ffmpeg.git
2 years agoavcodec/aacsbr_template: Do not change bs_num_env before its checked
Michael Niedermayer [Fri, 12 May 2017 02:12:15 +0000 (04:12 +0200)]
avcodec/aacsbr_template: Do not change bs_num_env before its checked

Fixes: 1489/clusterfuzz-testcase-minimized-5075102901207040
Fixes: out of array access

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 87b08ee6d2a3b0880f0a267c5d51dc7f415e81d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mlp: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Sat, 13 May 2017 12:39:26 +0000 (14:39 +0200)]
avcodec/mlp: Fix multiple runtime error: left shift of negative value -1

Fixes: 1512/clusterfuzz-testcase-minimized-4713846423945216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 74dc728a2c2cc353da20cdc09b8cdfbbe14b7be8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflo...
Michael Niedermayer [Wed, 10 May 2017 12:50:40 +0000 (14:50 +0200)]
avcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflow: -1366381240 + -1262413604 cannot be represented in type 'int'

Fixes: 1440/clusterfuzz-testcase-minimized-5785716111966208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ccce2248bf56692fc7bd436ca2c9acca772d486a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/avcodec: Limit the number of side data elements per packet
Michael Niedermayer [Thu, 11 May 2017 11:01:36 +0000 (13:01 +0200)]
avcodec/avcodec: Limit the number of side data elements per packet

Fixes: 1293/clusterfuzz-testcase-minimized-6054752074858496

See: [FFmpeg-devel] [PATCH] avcodec/avcodec: Limit the number of side data elements per packet

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d5711cb89121268e8d78ebe8563a68e67a236cbb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be repre...
Michael Niedermayer [Fri, 12 May 2017 11:15:33 +0000 (13:15 +0200)]
avcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be represented in type 'int'

Fixes: 1505/clusterfuzz-testcase-minimized-4561688818876416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f225003d17364cd38fd28f268ae2b29abd8e5024)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot...
Michael Niedermayer [Fri, 12 May 2017 11:05:46 +0000 (13:05 +0200)]
avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot be represented in type 'int'

Fixes: 1503/clusterfuzz-testcase-minimized-5369271855087616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit df640dbbc949d0f4deefaf43e86b8bd50ae997cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610
Michael Niedermayer [Thu, 11 May 2017 21:24:23 +0000 (23:24 +0200)]
avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610

Fixes: 1487/clusterfuzz-testcase-minimized-6288036495097856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6899e6e56065d9365963e02690dc9e2ce7866050)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/msmpeg4dec: Check for cbpy VLC errors
Michael Niedermayer [Thu, 11 May 2017 17:10:16 +0000 (19:10 +0200)]
avcodec/msmpeg4dec: Check for cbpy VLC errors

Fixes: runtime error: left shift of negative value -1
Fixes: 1480/clusterfuzz-testcase-minimized-5188321007370240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15e892aad12b23e9b5686cf66ca6fa739c734ead)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cllc: Check num_bits
Michael Niedermayer [Thu, 11 May 2017 16:39:33 +0000 (18:39 +0200)]
avcodec/cllc: Check num_bits

Fixes: runtime error: shift exponent -2 is negative
Fixes: 1479/clusterfuzz-testcase-minimized-6638493360979968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bfd0a97587d26c0c39413a6291ccc66e4a928d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers
Michael Niedermayer [Thu, 11 May 2017 16:35:24 +0000 (18:35 +0200)]
avcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e717fa1f0a66825fb10fec7debad768f311ee240)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dvbsubdec: Check entry_id
Michael Niedermayer [Thu, 11 May 2017 13:18:50 +0000 (15:18 +0200)]
avcodec/dvbsubdec: Check entry_id

Fixes: randomly writing over the array end
Fixes: 1473/clusterfuzz-testcase-minimized-5768907824562176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a69f2602fea04b7ebae2db16f2581e8ff5ee0cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit type...
Michael Niedermayer [Thu, 11 May 2017 13:13:53 +0000 (15:13 +0200)]
avcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit type 'int'

Fixes: 1471/clusterfuzz-testcase-minimized-6376460543590400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a0ff78168f80f5b2c5c5544325aca4023bc67a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg12dec: Fixes runtime error: division by zero
Michael Niedermayer [Wed, 10 May 2017 22:49:31 +0000 (00:49 +0200)]
avcodec/mpeg12dec: Fixes runtime error: division by zero

Fixes: 1464/clusterfuzz-testcase-minimized-4925445571084288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0ece1f4addf8ac31df95775a2d36be2a55fc759)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Always set pix_fmt
Michael Niedermayer [Wed, 10 May 2017 16:37:49 +0000 (18:37 +0200)]
avcodec/webp: Always set pix_fmt

Fixes: out of array access
Fixes: 1434/clusterfuzz-testcase-minimized-6314998085189632
Fixes: 1435/clusterfuzz-testcase-minimized-6483783723253760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavfilter/vf_uspp: Fix currently unused input frame dimensions
Michael Niedermayer [Wed, 10 May 2017 19:54:31 +0000 (21:54 +0200)]
avfilter/vf_uspp: Fix currently unused input frame dimensions

Found-by: Nicolas
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 942036e97c8b149ce2f3ec6e7cbc990df8713d0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/truemotion1: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Wed, 10 May 2017 17:09:31 +0000 (19:09 +0200)]
avcodec/truemotion1: Fix multiple runtime error: left shift of negative value -1

Fixes: 1446/clusterfuzz-testcase-minimized-5577409124368384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db5fae32294763677caa4c1417dcba704c7e764e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/eatqi: Fix runtime error: signed integer overflow: 4466147 * 1075 cannot...
Michael Niedermayer [Wed, 10 May 2017 17:02:05 +0000 (19:02 +0200)]
avcodec/eatqi: Fix runtime error: signed integer overflow: 4466147 * 1075 cannot be represented in type 'int'

Fixes: 1443/clusterfuzz-testcase-minimized-4826998612426752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8de60ba2740185c53cabbee6c00ed67a0d530e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dss_sp: Fix runtime error: signed integer overflow: 2147481189 + 4096 cannot...
Michael Niedermayer [Wed, 10 May 2017 16:51:58 +0000 (18:51 +0200)]
avcodec/dss_sp: Fix runtime error: signed integer overflow: 2147481189 + 4096 cannot be represented in type 'int'

Fixes: 1441/clusterfuzz-testcase-minimized-6223152357048320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ea428789371fa0601e9ebb5b7f2216d4e73e831)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavformat/wavdec: Check chunk_size
李赞 [Wed, 10 May 2017 12:55:34 +0000 (14:55 +0200)]
avformat/wavdec: Check chunk_size

Fixes integer overflow and out of array access

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d232196372f309a75ed074c4cef30578eec1782)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cavs: Check updated MV
Michael Niedermayer [Wed, 10 May 2017 12:41:23 +0000 (14:41 +0200)]
avcodec/cavs: Check updated MV

Fixes: runtime error: signed integer overflow: 251 + 2147483647 cannot be represented in type 'int'
Fixes: 1438/clusterfuzz-testcase-minimized-4917542646710272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5871adc90f8c1037535563e33ebeaf032bb4d5d6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/y41pdec: Fix width in input buffer size check
Michael Niedermayer [Wed, 10 May 2017 12:33:27 +0000 (14:33 +0200)]
avcodec/y41pdec: Fix width in input buffer size check

Fixes: out of array read
Fixes: 1437/clusterfuzz-testcase-minimized-4569970002362368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d8d3729475c7dce52d8fb9ffb280fd2ea62e1a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Fix multiple runtime error: signed integer overflow: -237341 * 24552...
Michael Niedermayer [Tue, 9 May 2017 23:26:39 +0000 (01:26 +0200)]
avcodec/svq3: Fix multiple runtime error: signed integer overflow: -237341 * 24552 cannot be represented in type 'int'

Fixes: 1429/clusterfuzz-testcase-minimized-5959951610544128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ae6fd1790f48c457a8cedb445dcac73f8f7b7698)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/texturedsp: Fix runtime error: left shift of 218 by 24 places cannot be repre...
Michael Niedermayer [Tue, 9 May 2017 23:18:36 +0000 (01:18 +0200)]
avcodec/texturedsp: Fix runtime error: left shift of 218 by 24 places cannot be represented in type 'int'

Fixes: 1428/clusterfuzz-testcase-minimized-5263281793007616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bd8eb05d21b582d627a93852b59cb3cfc305dae)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/lagarith: Check scale_factor
Michael Niedermayer [Tue, 9 May 2017 22:56:45 +0000 (00:56 +0200)]
avcodec/lagarith: Check scale_factor

Fixes: 1425/clusterfuzz-testcase-minimized-6295712339853312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed3c9b5b0dd5abb545c48e930e1c32c187b0776a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/lagarith: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Tue, 9 May 2017 22:50:05 +0000 (00:50 +0200)]
avcodec/lagarith: Fix runtime error: left shift of negative value -1

Fixes: 1424/clusterfuzz-testcase-minimized-6088327159611392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ddb2dd7edbccc5596d8e3c039133be8444cb1d02)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/takdec: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Tue, 9 May 2017 22:44:37 +0000 (00:44 +0200)]
avcodec/takdec: Fix multiple  runtime error: left shift of negative value -1

Fixes: 1423/clusterfuzz-testcase-minimized-5063889899225088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c5d2fa2fdff08e77bba0c9a31b91826a807c551c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/indeo2: Check for invalid VLCs
Michael Niedermayer [Mon, 8 May 2017 22:02:22 +0000 (00:02 +0200)]
avcodec/indeo2: Check for invalid VLCs

Fixes: timeout
Fixes: 1416/clusterfuzz-testcase-minimized-5536862435278848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 159fb8ff7e4038edf13e91d3c08bc7b8abc369b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/htmlsubtitles: Check for string truncation and return error
Michael Niedermayer [Fri, 5 May 2017 23:42:53 +0000 (01:42 +0200)]
avcodec/htmlsubtitles: Check for string truncation and return error

Fixes out of array access
Fixes: 1354/clusterfuzz-testcase-minimized-5520132195483648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4ae3cce64bd46b1d539bdeac39753f83015f114)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/bmvvideo: Fix runtime error: left shift of 137 by 24 places cannot be represe...
Michael Niedermayer [Mon, 8 May 2017 13:46:55 +0000 (15:46 +0200)]
avcodec/bmvvideo: Fix runtime error: left shift of 137 by 24 places cannot be represented in type 'int'

Fixes: 1411/clusterfuzz-testcase-minimized-5776085184675840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 29692023b2f1e0580a4065f4c9b62bafd89ab337)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dss_sp: Fix multiple runtime error: signed integer overflow: -15699 * -164039...
Michael Niedermayer [Mon, 8 May 2017 13:40:30 +0000 (15:40 +0200)]
avcodec/dss_sp: Fix multiple runtime error: signed integer overflow: -15699 * -164039 cannot be represented in type 'int'

Fixed: 1409/clusterfuzz-testcase-minimized-5237365020819456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea59ef0c031b6b92f051f60c19fdd0a716769834)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dvbsubdec: check region dimensions
Michael Niedermayer [Mon, 8 May 2017 13:17:31 +0000 (15:17 +0200)]
avcodec/dvbsubdec: check region dimensions

Fixes: 1408/clusterfuzz-testcase-minimized-6529985844084736
Fixes: integer overflow

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0075d9eced22839fa4f7a6eaa02155803ccae3e6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp8dsp: Fixes: runtime error: signed integer overflow: 1330143360 - -10230405...
Michael Niedermayer [Mon, 8 May 2017 10:07:56 +0000 (12:07 +0200)]
avcodec/vp8dsp: Fixes: runtime error: signed integer overflow: 1330143360 - -1023040530 cannot be represented in type 'int'

Fixes: 1406/clusterfuzz-testcase-minimized-5064865125236736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8824b7370a9fb72f9c699c3751a5ceb56e0cc41d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/hqxdsp: Fix multiple runtime error: signed integer overflow: 248220 * 21407...
Michael Niedermayer [Mon, 8 May 2017 10:04:09 +0000 (12:04 +0200)]
avcodec/hqxdsp: Fix multiple runtime error: signed integer overflow: 248220 * 21407 cannot be represented in type 'int' in idct_col()

Fixes: 1405/clusterfuzz-testcase-minimized-5011491835084800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d5118f81bd51b9c33500616b3c637123e8e4691)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cavsdec: Check sym_factor
Michael Niedermayer [Mon, 8 May 2017 09:55:27 +0000 (11:55 +0200)]
avcodec/cavsdec: Check sym_factor

Fixes: runtime error: signed integer overflow: 25984 * 130560 cannot be represented in type 'int'

Fixes: 1404/clusterfuzz-testcase-minimized-5000441286885376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 279420b5a63b3f254e4932a4afb91759fb50186a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cdxl: Check format for BGR24
Michael Niedermayer [Mon, 8 May 2017 09:46:03 +0000 (11:46 +0200)]
avcodec/cdxl: Check format for BGR24

Fixes: out of array access
Fixes: 1427/clusterfuzz-testcase-minimized-5020737339392000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1e42736b95065c69a7481d0cf55247024f54b660)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ffv1dec: Fix copying planes of paletted formats
Michael Niedermayer [Mon, 8 May 2017 00:28:07 +0000 (02:28 +0200)]
avcodec/ffv1dec: Fix copying planes of paletted formats

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a4d387195a5eb3c1700071af8d8150e4f7f6600)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -12156865 cannot...
Michael Niedermayer [Sun, 7 May 2017 21:07:42 +0000 (23:07 +0200)]
avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -12156865 cannot be represented in type 'int'

Fixes: 1401/clusterfuzz-testcase-minimized-6526248148795392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b1f66cf5c2e4d29ae06cdf3f12cdd3d808006bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/xwddec: Check bpp more completely
Michael Niedermayer [Sun, 7 May 2017 16:50:49 +0000 (18:50 +0200)]
avcodec/xwddec: Check bpp more completely

Fixes out of array access
Fixes: 1399/clusterfuzz-testcase-minimized-4866094172995584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 441026fcb13ac23aa10edc312bdacb6445a0ad06)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/s302m: Fix left shift of 8 by 28 places cannot be represented in type 'int'
Michael Niedermayer [Sun, 7 May 2017 13:44:51 +0000 (15:44 +0200)]
avcodec/s302m: Fix left shift of 8 by 28 places cannot be represented in type 'int'

Fixes: 1395/clusterfuzz-testcase-minimized-5330939741732864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a38e9797cb4123d13ba871d166a737786ba04a9b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/eamad: Fix runtime error: signed integer overflow: 49674 * 49858 cannot be...
Michael Niedermayer [Sun, 7 May 2017 13:42:17 +0000 (15:42 +0200)]
avcodec/eamad: Fix runtime error: signed integer overflow: 49674 * 49858 cannot be represented in type 'int'

Fixes: 1394/clusterfuzz-testcase-minimized-6493376885030912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ac1c87194a67e6104a3d241a4dd1ca0808784bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g726: Fix runtime error: left shift of negative value -2
Michael Niedermayer [Sun, 7 May 2017 13:40:07 +0000 (15:40 +0200)]
avcodec/g726: Fix runtime error: left shift of negative value -2

Fixes: 1393/clusterfuzz-testcase-minimized-5948366791901184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c04aa148824f4fb7f4b70830ad3ca7a6cba8ab79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ra144: Fix runtime error: left shift of negative value -798
Michael Niedermayer [Sun, 7 May 2017 12:16:33 +0000 (14:16 +0200)]
avcodec/ra144: Fix runtime error: left shift of negative value -798

Fixes: 1388/clusterfuzz-testcase-minimized-6680800936329216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78bf446852a7e5e8aa52c7ca9889632e167b665f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mss34dsp: Fix multiple signed integer overflow
Michael Niedermayer [Sun, 7 May 2017 12:12:04 +0000 (14:12 +0200)]
avcodec/mss34dsp: Fix multiple signed integer overflow

Fixes: 1387/clusterfuzz-testcase-minimized-4802757766676480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 464c4b86ee43b7912e6f23fd3e5ba40381b4c371)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/targa_y216dec: Fix width type
Michael Niedermayer [Sun, 7 May 2017 01:49:06 +0000 (03:49 +0200)]
avcodec/targa_y216dec: Fix width type

Fixes out of array access
Fixes: 1376/clusterfuzz-testcase-minimized-6361794975105024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e56db892600c2fbe34782c6140f1ee832a2c344)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ivi_dsp: Fix multiple left shift of negative value -2
Michael Niedermayer [Sun, 7 May 2017 01:23:09 +0000 (03:23 +0200)]
avcodec/ivi_dsp: Fix multiple left shift of negative value -2

Fixes: 1385/clusterfuzz-testcase-minimized-5552882663292928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e88cc94e58e9e4d1293f9f56c973510e30495fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Fix multiple runtime error: signed integer overflow: 44161 * 61694...
Michael Niedermayer [Sun, 7 May 2017 01:16:53 +0000 (03:16 +0200)]
avcodec/svq3: Fix multiple runtime error: signed integer overflow: 44161 * 61694 cannot be represented in type 'int'

Fixes: 1382/clusterfuzz-testcase-minimized-6013445293998080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 669419939c1d36be35196859dc73ec9a194157ad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/msmpeg4dec: Correct table depth
Michael Niedermayer [Sun, 7 May 2017 00:46:54 +0000 (02:46 +0200)]
avcodec/msmpeg4dec: Correct table depth

Fixes undefined shift
Fixes: 1381/clusterfuzz-testcase-minimized-5513944540119040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1121d9270783b284a70af317d8785eac7df1b72f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dds: Fix runtime error: left shift of 1 by 31 places cannot be represented...
Michael Niedermayer [Sat, 6 May 2017 20:31:23 +0000 (22:31 +0200)]
avcodec/dds: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

Fixes: 1380/clusterfuzz-testcase-minimized-650122545122508

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a8335de030aa6cb6356bb16c7d3aefc5a80e362)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cdxl: Check format parameter
Michael Niedermayer [Sat, 6 May 2017 20:24:52 +0000 (22:24 +0200)]
avcodec/cdxl: Check format parameter

Fixes out of array access
Fixes: 1378/clusterfuzz-testcase-minimized-5715088008806400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavutil/softfloat: Fix overflow in av_div_sf()
Michael Niedermayer [Sat, 6 May 2017 19:31:49 +0000 (21:31 +0200)]
avutil/softfloat: Fix overflow in av_div_sf()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 277e397eb5964999bd76909f52d4bd3350289c22)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/hq_hqa: Fix runtime error: left shift of negative value -207
Michael Niedermayer [Sat, 6 May 2017 17:11:46 +0000 (19:11 +0200)]
avcodec/hq_hqa: Fix runtime error: left shift of negative value -207

Fixes: 1375/clusterfuzz-testcase-minimized-6070134701555712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1283c4244767bd19918f355c31d702a94ee0cc1b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mss3: Change types in rac_get_model_sym() to match the types they are initial...
Michael Niedermayer [Sat, 6 May 2017 17:07:59 +0000 (19:07 +0200)]
avcodec/mss3: Change types in rac_get_model_sym() to match the types they are initialized from

Fixes integer overflow
Fixes: 1372/clusterfuzz-testcase-minimized-5712192982745088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ef0f392711445e173a56b2c073dedb021ae3783)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/shorten: Check k in get_uint()
Michael Niedermayer [Sat, 6 May 2017 16:28:09 +0000 (18:28 +0200)]
avcodec/shorten: Check k in get_uint()

Fixes: undefined shift
Fixes: 1371/clusterfuzz-testcase-minimized-5770822591447040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b6a51f59c467ab9f4b73122dc269206fb517425)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Fix null pointer dereference
Michael Niedermayer [Sat, 6 May 2017 14:43:52 +0000 (16:43 +0200)]
avcodec/webp: Fix null pointer dereference

Fixes: 1369/clusterfuzz-testcase-minimized-5048908029886464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9bf4523e40148fdd27064ab570952bd8c4d1016e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dfa: Fix signed integer overflow: -2147483648 - 1 cannot be represented in...
Michael Niedermayer [Sat, 6 May 2017 14:38:22 +0000 (16:38 +0200)]
avcodec/dfa: Fix signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'

Fixes: 1368/clusterfuzz-testcase-minimized-4507293276176384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12936a4585bc293c0f88327d6840f49e8e744b62)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mimic: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Sat, 6 May 2017 13:17:29 +0000 (15:17 +0200)]
avcodec/mimic: Fix runtime error: left shift of negative value -1

Fixes: 1365/clusterfuzz-testcase-minimized-5624158450876416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fc2c420b82939a8f30838a6aa08bfd936099d3ce)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/fic: Fix multiple left shift of negative value -15
Michael Niedermayer [Sat, 6 May 2017 10:10:59 +0000 (12:10 +0200)]
avcodec/fic: Fix multiple left shift of negative value -15

Fixes: 1356/clusterfuzz-testcase-minimized-6008489086287872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b20c71409b24460983ba5d9afa0716714f9e0f7d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mlpdec: Fix runtime error: left shift of negative value -22
Michael Niedermayer [Sat, 6 May 2017 10:05:17 +0000 (12:05 +0200)]
avcodec/mlpdec: Fix runtime error: left shift of negative value -22

Fixes: 1355/clusterfuzz-testcase-minimized-6662205472768000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c535436cbeeab89be64e9f3fd652bc736f2f3245)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/snowdec: Check qbias
Michael Niedermayer [Fri, 5 May 2017 23:08:54 +0000 (01:08 +0200)]
avcodec/snowdec: Check qbias

Fixes: signed integer overflow: -1094995529 * 131 cannot be represented in type 'int'
Fixes: 1353/clusterfuzz-testcase-minimized-5208180449607680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 523205ce1ed9415183c162998c68f573479e78fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavutil/softfloat: Fix multiple runtime error: left shift of negative value -8
Michael Niedermayer [Fri, 5 May 2017 22:13:05 +0000 (00:13 +0200)]
avutil/softfloat: Fix multiple runtime error: left shift of negative value -8

Fixes: 1352/clusterfuzz-testcase-minimized-5757565017260032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 35f3df0d76e28969fa77f2b865e2e40b3ba69722)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacsbr_template: Do not leave bs_num_env invalid
Michael Niedermayer [Fri, 5 May 2017 21:00:59 +0000 (23:00 +0200)]
avcodec/aacsbr_template: Do not leave bs_num_env invalid

Fixes out of array read
Fixes: 1349/clusterfuzz-testcase-minimized-5370707196248064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8ad83b793e883b8c6d114f81073a4e40c0308a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mdec: Fix signed integer overflow: 28835400 * 83 cannot be represented in...
Michael Niedermayer [Fri, 5 May 2017 20:17:59 +0000 (22:17 +0200)]
avcodec/mdec: Fix signed integer overflow: 28835400 * 83 cannot be represented in type 'int'

Fixes: 1346/clusterfuzz-testcase-minimized-5776732600664064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a234b5ade3ca6cde805b92b8b6ecacf693460a8c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dfa: Fix off by 1 error
Michael Niedermayer [Fri, 5 May 2017 18:42:11 +0000 (20:42 +0200)]
avcodec/dfa: Fix off by 1 error

Fixes out of array access
Fixes: 1345/clusterfuzz-testcase-minimized-6062963045695488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f52fbf4f3ed02a7d872d8a102006f29b4421f360)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/nellymoser: Fix multiple left shift of negative value -8591
Michael Niedermayer [Fri, 5 May 2017 17:28:56 +0000 (19:28 +0200)]
avcodec/nellymoser: Fix multiple left shift of negative value -8591

Fixes: 1342/clusterfuzz-testcase-minimized-5490842129137664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0953736b7e97f6e121a0587a95434bf1857a27da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cdxl: Fix signed integer overflow: 14243456 * 164 cannot be represented in...
Michael Niedermayer [Fri, 5 May 2017 17:26:02 +0000 (19:26 +0200)]
avcodec/cdxl: Fix signed integer overflow: 14243456 * 164 cannot be represented in type 'int'

Fixes: 1341/clusterfuzz-testcase-minimized-5441502618583040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1002932a3b16d35c46a08455f76462909eebb5aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g722: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Fri, 5 May 2017 16:14:03 +0000 (18:14 +0200)]
avcodec/g722: Fix multiple runtime error: left shift of negative value -1

Fixes: 1340/clusterfuzz-testcase-minimized-4669892148068352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f55df62998681c7702f008ce7c12a00b15e33f53)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dss_sp: Fix multiple left shift of negative value -466
Michael Niedermayer [Fri, 5 May 2017 16:07:25 +0000 (18:07 +0200)]
avcodec/dss_sp: Fix multiple left shift of negative value -466

Fixes: 1339/clusterfuzz-testcase-minimized-4614671485108224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38152d9368beb080b4acd6cd9e5ccc89b3f733bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wnv1: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Fri, 5 May 2017 16:01:25 +0000 (18:01 +0200)]
avcodec/wnv1: Fix runtime error: left shift of negative value -1

Fixes: 1338/clusterfuzz-testcase-minimized-6485546354343936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9fac508ca46f93450ec232299dfd15ac70b6f326)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/tiertexseqv: set the fixed dimenasions, do not depend on the demuxer doing so
Michael Niedermayer [Fri, 5 May 2017 10:48:12 +0000 (12:48 +0200)]
avcodec/tiertexseqv: set the fixed dimenasions, do not depend on the demuxer doing so

Fixes: out of array access
Fixes: 1348/clusterfuzz-testcase-minimized-6195673642827776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce551a3925a1cf9c7824e26a246b99b6773bda4b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mjpegdec: Fix runtime error: signed integer overflow: -24543 * 2031616 cannot...
Michael Niedermayer [Thu, 27 Apr 2017 13:10:25 +0000 (15:10 +0200)]
avcodec/mjpegdec: Fix runtime error: signed integer overflow: -24543 * 2031616 cannot be represented in type 'int'

Fixes: 943/clusterfuzz-testcase-5114865297391616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a78ae465fda902565ed041d93403e04490b4be0d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cavsdec: Fix undefined behavior from integer overflow
Michael Niedermayer [Fri, 5 May 2017 01:24:40 +0000 (03:24 +0200)]
avcodec/cavsdec: Fix undefined behavior from integer overflow

Fixes: 1335/clusterfuzz-testcase-minimized-5566961566089216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a0e5f7f363555d2befafb1c9e1579dbe0a2fbca7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dvdsubdec: Fix runtime error: left shift of 242 by 24 places cannot be repres...
Michael Niedermayer [Fri, 5 May 2017 00:51:13 +0000 (02:51 +0200)]
avcodec/dvdsubdec: Fix runtime error: left shift of 242 by 24 places cannot be represented in type 'int'

Fixes: 1080/clusterfuzz-testcase-5353236754071552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce7098b8f2b59c62b5abdb3d74819db75cf67698)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agolibavcodec/mpeg4videodec: Convert sprite_offset to 64bit
Michael Niedermayer [Wed, 3 May 2017 03:21:51 +0000 (05:21 +0200)]
libavcodec/mpeg4videodec: Convert sprite_offset to 64bit

This avoids intermediates from overflowing (the final values are checked)
Fixes: runtime error: signed integer overflow: -167712 + -2147352576 cannot be represented in type 'int'

Fixes: 1298/clusterfuzz-testcase-minimized-5955580877340672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1c3a14073b33f790075f2884ea5c64451a6c876)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/pngdec: Use ff_set_dimensions()
Michael Niedermayer [Thu, 4 May 2017 16:40:46 +0000 (18:40 +0200)]
avcodec/pngdec: Use ff_set_dimensions()

Fixes OOM
Fixes: 1314/clusterfuzz-testcase-minimized-4621997222920192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a0296fc056f0d86943c697c505a181744b07dd45)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/msvideo1: Check buffer size before re-getting the frame
Michael Niedermayer [Thu, 4 May 2017 13:24:46 +0000 (15:24 +0200)]
avcodec/msvideo1: Check buffer size before re-getting the frame

Fixes timeout
Fixes: 1306/clusterfuzz-testcase-minimized-6152296217968640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cabfed6895fcc679cd6a6244a12d800e0f3f2d20)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/h264_cavlc: Fix undefined behavior on qscale overflow
Michael Niedermayer [Sat, 22 Apr 2017 19:59:29 +0000 (21:59 +0200)]
avcodec/h264_cavlc: Fix undefined behavior on qscale overflow

Fixes: 1214/clusterfuzz-testcase-minimized-6130606599569408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fc8cff96ed45dfdb91ed03e9942845f28be0e770)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Increase offsets to prevent integer overflows
Michael Niedermayer [Thu, 27 Apr 2017 13:10:25 +0000 (15:10 +0200)]
avcodec/svq3: Increase offsets to prevent integer overflows

Fixes: 1280/clusterfuzz-testcase-minimized-6102353767825408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 382b4fc9b5f3102f59743bf9c8619b31dd8ede1b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/indeo2: Check remaining bits in ir2_decode_plane()
Michael Niedermayer [Mon, 1 May 2017 16:53:52 +0000 (18:53 +0200)]
avcodec/indeo2: Check remaining bits in ir2_decode_plane()

Fixes: 1290/clusterfuzz-testcase-minimized-5815578902134784
Fixes: timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b29feec9829cfab2523c8d95e35bd69e689ea4af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp3: Check remaining bits in unpack_dct_coeffs()
Michael Niedermayer [Mon, 1 May 2017 16:46:27 +0000 (18:46 +0200)]
avcodec/vp3: Check remaining bits in unpack_dct_coeffs()

Decreases the time spend decoding junk.

May fix: 1283/clusterfuzz-testcase-minimized-6221126759874560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f00300b779e7b247c85db0d7daef448225105ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mdec: Fix runtime error: left shift of negative value -127
Michael Niedermayer [Thu, 27 Apr 2017 00:27:16 +0000 (02:27 +0200)]
avcodec/mdec: Fix runtime error: left shift of negative value -127

Fixes undefined behavior
Fixes: 1275/clusterfuzz-testcase-minimized-6718162017976320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ca82975b7a8eaf676a52738ec8e7e36732327cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agolibavcodec/exr : fix float to uint16 conversion for negative float value
Martin Vignali [Tue, 25 Apr 2017 20:52:50 +0000 (22:52 +0200)]
libavcodec/exr : fix float to uint16 conversion for negative float value

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e46d63745215c04637e7797228bad36bce49d881)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavformat/webmdashenc: Validate the 'streams' adaptation sets parameter
Derek Buitenhuis [Thu, 20 Apr 2017 15:17:44 +0000 (16:17 +0100)]
avformat/webmdashenc: Validate the 'streams' adaptation sets parameter

It should not be a value larger than the number of streams we have,
or it will cause invalid reads and/or SIGSEGV.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec07efa70012845e8642df67a4a773f510a17088)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavformat/webmdashenc: Require the 'adaptation_sets' option to be set
Derek Buitenhuis [Thu, 20 Apr 2017 12:14:42 +0000 (13:14 +0100)]
avformat/webmdashenc: Require the 'adaptation_sets' option to be set

This seems to be non-optional, and if the muxer is run without it,
strlen() is run on NULL, causing a segfault.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cbd3a68f3e1c2d1679370301eb5e1a32a2df64fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dvdsubdec: Fixes 2 runtime error: left shift of 170 by 24 places cannot be...
Michael Niedermayer [Fri, 7 Apr 2017 01:36:17 +0000 (03:36 +0200)]
avcodec/dvdsubdec: Fixes 2 runtime error: left shift of 170 by 24 places cannot be represented in type 'int'

Fixes: 619/clusterfuzz-testcase-5803914534322176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 61ee2ca7758672128e30b3e87908b6845e006d71)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavfilter/avfiltergraph: Add assert to write down in machine readable form what is...
Michael Niedermayer [Sat, 21 Jan 2017 00:35:52 +0000 (01:35 +0100)]
avfilter/avfiltergraph: Add assert to write down in machine readable form what is assumed about sample rates in swap_samplerates_on_filter()

Fixes CID1397292

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f2b360fc05bbb4f21e1247d1d9af303113d6c25)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/tiff: Perform multiply in tiff_unpack_lzma() as 64bit
Michael Niedermayer [Sun, 8 Jan 2017 15:37:56 +0000 (16:37 +0100)]
avcodec/tiff: Perform multiply in tiff_unpack_lzma() as 64bit

This should make no difference as the value should not be able to be that large
but its more correct this way

Fixes CID1348138

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f48b6b8b91d63148ef50d096688ed7226cd6ddf4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vdpau_hevc: Fix potential out-of-bounds write
Philip Langdale [Thu, 1 Dec 2016 00:13:14 +0000 (16:13 -0800)]
avcodec/vdpau_hevc: Fix potential out-of-bounds write

The maximum number of references is 16, so the index value cannot
exceed 15.

Fixes Coverity CID 1348139, 1348140, 1348141

(cherry picked from commit 4e6d1c1f4ec83000a067ff14452b34c1f2d2a43a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/tiff: Check geotag count for being non zero
Michael Niedermayer [Tue, 21 Mar 2017 00:55:01 +0000 (01:55 +0100)]
avcodec/tiff: Check geotag count for being non zero

Fixes memleak
Fixes: 874/clusterfuzz-testcase-5252796175613952

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3182e19c1c29eef60208a67ad8ecad1d9a2d0694)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp56: Check avctx->error_concealment before enabling EC
Michael Niedermayer [Thu, 16 Mar 2017 10:20:46 +0000 (11:20 +0100)]
avcodec/vp56: Check avctx->error_concealment before enabling EC

Fixes timeout with 847/clusterfuzz-testcase-5291877358108672
Fixes timeout with 850/clusterfuzz-testcase-5721296509861888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 98da63b3f5f5a277c5c3a16860db9a9f6741e54c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/tiff: Check stripsize strippos for overflow
Michael Niedermayer [Thu, 16 Mar 2017 01:00:17 +0000 (02:00 +0100)]
avcodec/tiff: Check stripsize strippos for overflow

Fixes: 861/clusterfuzz-testcase-5688284384591872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d996b56499f00f80b02a41bab3d6b7349e36e9d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpegaudiodec_template: Make l3_unscale() work with e=0
Michael Niedermayer [Mon, 13 Mar 2017 19:45:09 +0000 (20:45 +0100)]
avcodec/mpegaudiodec_template: Make l3_unscale() work with e=0

Fixes undefined behavior
Fixes: 830/clusterfuzz-testcase-6253175327686656

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8ebed703f153e979edb2156754c8bdac4d5d6266)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/tiff: Check for multiple geo key directories
Michael Niedermayer [Mon, 13 Mar 2017 19:45:08 +0000 (20:45 +0100)]
avcodec/tiff: Check for multiple geo key directories

Fixes memleak
Fixes: 826/clusterfuzz-testcase-5316921379520512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 108b02e5471c1dae248200db694aba9b7b8555a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wavpack: Fix runtime error: shift exponent 32 is too large for 32-bit type...
Michael Niedermayer [Mon, 13 Mar 2017 01:51:15 +0000 (02:51 +0100)]
avcodec/wavpack: Fix runtime error: shift exponent 32 is too large for 32-bit type 'int'

Fixes: 822/clusterfuzz-testcase-4873433189974016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7cebc5a9ccba0de7bddf7900ae85652ebc66141c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/rv34: Fix runtime error: signed integer overflow: 36880 * 66288 cannot be...
Michael Niedermayer [Sun, 12 Mar 2017 02:04:05 +0000 (03:04 +0100)]
avcodec/rv34: Fix runtime error: signed integer overflow: 36880 * 66288 cannot be represented in type 'int'

Fixes: 768/clusterfuzz-testcase-4807444305805312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a66c6e28b543804f50df1c6083a204219b6b1daa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/amrwbdec: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Sat, 11 Mar 2017 02:55:39 +0000 (03:55 +0100)]
avcodec/amrwbdec: Fix  runtime error: left shift of negative value -1

Fixes: 763/clusterfuzz-testcase-6007567320875008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 44e2105189ac66637f34c764febc349238250b1d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg4videodec: Fix runtime error: signed integer overflow: -135088512 * 16...
Michael Niedermayer [Wed, 8 Mar 2017 21:25:08 +0000 (22:25 +0100)]
avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: -135088512 * 16 cannot be represented in type 'int'

Fixes: 736/clusterfuzz-testcase-5580263943831552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e2a4f1a9eb2c1ef3feed4a4f04db7629f2b61084)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/h264_mvpred: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Wed, 8 Mar 2017 20:53:15 +0000 (21:53 +0100)]
avcodec/h264_mvpred: Fix runtime error: left shift of negative value -1

Fixes: 734/clusterfuzz-testcase-4821293192970240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 222c9f031de3315af62be6d7a99c71105e516088)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mjpegdec: Fix runtime error: left shift of negative value -127
Michael Niedermayer [Wed, 8 Mar 2017 20:41:34 +0000 (21:41 +0100)]
avcodec/mjpegdec: Fix runtime error: left shift of negative value -127

Fixes: 733/clusterfuzz-testcase-4682158096515072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 800d02abe041deacab5585bf41c1bc2ae5f4b922)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wavpack: Fix runtime error: left shift of negative value -5
Michael Niedermayer [Mon, 6 Mar 2017 20:52:36 +0000 (21:52 +0100)]
avcodec/wavpack: Fix runtime error: left shift of negative value -5

Fixes: 729/clusterfuzz-testcase-5154831595470848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3016e919d4e1d90da98af19ce2a9d4979506eaf3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wavpack: Fix runtime error: left shift of negative value -2
Michael Niedermayer [Sat, 4 Mar 2017 03:55:15 +0000 (04:55 +0100)]
avcodec/wavpack: Fix runtime error: left shift of negative value -2

Fixes: 723/clusterfuzz-testcase-6471394663596032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba150051322c02e24c004bd5309468886e1e5ab6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>