ffmpeg.git
2 years agoavformat/tests/fifo_muxer: includes libavformat/network.h to define ETIMEDOUT for... n3.2.5
Gregory J. Wolfe [Thu, 1 Dec 2016 18:35:02 +0000 (13:35 -0500)]
avformat/tests/fifo_muxer: includes libavformat/network.h to define ETIMEDOUT for fate build.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c041a3cd50694af4472fd63496c9606bc1057d2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoUpdate for FFmpeg 3.2.5
Michael Niedermayer [Tue, 16 May 2017 01:34:43 +0000 (03:34 +0200)]
Update for FFmpeg 3.2.5

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/truemotion1: Fix multiple runtime error: signed integer overflow: 1246906962...
Michael Niedermayer [Tue, 16 May 2017 01:04:26 +0000 (03:04 +0200)]
avcodec/truemotion1: Fix multiple runtime error: signed integer overflow: 1246906962 * 2 cannot be represented in type 'int'

Fixes: 1616/clusterfuzz-testcase-minimized-5119196578971648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5ea6bc2a166edac37042f2bbc28eb603a0fbeccb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Fix runtime error: left shift of negative value -6
Michael Niedermayer [Mon, 15 May 2017 19:21:20 +0000 (21:21 +0200)]
avcodec/svq3: Fix runtime error: left shift of negative value -6

Fixes: 1604/clusterfuzz-testcase-minimized-5312060206350336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a6eb006ad47beb6d5e5cc2c99f8185965209ec6b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/tiff: reset sampling[] if its invalid
Michael Niedermayer [Mon, 15 May 2017 19:19:06 +0000 (21:19 +0200)]
avcodec/tiff: reset sampling[] if its invalid

Fixes divission by 0
Fixes: clusterfuzz-testcase-minimized-5592896440893440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f08122fbe039a56ab3c24f74636b4b0efea97d85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacps: Fix undefined behavior
Michael Niedermayer [Fri, 5 May 2017 11:16:07 +0000 (13:16 +0200)]
avcodec/aacps: Fix undefined behavior

Fixes: 1337/clusterfuzz-testcase-minimized-5212314171080704

Fixes the existence of a potentially invalid pointer intermediate

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 527f89e05922e840083ac6d49eeb838b1e350dd4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/opus_silk: Fix integer overflow and out of array read
Michael Niedermayer [Sat, 6 May 2017 12:28:20 +0000 (14:28 +0200)]
avcodec/opus_silk: Fix integer overflow and out of array read

Fixes: 1362/clusterfuzz-testcase-minimized-6097275002552320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4654baff125d937ae0b1037aa5f0bf53c7351658)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/flacdec: Return error code instead of 0 for failures
Michael Niedermayer [Tue, 9 May 2017 11:25:34 +0000 (13:25 +0200)]
avcodec/flacdec: Return error code instead of 0 for failures

Fixes: infinite loop
Fixes: 1418/clusterfuzz-testcase-minimized-5934472438480896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3f5a68533decdfb4757207e8d7b5af06e1dcd197)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/snowdec: Check width
Michael Niedermayer [Tue, 9 May 2017 14:08:14 +0000 (16:08 +0200)]
avcodec/snowdec: Check width

Fixes: out of array read
Fixes: 1419/clusterfuzz-testcase-minimized-6108700873850880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78aa93807b3e0674e34d32c0bf6f78d7f5b7927e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Update canvas size in vp8_lossy_decode_frame() as in vp8_lossless_decod...
Michael Niedermayer [Mon, 8 May 2017 12:43:03 +0000 (14:43 +0200)]
avcodec/webp: Update canvas size in vp8_lossy_decode_frame() as in vp8_lossless_decode_frame()

Fixes: 1407/clusterfuzz-testcase-minimized-6044604124102656
Fixes: 1420/clusterfuzz-testcase-minimized-6059927359455232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 72810d20b74f05cc4b214d6c277fa6f43160df54)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Factor update_canvas_size() out
Michael Niedermayer [Mon, 8 May 2017 12:43:02 +0000 (14:43 +0200)]
avcodec/webp: Factor update_canvas_size() out

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4f63b78b71e07dd2f5d49c032d9c3eef620c0f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cllc: Check prefix
Michael Niedermayer [Tue, 9 May 2017 17:38:46 +0000 (19:38 +0200)]
avcodec/cllc: Check prefix

Fixes: runtime error: left shift of 1610706944 by 1 places cannot be represented in type 'int'
Fixes: 1421/clusterfuzz-testcase-minimized-6239947507892224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 62c5949beca2c95d6af5c74985467438d2295a66)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/rscc: Check pixel_size for overflow
Michael Niedermayer [Fri, 12 May 2017 23:31:19 +0000 (01:31 +0200)]
avcodec/rscc: Check pixel_size for overflow

Fixes: 1509/clusterfuzz-testcase-minimized-5129419876204544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 934572c5c3592732a30336afdf2df9926a8b4df2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be represented...
Michael Niedermayer [Fri, 12 May 2017 23:35:56 +0000 (01:35 +0200)]
avcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be represented in type 'int'

Fixes: 1510/clusterfuzz-testcase-minimized-5826231746428928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit afb4632cc30e83287338690c785ebac180436a59)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg4videodec: Clear sprite wraping on unsupported cases in VOP decode
Michael Niedermayer [Sun, 14 May 2017 14:47:13 +0000 (16:47 +0200)]
avcodec/mpeg4videodec: Clear sprite wraping on unsupported cases in VOP decode

Fixes: Integer overflow
Fixes: 1572/clusterfuzz-testcase-minimized-4578773729017856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 467677769a2222ff8beab3c4d7826df9b7cbc81b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ac3dec: Fix: runtime error: index -1 out of bounds for type 'INTFLOAT [2]'
Michael Niedermayer [Sun, 14 May 2017 12:42:45 +0000 (14:42 +0200)]
avcodec/ac3dec: Fix: runtime error: index -1 out of bounds for type 'INTFLOAT [2]'

It seems dual mono with a LFE channel is not forbidden

Fixes: 1570/clusterfuzz-testcase-minimized-6455337349545984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c55e637072b694a1db40e21948d218bfa2e744bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/hqxdsp: Fix runtime error: signed integer overflow: -196264 * 11585 cannot...
Michael Niedermayer [Sun, 14 May 2017 12:06:56 +0000 (14:06 +0200)]
avcodec/hqxdsp: Fix runtime error: signed integer overflow: -196264 * 11585 cannot be represented in type 'int'

Fixes: 1568/clusterfuzz-testcase-minimized-5944868608147456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b923213276777f33d6366b1cb9d1845a8658f365)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g723_1dec: Fix LCG type
Michael Niedermayer [Sun, 14 May 2017 12:00:42 +0000 (14:00 +0200)]
avcodec/g723_1dec: Fix LCG type

Fixes: 1567/clusterfuzz-testcase-minimized-5693653555085312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f2c539d3501111f10a2b4e9480ea54c0a3190680)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agolibswscale/tests/swscale: Fix uninitialized variables
Michael Niedermayer [Sat, 29 Apr 2017 16:46:48 +0000 (18:46 +0200)]
libswscale/tests/swscale: Fix uninitialized variables

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7796f290653349a4126f2d448d11bb4440b9f257)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ffv1dec: Fix runtime error: signed integer overflow: 1550964438 + 1550964438...
Michael Niedermayer [Sat, 13 May 2017 21:24:04 +0000 (23:24 +0200)]
avcodec/ffv1dec: Fix runtime error: signed integer overflow: 1550964438 + 1550964438 cannot be represented in type 'int'

Fixes: 1559/clusterfuzz-testcase-minimized-5048096079740928
Fixes: 1560/clusterfuzz-testcase-minimized-6011037813833728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8630b2cd36c57918acfe18302fe77d1ceefbd676)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Fix signedness in prefix_code check
Michael Niedermayer [Sat, 13 May 2017 21:21:24 +0000 (23:21 +0200)]
avcodec/webp: Fix signedness in prefix_code check

Fixes: out of array read
Fixes: 1557/clusterfuzz-testcase-minimized-6535013757616128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c5cd1c9d33b4b287f85d42efb1aecfaee31de6c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Fix runtime error: signed integer overflow: 169 * 12717677 cannot be...
Michael Niedermayer [Sat, 13 May 2017 21:16:44 +0000 (23:16 +0200)]
avcodec/svq3: Fix runtime error: signed integer overflow: 169 * 12717677 cannot be represented in type 'int'

Fixes: 1556/clusterfuzz-testcase-minimized-5027865978470400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 86b1b0d33dd7459f0d9c352c51ee2e374fd6f7fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mlpdec: Check that there is enough data for headers
Michael Niedermayer [Sat, 13 May 2017 21:13:38 +0000 (23:13 +0200)]
avcodec/mlpdec: Check that there is enough data for headers

Fixes: out of array access
Fixes: 1541/clusterfuzz-testcase-minimized-6403410590957568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3e51f8c14d22ae11684dcfe58df355f0f9e6401)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ac3dec: Keep track of band structure
Michael Niedermayer [Sat, 13 May 2017 17:28:01 +0000 (19:28 +0200)]
avcodec/ac3dec: Keep track of band structure

It is needed in some corner cases that seem not to be forbidden
Fixes: out of array index
Fixes: 1538/clusterfuzz-testcase-minimized-4696904925446144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9351a156de724edb69ba6e1f05884fe806a13a21)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Add missing input padding
Michael Niedermayer [Sat, 13 May 2017 16:27:27 +0000 (18:27 +0200)]
avcodec/webp: Add missing input padding

Fixes: 1536/clusterfuzz-testcase-minimized-5973925404082176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a3508cc3fe643a8adad6a82a60bece3ea3c5dc63)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Sat, 13 May 2017 16:13:48 +0000 (18:13 +0200)]
avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1

Fixes: 1535/clusterfuzz-testcase-minimized-5826695535788032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 26227d91865ddfbfe35c9ff84853cc469e1c7daf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacsbr_template: Do not change bs_num_env before its checked
Michael Niedermayer [Fri, 12 May 2017 02:12:15 +0000 (04:12 +0200)]
avcodec/aacsbr_template: Do not change bs_num_env before its checked

Fixes: 1489/clusterfuzz-testcase-minimized-5075102901207040
Fixes: out of array access

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 87b08ee6d2a3b0880f0a267c5d51dc7f415e81d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mlp: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Sat, 13 May 2017 12:39:26 +0000 (14:39 +0200)]
avcodec/mlp: Fix multiple runtime error: left shift of negative value -1

Fixes: 1512/clusterfuzz-testcase-minimized-4713846423945216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 74dc728a2c2cc353da20cdc09b8cdfbbe14b7be8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflo...
Michael Niedermayer [Wed, 10 May 2017 12:50:40 +0000 (14:50 +0200)]
avcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflow: -1366381240 + -1262413604 cannot be represented in type 'int'

Fixes: 1440/clusterfuzz-testcase-minimized-5785716111966208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ccce2248bf56692fc7bd436ca2c9acca772d486a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/avcodec: Limit the number of side data elements per packet
Michael Niedermayer [Thu, 11 May 2017 11:01:36 +0000 (13:01 +0200)]
avcodec/avcodec: Limit the number of side data elements per packet

Fixes: 1293/clusterfuzz-testcase-minimized-6054752074858496

See: [FFmpeg-devel] [PATCH] avcodec/avcodec: Limit the number of side data elements per packet

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d5711cb89121268e8d78ebe8563a68e67a236cbb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be repre...
Michael Niedermayer [Fri, 12 May 2017 11:15:33 +0000 (13:15 +0200)]
avcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be represented in type 'int'

Fixes: 1505/clusterfuzz-testcase-minimized-4561688818876416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f225003d17364cd38fd28f268ae2b29abd8e5024)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g723_1dec: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Fri, 12 May 2017 11:13:46 +0000 (13:13 +0200)]
avcodec/g723_1dec: Fix runtime error: left shift of negative value -1

Fixes: 1504/clusterfuzz-testcase-minimized-6249212138225664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4c0245686bc2fcc545644101c7b328fed71f268)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot...
Michael Niedermayer [Fri, 12 May 2017 11:05:46 +0000 (13:05 +0200)]
avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot be represented in type 'int'

Fixes: 1503/clusterfuzz-testcase-minimized-5369271855087616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit df640dbbc949d0f4deefaf43e86b8bd50ae997cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610
Michael Niedermayer [Thu, 11 May 2017 21:24:23 +0000 (23:24 +0200)]
avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610

Fixes: 1487/clusterfuzz-testcase-minimized-6288036495097856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6899e6e56065d9365963e02690dc9e2ce7866050)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/msmpeg4dec: Check for cbpy VLC errors
Michael Niedermayer [Thu, 11 May 2017 17:10:16 +0000 (19:10 +0200)]
avcodec/msmpeg4dec: Check for cbpy VLC errors

Fixes: runtime error: left shift of negative value -1
Fixes: 1480/clusterfuzz-testcase-minimized-5188321007370240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15e892aad12b23e9b5686cf66ca6fa739c734ead)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cllc: Check num_bits
Michael Niedermayer [Thu, 11 May 2017 16:39:33 +0000 (18:39 +0200)]
avcodec/cllc: Check num_bits

Fixes: runtime error: shift exponent -2 is negative
Fixes: 1479/clusterfuzz-testcase-minimized-6638493360979968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bfd0a97587d26c0c39413a6291ccc66e4a928d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers
Michael Niedermayer [Thu, 11 May 2017 16:35:24 +0000 (18:35 +0200)]
avcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e717fa1f0a66825fb10fec7debad768f311ee240)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dvbsubdec: Check entry_id
Michael Niedermayer [Thu, 11 May 2017 13:18:50 +0000 (15:18 +0200)]
avcodec/dvbsubdec: Check entry_id

Fixes: randomly writing over the array end
Fixes: 1473/clusterfuzz-testcase-minimized-5768907824562176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a69f2602fea04b7ebae2db16f2581e8ff5ee0cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit type...
Michael Niedermayer [Thu, 11 May 2017 13:13:53 +0000 (15:13 +0200)]
avcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit type 'int'

Fixes: 1471/clusterfuzz-testcase-minimized-6376460543590400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a0ff78168f80f5b2c5c5544325aca4023bc67a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg12dec: Fixes runtime error: division by zero
Michael Niedermayer [Wed, 10 May 2017 22:49:31 +0000 (00:49 +0200)]
avcodec/mpeg12dec: Fixes runtime error: division by zero

Fixes: 1464/clusterfuzz-testcase-minimized-4925445571084288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0ece1f4addf8ac31df95775a2d36be2a55fc759)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Always set pix_fmt
Michael Niedermayer [Wed, 10 May 2017 16:37:49 +0000 (18:37 +0200)]
avcodec/webp: Always set pix_fmt

Fixes: out of array access
Fixes: 1434/clusterfuzz-testcase-minimized-6314998085189632
Fixes: 1435/clusterfuzz-testcase-minimized-6483783723253760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavfilter/vf_uspp: Fix currently unused input frame dimensions
Michael Niedermayer [Wed, 10 May 2017 19:54:31 +0000 (21:54 +0200)]
avfilter/vf_uspp: Fix currently unused input frame dimensions

Found-by: Nicolas
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 942036e97c8b149ce2f3ec6e7cbc990df8713d0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/truemotion1: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Wed, 10 May 2017 17:09:31 +0000 (19:09 +0200)]
avcodec/truemotion1: Fix multiple runtime error: left shift of negative value -1

Fixes: 1446/clusterfuzz-testcase-minimized-5577409124368384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db5fae32294763677caa4c1417dcba704c7e764e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/eatqi: Fix runtime error: signed integer overflow: 4466147 * 1075 cannot...
Michael Niedermayer [Wed, 10 May 2017 17:02:05 +0000 (19:02 +0200)]
avcodec/eatqi: Fix runtime error: signed integer overflow: 4466147 * 1075 cannot be represented in type 'int'

Fixes: 1443/clusterfuzz-testcase-minimized-4826998612426752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8de60ba2740185c53cabbee6c00ed67a0d530e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dss_sp: Fix runtime error: signed integer overflow: 2147481189 + 4096 cannot...
Michael Niedermayer [Wed, 10 May 2017 16:51:58 +0000 (18:51 +0200)]
avcodec/dss_sp: Fix runtime error: signed integer overflow: 2147481189 + 4096 cannot be represented in type 'int'

Fixes: 1441/clusterfuzz-testcase-minimized-6223152357048320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ea428789371fa0601e9ebb5b7f2216d4e73e831)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavformat/wavdec: Check chunk_size
李赞 [Wed, 10 May 2017 12:55:34 +0000 (14:55 +0200)]
avformat/wavdec: Check chunk_size

Fixes integer overflow and out of array access

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d232196372f309a75ed074c4cef30578eec1782)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cavs: Check updated MV
Michael Niedermayer [Wed, 10 May 2017 12:41:23 +0000 (14:41 +0200)]
avcodec/cavs: Check updated MV

Fixes: runtime error: signed integer overflow: 251 + 2147483647 cannot be represented in type 'int'
Fixes: 1438/clusterfuzz-testcase-minimized-4917542646710272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5871adc90f8c1037535563e33ebeaf032bb4d5d6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/y41pdec: Fix width in input buffer size check
Michael Niedermayer [Wed, 10 May 2017 12:33:27 +0000 (14:33 +0200)]
avcodec/y41pdec: Fix width in input buffer size check

Fixes: out of array read
Fixes: 1437/clusterfuzz-testcase-minimized-4569970002362368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d8d3729475c7dce52d8fb9ffb280fd2ea62e1a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Fix multiple runtime error: signed integer overflow: -237341 * 24552...
Michael Niedermayer [Tue, 9 May 2017 23:26:39 +0000 (01:26 +0200)]
avcodec/svq3: Fix multiple runtime error: signed integer overflow: -237341 * 24552 cannot be represented in type 'int'

Fixes: 1429/clusterfuzz-testcase-minimized-5959951610544128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ae6fd1790f48c457a8cedb445dcac73f8f7b7698)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/texturedsp: Fix runtime error: left shift of 218 by 24 places cannot be repre...
Michael Niedermayer [Tue, 9 May 2017 23:18:36 +0000 (01:18 +0200)]
avcodec/texturedsp: Fix runtime error: left shift of 218 by 24 places cannot be represented in type 'int'

Fixes: 1428/clusterfuzz-testcase-minimized-5263281793007616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bd8eb05d21b582d627a93852b59cb3cfc305dae)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/lagarith: Check scale_factor
Michael Niedermayer [Tue, 9 May 2017 22:56:45 +0000 (00:56 +0200)]
avcodec/lagarith: Check scale_factor

Fixes: 1425/clusterfuzz-testcase-minimized-6295712339853312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed3c9b5b0dd5abb545c48e930e1c32c187b0776a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/lagarith: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Tue, 9 May 2017 22:50:05 +0000 (00:50 +0200)]
avcodec/lagarith: Fix runtime error: left shift of negative value -1

Fixes: 1424/clusterfuzz-testcase-minimized-6088327159611392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ddb2dd7edbccc5596d8e3c039133be8444cb1d02)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/takdec: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Tue, 9 May 2017 22:44:37 +0000 (00:44 +0200)]
avcodec/takdec: Fix multiple  runtime error: left shift of negative value -1

Fixes: 1423/clusterfuzz-testcase-minimized-5063889899225088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c5d2fa2fdff08e77bba0c9a31b91826a807c551c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/indeo2: Check for invalid VLCs
Michael Niedermayer [Mon, 8 May 2017 22:02:22 +0000 (00:02 +0200)]
avcodec/indeo2: Check for invalid VLCs

Fixes: timeout
Fixes: 1416/clusterfuzz-testcase-minimized-5536862435278848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 159fb8ff7e4038edf13e91d3c08bc7b8abc369b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g723_1dec: Fix several integer related cases of undefined behaviour
Michael Niedermayer [Mon, 8 May 2017 18:24:48 +0000 (20:24 +0200)]
avcodec/g723_1dec: Fix several integer related cases of undefined behaviour

Fixes: 1412/clusterfuzz-testcase-minimized-6561308772139008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d3088e0fd8749788818cb5df92abaa3b12e409e1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/htmlsubtitles: Check for string truncation and return error
Michael Niedermayer [Fri, 5 May 2017 23:42:53 +0000 (01:42 +0200)]
avcodec/htmlsubtitles: Check for string truncation and return error

Fixes out of array access
Fixes: 1354/clusterfuzz-testcase-minimized-5520132195483648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4ae3cce64bd46b1d539bdeac39753f83015f114)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/bmvvideo: Fix runtime error: left shift of 137 by 24 places cannot be represe...
Michael Niedermayer [Mon, 8 May 2017 13:46:55 +0000 (15:46 +0200)]
avcodec/bmvvideo: Fix runtime error: left shift of 137 by 24 places cannot be represented in type 'int'

Fixes: 1411/clusterfuzz-testcase-minimized-5776085184675840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 29692023b2f1e0580a4065f4c9b62bafd89ab337)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dss_sp: Fix multiple runtime error: signed integer overflow: -15699 * -164039...
Michael Niedermayer [Mon, 8 May 2017 13:40:30 +0000 (15:40 +0200)]
avcodec/dss_sp: Fix multiple runtime error: signed integer overflow: -15699 * -164039 cannot be represented in type 'int'

Fixed: 1409/clusterfuzz-testcase-minimized-5237365020819456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea59ef0c031b6b92f051f60c19fdd0a716769834)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dvbsubdec: check region dimensions
Michael Niedermayer [Mon, 8 May 2017 13:17:31 +0000 (15:17 +0200)]
avcodec/dvbsubdec: check region dimensions

Fixes: 1408/clusterfuzz-testcase-minimized-6529985844084736
Fixes: integer overflow

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0075d9eced22839fa4f7a6eaa02155803ccae3e6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp8dsp: Fixes: runtime error: signed integer overflow: 1330143360 - -10230405...
Michael Niedermayer [Mon, 8 May 2017 10:07:56 +0000 (12:07 +0200)]
avcodec/vp8dsp: Fixes: runtime error: signed integer overflow: 1330143360 - -1023040530 cannot be represented in type 'int'

Fixes: 1406/clusterfuzz-testcase-minimized-5064865125236736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8824b7370a9fb72f9c699c3751a5ceb56e0cc41d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/hqxdsp: Fix multiple runtime error: signed integer overflow: 248220 * 21407...
Michael Niedermayer [Mon, 8 May 2017 10:04:09 +0000 (12:04 +0200)]
avcodec/hqxdsp: Fix multiple runtime error: signed integer overflow: 248220 * 21407 cannot be represented in type 'int' in idct_col()

Fixes: 1405/clusterfuzz-testcase-minimized-5011491835084800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d5118f81bd51b9c33500616b3c637123e8e4691)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cavsdec: Check sym_factor
Michael Niedermayer [Mon, 8 May 2017 09:55:27 +0000 (11:55 +0200)]
avcodec/cavsdec: Check sym_factor

Fixes: runtime error: signed integer overflow: 25984 * 130560 cannot be represented in type 'int'

Fixes: 1404/clusterfuzz-testcase-minimized-5000441286885376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 279420b5a63b3f254e4932a4afb91759fb50186a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cdxl: Check format for BGR24
Michael Niedermayer [Mon, 8 May 2017 09:46:03 +0000 (11:46 +0200)]
avcodec/cdxl: Check format for BGR24

Fixes: out of array access
Fixes: 1427/clusterfuzz-testcase-minimized-5020737339392000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1e42736b95065c69a7481d0cf55247024f54b660)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ffv1dec: Fix copying planes of paletted formats
Michael Niedermayer [Mon, 8 May 2017 00:28:07 +0000 (02:28 +0200)]
avcodec/ffv1dec: Fix copying planes of paletted formats

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a4d387195a5eb3c1700071af8d8150e4f7f6600)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -12156865 cannot...
Michael Niedermayer [Sun, 7 May 2017 21:07:42 +0000 (23:07 +0200)]
avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -12156865 cannot be represented in type 'int'

Fixes: 1401/clusterfuzz-testcase-minimized-6526248148795392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b1f66cf5c2e4d29ae06cdf3f12cdd3d808006bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/xwddec: Check bpp more completely
Michael Niedermayer [Sun, 7 May 2017 16:50:49 +0000 (18:50 +0200)]
avcodec/xwddec: Check bpp more completely

Fixes out of array access
Fixes: 1399/clusterfuzz-testcase-minimized-4866094172995584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 441026fcb13ac23aa10edc312bdacb6445a0ad06)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec_template: Do not decode 2nd PCE if it will lead to failure
Michael Niedermayer [Mon, 10 Apr 2017 00:46:25 +0000 (02:46 +0200)]
avcodec/aacdec_template: Do not decode 2nd PCE if it will lead to failure

Fixes: out of array read
Fixes: 1072/clusterfuzz-testcase-6456688074817536
Fixes: 1398/clusterfuzz-testcase-minimized-4576913622302720

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5e0dbf530d447f36099aed575b34e9258c5d75a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/s302m: Fix left shift of 8 by 28 places cannot be represented in type 'int'
Michael Niedermayer [Sun, 7 May 2017 13:44:51 +0000 (15:44 +0200)]
avcodec/s302m: Fix left shift of 8 by 28 places cannot be represented in type 'int'

Fixes: 1395/clusterfuzz-testcase-minimized-5330939741732864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a38e9797cb4123d13ba871d166a737786ba04a9b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/eamad: Fix runtime error: signed integer overflow: 49674 * 49858 cannot be...
Michael Niedermayer [Sun, 7 May 2017 13:42:17 +0000 (15:42 +0200)]
avcodec/eamad: Fix runtime error: signed integer overflow: 49674 * 49858 cannot be represented in type 'int'

Fixes: 1394/clusterfuzz-testcase-minimized-6493376885030912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ac1c87194a67e6104a3d241a4dd1ca0808784bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g726: Fix runtime error: left shift of negative value -2
Michael Niedermayer [Sun, 7 May 2017 13:40:07 +0000 (15:40 +0200)]
avcodec/g726: Fix runtime error: left shift of negative value -2

Fixes: 1393/clusterfuzz-testcase-minimized-5948366791901184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c04aa148824f4fb7f4b70830ad3ca7a6cba8ab79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ra144: Fix runtime error: left shift of negative value -798
Michael Niedermayer [Sun, 7 May 2017 12:16:33 +0000 (14:16 +0200)]
avcodec/ra144: Fix runtime error: left shift of negative value -798

Fixes: 1388/clusterfuzz-testcase-minimized-6680800936329216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78bf446852a7e5e8aa52c7ca9889632e167b665f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mss34dsp: Fix multiple signed integer overflow
Michael Niedermayer [Sun, 7 May 2017 12:12:04 +0000 (14:12 +0200)]
avcodec/mss34dsp: Fix multiple signed integer overflow

Fixes: 1387/clusterfuzz-testcase-minimized-4802757766676480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 464c4b86ee43b7912e6f23fd3e5ba40381b4c371)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/targa_y216dec: Fix width type
Michael Niedermayer [Sun, 7 May 2017 01:49:06 +0000 (03:49 +0200)]
avcodec/targa_y216dec: Fix width type

Fixes out of array access
Fixes: 1376/clusterfuzz-testcase-minimized-6361794975105024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e56db892600c2fbe34782c6140f1ee832a2c344)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/texturedsp: Fix multiple runtime error: left shift of 255 by 24 places cannot...
Michael Niedermayer [Sun, 7 May 2017 01:27:17 +0000 (03:27 +0200)]
avcodec/texturedsp: Fix multiple runtime error: left shift of 255 by 24 places cannot be represented in type 'int'

Fixes: 1386/clusterfuzz-testcase-minimized-5323086394032128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e92fb2bea1800b987ebc3cbeef9d48cfe4bcd191)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ivi_dsp: Fix multiple left shift of negative value -2
Michael Niedermayer [Sun, 7 May 2017 01:23:09 +0000 (03:23 +0200)]
avcodec/ivi_dsp: Fix multiple left shift of negative value -2

Fixes: 1385/clusterfuzz-testcase-minimized-5552882663292928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e88cc94e58e9e4d1293f9f56c973510e30495fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Fix multiple runtime error: signed integer overflow: 44161 * 61694...
Michael Niedermayer [Sun, 7 May 2017 01:16:53 +0000 (03:16 +0200)]
avcodec/svq3: Fix multiple runtime error: signed integer overflow: 44161 * 61694 cannot be represented in type 'int'

Fixes: 1382/clusterfuzz-testcase-minimized-6013445293998080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 669419939c1d36be35196859dc73ec9a194157ad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/msmpeg4dec: Correct table depth
Michael Niedermayer [Sun, 7 May 2017 00:46:54 +0000 (02:46 +0200)]
avcodec/msmpeg4dec: Correct table depth

Fixes undefined shift
Fixes: 1381/clusterfuzz-testcase-minimized-5513944540119040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1121d9270783b284a70af317d8785eac7df1b72f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dds: Fix runtime error: left shift of 1 by 31 places cannot be represented...
Michael Niedermayer [Sat, 6 May 2017 20:31:23 +0000 (22:31 +0200)]
avcodec/dds: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

Fixes: 1380/clusterfuzz-testcase-minimized-650122545122508

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a8335de030aa6cb6356bb16c7d3aefc5a80e362)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cdxl: Check format parameter
Michael Niedermayer [Sat, 6 May 2017 20:24:52 +0000 (22:24 +0200)]
avcodec/cdxl: Check format parameter

Fixes out of array access
Fixes: 1378/clusterfuzz-testcase-minimized-5715088008806400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavutil/softfloat: Fix overflow in av_div_sf()
Michael Niedermayer [Sat, 6 May 2017 19:31:49 +0000 (21:31 +0200)]
avutil/softfloat: Fix overflow in av_div_sf()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 277e397eb5964999bd76909f52d4bd3350289c22)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/hq_hqa: Fix runtime error: left shift of negative value -207
Michael Niedermayer [Sat, 6 May 2017 17:11:46 +0000 (19:11 +0200)]
avcodec/hq_hqa: Fix runtime error: left shift of negative value -207

Fixes: 1375/clusterfuzz-testcase-minimized-6070134701555712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1283c4244767bd19918f355c31d702a94ee0cc1b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mss3: Change types in rac_get_model_sym() to match the types they are initial...
Michael Niedermayer [Sat, 6 May 2017 17:07:59 +0000 (19:07 +0200)]
avcodec/mss3: Change types in rac_get_model_sym() to match the types they are initialized from

Fixes integer overflow
Fixes: 1372/clusterfuzz-testcase-minimized-5712192982745088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ef0f392711445e173a56b2c073dedb021ae3783)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/shorten: Check k in get_uint()
Michael Niedermayer [Sat, 6 May 2017 16:28:09 +0000 (18:28 +0200)]
avcodec/shorten: Check k in get_uint()

Fixes: undefined shift
Fixes: 1371/clusterfuzz-testcase-minimized-5770822591447040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b6a51f59c467ab9f4b73122dc269206fb517425)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Fix null pointer dereference
Michael Niedermayer [Sat, 6 May 2017 14:43:52 +0000 (16:43 +0200)]
avcodec/webp: Fix null pointer dereference

Fixes: 1369/clusterfuzz-testcase-minimized-5048908029886464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9bf4523e40148fdd27064ab570952bd8c4d1016e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dfa: Fix signed integer overflow: -2147483648 - 1 cannot be represented in...
Michael Niedermayer [Sat, 6 May 2017 14:38:22 +0000 (16:38 +0200)]
avcodec/dfa: Fix signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'

Fixes: 1368/clusterfuzz-testcase-minimized-4507293276176384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12936a4585bc293c0f88327d6840f49e8e744b62)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g723_1: Fix multiple runtime error: left shift of negative value
Michael Niedermayer [Sat, 6 May 2017 14:32:56 +0000 (16:32 +0200)]
avcodec/g723_1: Fix multiple runtime error: left shift of negative value

Fixes: 1367/clusterfuzz-testcase-minimized-571496882346393

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4ace2d22192f3995911ec926940125dcb29d606a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mimic: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Sat, 6 May 2017 13:17:29 +0000 (15:17 +0200)]
avcodec/mimic: Fix runtime error: left shift of negative value -1

Fixes: 1365/clusterfuzz-testcase-minimized-5624158450876416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fc2c420b82939a8f30838a6aa08bfd936099d3ce)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/fic: Fix multiple left shift of negative value -15
Michael Niedermayer [Sat, 6 May 2017 10:10:59 +0000 (12:10 +0200)]
avcodec/fic: Fix multiple left shift of negative value -15

Fixes: 1356/clusterfuzz-testcase-minimized-6008489086287872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b20c71409b24460983ba5d9afa0716714f9e0f7d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mlpdec: Fix runtime error: left shift of negative value -22
Michael Niedermayer [Sat, 6 May 2017 10:05:17 +0000 (12:05 +0200)]
avcodec/mlpdec: Fix runtime error: left shift of negative value -22

Fixes: 1355/clusterfuzz-testcase-minimized-6662205472768000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c535436cbeeab89be64e9f3fd652bc736f2f3245)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/snowdec: Check qbias
Michael Niedermayer [Fri, 5 May 2017 23:08:54 +0000 (01:08 +0200)]
avcodec/snowdec: Check qbias

Fixes: signed integer overflow: -1094995529 * 131 cannot be represented in type 'int'
Fixes: 1353/clusterfuzz-testcase-minimized-5208180449607680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 523205ce1ed9415183c162998c68f573479e78fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavutil/softfloat: Fix multiple runtime error: left shift of negative value -8
Michael Niedermayer [Fri, 5 May 2017 22:13:05 +0000 (00:13 +0200)]
avutil/softfloat: Fix multiple runtime error: left shift of negative value -8

Fixes: 1352/clusterfuzz-testcase-minimized-5757565017260032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 35f3df0d76e28969fa77f2b865e2e40b3ba69722)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacsbr_template: Do not leave bs_num_env invalid
Michael Niedermayer [Fri, 5 May 2017 21:00:59 +0000 (23:00 +0200)]
avcodec/aacsbr_template: Do not leave bs_num_env invalid

Fixes out of array read
Fixes: 1349/clusterfuzz-testcase-minimized-5370707196248064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8ad83b793e883b8c6d114f81073a4e40c0308a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mdec: Fix signed integer overflow: 28835400 * 83 cannot be represented in...
Michael Niedermayer [Fri, 5 May 2017 20:17:59 +0000 (22:17 +0200)]
avcodec/mdec: Fix signed integer overflow: 28835400 * 83 cannot be represented in type 'int'

Fixes: 1346/clusterfuzz-testcase-minimized-5776732600664064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a234b5ade3ca6cde805b92b8b6ecacf693460a8c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dfa: Fix off by 1 error
Michael Niedermayer [Fri, 5 May 2017 18:42:11 +0000 (20:42 +0200)]
avcodec/dfa: Fix off by 1 error

Fixes out of array access
Fixes: 1345/clusterfuzz-testcase-minimized-6062963045695488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f52fbf4f3ed02a7d872d8a102006f29b4421f360)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/nellymoser: Fix multiple left shift of negative value -8591
Michael Niedermayer [Fri, 5 May 2017 17:28:56 +0000 (19:28 +0200)]
avcodec/nellymoser: Fix multiple left shift of negative value -8591

Fixes: 1342/clusterfuzz-testcase-minimized-5490842129137664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0953736b7e97f6e121a0587a95434bf1857a27da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cdxl: Fix signed integer overflow: 14243456 * 164 cannot be represented in...
Michael Niedermayer [Fri, 5 May 2017 17:26:02 +0000 (19:26 +0200)]
avcodec/cdxl: Fix signed integer overflow: 14243456 * 164 cannot be represented in type 'int'

Fixes: 1341/clusterfuzz-testcase-minimized-5441502618583040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1002932a3b16d35c46a08455f76462909eebb5aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g722: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Fri, 5 May 2017 16:14:03 +0000 (18:14 +0200)]
avcodec/g722: Fix multiple runtime error: left shift of negative value -1

Fixes: 1340/clusterfuzz-testcase-minimized-4669892148068352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f55df62998681c7702f008ce7c12a00b15e33f53)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dss_sp: Fix multiple left shift of negative value -466
Michael Niedermayer [Fri, 5 May 2017 16:07:25 +0000 (18:07 +0200)]
avcodec/dss_sp: Fix multiple left shift of negative value -466

Fixes: 1339/clusterfuzz-testcase-minimized-4614671485108224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38152d9368beb080b4acd6cd9e5ccc89b3f733bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wnv1: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Fri, 5 May 2017 16:01:25 +0000 (18:01 +0200)]
avcodec/wnv1: Fix runtime error: left shift of negative value -1

Fixes: 1338/clusterfuzz-testcase-minimized-6485546354343936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9fac508ca46f93450ec232299dfd15ac70b6f326)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/tiertexseqv: set the fixed dimenasions, do not depend on the demuxer doing so
Michael Niedermayer [Fri, 5 May 2017 10:48:12 +0000 (12:48 +0200)]
avcodec/tiertexseqv: set the fixed dimenasions, do not depend on the demuxer doing so

Fixes: out of array access
Fixes: 1348/clusterfuzz-testcase-minimized-6195673642827776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce551a3925a1cf9c7824e26a246b99b6773bda4b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>