AVERROR_INVALIDDATA if all four bytes aren't present.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 95bde49982a82bc10470c0adab5969ffe635d064)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/utils: correct align value for interplay
Michael Niedermayer [Tue, 24 Jan 2017 23:20:19 +0000 (00:20 +0100)]
avcodec/utils: correct align value for interplay

Fixes out of array access
Fixes: 452/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_INTERPLAY_VIDEO_fuzzer

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2080bc33717955a0e4268e738acf8c1eeddbf8cb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/vp56: Check for the bitstream end, pass error codes on
Michael Niedermayer [Tue, 24 Jan 2017 21:21:25 +0000 (22:21 +0100)]
avcodec/vp56: Check for the bitstream end, pass error codes on

Fixes timeout
Fixes: 446/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_VP6_fuzzer

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e6a2427558a718be0c1fffacffd935f630a7a8d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan()
Michael Niedermayer [Tue, 24 Jan 2017 15:13:05 +0000 (16:13 +0100)]
avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan()

Fixes timeout
Fixes: 445/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer
Fixes: 456/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_JPEGLS_fuzzer

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 755933cb5cd17decd1838d3d64e07d4157de5638)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/pngdec: Fix off by 1 size in decode_zbuf()
Michael Niedermayer [Mon, 23 Jan 2017 00:25:27 +0000 (01:25 +0100)]
avcodec/pngdec: Fix off by 1 size in decode_zbuf()

Fixes out of array access
Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e371f031b942d73e02c090170975561fabd5c264)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/avidec: skip odml master index chunks in avi_sync
Tobias Rapp [Fri, 23 Dec 2016 13:50:16 +0000 (14:50 +0100)]
avformat/avidec: skip odml master index chunks in avi_sync

Fixes pts gaps when reading AVI files > 256GiB generated by FFmpeg.

Signed-off-by: Tobias Rapp <t.rapp@noa-archive.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6d579d7c1bdc4126955cae7f385208e455685986)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/mjpegdec: Check for rgb before flipping
Michael Niedermayer [Sat, 31 Dec 2016 02:08:33 +0000 (03:08 +0100)]
avcodec/mjpegdec: Check for rgb before flipping

Fixes assertion failure due to unsupported case

Fixes: 356/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 25d9643f1172ae6a210c671195ba3135895abaf3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/random_seed: Reduce the time needed on systems with very low precission clock()
Michael Niedermayer [Sat, 24 Dec 2016 13:26:41 +0000 (14:26 +0100)]
avutil/random_seed: Reduce the time needed on systems with very low precission clock()

This should fix issues on BSD
CLOCKS_PER_SEC is 128 on BSD while SUSv2 requires it to be a million

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4152fc42e480c41efb7f761b1bbe5f0bc43d5bc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/random_seed: Improve get_generic_seed() with higher precission clock()
Michael Niedermayer [Thu, 22 Dec 2016 02:59:03 +0000 (03:59 +0100)]
avutil/random_seed: Improve get_generic_seed() with higher precission clock()

Tested-by: Thomas Turner <thomastdt@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit da73d95bad4736c5e0a6b4b1a811f4dd4525bb4c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/utils: Print verbose error message if stream count exceeds max_streams
Michael Niedermayer [Sat, 10 Dec 2016 19:15:13 +0000 (20:15 +0100)]
avformat/utils: Print verbose error message if stream count exceeds max_streams

Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f0bdd538712d8ed34120ab2b7bd1409fcc99fb45)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/options_table: Set the default maximum number of streams to 1000
Michael Niedermayer [Sat, 10 Dec 2016 19:15:12 +0000 (20:15 +0100)]
avformat/options_table: Set the default maximum number of streams to 1000

Fixes CVE-2016-9561, Note the security relevance of this is disputed as
running out of memory can happen with valid files

Suggested-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 30581c51e72a7a7ea1572c1c6039f6e4c590a55c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil: Add av_image_check_size2()
Michael Niedermayer [Sat, 10 Dec 2016 20:05:14 +0000 (21:05 +0100)]
avutil: Add av_image_check_size2()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f542b152aa2086b30d1089162d79f5c136905c0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat: Add max_streams option
Michael Niedermayer [Fri, 18 Nov 2016 16:00:30 +0000 (17:00 +0100)]
avformat: Add max_streams option

This allows user apps to stop OOM due to excessive number of streams

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1296f844955e513d19051c962656f829479d4fb9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be allocated
Michael Niedermayer [Thu, 8 Dec 2016 22:51:45 +0000 (23:51 +0100)]
avcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be allocated

We are checking during encoding if there is enough space as version 4 needs that
check.

Fixes Ticket6005

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38a7834bbb24ef62466b076715e0add60e1d6962)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/mpeg4videodec: Fix undefined shifts in mpeg4_decode_sprite_trajectory()
Michael Niedermayer [Fri, 9 Dec 2016 16:01:14 +0000 (17:01 +0100)]
avcodec/mpeg4videodec: Fix undefined shifts in mpeg4_decode_sprite_trajectory()

Fixes: part of 670190.ogg

Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8258e363851434ad5662c19d036fddb3e3f27683)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/oggdec: Skip streams in duration correction that did not had their duration...
Michael Niedermayer [Fri, 9 Dec 2016 16:01:14 +0000 (17:01 +0100)]
avformat/oggdec: Skip streams in duration correction that did not had their duration set.

Fixes: part of 670190.ogg
Fixes integer overflow

Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ee2a6f5df8c6a151c3e3826872f1b0a07401c62a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/ffv1enc: Fix size of first slice
Michael Niedermayer [Thu, 8 Dec 2016 23:19:19 +0000 (00:19 +0100)]
avcodec/ffv1enc: Fix size of first slice

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cff1c0edaa797eca96663d9b83e4b8c1b609ff19)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agopgssubdec: reset rle_data_len/rle_remaining_len on allocation error
Andreas Cadhalpun [Tue, 31 Jan 2017 00:55:44 +0000 (01:55 +0100)]
pgssubdec: reset rle_data_len/rle_remaining_len on allocation error

The code relies on their validity and otherwise can try to access a NULL
object->rle pointer, causing segmentation faults.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 842e98b4d83d8cf297e2bc2761f1f47eb89e49e4)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoupdate for ffmpeg 2.8.10 n2.8.10
Michael Niedermayer [Tue, 6 Dec 2016 02:50:50 +0000 (03:50 +0100)]
update for ffmpeg 2.8.10

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/http: Match chunksize checks to master..3.0
Michael Niedermayer [Tue, 6 Dec 2016 02:06:05 +0000 (03:06 +0100)]
avformat/http: Match chunksize checks to .3.0

Fixes warning about impossible condition

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoChangelog: fix typos
Michael Niedermayer [Tue, 6 Dec 2016 00:19:34 +0000 (01:19 +0100)]
Changelog: fix typos

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoffserver: Check chunk size
Michael Niedermayer [Mon, 5 Dec 2016 16:27:45 +0000 (17:27 +0100)]
ffserver: Check chunk size

Fixes out of array access

Fixes: poc_ffserver.py
Found-by: Paul Cher <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoAvoid using the term "file" and prefer "url" in some docs and comments
Michael Niedermayer [Mon, 5 Dec 2016 11:54:21 +0000 (12:54 +0100)]
Avoid using the term "file" and prefer "url" in some docs and comments

This should make it less ambigous that these are URLs

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5f27a9c3aa973c543bd8bbf2a78363700bbc03e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/rtmppkt: Check for packet size mismatches
Michael Niedermayer [Mon, 5 Dec 2016 10:14:51 +0000 (11:14 +0100)]
avformat/rtmppkt: Check for packet size mismatches

Fixes out of array access

Found-by: Paul Cher <paulcher@icloud.com>
Reviewed-by: Paul Cher <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7d57ca4d9a75562fa32e40766211de150f8b3ee7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agozmqsend: Initialize ret to 0
Timothy Gu [Mon, 5 Dec 2016 18:04:57 +0000 (10:04 -0800)]
zmqsend: Initialize ret to 0

Fixes CID1396857.

(cherry picked from commit d903b4e3ad4a81b3dd79f12c2f3b9cb16e511173)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoconfigure: check for strtoull on msvc
James Almer [Mon, 5 Dec 2016 16:07:10 +0000 (13:07 -0300)]
configure: check for strtoull on msvc

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit b52d3574d466e745834d1283b55570dee1e2d4cd)

3 years agohttp: move chunk handling from http_read_stream() to http_buf_read().
Ronald S. Bultje [Mon, 5 Dec 2016 15:18:10 +0000 (10:18 -0500)]
http: move chunk handling from http_read_stream() to http_buf_read().

(cherry picked from commit 845bb401781ef04e342bd558df16a8dbf5f800f9)

3 years agohttp: make length/offset-related variables unsigned.
Ronald S. Bultje [Mon, 5 Dec 2016 20:55:26 +0000 (15:55 -0500)]
http: make length/offset-related variables unsigned.

Fixes #5992, reported and found by Paul Cher <paulcher@icloud.com>.

(cherry picked from commit 2a05c8f813de6f2278827734bf8102291e7484aa)

3 years agoChangelog: update n2.8.9
Michael Niedermayer [Sun, 4 Dec 2016 00:42:53 +0000 (01:42 +0100)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/flacdec: Fix undefined shift in decode_subframe()
Michael Niedermayer [Sat, 3 Dec 2016 23:11:17 +0000 (00:11 +0100)]
avcodec/flacdec: Fix undefined shift in decode_subframe()

Fixes undefined behavior
Fixes: 639961-media

Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f5630af51f24d79053b6bef5b8b3ba93d637306)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/get_bits: Fix get_sbits_long(0)
Michael Niedermayer [Sat, 3 Dec 2016 22:44:56 +0000 (23:44 +0100)]
avcodec/get_bits: Fix get_sbits_long(0)

Fixes undefined behavior
Fixes: 640889-media

Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c72fa432349881d5a445cd110abf698cc94d490d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/ffmdec: Check media type for chunks
Michael Niedermayer [Sat, 3 Dec 2016 12:39:56 +0000 (13:39 +0100)]
avformat/ffmdec: Check media type for chunks

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e706e2e775730db5dfa9103628cd70704dd13cef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()
Michael Niedermayer [Sat, 3 Dec 2016 16:05:43 +0000 (17:05 +0100)]
avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()

Fixes undefined behavior
Fixes: 640912-media

Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 83a75bf6c31b3c0ce2ca7e1426d1f2e3df634239)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c
Michael Niedermayer [Sat, 3 Dec 2016 15:43:10 +0000 (16:43 +0100)]
avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c

Fixes: left shift of negative value
Fixes: 668346-media

Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit acc163c6ab52d2235767852262c64c7f6b273d1c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/oggparsespeex: Check frames_per_packet and packet_size
Michael Niedermayer [Sat, 3 Dec 2016 02:40:55 +0000 (03:40 +0100)]
avformat/oggparsespeex: Check frames_per_packet and packet_size

The speex specification does not seem to restrict these values, thus
the limits where choosen so as to avoid multiplicative overflow

Fixes undefined behavior
Fixes: 635422.ogg

Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit afcf15b0dbb4b6429be5083e50b296cdca61875e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/utils: Check start/end before computing duration in update_stream_timings()
Michael Niedermayer [Sat, 3 Dec 2016 02:02:41 +0000 (03:02 +0100)]
avformat/utils: Check start/end before computing duration in update_stream_timings()

Fixes undefined behavior
Fixes: 637428.ogg

Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 90da187f1d334422477886a19eca3c1da29c59a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoChangelog: Update
Michael Niedermayer [Thu, 1 Dec 2016 23:47:39 +0000 (00:47 +0100)]
Changelog: Update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/flac_parser: Update nb_headers_buffered
Michael Niedermayer [Thu, 24 Nov 2016 14:29:52 +0000 (15:29 +0100)]
avcodec/flac_parser: Update nb_headers_buffered

Fixes infinite loop
Fixes: fuzz.flac

Found-by: Frank Liberato <liberato@google.com>
Reviewed-by: Frank Liberato <liberato@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2475858889cde6221677473b663df6f985add33d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/idroqdec: Check chunk_size for being too large
Michael Niedermayer [Tue, 29 Nov 2016 01:58:34 +0000 (02:58 +0100)]
avformat/idroqdec: Check chunk_size for being too large

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 744a0b5206634e5de04d5c31f08cc3640faf800d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoUpdate Changelog
Andreas Cadhalpun [Sat, 26 Nov 2016 23:47:03 +0000 (00:47 +0100)]
Update Changelog