ffmpeg.git
2 years agoavformat/mux: Fix copy an paste typo
Michael Niedermayer [Fri, 26 May 2017 16:01:31 +0000 (18:01 +0200)]
avformat/mux: Fix copy an paste typo

Found-by: Roger Scott <rscott@grammatech.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1a36354698fc0453ba4d337786d2cb4d3e374cfb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavutil/internal: Do not enable CHECKED with DEBUG
Michael Niedermayer [Fri, 7 Apr 2017 11:49:09 +0000 (13:49 +0200)]
avutil/internal: Do not enable CHECKED with DEBUG

This avoids potential undefined behavior in debug mode while still allowing
developers which want to check for potential additional overflows to do so
by manually enabling this.

Reviewed-by: wm4
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a44b3abb4cf922e379fbac55452d0482a8223597)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec_fixed: Fix runtime error: signed integer overflow: -2147483648 * ...
Michael Niedermayer [Thu, 25 May 2017 21:01:27 +0000 (23:01 +0200)]
avcodec/aacdec_fixed: Fix runtime error: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'

Fixes: 1825/clusterfuzz-testcase-minimized-6002833050566656

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8e87d146d798ca25d8f3a4520a6deb7946b39d73)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/smc: Check remaining input
Michael Niedermayer [Thu, 25 May 2017 18:07:49 +0000 (20:07 +0200)]
avcodec/smc: Check remaining input

Fixes: Timeout
Fixes: 1818/clusterfuzz-testcase-minimized-5039166473633792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 356194fcb17375de2472f4cbff6ede48d6a374b2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/jpeg2000dec: Fix copy and paste error
Michael Niedermayer [Thu, 25 May 2017 09:11:33 +0000 (11:11 +0200)]
avcodec/jpeg2000dec: Fix copy and paste error

Found-by: jamrial
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5782e0ba8cc30bb08a806cdeda1adfb89a0556b4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/jpeg2000dec: Check tile offsets
Michael Niedermayer [Wed, 24 May 2017 17:40:42 +0000 (19:40 +0200)]
avcodec/jpeg2000dec: Check tile offsets

Fixes: runtime error: signed integer overflow: 4096 - -2147483648 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 89325417e7b33f4b08171d9d609c48662d96b2d3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/sanm: Fix uninitialized reference frames
Max Justicz [Wed, 24 May 2017 13:25:50 +0000 (15:25 +0200)]
avcodec/sanm: Fix uninitialized reference frames

Fixes: poc.snm

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca616b0f72c65b0ef5f9e1e6125698b15f50a26e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/jpeglsdec: Check get_bits_left() before decoding a picture
Michael Niedermayer [Tue, 23 May 2017 20:18:52 +0000 (22:18 +0200)]
avcodec/jpeglsdec: Check get_bits_left() before decoding a picture

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4bc3008d04451cd31818e21703ed7ed96b6ff074)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ivi_dsp: Fix multiple runtime error: left shift of negative value -71
Michael Niedermayer [Sun, 21 May 2017 23:19:50 +0000 (01:19 +0200)]
avcodec/ivi_dsp: Fix multiple runtime error: left shift of negative value -71

Fixes: 1734/clusterfuzz-testcase-minimized-5385630815092736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8fb00b3e858b7a5aeccfe6bdfc10290c2121c3ec)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mjpegdec: Fix runtime error: signed integer overflow: -32767 * 130560 cannot...
Michael Niedermayer [Sun, 21 May 2017 19:49:54 +0000 (21:49 +0200)]
avcodec/mjpegdec: Fix runtime error: signed integer overflow: -32767 * 130560 cannot be represented in type 'int'

Fixes: 1724/clusterfuzz-testcase-minimized-4842395432648704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 40fa6a2fa2c255293a780a194eecae5df52644a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec_fixed: Fix runtime error: shift exponent 34 is too large for 32-bit...
Michael Niedermayer [Sun, 21 May 2017 14:53:55 +0000 (16:53 +0200)]
avcodec/aacdec_fixed: Fix runtime error: shift exponent 34 is too large for 32-bit type 'int'

Fixes: 1721/clusterfuzz-testcase-minimized-4719352135811072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5228e44c7f3a5eba537c8a39a45cfbf2961a28d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg4videodec: Check for multiple VOL headers
Michael Niedermayer [Sun, 21 May 2017 14:01:27 +0000 (16:01 +0200)]
avcodec/mpeg4videodec: Check for multiple VOL headers

Fixes multiple: runtime error: signed integer overflow: 2147115008 + 413696 cannot be represented in type 'int'
Fixes: 1723/clusterfuzz-testcase-minimized-5309409372667904
Fixes: 1727/clusterfuzz-testcase-minimized-5900685306494976
Fixes: 1737/clusterfuzz-testcase-minimized-5922321338466304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit efeb47fd5d5cbf980e52a6d5e741c3c74b94b5e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vmnc: Check location before use
Michael Niedermayer [Sun, 21 May 2017 11:22:16 +0000 (13:22 +0200)]
avcodec/vmnc: Check location before use

Fixes: runtime error: signed integer overflow: 65535 * 64256 cannot be represented in type 'int'
Fixes: 1717/clusterfuzz-testcase-minimized-5491696676634624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec2b76aab44f55be22eb12d86eb0dfd2eff68581)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/takdec: Fix runtime error: signed integer overflow: 8192 * 524308 cannot...
Michael Niedermayer [Tue, 16 May 2017 22:07:02 +0000 (00:07 +0200)]
avcodec/takdec: Fix runtime error: signed integer overflow: 8192 * 524308 cannot be represented in type 'int'

Fixes: 1630/clusterfuzz-testcase-minimized-6326111917047808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 955db411929a9876d3cd016fbbb9c49b6362feba)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aac_defines: Fix: runtime error: left shift of negative value -2
Michael Niedermayer [Sun, 21 May 2017 00:51:04 +0000 (02:51 +0200)]
avcodec/aac_defines: Fix: runtime error: left shift of negative value -2

Fixes: 1716/clusterfuzz-testcase-minimized-4691012196761600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c3547dcbc326474745f02a618e01848a293f3f92)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/takdec: Fix runtime error: left shift of negative value -63
Michael Niedermayer [Sun, 21 May 2017 00:46:55 +0000 (02:46 +0200)]
avcodec/takdec: Fix runtime error: left shift of negative value -63

Fixes: 1713/clusterfuzz-testcase-minimized-5791887476654080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d66193252b4067144f11211f8f3e1d5a50146235)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mlpdsp: Fix runtime error: signed integer overflow: -24419392 * 128 cannot...
Michael Niedermayer [Sun, 21 May 2017 00:42:12 +0000 (02:42 +0200)]
avcodec/mlpdsp: Fix runtime error: signed integer overflow: -24419392 * 128 cannot be represented in type 'int'

Fixes: 1711/clusterfuzz-testcase-minimized-5248503515185152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1d04fc94e1021b70e542dc01a48b8398c6fc6325)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/sbrdsp_fixed: fix runtime error: left shift of 1 by 31 places cannot be repre...
Michael Niedermayer [Sat, 20 May 2017 23:43:04 +0000 (01:43 +0200)]
avcodec/sbrdsp_fixed: fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

Fixes: part of 1709/clusterfuzz-testcase-minimized-4513580554649600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 384508b2ff69bc3fad1e1c2e7de0dcd0913c6208)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacsbr_fixed: Fix multiple runtime error: shift exponent 170 is too large...
Michael Niedermayer [Sat, 20 May 2017 22:06:10 +0000 (00:06 +0200)]
avcodec/aacsbr_fixed: Fix multiple runtime error: shift exponent 170 is too large for 32-bit type 'int'

Fixes part of 1709/clusterfuzz-testcase-minimized-4513580554649600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6310fc714de3cd73848416ead73228fcef8b6dc0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/hevc_sei: fix amount of bits skipped when reading picture timing SEI message
James Almer [Sat, 6 May 2017 23:31:45 +0000 (20:31 -0300)]
avcodec/hevc_sei: fix amount of bits skipped when reading picture timing SEI message

The code was skipping the entire reported SEI message size regardless of
the amount of bits read.
While in theory safe for NALU where the picture timing SEI message is alone
or at the end as we're using the checked bitstream reader, it isn't in any
other situation, where every SEI message in the NALU after the picture
timing one would potentially fail to parse.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit f738140807f504c9af7850042067777832f05e88)

Conflicts:
libavcodec/hevc_sei.c

2 years agoavformat/concatdec: fix the h264 annexb extradata check
James Almer [Tue, 25 Apr 2017 23:23:12 +0000 (20:23 -0300)]
avformat/concatdec: fix the h264 annexb extradata check

The start code can be either in the first three or four bytes.

(cherry picked from commit b4330a0e02fcbef61d630a369abe5f4421ced659)

2 years agoavformat/utils: free AVStream.codec properly in free_stream()
Aaron Levinson [Fri, 21 Apr 2017 06:30:13 +0000 (23:30 -0700)]
avformat/utils: free AVStream.codec properly in free_stream()

Fixes memory leaks.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit b9d2005ea5d6837917a69bc2b8e98f5695f54e39)

2 years agoavcodec/options: do a more thorough clean up in avcodec_copy_context()
James Almer [Mon, 24 Apr 2017 17:53:47 +0000 (14:53 -0300)]
avcodec/options: do a more thorough clean up in avcodec_copy_context()

Free coded_frame to prevent potential leaks.

Reviewed-by: Aaron Levinson <alevinsn@aracnet.com>
Tested-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit cac8de2da5c4935773128335c11b806faa73e19d)

2 years agoavcodec/options: factorize avcodec_copy_context() cleanup code
James Almer [Sat, 22 Apr 2017 16:25:32 +0000 (13:25 -0300)]
avcodec/options: factorize avcodec_copy_context() cleanup code

Reviewed-by: Aaron Levinson <alevinsn@aracnet.com>
Tested-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 54a4c9b4e9a1524b1ac5d2be97c8042272402d0a)

2 years agoavcodec/mlpdec: Do not leave a invalid num_primitive_matrices in the context
Michael Niedermayer [Fri, 19 May 2017 23:23:01 +0000 (01:23 +0200)]
avcodec/mlpdec: Do not leave a invalid num_primitive_matrices in the context

Fixes: runtime error: index 8 out of bounds for type 'uint8_t [8]'
Fixes: 1699/clusterfuzz-testcase-minimized-6327177438035968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 64ea4d102a070b95832ae4a751688f87da7760a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacsbr_fixed: Fix multiple runtime error: shift exponent 150 is too large...
Michael Niedermayer [Fri, 19 May 2017 10:25:52 +0000 (12:25 +0200)]
avcodec/aacsbr_fixed: Fix multiple runtime error: shift exponent 150 is too large for 32-bit type 'int'

Fixes: 1681/clusterfuzz-testcase-minimized-5970545365483520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3fb104f4476ad238e2ca768e9b80dc314e6e856d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mimic: Use ff_set_dimensions() to set the dimensions
Michael Niedermayer [Thu, 18 May 2017 15:46:56 +0000 (17:46 +0200)]
avcodec/mimic: Use ff_set_dimensions() to set the dimensions

Fixes: OOM
Fixes: 1671/clusterfuzz-testcase-minimized-4759078033162240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e434840fd4b3c854beec845f950b80bc1bf93b60)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/fic: Fix multiple runtime error: signed integer overflow: 5793 * 419752 canno...
Michael Niedermayer [Thu, 18 May 2017 15:13:18 +0000 (17:13 +0200)]
avcodec/fic: Fix multiple runtime error: signed integer overflow: 5793 * 419752 cannot be represented in type 'int'

Fixes: 1669/clusterfuzz-testcase-minimized-5287529198649344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a173f484b52ed63292439de5347e49bd78cad0ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mlpdec: Fix: runtime error: left shift of negative value -8
Michael Niedermayer [Thu, 18 May 2017 00:07:17 +0000 (02:07 +0200)]
avcodec/mlpdec: Fix: runtime error: left shift of negative value -8

Fixes: 1658/clusterfuzz-testcase-minimized-4889937130291200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 25c81e4b737bcc737b13c9a752cb301a28cb3906)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dfa: Fix: runtime error: signed integer overflow: -14202 * 196877 cannot...
Michael Niedermayer [Wed, 17 May 2017 23:54:43 +0000 (01:54 +0200)]
avcodec/dfa: Fix: runtime error: signed integer overflow: -14202 * 196877 cannot be represented in type 'int'

Fixes: 1657/clusterfuzz-testcase-minimized-4710000079405056

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 58ac7fb9c395ab91cb321fa4c8c9e127ce8147c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec: Fix runtime error: signed integer overflow: 2147483520 + 255 cannot...
Michael Niedermayer [Wed, 17 May 2017 14:45:46 +0000 (16:45 +0200)]
avcodec/aacdec: Fix runtime error: signed integer overflow: 2147483520 + 255 cannot be represented in type 'int'

Fixes: 1656/clusterfuzz-testcase-minimized-5900404925661184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 94d05ff15985d17aba070eaec82acd21c0da3d86)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec_template: Fix fixed point scale in decode_cce()
Michael Niedermayer [Wed, 17 May 2017 13:51:46 +0000 (15:51 +0200)]
avcodec/aacdec_template: Fix fixed point scale in decode_cce()

Fixes: runtime error: shift exponent 1073741824 is too large for 32-bit type 'int'
Fixes: 1654/clusterfuzz-testcase-minimized-5151903795118080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 53a502206a9ea698926694d7252526fe00d1ea44)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/flicvideo: Check frame_size before decrementing
Michael Niedermayer [Tue, 16 May 2017 23:12:55 +0000 (01:12 +0200)]
avcodec/flicvideo: Check frame_size before decrementing

Fixes: runtime error: signed integer overflow: -2147483627 - 22 cannot be represented in type 'int'
Fixes: 1637/clusterfuzz-testcase-minimized-5376582493405184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 355e27e24dc88d6ba8f27501a34925d9d937a399)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mlpdec: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Tue, 16 May 2017 22:53:32 +0000 (00:53 +0200)]
avcodec/mlpdec: Fix runtime error: left shift of negative value -1

Fixes: 1636/clusterfuzz-testcase-minimized-5310494757879808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 552adf1dd3a38fb7a1a6109dd2b517d63290f20e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/takdec: Fix runtime error: left shift of negative value -42
Michael Niedermayer [Tue, 16 May 2017 22:44:36 +0000 (00:44 +0200)]
avcodec/takdec: Fix  runtime error: left shift of negative value -42

Fixes: 1635/clusterfuzz-testcase-minimized-4992749856096256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 99c4c76cfbc4ae56dc8c37f5fab02f88f6b2cb48)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/hq_hqa: Fix: runtime error: signed integer overflow: -255 * 10180917 cannot...
Michael Niedermayer [Tue, 16 May 2017 21:44:24 +0000 (23:44 +0200)]
avcodec/hq_hqa: Fix: runtime error: signed integer overflow: -255 * 10180917 cannot be represented in type 'int'

Fixes: 1626/clusterfuzz-testcase-minimized-6416580571299840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d9cb583c8f005a260d255853ef5f1c21e8599a0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/truemotion1: Fix multiple runtime error: signed integer overflow: 1246906962...
Michael Niedermayer [Tue, 16 May 2017 01:04:26 +0000 (03:04 +0200)]
avcodec/truemotion1: Fix multiple runtime error: signed integer overflow: 1246906962 * 2 cannot be represented in type 'int'

Fixes: 1616/clusterfuzz-testcase-minimized-5119196578971648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5ea6bc2a166edac37042f2bbc28eb603a0fbeccb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Fix runtime error: left shift of negative value -6
Michael Niedermayer [Mon, 15 May 2017 19:21:20 +0000 (21:21 +0200)]
avcodec/svq3: Fix runtime error: left shift of negative value -6

Fixes: 1604/clusterfuzz-testcase-minimized-5312060206350336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a6eb006ad47beb6d5e5cc2c99f8185965209ec6b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/tiff: reset sampling[] if its invalid
Michael Niedermayer [Mon, 15 May 2017 19:19:06 +0000 (21:19 +0200)]
avcodec/tiff: reset sampling[] if its invalid

Fixes divission by 0
Fixes: clusterfuzz-testcase-minimized-5592896440893440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f08122fbe039a56ab3c24f74636b4b0efea97d85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacps: Fix undefined behavior
Michael Niedermayer [Fri, 5 May 2017 11:16:07 +0000 (13:16 +0200)]
avcodec/aacps: Fix undefined behavior

Fixes: 1337/clusterfuzz-testcase-minimized-5212314171080704

Fixes the existence of a potentially invalid pointer intermediate

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 527f89e05922e840083ac6d49eeb838b1e350dd4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/opus_silk: Fix integer overflow and out of array read
Michael Niedermayer [Sat, 6 May 2017 12:28:20 +0000 (14:28 +0200)]
avcodec/opus_silk: Fix integer overflow and out of array read

Fixes: 1362/clusterfuzz-testcase-minimized-6097275002552320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4654baff125d937ae0b1037aa5f0bf53c7351658)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/flacdec: Return error code instead of 0 for failures
Michael Niedermayer [Tue, 9 May 2017 11:25:34 +0000 (13:25 +0200)]
avcodec/flacdec: Return error code instead of 0 for failures

Fixes: infinite loop
Fixes: 1418/clusterfuzz-testcase-minimized-5934472438480896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3f5a68533decdfb4757207e8d7b5af06e1dcd197)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/snowdec: Check width
Michael Niedermayer [Tue, 9 May 2017 14:08:14 +0000 (16:08 +0200)]
avcodec/snowdec: Check width

Fixes: out of array read
Fixes: 1419/clusterfuzz-testcase-minimized-6108700873850880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78aa93807b3e0674e34d32c0bf6f78d7f5b7927e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Update canvas size in vp8_lossy_decode_frame() as in vp8_lossless_decod...
Michael Niedermayer [Mon, 8 May 2017 12:43:03 +0000 (14:43 +0200)]
avcodec/webp: Update canvas size in vp8_lossy_decode_frame() as in vp8_lossless_decode_frame()

Fixes: 1407/clusterfuzz-testcase-minimized-6044604124102656
Fixes: 1420/clusterfuzz-testcase-minimized-6059927359455232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 72810d20b74f05cc4b214d6c277fa6f43160df54)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Factor update_canvas_size() out
Michael Niedermayer [Mon, 8 May 2017 12:43:02 +0000 (14:43 +0200)]
avcodec/webp: Factor update_canvas_size() out

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4f63b78b71e07dd2f5d49c032d9c3eef620c0f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cllc: Check prefix
Michael Niedermayer [Tue, 9 May 2017 17:38:46 +0000 (19:38 +0200)]
avcodec/cllc: Check prefix

Fixes: runtime error: left shift of 1610706944 by 1 places cannot be represented in type 'int'
Fixes: 1421/clusterfuzz-testcase-minimized-6239947507892224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 62c5949beca2c95d6af5c74985467438d2295a66)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be represented...
Michael Niedermayer [Fri, 12 May 2017 23:35:56 +0000 (01:35 +0200)]
avcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be represented in type 'int'

Fixes: 1510/clusterfuzz-testcase-minimized-5826231746428928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit afb4632cc30e83287338690c785ebac180436a59)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg4videodec: Clear sprite wraping on unsupported cases in VOP decode
Michael Niedermayer [Sun, 14 May 2017 14:47:13 +0000 (16:47 +0200)]
avcodec/mpeg4videodec: Clear sprite wraping on unsupported cases in VOP decode

Fixes: Integer overflow
Fixes: 1572/clusterfuzz-testcase-minimized-4578773729017856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 467677769a2222ff8beab3c4d7826df9b7cbc81b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ac3dec: Fix: runtime error: index -1 out of bounds for type 'INTFLOAT [2]'
Michael Niedermayer [Sun, 14 May 2017 12:42:45 +0000 (14:42 +0200)]
avcodec/ac3dec: Fix: runtime error: index -1 out of bounds for type 'INTFLOAT [2]'

It seems dual mono with a LFE channel is not forbidden

Fixes: 1570/clusterfuzz-testcase-minimized-6455337349545984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c55e637072b694a1db40e21948d218bfa2e744bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/hqxdsp: Fix runtime error: signed integer overflow: -196264 * 11585 cannot...
Michael Niedermayer [Sun, 14 May 2017 12:06:56 +0000 (14:06 +0200)]
avcodec/hqxdsp: Fix runtime error: signed integer overflow: -196264 * 11585 cannot be represented in type 'int'

Fixes: 1568/clusterfuzz-testcase-minimized-5944868608147456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b923213276777f33d6366b1cb9d1845a8658f365)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agolibswscale/tests/swscale: Fix uninitialized variables
Michael Niedermayer [Sat, 29 Apr 2017 16:46:48 +0000 (18:46 +0200)]
libswscale/tests/swscale: Fix uninitialized variables

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7796f290653349a4126f2d448d11bb4440b9f257)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ffv1dec: Fix runtime error: signed integer overflow: 1550964438 + 1550964438...
Michael Niedermayer [Sat, 13 May 2017 21:24:04 +0000 (23:24 +0200)]
avcodec/ffv1dec: Fix runtime error: signed integer overflow: 1550964438 + 1550964438 cannot be represented in type 'int'

Fixes: 1559/clusterfuzz-testcase-minimized-5048096079740928
Fixes: 1560/clusterfuzz-testcase-minimized-6011037813833728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8630b2cd36c57918acfe18302fe77d1ceefbd676)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Fix signedness in prefix_code check
Michael Niedermayer [Sat, 13 May 2017 21:21:24 +0000 (23:21 +0200)]
avcodec/webp: Fix signedness in prefix_code check

Fixes: out of array read
Fixes: 1557/clusterfuzz-testcase-minimized-6535013757616128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c5cd1c9d33b4b287f85d42efb1aecfaee31de6c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Fix runtime error: signed integer overflow: 169 * 12717677 cannot be...
Michael Niedermayer [Sat, 13 May 2017 21:16:44 +0000 (23:16 +0200)]
avcodec/svq3: Fix runtime error: signed integer overflow: 169 * 12717677 cannot be represented in type 'int'

Fixes: 1556/clusterfuzz-testcase-minimized-5027865978470400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 86b1b0d33dd7459f0d9c352c51ee2e374fd6f7fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mlpdec: Check that there is enough data for headers
Michael Niedermayer [Sat, 13 May 2017 21:13:38 +0000 (23:13 +0200)]
avcodec/mlpdec: Check that there is enough data for headers

Fixes: out of array access
Fixes: 1541/clusterfuzz-testcase-minimized-6403410590957568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3e51f8c14d22ae11684dcfe58df355f0f9e6401)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ac3dec: Keep track of band structure
Michael Niedermayer [Sat, 13 May 2017 17:28:01 +0000 (19:28 +0200)]
avcodec/ac3dec: Keep track of band structure

It is needed in some corner cases that seem not to be forbidden
Fixes: out of array index
Fixes: 1538/clusterfuzz-testcase-minimized-4696904925446144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9351a156de724edb69ba6e1f05884fe806a13a21)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Add missing input padding
Michael Niedermayer [Sat, 13 May 2017 16:27:27 +0000 (18:27 +0200)]
avcodec/webp: Add missing input padding

Fixes: 1536/clusterfuzz-testcase-minimized-5973925404082176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a3508cc3fe643a8adad6a82a60bece3ea3c5dc63)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Sat, 13 May 2017 16:13:48 +0000 (18:13 +0200)]
avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1

Fixes: 1535/clusterfuzz-testcase-minimized-5826695535788032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 26227d91865ddfbfe35c9ff84853cc469e1c7daf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacsbr_template: Do not change bs_num_env before its checked
Michael Niedermayer [Fri, 12 May 2017 02:12:15 +0000 (04:12 +0200)]
avcodec/aacsbr_template: Do not change bs_num_env before its checked

Fixes: 1489/clusterfuzz-testcase-minimized-5075102901207040
Fixes: out of array access

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 87b08ee6d2a3b0880f0a267c5d51dc7f415e81d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mlp: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Sat, 13 May 2017 12:39:26 +0000 (14:39 +0200)]
avcodec/mlp: Fix multiple runtime error: left shift of negative value -1

Fixes: 1512/clusterfuzz-testcase-minimized-4713846423945216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 74dc728a2c2cc353da20cdc09b8cdfbbe14b7be8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflo...
Michael Niedermayer [Wed, 10 May 2017 12:50:40 +0000 (14:50 +0200)]
avcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflow: -1366381240 + -1262413604 cannot be represented in type 'int'

Fixes: 1440/clusterfuzz-testcase-minimized-5785716111966208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ccce2248bf56692fc7bd436ca2c9acca772d486a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/avcodec: Limit the number of side data elements per packet
Michael Niedermayer [Thu, 11 May 2017 11:01:36 +0000 (13:01 +0200)]
avcodec/avcodec: Limit the number of side data elements per packet

Fixes: 1293/clusterfuzz-testcase-minimized-6054752074858496

See: [FFmpeg-devel] [PATCH] avcodec/avcodec: Limit the number of side data elements per packet

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d5711cb89121268e8d78ebe8563a68e67a236cbb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be repre...
Michael Niedermayer [Fri, 12 May 2017 11:15:33 +0000 (13:15 +0200)]
avcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be represented in type 'int'

Fixes: 1505/clusterfuzz-testcase-minimized-4561688818876416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f225003d17364cd38fd28f268ae2b29abd8e5024)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot...
Michael Niedermayer [Fri, 12 May 2017 11:05:46 +0000 (13:05 +0200)]
avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot be represented in type 'int'

Fixes: 1503/clusterfuzz-testcase-minimized-5369271855087616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit df640dbbc949d0f4deefaf43e86b8bd50ae997cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610
Michael Niedermayer [Thu, 11 May 2017 21:24:23 +0000 (23:24 +0200)]
avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610

Fixes: 1487/clusterfuzz-testcase-minimized-6288036495097856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6899e6e56065d9365963e02690dc9e2ce7866050)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/msmpeg4dec: Check for cbpy VLC errors
Michael Niedermayer [Thu, 11 May 2017 17:10:16 +0000 (19:10 +0200)]
avcodec/msmpeg4dec: Check for cbpy VLC errors

Fixes: runtime error: left shift of negative value -1
Fixes: 1480/clusterfuzz-testcase-minimized-5188321007370240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15e892aad12b23e9b5686cf66ca6fa739c734ead)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cllc: Check num_bits
Michael Niedermayer [Thu, 11 May 2017 16:39:33 +0000 (18:39 +0200)]
avcodec/cllc: Check num_bits

Fixes: runtime error: shift exponent -2 is negative
Fixes: 1479/clusterfuzz-testcase-minimized-6638493360979968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bfd0a97587d26c0c39413a6291ccc66e4a928d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers
Michael Niedermayer [Thu, 11 May 2017 16:35:24 +0000 (18:35 +0200)]
avcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e717fa1f0a66825fb10fec7debad768f311ee240)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dvbsubdec: Check entry_id
Michael Niedermayer [Thu, 11 May 2017 13:18:50 +0000 (15:18 +0200)]
avcodec/dvbsubdec: Check entry_id

Fixes: randomly writing over the array end
Fixes: 1473/clusterfuzz-testcase-minimized-5768907824562176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a69f2602fea04b7ebae2db16f2581e8ff5ee0cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit type...
Michael Niedermayer [Thu, 11 May 2017 13:13:53 +0000 (15:13 +0200)]
avcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit type 'int'

Fixes: 1471/clusterfuzz-testcase-minimized-6376460543590400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a0ff78168f80f5b2c5c5544325aca4023bc67a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg12dec: Fixes runtime error: division by zero
Michael Niedermayer [Wed, 10 May 2017 22:49:31 +0000 (00:49 +0200)]
avcodec/mpeg12dec: Fixes runtime error: division by zero

Fixes: 1464/clusterfuzz-testcase-minimized-4925445571084288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0ece1f4addf8ac31df95775a2d36be2a55fc759)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Always set pix_fmt
Michael Niedermayer [Wed, 10 May 2017 16:37:49 +0000 (18:37 +0200)]
avcodec/webp: Always set pix_fmt

Fixes: out of array access
Fixes: 1434/clusterfuzz-testcase-minimized-6314998085189632
Fixes: 1435/clusterfuzz-testcase-minimized-6483783723253760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavfilter/vf_uspp: Fix currently unused input frame dimensions
Michael Niedermayer [Wed, 10 May 2017 19:54:31 +0000 (21:54 +0200)]
avfilter/vf_uspp: Fix currently unused input frame dimensions

Found-by: Nicolas
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 942036e97c8b149ce2f3ec6e7cbc990df8713d0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/truemotion1: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Wed, 10 May 2017 17:09:31 +0000 (19:09 +0200)]
avcodec/truemotion1: Fix multiple runtime error: left shift of negative value -1

Fixes: 1446/clusterfuzz-testcase-minimized-5577409124368384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db5fae32294763677caa4c1417dcba704c7e764e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/eatqi: Fix runtime error: signed integer overflow: 4466147 * 1075 cannot...
Michael Niedermayer [Wed, 10 May 2017 17:02:05 +0000 (19:02 +0200)]
avcodec/eatqi: Fix runtime error: signed integer overflow: 4466147 * 1075 cannot be represented in type 'int'

Fixes: 1443/clusterfuzz-testcase-minimized-4826998612426752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8de60ba2740185c53cabbee6c00ed67a0d530e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dss_sp: Fix runtime error: signed integer overflow: 2147481189 + 4096 cannot...
Michael Niedermayer [Wed, 10 May 2017 16:51:58 +0000 (18:51 +0200)]
avcodec/dss_sp: Fix runtime error: signed integer overflow: 2147481189 + 4096 cannot be represented in type 'int'

Fixes: 1441/clusterfuzz-testcase-minimized-6223152357048320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ea428789371fa0601e9ebb5b7f2216d4e73e831)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavformat/wavdec: Check chunk_size
李赞 [Wed, 10 May 2017 12:55:34 +0000 (14:55 +0200)]
avformat/wavdec: Check chunk_size

Fixes integer overflow and out of array access

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d232196372f309a75ed074c4cef30578eec1782)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cavs: Check updated MV
Michael Niedermayer [Wed, 10 May 2017 12:41:23 +0000 (14:41 +0200)]
avcodec/cavs: Check updated MV

Fixes: runtime error: signed integer overflow: 251 + 2147483647 cannot be represented in type 'int'
Fixes: 1438/clusterfuzz-testcase-minimized-4917542646710272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5871adc90f8c1037535563e33ebeaf032bb4d5d6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/y41pdec: Fix width in input buffer size check
Michael Niedermayer [Wed, 10 May 2017 12:33:27 +0000 (14:33 +0200)]
avcodec/y41pdec: Fix width in input buffer size check

Fixes: out of array read
Fixes: 1437/clusterfuzz-testcase-minimized-4569970002362368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d8d3729475c7dce52d8fb9ffb280fd2ea62e1a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Fix multiple runtime error: signed integer overflow: -237341 * 24552...
Michael Niedermayer [Tue, 9 May 2017 23:26:39 +0000 (01:26 +0200)]
avcodec/svq3: Fix multiple runtime error: signed integer overflow: -237341 * 24552 cannot be represented in type 'int'

Fixes: 1429/clusterfuzz-testcase-minimized-5959951610544128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ae6fd1790f48c457a8cedb445dcac73f8f7b7698)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/texturedsp: Fix runtime error: left shift of 218 by 24 places cannot be repre...
Michael Niedermayer [Tue, 9 May 2017 23:18:36 +0000 (01:18 +0200)]
avcodec/texturedsp: Fix runtime error: left shift of 218 by 24 places cannot be represented in type 'int'

Fixes: 1428/clusterfuzz-testcase-minimized-5263281793007616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bd8eb05d21b582d627a93852b59cb3cfc305dae)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/lagarith: Check scale_factor
Michael Niedermayer [Tue, 9 May 2017 22:56:45 +0000 (00:56 +0200)]
avcodec/lagarith: Check scale_factor

Fixes: 1425/clusterfuzz-testcase-minimized-6295712339853312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed3c9b5b0dd5abb545c48e930e1c32c187b0776a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/lagarith: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Tue, 9 May 2017 22:50:05 +0000 (00:50 +0200)]
avcodec/lagarith: Fix runtime error: left shift of negative value -1

Fixes: 1424/clusterfuzz-testcase-minimized-6088327159611392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ddb2dd7edbccc5596d8e3c039133be8444cb1d02)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/takdec: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Tue, 9 May 2017 22:44:37 +0000 (00:44 +0200)]
avcodec/takdec: Fix multiple  runtime error: left shift of negative value -1

Fixes: 1423/clusterfuzz-testcase-minimized-5063889899225088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c5d2fa2fdff08e77bba0c9a31b91826a807c551c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/indeo2: Check for invalid VLCs
Michael Niedermayer [Mon, 8 May 2017 22:02:22 +0000 (00:02 +0200)]
avcodec/indeo2: Check for invalid VLCs

Fixes: timeout
Fixes: 1416/clusterfuzz-testcase-minimized-5536862435278848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 159fb8ff7e4038edf13e91d3c08bc7b8abc369b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/htmlsubtitles: Check for string truncation and return error
Michael Niedermayer [Fri, 5 May 2017 23:42:53 +0000 (01:42 +0200)]
avcodec/htmlsubtitles: Check for string truncation and return error

Fixes out of array access
Fixes: 1354/clusterfuzz-testcase-minimized-5520132195483648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4ae3cce64bd46b1d539bdeac39753f83015f114)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/bmvvideo: Fix runtime error: left shift of 137 by 24 places cannot be represe...
Michael Niedermayer [Mon, 8 May 2017 13:46:55 +0000 (15:46 +0200)]
avcodec/bmvvideo: Fix runtime error: left shift of 137 by 24 places cannot be represented in type 'int'

Fixes: 1411/clusterfuzz-testcase-minimized-5776085184675840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 29692023b2f1e0580a4065f4c9b62bafd89ab337)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dss_sp: Fix multiple runtime error: signed integer overflow: -15699 * -164039...
Michael Niedermayer [Mon, 8 May 2017 13:40:30 +0000 (15:40 +0200)]
avcodec/dss_sp: Fix multiple runtime error: signed integer overflow: -15699 * -164039 cannot be represented in type 'int'

Fixed: 1409/clusterfuzz-testcase-minimized-5237365020819456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea59ef0c031b6b92f051f60c19fdd0a716769834)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dvbsubdec: check region dimensions
Michael Niedermayer [Mon, 8 May 2017 13:17:31 +0000 (15:17 +0200)]
avcodec/dvbsubdec: check region dimensions

Fixes: 1408/clusterfuzz-testcase-minimized-6529985844084736
Fixes: integer overflow

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0075d9eced22839fa4f7a6eaa02155803ccae3e6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp8dsp: Fixes: runtime error: signed integer overflow: 1330143360 - -10230405...
Michael Niedermayer [Mon, 8 May 2017 10:07:56 +0000 (12:07 +0200)]
avcodec/vp8dsp: Fixes: runtime error: signed integer overflow: 1330143360 - -1023040530 cannot be represented in type 'int'

Fixes: 1406/clusterfuzz-testcase-minimized-5064865125236736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8824b7370a9fb72f9c699c3751a5ceb56e0cc41d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/hqxdsp: Fix multiple runtime error: signed integer overflow: 248220 * 21407...
Michael Niedermayer [Mon, 8 May 2017 10:04:09 +0000 (12:04 +0200)]
avcodec/hqxdsp: Fix multiple runtime error: signed integer overflow: 248220 * 21407 cannot be represented in type 'int' in idct_col()

Fixes: 1405/clusterfuzz-testcase-minimized-5011491835084800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d5118f81bd51b9c33500616b3c637123e8e4691)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cavsdec: Check sym_factor
Michael Niedermayer [Mon, 8 May 2017 09:55:27 +0000 (11:55 +0200)]
avcodec/cavsdec: Check sym_factor

Fixes: runtime error: signed integer overflow: 25984 * 130560 cannot be represented in type 'int'

Fixes: 1404/clusterfuzz-testcase-minimized-5000441286885376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 279420b5a63b3f254e4932a4afb91759fb50186a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cdxl: Check format for BGR24
Michael Niedermayer [Mon, 8 May 2017 09:46:03 +0000 (11:46 +0200)]
avcodec/cdxl: Check format for BGR24

Fixes: out of array access
Fixes: 1427/clusterfuzz-testcase-minimized-5020737339392000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1e42736b95065c69a7481d0cf55247024f54b660)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ffv1dec: Fix copying planes of paletted formats
Michael Niedermayer [Mon, 8 May 2017 00:28:07 +0000 (02:28 +0200)]
avcodec/ffv1dec: Fix copying planes of paletted formats

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a4d387195a5eb3c1700071af8d8150e4f7f6600)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -12156865 cannot...
Michael Niedermayer [Sun, 7 May 2017 21:07:42 +0000 (23:07 +0200)]
avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -12156865 cannot be represented in type 'int'

Fixes: 1401/clusterfuzz-testcase-minimized-6526248148795392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b1f66cf5c2e4d29ae06cdf3f12cdd3d808006bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/xwddec: Check bpp more completely
Michael Niedermayer [Sun, 7 May 2017 16:50:49 +0000 (18:50 +0200)]
avcodec/xwddec: Check bpp more completely

Fixes out of array access
Fixes: 1399/clusterfuzz-testcase-minimized-4866094172995584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 441026fcb13ac23aa10edc312bdacb6445a0ad06)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/s302m: Fix left shift of 8 by 28 places cannot be represented in type 'int'
Michael Niedermayer [Sun, 7 May 2017 13:44:51 +0000 (15:44 +0200)]
avcodec/s302m: Fix left shift of 8 by 28 places cannot be represented in type 'int'

Fixes: 1395/clusterfuzz-testcase-minimized-5330939741732864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a38e9797cb4123d13ba871d166a737786ba04a9b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/eamad: Fix runtime error: signed integer overflow: 49674 * 49858 cannot be...
Michael Niedermayer [Sun, 7 May 2017 13:42:17 +0000 (15:42 +0200)]
avcodec/eamad: Fix runtime error: signed integer overflow: 49674 * 49858 cannot be represented in type 'int'

Fixes: 1394/clusterfuzz-testcase-minimized-6493376885030912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ac1c87194a67e6104a3d241a4dd1ca0808784bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g726: Fix runtime error: left shift of negative value -2
Michael Niedermayer [Sun, 7 May 2017 13:40:07 +0000 (15:40 +0200)]
avcodec/g726: Fix runtime error: left shift of negative value -2

Fixes: 1393/clusterfuzz-testcase-minimized-5948366791901184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c04aa148824f4fb7f4b70830ad3ca7a6cba8ab79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ra144: Fix runtime error: left shift of negative value -798
Michael Niedermayer [Sun, 7 May 2017 12:16:33 +0000 (14:16 +0200)]
avcodec/ra144: Fix runtime error: left shift of negative value -798

Fixes: 1388/clusterfuzz-testcase-minimized-6680800936329216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78bf446852a7e5e8aa52c7ca9889632e167b665f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>