ffmpeg.git
2 months agoavcodec/alsdec: Fixes signed integer overflow in LSB addition
Michael Niedermayer [Thu, 20 Jun 2019 22:47:16 +0000 (00:47 +0200)]
avcodec/alsdec: Fixes signed integer overflow in LSB addition

Fixes: signed integer overflow: 8 * 536870912 cannot be represented in type 'int'
Fixes: 15281/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5744458785619968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7f527021df73b4792323f38f84a4bf2fbe5a2052)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/alsdec: Check opt_order / sb_length in ra_block handling
Michael Niedermayer [Thu, 20 Jun 2019 22:47:15 +0000 (00:47 +0200)]
avcodec/alsdec: Check opt_order / sb_length in ra_block handling

Fixes: out of array access
Fixes: 15277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5184853437317120
Fixes: 15280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5741062137577472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0794494c8f2f756e3c9384dba21c54f7d4ba9286)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/alsdec: Fix integer overflow with shifting samples
Michael Niedermayer [Wed, 19 Jun 2019 21:27:21 +0000 (23:27 +0200)]
avcodec/alsdec: Fix integer overflow with shifting samples

Fixes: signed integer overflow: -346039050 * 8 cannot be represented in type 'int'
Fixes: 15283/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5692700268953600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a3bd4b260eb9f0d5817f9b3d672844f127c51a0b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/alsdec: Fix undefined behavior in decode_rice()
Michael Niedermayer [Wed, 19 Jun 2019 21:17:31 +0000 (23:17 +0200)]
avcodec/alsdec: Fix undefined behavior in decode_rice()

Fixes: left shift of 72 by 26 places cannot be represented in type 'int'
Fixes: 15279/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5700665621348352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 51f6870c37cc29e1ea7e0c66df2fe505938b7561)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/alsdec: Fixes invalid shifts in read_var_block_data() and INTERLEAVE_OUTPUT()
Michael Niedermayer [Wed, 19 Jun 2019 19:53:43 +0000 (21:53 +0200)]
avcodec/alsdec: Fixes invalid shifts in read_var_block_data() and INTERLEAVE_OUTPUT()

Fixes: left shift of negative value -6
Fixes: 15275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5742361767837696
Fixes: signed integer overflow: 41582592 * 256 cannot be represented in type 'int'
Fixes: 15296/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5739558227935232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e131568752ad41222946304c61eadb87b0a24791)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/hevc_ps: Change num_tile_rows/columns checks to sps->ctb_height/weight
Michael Niedermayer [Tue, 25 Jun 2019 08:29:57 +0000 (10:29 +0200)]
avcodec/hevc_ps: Change num_tile_rows/columns checks to sps->ctb_height/weight

Suggested-by: James Almer <jamrial@gmail.com>
Reviewed-by: James Almer <jamrial@gmail.com
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3b2082c663dac93fd722289a540c1b1e24a12564)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columns
Michael Niedermayer [Thu, 13 Jun 2019 13:05:54 +0000 (15:05 +0200)]
avcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columns

Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 14880/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5130977304641536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c692051252693155c4eecd16f4f8a79caf66cd54)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check
Michael Niedermayer [Sun, 16 Jun 2019 09:26:57 +0000 (11:26 +0200)]
avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check

Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d4f4f4a15e79c96c3613e5c252b2f5cc4190e18)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/aviobuf: Delay buffer downsizing until asserts are met
Michael Niedermayer [Sun, 9 Jun 2019 20:04:16 +0000 (22:04 +0200)]
avformat/aviobuf: Delay buffer downsizing until asserts are met

Fixes: Assertion failure
Fixes: 15151/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5757079496687616
Fixes: 15205/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5767573242642432
May fix: Ticket7094

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0334632d5c02720f1829d59cd20c009584b5b163)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/fitsdec: Check data_min/max
Michael Niedermayer [Wed, 12 Jun 2019 22:24:53 +0000 (00:24 +0200)]
avcodec/fitsdec: Check data_min/max

Fixes: division by 0
Fixes: 15206/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5657260212092928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eb82d19f035f59edf0aee215f02baaea908875de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/m101: Fix off be 2 error
Michael Niedermayer [Mon, 17 Jun 2019 19:13:17 +0000 (21:13 +0200)]
avcodec/m101: Fix off be 2 error

Fixes: out of array read
Fixes: 15263/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_M101_fuzzer-5728999453491200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 89b96900fa7c17d0770c9af26af7c3ae36ae0253)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/qdm2: Move fft_order check up
Michael Niedermayer [Mon, 17 Jun 2019 18:58:47 +0000 (20:58 +0200)]
avcodec/qdm2: Move fft_order check up

This avoids undefined computations with unchecked values

Fixes: shift exponent -21 is negative
Fixes: 15262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5651261753393152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8d8b8c4ac6fb5b5d40bd131f2d2ea9d85b8759a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/libvorbisdec: Check extradata size
Michael Niedermayer [Mon, 17 Jun 2019 19:26:45 +0000 (21:26 +0200)]
avcodec/libvorbisdec: Check extradata size

Fixes: out of array read
Fixes: 15261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_fuzzer-5764908467093504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf3c245566e8a8d45ed2ad9fdff9ef50327ba2d3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/vqf: Check header_size
Michael Niedermayer [Tue, 18 Jun 2019 21:17:23 +0000 (23:17 +0200)]
avformat/vqf: Check header_size

Fixes: 15271/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5735262606327808
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7c30ff38880570377168096417f714b21102b343)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/atrac9dec: Check q_unit_cnt in parse_band_ext()
Michael Niedermayer [Sun, 16 Jun 2019 19:01:50 +0000 (21:01 +0200)]
avcodec/atrac9dec: Check q_unit_cnt in parse_band_ext()

Fixes: global-buffer-overflow
Fixes: 15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fb4a4557d15bce601e2462207648741600fa273f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/atrac9dec: Check that the reused block has succeeded initilization
Michael Niedermayer [Sun, 16 Jun 2019 18:56:20 +0000 (20:56 +0200)]
avcodec/atrac9dec: Check that the reused block has succeeded initilization

Fixes: global-buffer-overflow
Fixes: 15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ac9af7e9a5befa8a554bacbcc59ab2f11203d85e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoUpdate for 4.1.4
Michael Niedermayer [Thu, 27 Jun 2019 17:51:59 +0000 (19:51 +0200)]
Update for 4.1.4

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/utils: Check bits_per_coded_sample
Michael Niedermayer [Tue, 18 Jun 2019 21:55:56 +0000 (23:55 +0200)]
avcodec/utils: Check bits_per_coded_sample

This avoids the need for each decoder separately having to handle this case

Fixes: shift exponent -100663046 is negative
Fixes: out of array access
Fixes: 15270/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5727829913763840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d33414d2ad27a5d2193c9ab0948ba7a282c2f910)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/videodsp_template: Fix overflow of addition
Michael Niedermayer [Fri, 14 Jun 2019 22:47:06 +0000 (00:47 +0200)]
avcodec/videodsp_template: Fix overflow of addition

Fixes: addition of unsigned offset to 0x7f56fc26a9b6 overflowed to 0x7f56fc26a8be*
Fixes: clusterfuzz-testcase-minimized-mediasource_MP4_AVC1_pipeline_integration_fuzzer-4917949056679936

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 247a1de7f7d9c5628cf188e677d10ce9e12bd2f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/alsdec: Fix invalid shift in multiply()
Michael Niedermayer [Thu, 20 Jun 2019 17:09:11 +0000 (19:09 +0200)]
avcodec/alsdec: Fix invalid shift in multiply()

Fixes: shift exponent -24 is negative
Fixes: 15292/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5768533318828032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f30be1ec9856551d96f3876eec5f8b8abf456b81)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/ffwavesynth: Check ts_end - ts_start for overflow
Michael Niedermayer [Sun, 16 Jun 2019 14:12:42 +0000 (16:12 +0200)]
avcodec/ffwavesynth: Check ts_end - ts_start for overflow

Fixes: signed integer overflow: 2314885530818453536 - -8926099139098304480 cannot be represented in type 'long'
Fixes: 15259/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5764366093254656

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2db7a3bc4acdd293ed10b71e55f16a45ca28b629)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vc1dsp: Avoid undefined shifts in vc1_v_s_overlap_c / vc1_h_s_overlap_c
Michael Niedermayer [Sun, 16 Jun 2019 14:17:12 +0000 (16:17 +0200)]
avcodec/vc1dsp: Avoid undefined shifts in vc1_v_s_overlap_c / vc1_h_s_overlap_c

Fixes: left shift of negative value -13
Fixes: 15260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5702076048343040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 507ca66ee41aa8a95b75654163f77af0a99a25b1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/tta: Fix undefined shift
Michael Niedermayer [Sun, 16 Jun 2019 13:55:55 +0000 (15:55 +0200)]
avcodec/tta: Fix undefined shift

Fixes: left shift of negative value -4483
Fixes: 15256/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5738691617619968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ebccd2f778a861b41ad38a8464ea120d4f16b2d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/qdmc: Fix integer overflows in PRNG
Michael Niedermayer [Sun, 16 Jun 2019 13:53:27 +0000 (15:53 +0200)]
avcodec/qdmc: Fix integer overflows in PRNG

Fixes: signed integer overflow: 214013 * 2531011 cannot be represented in type 'int'
Fixes: 15254/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDMC_fuzzer-5698137026461696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2921b45a388a81968d946996bb32e72d7bb5d5b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/bintext: Check font height
Michael Niedermayer [Sun, 16 Jun 2019 14:01:45 +0000 (16:01 +0200)]
avcodec/bintext: Check font height

Fixes: division by zero
Fixes: 15257/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINTEXT_fuzzer-5757352881422336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bfb58bdd7015a6df2d130c92cf284d6a2362f3df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/binkdsp: Fix integer overflows in idct
Michael Niedermayer [Tue, 18 Jun 2019 12:28:17 +0000 (14:28 +0200)]
avcodec/binkdsp: Fix integer overflows in idct

Fixes: signed integer overflow: 3784 * 682038 cannot be represented in type 'int'
Fixes: 15265/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5088311799971840
Fixes: 15268/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5666502344179712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7a072fbcc4c6f8ddbf37b131c2d141589118abcd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/bink: Fix integer overflow in unquantize_dct_coeffs()
Michael Niedermayer [Tue, 18 Jun 2019 12:28:17 +0000 (14:28 +0200)]
avcodec/bink: Fix integer overflow in unquantize_dct_coeffs()

Fixes: signed integer overflow: -3447 * 2883584 cannot be represented in type 'int'
Fixes: 15265/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5088311799971840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 62ad08cef993f7a103b6d3a5498f6fa49190e085)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/motionpixels: Check for vlc error in mp_get_vlc()
Michael Niedermayer [Sat, 15 Jun 2019 19:08:31 +0000 (21:08 +0200)]
avcodec/motionpixels: Check for vlc error in mp_get_vlc()

Fixes: 15246/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5168534407086080
Fixes: runtime error: index -1 out of bounds for type 'HuffCode [16]'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 930cdef80ab695132d3de2128c3c23f2d698918b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/loco: Limit lossy parameter so it is sane and does not overflow
Michael Niedermayer [Sat, 15 Jun 2019 19:47:16 +0000 (21:47 +0200)]
avcodec/loco: Limit lossy parameter so it is sane and does not overflow

Fixes: 15248/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5087440458481664
Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce3b0b9066b433564ed3ee3eed3a1e8f2c0834a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/mov: Set fragment.found_tfhd only after TFHD has been parsed
Michael Niedermayer [Fri, 14 Jun 2019 22:12:36 +0000 (00:12 +0200)]
avformat/mov: Set fragment.found_tfhd only after TFHD has been parsed

Fixes: Assertion failure
Fixes: crbug971646.mp4

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 696312c487d9d8c49a087017a829d1cdcbd68651)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/xpmdec: Do not use context dimensions as temporary variables
Michael Niedermayer [Wed, 12 Jun 2019 18:13:34 +0000 (20:13 +0200)]
avcodec/xpmdec: Do not use context dimensions as temporary variables

Fixes: Integer overflow
Fixes: 15134/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5722635939348480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5ea7f2050050fd6a9177a9b618f2bb2d4add9230)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/fitsdec: Fix division by 0 in size check
Michael Niedermayer [Thu, 13 Jun 2019 14:08:03 +0000 (16:08 +0200)]
avcodec/fitsdec: Fix division by 0 in size check

Fixes: division by zero
Fixes: 15210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5746033243455488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07ffe94c172041cfb03109b9bb6b8bf577332bda)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/aacpsdsp_template: Fix integer overflow in ps_hybrid_analysis_c()
Michael Niedermayer [Thu, 13 Jun 2019 13:00:14 +0000 (15:00 +0200)]
avcodec/aacpsdsp_template: Fix integer overflow in ps_hybrid_analysis_c()

Fixes: signed integer overflow: -1539565182 + -798086761 cannot be represented in type 'int'
Fixes: 14807/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-564925382682214

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f8f5668df590d853429586e1f95cbd9cee38920e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/truemotion2: Fix integer overflow in last loop in tm2_update_block()
Michael Niedermayer [Thu, 13 Jun 2019 17:45:50 +0000 (19:45 +0200)]
avcodec/truemotion2: Fix integer overflow in last loop in tm2_update_block()

Fixes: signed integer overflow: -1727985666 - 538976288 cannot be represented in type 'int'
Fixes: 15031/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5100228035739648

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3aecd0170413c7e56f19de4e34d093a2c4027c2a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/iff: finetune the palette size check in the mask case
Michael Niedermayer [Sat, 22 Jun 2019 19:17:52 +0000 (21:17 +0200)]
avcodec/iff: finetune the palette size check in the mask case

Fixes: out of array access
Fixes: 15381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5668057826983936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0f9789c8e37eb6d166729e876729beb21b7d5647)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/iff: Fix mask_buf / mask_palbuf leak
Michael Niedermayer [Sat, 22 Jun 2019 18:05:15 +0000 (20:05 +0200)]
avcodec/iff: Fix mask_buf / mask_palbuf leak

Fixes: 15372/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5708881759567872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 92e8db532cdee3c73913174413428ffdc35032e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/icodec: Free ico->images on error paths
Michael Niedermayer [Sat, 8 Jun 2019 08:48:41 +0000 (10:48 +0200)]
avformat/icodec: Free ico->images on error paths

Fixes: 15116/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5715173567889408
Fixes: memleak

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 54918b51161610a364de697b80acb9583eecf41b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/wsddec: Fix undefined shift
Michael Niedermayer [Sat, 8 Jun 2019 07:27:49 +0000 (09:27 +0200)]
avformat/wsddec: Fix undefined shift

Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15123/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5738039235575808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 112eb17a2bbf6d02f81fdf0743b353a6b010aedc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/fmvc: Check if header fields are available before allocating the image
Michael Niedermayer [Sun, 2 Jun 2019 21:16:40 +0000 (23:16 +0200)]
avcodec/fmvc: Check if header fields are available before allocating the image

Fixes: Timeout (15sec -> 0.5sec)
Fixes: 14846/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FMVC_fuzzer-5068322120400896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 561cc161ca617c1b8d48fef0f02d56c0f1af0486)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/bink: Reorder operations in init to avoid memleak on error
Michael Niedermayer [Sat, 15 Jun 2019 19:52:24 +0000 (21:52 +0200)]
avcodec/bink: Reorder operations in init to avoid memleak on error

Fixes: Direct leak of 536 byte(s) in 1 object(s)
Fixes: 15266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5629530426834944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2603f25d326476a83f5d093b522590b05b6e703b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/wtvdec: Avoid (32bit signed) sectors
Michael Niedermayer [Wed, 12 Jun 2019 23:20:19 +0000 (01:20 +0200)]
avformat/wtvdec: Avoid (32bit signed) sectors

Fixes: left shift of negative value -14614752
Fixes: 15174/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5670543606415360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd357d76e5faf3ce6fc46ffb924cf30f1cb54af9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/bitstream: Check for more conflicting codes in build_table()
Michael Niedermayer [Wed, 5 Jun 2019 10:18:54 +0000 (12:18 +0200)]
avcodec/bitstream: Check for more conflicting codes in build_table()

Fixes: out of array read
Fixes: 14563/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5646451545210880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a7e3b271fc9a91c5d2e4df32e70e525c15c6d3ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/bitstream: Check for integer code truncation in build_table()
Michael Niedermayer [Wed, 5 Jun 2019 10:18:54 +0000 (12:18 +0200)]
avcodec/bitstream: Check for integer code truncation in build_table()

Fixes: out of array read
Fixes: 14563/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5646451545210880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e78b0f83748f92ea9e93b21c36082e0dd04d7cb1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/sbgdec: Fixes integer overflow in str_to_time() with hours
Michael Niedermayer [Thu, 6 Jun 2019 21:20:49 +0000 (23:20 +0200)]
avformat/sbgdec: Fixes integer overflow in str_to_time() with hours

Fixes: signed integer overflow: 904444 * 3600 cannot be represented in type 'int'
Fixes: 15113/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5764083346833408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a0f23b9d647ad84e0351b43ca4b552add00c8dc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/vpk: Check offset for validity
Michael Niedermayer [Thu, 6 Jun 2019 21:17:18 +0000 (23:17 +0200)]
avformat/vpk: Check offset for validity

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa003019ab9ec5ef7e7b3ff9d6262d3472b427eb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/vpk: Fix integer overflow in samples_per_block computation
Michael Niedermayer [Thu, 6 Jun 2019 21:14:13 +0000 (23:14 +0200)]
avformat/vpk: Fix integer overflow in samples_per_block computation

Fixes: signed integer overflow: 84026453 * 28 cannot be represented in type 'int'
Fixes: 15111/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5675630072430592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c6c4129b4cc3b9e0b3a527a5a15c904ec6ae3b6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/mjpegdec: Check for non ls PAL8
Michael Niedermayer [Sat, 1 Jun 2019 17:06:07 +0000 (19:06 +0200)]
avcodec/mjpegdec: Check for non ls PAL8

Fixes: Null-dereference READ in av_malloc
Fixes: 15002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5643474625363968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 442375fee7f1fb15e42fbc128dc38bdfcc2cc105)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/interplayvideo: check decoding_map_size with video_data_size
Michael Niedermayer [Sun, 26 May 2019 21:18:34 +0000 (23:18 +0200)]
avcodec/interplayvideo: check decoding_map_size with video_data_size

Fixes: Timeout (90543 ms -> 59 ms)
Fixes: 14721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_VIDEO_fuzzer-5697492148027392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 914d6a7c1a7a1850b4053847a784b174c9146c55)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/h264_parse: Use 64bit for expectedpoc and expected_delta_per_poc_cycle
Michael Niedermayer [Thu, 23 May 2019 21:17:35 +0000 (23:17 +0200)]
avcodec/h264_parse: Use 64bit for expectedpoc and expected_delta_per_poc_cycle

Fixes: signed integer overflow: -2142516591 + -267814575 cannot be represented in type 'int'
Fixes: 14450/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5716105319940096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4896fa18add7636ea9986edde51493331f1fb01e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/mss4: Check input size against skip bits
Michael Niedermayer [Tue, 14 May 2019 12:29:43 +0000 (14:29 +0200)]
avcodec/mss4: Check input size against skip bits

Fixes: Timeout (17sec -> 20ms)
Fixes: 14615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MTS2_fuzzer-5093007763701760
Fixes: 14797/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MTS2_fuzzer-5651696119709696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0fef412dffb74fef3494f7fae0c138c32a444484)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/dxv: Check op_offset in dxv_decompress_cocg()
Michael Niedermayer [Mon, 20 May 2019 23:33:03 +0000 (01:33 +0200)]
avcodec/dxv: Check op_offset in dxv_decompress_cocg()

Fixes: signed integer overflow: -2147483648 - 12 cannot be represented in type 'int'
Fixes: 14732/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5735273129836544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8e520843dd76a644c019134ac7b17eba9f1118b3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/diracdec: Fix integer overflow in global_mv()
Michael Niedermayer [Wed, 22 May 2019 00:01:33 +0000 (02:01 +0200)]
avcodec/diracdec: Fix integer overflow in global_mv()

Fixes: signed integer overflow: 16384 * 196607 cannot be represented in type 'int'
Fixes: 14810/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5091232683917312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a99ffb5bb4454c625748972d9389cfaa5433a342)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vmnc: Check available space against chunks before reget_buffer()
Michael Niedermayer [Fri, 17 May 2019 21:28:49 +0000 (23:28 +0200)]
avcodec/vmnc: Check available space against chunks before reget_buffer()

Fixes: Timeout (16sec -> 60ms)
Fixes: 14673/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMNC_fuzzer-5640217517621248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 279d9a84af37cc1a7cf79c1cd667105eeb948611)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/aacdec_template: skip apply_tns() if max_sfb is 0 (from previous header decod...
Michael Niedermayer [Sat, 18 May 2019 08:37:26 +0000 (10:37 +0200)]
avcodec/aacdec_template: skip apply_tns() if max_sfb is 0 (from previous header decode failure)

Fixes: NULL pointer dereference
Fixes: 14723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5654612436058112
Fixes: 14724/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5712607111020544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf3156e762bbd3fbaf9da53f3ef1ea6d1bad2ec5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/aacdec_fixed: Handle more extreem cases in noise_scale()
Michael Niedermayer [Thu, 16 May 2019 10:00:18 +0000 (12:00 +0200)]
avcodec/aacdec_fixed: Handle more extreem cases in noise_scale()

Its unclear if these cases have any relevance in real files

Fixes: shift exponent -2 is negative
Fixes: 14489/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5681941631729664

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d14663f8345a84613b1ec041fd65e4a90057320)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/aacdec_template: Merge 3 #ifs related to noise handling
Michael Niedermayer [Thu, 16 May 2019 09:55:43 +0000 (11:55 +0200)]
avcodec/aacdec_template: Merge 3 #ifs related to noise handling

Fewer #if and fewer lines

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc33c99d56791fc26ccafb49512b59e38b99ca12)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/aacdec_fixed: ssign seems always -1 in noise_scale(), simplify
Michael Niedermayer [Thu, 16 May 2019 09:03:59 +0000 (11:03 +0200)]
avcodec/aacdec_fixed: ssign seems always -1 in noise_scale(), simplify

(cherry picked from commit 3d5863d73915748013975cac8d2148c5fc3d01c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/mp3enc: Avoid SEEK_END as it is unsupported
Michael Niedermayer [Tue, 14 May 2019 10:12:29 +0000 (12:12 +0200)]
avformat/mp3enc: Avoid SEEK_END as it is unsupported

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf3ee6a13053d37a0c5022a324624e89f0bce8c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/truemotion2: Fix several integer overflows in tm2_update_block()
Michael Niedermayer [Sat, 4 May 2019 22:31:24 +0000 (00:31 +0200)]
avcodec/truemotion2: Fix several integer overflows in tm2_update_block()

Fixes: signed integer overflow: -1877966852 + -469491713 cannot be represented in type 'int'
Fixes: 14561/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5167608359288832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8eecf761a65baf4ce6f25c0a149819cc9414c0f0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/webm_chunk: Specify expected argument length of get_chunk_filename()
Michael Niedermayer [Thu, 2 May 2019 18:36:18 +0000 (20:36 +0200)]
avformat/webm_chunk: Specify expected argument length of get_chunk_filename()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1a74b04737f08e2e11a02ada280407889f6cadb1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/webm_chunk: Check header filename length
Michael Niedermayer [Thu, 2 May 2019 18:45:14 +0000 (20:45 +0200)]
avformat/webm_chunk: Check header filename length

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3b5b977c9f96e2c3803317ad75253801bc571791)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/cpia: Check input size also against linesizes and EOL
Michael Niedermayer [Sun, 19 May 2019 15:42:04 +0000 (17:42 +0200)]
avcodec/cpia: Check input size also against linesizes and EOL

Fixes: Timeout (14sec -> 29ms)
Fixes: 14733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5707022445576192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3c0bfa7d1a90a22d5fe8daa415cc689c111562f1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoswscale/tests/swscale: Lengthen pixfmt name buffer to 21 bytes
Michael Niedermayer [Mon, 13 May 2019 10:50:38 +0000 (12:50 +0200)]
swscale/tests/swscale: Lengthen pixfmt name buffer to 21 bytes

Some formats use longer names than 12.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9d269301f017657c3ae2e95a411317640acd39a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agolibswcale: Fix possible string overflow in test.
Adam Richter [Sun, 12 May 2019 12:03:25 +0000 (05:03 -0700)]
libswcale: Fix possible string overflow in test.

In libswcale/tests/swcale.c, the function fileTest() calls sscanf in
an argument of "%12s" on character srcStr[] and dstStr[], which are
only 12 bytes.  So, if the input string is 12 characters, a
terminating null byte can be written past the end of these arrays.

This bug was found by cppcheck.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b8ed4930618b170de57a9086e1e9892216454684)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/hq_hqa: Check available space before reading slice offsets
Michael Niedermayer [Sat, 11 May 2019 21:05:47 +0000 (23:05 +0200)]
avcodec/hq_hqa: Check available space before reading slice offsets

Fixes: Timeout (43sec -> 18sec)
Fixes: 14556/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5673543024508928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 407e7c34ca8a3047e4f1b14287053638b4add68d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agolavf/webm_chunk: Respect buffer size
Andreas Rheinhardt [Fri, 19 Apr 2019 22:03:14 +0000 (00:03 +0200)]
lavf/webm_chunk: Respect buffer size

The last argument of av_strlcpy is supposed to contain the size of the
destination buffer, but it was filled with the size of the source
string, effectively negating its very purpose.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 73ef1f47f59333328264a968c8fbbcfb0bf0643f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/fits: Check bitpix
Michael Niedermayer [Sun, 5 May 2019 16:38:33 +0000 (18:38 +0200)]
avcodec/fits: Check bitpix

Reference: Table 8: Interpretation of valid BITPIX value from FITS standard 4.0
Fixes: runtime error: division by zero
Fixes: 14581/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5652382425284608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0b5c93b276a14d1990aaabd77410a562f4b242c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/jvdec: Use ff_get_buffer() when the content is not reused
Michael Niedermayer [Fri, 3 May 2019 22:15:33 +0000 (00:15 +0200)]
avcodec/jvdec: Use ff_get_buffer() when the content is not reused

Fixes: Timeout (11sec -> 5sec)
Fixes: 14473/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JV_fuzzer-5761630857592832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 09edcd35726c9ebea8a175b54dfe05483f7154f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/truemotion2: Fix 2 integer overflows in tm2_update_block()
Michael Niedermayer [Fri, 19 Apr 2019 23:05:44 +0000 (01:05 +0200)]
avcodec/truemotion2: Fix 2 integer overflows in tm2_update_block()

Fixes: signed integer overflow: -2147483648 + -1 cannot be represented in type 'int'
Fixes: 14107/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5694078680825856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4a1b8d409639b2394589efe20ad55410cce391c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/gdv: Check input palette size before rescale()
Michael Niedermayer [Thu, 25 Apr 2019 17:18:08 +0000 (19:18 +0200)]
avcodec/gdv: Check input palette size before rescale()

Fixes: Timeout (22sec -> 11sec)
Fixes: 13576/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5681024577568768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f857753f56f86046d454969e33ba85b3bac99be2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/jpeg2000: Check stepsize before using it
Michael Niedermayer [Mon, 15 Apr 2019 22:41:54 +0000 (00:41 +0200)]
avcodec/jpeg2000: Check stepsize before using it

Fixes: value 1.87633e+10 is outside the range of representable values of type 'int'
Fixes: Undefined behavior
Fixes: 14246/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5758393601490944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06ef186fa1b7329c6fe6723372a72464c998059b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/aacdec_fixed: Fix undefined shift in noise_scale()
Michael Niedermayer [Fri, 29 Mar 2019 07:58:49 +0000 (08:58 +0100)]
avcodec/aacdec_fixed: Fix undefined shift in noise_scale()

Fixes: 13655/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5120559430500352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8ea211ab79d646f6d0af0945971ee55f36bfcbc9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavutil/avstring: Fix bug and undefined behavior in av_strncasecmp()
Michael Niedermayer [Mon, 15 Apr 2019 22:09:38 +0000 (00:09 +0200)]
avutil/avstring: Fix bug and undefined behavior in av_strncasecmp()

The function in case of n=0 would read more bytes than 0.
The end pointer could be beyond the allocated space, which
is undefined.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f0e9a863466bfcbd75ee15d4d8a6aad2a5126a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/mov: Skip stsd adjustment without chunks
Michael Niedermayer [Tue, 16 Apr 2019 20:15:14 +0000 (22:15 +0200)]
avformat/mov: Skip stsd adjustment without chunks

Fixes: Assertion failure
Fixes: clusterfuzz-testcase-minimized-media_pipeline_integration_fuzzer-5683096400822272

Found-by: Clusterfuzz
Reported-by: Dan Sanders <sandersd@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 18a567c369d74af5ef651b07c4c5615f5598616b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/aadec: Check for scanf() failure
Michael Niedermayer [Tue, 16 Apr 2019 21:56:43 +0000 (23:56 +0200)]
avformat/aadec: Check for scanf() failure

Fixes: use of uninitialized variables
Fixes: blank.aa

Found-by: Chamal De Silva <chamal.desilva@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed188f6dcdf0935c939ed813cf8745d50742014b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/ccaption_dec: Add a blank like at the end to avoid rollup reading from outside
Michael Niedermayer [Sat, 20 Apr 2019 16:11:42 +0000 (18:11 +0200)]
avcodec/ccaption_dec: Add a blank like at the end to avoid rollup reading from outside

Fixes: index 20 out of bounds for type 'const char *[4][128]'
Fixes: 14367/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CCAPTION_fuzzer-5718819672162304

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f17e8e90bb1fe5e4db18cc6dde9522417108c7bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/ivi: Move buffer/block end check to caller of ivi_dc_transform()
Michael Niedermayer [Thu, 11 Apr 2019 22:09:57 +0000 (00:09 +0200)]
avcodec/ivi: Move buffer/block end check to caller of ivi_dc_transform()

Fixes: assertion failure
Fixes: 14078/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5760571284127744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 110dce96331529a13cc815d3c852aed9d37f83d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/diracdec: Use 64bit in intermediate of global motion vector field generation
Michael Niedermayer [Sun, 7 Apr 2019 14:44:53 +0000 (16:44 +0200)]
avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation

It seems the specification does not limit the value to 32bit

Fixes: signed integer overflow: -109611143 * 24 cannot be represented in type 'int'
Fixes: 13477/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5648337460527104

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 837820f385af699f9bee5e2ba3169dda15e5894d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/truemotion2: Fix integer overflow in tm2_decode_blocks()
Michael Niedermayer [Tue, 26 Mar 2019 23:39:56 +0000 (00:39 +0100)]
avcodec/truemotion2: Fix integer overflow in tm2_decode_blocks()

Fixes: signed integer overflow: 255 + 2147483634 cannot be represented in type 'int'
Fixes: 13472/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5712444142387200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ad0533e914a2618aea1dc77748037bd8459f61d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agomovsub_bsf: Fix mov2textsub regression
Andreas Rheinhardt [Sun, 23 Jun 2019 04:46:12 +0000 (06:46 +0200)]
movsub_bsf: Fix mov2textsub regression

The mov flavour of timed text uses the first two bytes of the packet as
a length field. And up until 11bef2fe said length field has been read
correctly in the mov2textsub bsf. But since then the next two bytes are
read as if they were the length field. This is fixed in this commit.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 800f618a340d122754e7bdb82c22463cb9bd17b0)

3 months agolavc/libaomenc: Add a maximum constraint of 64 encoder threads.
Jun Zhao [Tue, 27 Nov 2018 09:18:26 +0000 (17:18 +0800)]
lavc/libaomenc: Add a maximum constraint of 64 encoder threads.

fixed the error in Intel(R) Xeon(R) Gold 6152 CPU like:
[libaom-av1 @ 0x469f340] Failed to initialize encoder: Invalid parameter
[libaom-av1 @ 0x469f340]   Additional information: g_threads out of range [..MAX_NUM_THREADS]

Signed-off-by: Jun Zhao <mypopydev@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit b87063c06dde35ef6b56f51df7642661a3b115da)

4 months agoavformat/aacdec: fix demuxing of small frames
James Almer [Thu, 25 Apr 2019 22:04:01 +0000 (19:04 -0300)]
avformat/aacdec: fix demuxing of small frames

10 bytes (id3v2 header amount of bytes) were being read before any checks
were made on the bitstream. The result was that we were overreading into
the next frame if the current one was 8 or 9 bytes long.

Fixes tickets #7271 and #7869.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d88193c2196cf5342424aaa7a44b046c71c2527a)

4 months agoavcodec/cuviddec: improve progressive frame detection
Sergey Svechnikov [Mon, 22 Apr 2019 17:26:24 +0000 (22:26 +0500)]
avcodec/cuviddec: improve progressive frame detection

There are 2 types of problems when using adaptive deinterlace with cuvid:

1. Sometimes, in the middle of transcoding, cuvid outputs frames with visible horizontal lines (as though weave deinterlace method was chosen);
2. Occasionally, on scene changes, cuvid outputs a wrong frame, which should have been shown several seconds before (as if the frame was assigned some wrong PTS value).

The reason is that sometimes CUVIDPARSERDISPINFO has property progressive_frame equal to 1 with interlaced videos.
In order to fix the problem we should check if the video is interlaced or progressive in the beginning of a video sequence (cuvid_handle_video_sequence).
And then we just use this information instead of the property progressive_frame in CUVIDPARSERDISPINFO (which is unreliable).

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
5 months agoavformat/matroskaenc: fix leak on error
Tristan Matthews [Thu, 4 Apr 2019 16:56:26 +0000 (12:56 -0400)]
avformat/matroskaenc: fix leak on error

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 1ec777dcdd03b43d3d694c3b4532dccea0b419f0)

5 months agoavformat/av1: Initialize padding in ff_isom_write_av1c
Jeremy Dorfman [Mon, 8 Apr 2019 12:14:27 +0000 (08:14 -0400)]
avformat/av1: Initialize padding in ff_isom_write_av1c

Otherwise, AV1 encodes with FFmpeg trigger use-of-uninitialized-value
warnings under MemorySanitizer, and the output buffer potentially
changes from run to run.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit bb5efd1727eeecc9be8f1402810c7ab72344eed3)

5 months agoavcodec/cbs_av1: fix parsing spatial_id
James Almer [Mon, 25 Mar 2019 04:08:30 +0000 (01:08 -0300)]
avcodec/cbs_av1: fix parsing spatial_id

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 461303f94ab64e0cbd502cddb6e79473f8f525a1)

5 months agoChangelog: update n4.1.3
Michael Niedermayer [Mon, 1 Apr 2019 08:33:02 +0000 (10:33 +0200)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/rscc: Check that the to be uncompressed input is large enough
Michael Niedermayer [Sun, 31 Mar 2019 15:31:17 +0000 (17:31 +0200)]
avcodec/rscc: Check that the to be uncompressed input is large enough

Fixes: Out of array access
Fixes: 13984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RSCC_fuzzer-5734128093233152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a0ec1511e7040845a0d1ce99fe2f30a0972b6d2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/movenc: free eac3 private data only when closing the stream
James Almer [Fri, 29 Mar 2019 01:36:25 +0000 (22:36 -0300)]
avformat/movenc: free eac3 private data only when closing the stream

This makes sure the data is available when writing the moov atom during the
second pass triggered by the faststart movflag.

Fixes ticket #7780

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 27c94c57dc84da8125225fda7d241be57d19b391)

5 months agoUpdate for 4.1.3
Michael Niedermayer [Sun, 31 Mar 2019 21:31:47 +0000 (23:31 +0200)]
Update for 4.1.3

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/hevcdec: Avoid only partly skiping duplicate first slices
Michael Niedermayer [Sat, 23 Mar 2019 19:55:08 +0000 (20:55 +0100)]
avcodec/hevcdec: Avoid only partly skiping duplicate first slices

Fixes: NULL pointer dereference and out of array access
Fixes: 13871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5746167087890432
Fixes: 13845/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5650370728034304

This also fixes the return code for explode mode

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 54655623a82632e7624714d7b2a3e039dc5faa7e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agolavc/bmp: Avoid a heap buffer overwrite for 1bpp input.
Carl Eugen Hoyos [Tue, 26 Mar 2019 12:32:11 +0000 (13:32 +0100)]
lavc/bmp: Avoid a heap buffer overwrite for 1bpp input.

Found by Mingi Cho, Seoyoung Kim, and Taekyoung Kwon
of the Information Security Lab, Yonsei University.

(cherry picked from commit 1e34014010dba9325fc5430934b51a61a5007c63)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mpegpicture: Check size of edge_emu_buffer
Michael Niedermayer [Sun, 17 Mar 2019 14:18:20 +0000 (15:18 +0100)]
avcodec/mpegpicture: Check size of edge_emu_buffer

Fixes: OOM
Fixes: 13710/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5633152942342144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 635067b75fce06928431ce9b9fcaee0c9b6b7280)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/mov: Fix potential integer overflow in entry check in mov_read_trun()
Michael Niedermayer [Sun, 17 Mar 2019 10:14:26 +0000 (11:14 +0100)]
avformat/mov: Fix potential integer overflow in entry check in mov_read_trun()

No testcase

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ff13a92a6f8413402f5b3cacedda7c10d350b487)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/truemotion2: Fix integer overflow in tm2_null_res_block()
Michael Niedermayer [Sat, 16 Mar 2019 01:30:57 +0000 (02:30 +0100)]
avcodec/truemotion2: Fix integer overflow in tm2_null_res_block()

Fixes: signed integer overflow: 1111638592 - -2122219136 cannot be represented in type 'int'
Fixes: 13441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5732769815068672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1223696c725a8ea7e80498e6ccfab37eea179b76)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/cbs_av1: fix range of values for Mastering Display Color Volume Metadata...
James Almer [Thu, 21 Mar 2019 18:37:26 +0000 (15:37 -0300)]
avcodec/cbs_av1: fix range of values for Mastering Display Color Volume Metadata OBUs

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 40490b3a63368bdc2403bf7415b214e6dc0a9a3a)

5 months agoavcodec/av1_parser: don't abort parsing the first frame if extradata parsing fails
James Almer [Sun, 24 Mar 2019 21:22:32 +0000 (18:22 -0300)]
avcodec/av1_parser: don't abort parsing the first frame if extradata parsing fails

The first frame contains the sequence header, which is needed to parse every
following frame.

This fixes parsing streams with broken extradata but correct packet data.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 699d0c2a30d5b2a10b6a0f459a35d665dc22b2f1)

6 months agoChangelog: update n4.1.2
Michael Niedermayer [Thu, 21 Mar 2019 08:02:44 +0000 (09:02 +0100)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/dfa: Check the chunk header is not truncated
Michael Niedermayer [Sun, 10 Mar 2019 22:45:19 +0000 (23:45 +0100)]
avcodec/dfa: Check the chunk header is not truncated

Fixes: Timeout (11sec -> 3sec)
Fixes: 13218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-5661074316066816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f20760fadbc77483b9ff4b400b53ebb38ee33793)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/clearvideo: Check remaining data in P frames
Michael Niedermayer [Fri, 8 Mar 2019 00:42:06 +0000 (01:42 +0100)]
avcodec/clearvideo: Check remaining data in P frames

Fixes: Timeout (19sec -> 419msec)
Fixes: 13411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5733153811988480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 41f93f941155f9f9dbb2d5e7f5d20b2238150836)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>