ffmpeg.git
2 years agoChangelog: update n3.3.1
Michael Niedermayer [Sun, 14 May 2017 15:57:14 +0000 (17:57 +0200)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agodoc/general: fix project name after 2b1a6b1ae
Clément Bœsch [Wed, 5 Apr 2017 16:38:33 +0000 (18:38 +0200)]
doc/general: fix project name after 2b1a6b1ae

(cherry picked from commit d8eb40bd70c9c6326f51ce4afe29c3d4485388b2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/pixlet: Fix shift exponent 4294967268 is too large for 32-bit type 'int'
Michael Niedermayer [Fri, 5 May 2017 11:02:22 +0000 (13:02 +0200)]
avcodec/pixlet: Fix shift exponent 4294967268 is too large for 32-bit type 'int'

Fixes: 1336/clusterfuzz-testcase-minimized-4761381930795008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f5b6c7e1ee604b1525b3ab84ea6e8817fe66f36)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacps: Fix undefined behavior
Michael Niedermayer [Fri, 5 May 2017 11:16:07 +0000 (13:16 +0200)]
avcodec/aacps: Fix undefined behavior

Fixes: 1337/clusterfuzz-testcase-minimized-5212314171080704

Fixes the existence of a potentially invalid pointer intermediate

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 527f89e05922e840083ac6d49eeb838b1e350dd4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/opus_silk: Fix integer overflow and out of array read
Michael Niedermayer [Sat, 6 May 2017 12:28:20 +0000 (14:28 +0200)]
avcodec/opus_silk: Fix integer overflow and out of array read

Fixes: 1362/clusterfuzz-testcase-minimized-6097275002552320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4654baff125d937ae0b1037aa5f0bf53c7351658)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/flacdec: Return error code instead of 0 for failures
Michael Niedermayer [Tue, 9 May 2017 11:25:34 +0000 (13:25 +0200)]
avcodec/flacdec: Return error code instead of 0 for failures

Fixes: infinite loop
Fixes: 1418/clusterfuzz-testcase-minimized-5934472438480896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3f5a68533decdfb4757207e8d7b5af06e1dcd197)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/snowdec: Check width
Michael Niedermayer [Tue, 9 May 2017 14:08:14 +0000 (16:08 +0200)]
avcodec/snowdec: Check width

Fixes: out of array read
Fixes: 1419/clusterfuzz-testcase-minimized-6108700873850880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78aa93807b3e0674e34d32c0bf6f78d7f5b7927e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Update canvas size in vp8_lossy_decode_frame() as in vp8_lossless_decod...
Michael Niedermayer [Mon, 8 May 2017 12:43:03 +0000 (14:43 +0200)]
avcodec/webp: Update canvas size in vp8_lossy_decode_frame() as in vp8_lossless_decode_frame()

Fixes: 1407/clusterfuzz-testcase-minimized-6044604124102656
Fixes: 1420/clusterfuzz-testcase-minimized-6059927359455232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 72810d20b74f05cc4b214d6c277fa6f43160df54)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Factor update_canvas_size() out
Michael Niedermayer [Mon, 8 May 2017 12:43:02 +0000 (14:43 +0200)]
avcodec/webp: Factor update_canvas_size() out

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4f63b78b71e07dd2f5d49c032d9c3eef620c0f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cllc: Check prefix
Michael Niedermayer [Tue, 9 May 2017 17:38:46 +0000 (19:38 +0200)]
avcodec/cllc: Check prefix

Fixes: runtime error: left shift of 1610706944 by 1 places cannot be represented in type 'int'
Fixes: 1421/clusterfuzz-testcase-minimized-6239947507892224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 62c5949beca2c95d6af5c74985467438d2295a66)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/fmvc: Check nb_blocks
Michael Niedermayer [Fri, 12 May 2017 23:22:27 +0000 (01:22 +0200)]
avcodec/fmvc: Check nb_blocks

Fixes: out of array read
Fixes: 1508/clusterfuzz-testcase-minimized-5011336327069696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0158b405a71f386c7844a3d975315afd47f16b5d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/rscc: Check pixel_size for overflow
Michael Niedermayer [Fri, 12 May 2017 23:31:19 +0000 (01:31 +0200)]
avcodec/rscc: Check pixel_size for overflow

Fixes: 1509/clusterfuzz-testcase-minimized-5129419876204544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 934572c5c3592732a30336afdf2df9926a8b4df2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be represented...
Michael Niedermayer [Fri, 12 May 2017 23:35:56 +0000 (01:35 +0200)]
avcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be represented in type 'int'

Fixes: 1510/clusterfuzz-testcase-minimized-5826231746428928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit afb4632cc30e83287338690c785ebac180436a59)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/pixlet: Fixes: runtime error: signed integer overflow: 9203954323419769657...
Michael Niedermayer [Sun, 14 May 2017 15:02:49 +0000 (17:02 +0200)]
avcodec/pixlet: Fixes: runtime error: signed integer overflow: 9203954323419769657 + 29897660706736950 cannot be represented in type 'long'

Fixes: 1569/clusterfuzz-testcase-minimized-6328690508038144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a453f5549a8c3f8307200b32d3b342f0b4af3153)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg4videodec: Clear sprite wraping on unsupported cases in VOP decode
Michael Niedermayer [Sun, 14 May 2017 14:47:13 +0000 (16:47 +0200)]
avcodec/mpeg4videodec: Clear sprite wraping on unsupported cases in VOP decode

Fixes: Integer overflow
Fixes: 1572/clusterfuzz-testcase-minimized-4578773729017856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 467677769a2222ff8beab3c4d7826df9b7cbc81b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ac3dec: Fix: runtime error: index -1 out of bounds for type 'INTFLOAT [2]'
Michael Niedermayer [Sun, 14 May 2017 12:42:45 +0000 (14:42 +0200)]
avcodec/ac3dec: Fix: runtime error: index -1 out of bounds for type 'INTFLOAT [2]'

It seems dual mono with a LFE channel is not forbidden

Fixes: 1570/clusterfuzz-testcase-minimized-6455337349545984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c55e637072b694a1db40e21948d218bfa2e744bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/hqxdsp: Fix runtime error: signed integer overflow: -196264 * 11585 cannot...
Michael Niedermayer [Sun, 14 May 2017 12:06:56 +0000 (14:06 +0200)]
avcodec/hqxdsp: Fix runtime error: signed integer overflow: -196264 * 11585 cannot be represented in type 'int'

Fixes: 1568/clusterfuzz-testcase-minimized-5944868608147456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b923213276777f33d6366b1cb9d1845a8658f365)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g723_1dec: Fix LCG type
Michael Niedermayer [Sun, 14 May 2017 12:00:42 +0000 (14:00 +0200)]
avcodec/g723_1dec: Fix LCG type

Fixes: 1567/clusterfuzz-testcase-minimized-5693653555085312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f2c539d3501111f10a2b4e9480ea54c0a3190680)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agolavc/mediacodec_wrapper: fix local reference leaks
Matthieu Bouron [Wed, 10 May 2017 13:59:41 +0000 (15:59 +0200)]
lavc/mediacodec_wrapper: fix local reference leaks

Reviewed-by: Clément Bœsch <u@pkh.me>
2 years agolavc/ffjni: fix local reference leak
Matthieu Bouron [Wed, 10 May 2017 13:57:57 +0000 (15:57 +0200)]
lavc/ffjni: fix local reference leak

Reviewed-by: Clément Bœsch <u@pkh.me>
2 years agolavc/aarch64/simple_idct: fix iOS build without gas-preprocessor
Matthieu Bouron [Fri, 28 Apr 2017 19:58:55 +0000 (21:58 +0200)]
lavc/aarch64/simple_idct: fix iOS build without gas-preprocessor

Separates macro arguments with commas and passes .4H/.8H as macro
arguments instead of 4H/8H (the later form being interpreted as an
hexadecimal value).

Fixes ticket #6324.

Suggested-by: Martin Storsjö <martin@martin.st>
2 years agoavcodec/aac_adtstoasc: fix ASC passthrough on small frames
James Almer [Tue, 11 Apr 2017 04:03:51 +0000 (01:03 -0300)]
avcodec/aac_adtstoasc: fix ASC passthrough on small frames

ASC frames smaller than AAC_ADTS_HEADER_SIZE were being discarded.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 0f05f2c7e67949ce77de3cf7013f7d4da1c3e046)

2 years agoavcodec/aacenc_ltp: fix use of uninitialized values
James Almer [Wed, 12 Apr 2017 22:38:17 +0000 (19:38 -0300)]
avcodec/aacenc_ltp: fix use of uninitialized values

Fixes some valgrind warnings.

Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 8cd8c8331730fbaac5066bfd66e15b39a85ce537)

2 years agoavcodec/hevc_sei: fix amount of bits skipped when reading picture timing SEI message
James Almer [Sat, 6 May 2017 23:31:45 +0000 (20:31 -0300)]
avcodec/hevc_sei: fix amount of bits skipped when reading picture timing SEI message

The code was skipping the entire reported SEI message size regardless of
the amount of bits read.
While in theory safe for NALU where the picture timing SEI message is alone
or at the end as we're using the checked bitstream reader, it isn't in any
other situation, where every SEI message in the NALU after the picture
timing one would potentially fail to parse.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit f738140807f504c9af7850042067777832f05e88)

Conflicts:
libavcodec/hevc_sei.c

2 years agoavcodec/avpacket: allow only one element per type in packet side data
James Almer [Fri, 12 May 2017 16:45:44 +0000 (13:45 -0300)]
avcodec/avpacket: allow only one element per type in packet side data

It was never meant to do otherwise, as av_packet_get_side_data() returns the first
entry it finds of a given type.

Based on code from libavformat's av_stream_add_side_data().

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 28f60eeabbdc3d0550f45da813ba91a0354524c4)

2 years agoUpdate for 3.3.1
Michael Niedermayer [Sun, 14 May 2017 00:38:30 +0000 (02:38 +0200)]
Update for 3.3.1

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agolibswscale/tests/swscale: Fix uninitialized variables
Michael Niedermayer [Sat, 29 Apr 2017 16:46:48 +0000 (18:46 +0200)]
libswscale/tests/swscale: Fix uninitialized variables

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7796f290653349a4126f2d448d11bb4440b9f257)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ffv1dec: Fix runtime error: signed integer overflow: 1550964438 + 1550964438...
Michael Niedermayer [Sat, 13 May 2017 21:24:04 +0000 (23:24 +0200)]
avcodec/ffv1dec: Fix runtime error: signed integer overflow: 1550964438 + 1550964438 cannot be represented in type 'int'

Fixes: 1559/clusterfuzz-testcase-minimized-5048096079740928
Fixes: 1560/clusterfuzz-testcase-minimized-6011037813833728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8630b2cd36c57918acfe18302fe77d1ceefbd676)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Fix signedness in prefix_code check
Michael Niedermayer [Sat, 13 May 2017 21:21:24 +0000 (23:21 +0200)]
avcodec/webp: Fix signedness in prefix_code check

Fixes: out of array read
Fixes: 1557/clusterfuzz-testcase-minimized-6535013757616128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c5cd1c9d33b4b287f85d42efb1aecfaee31de6c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Fix runtime error: signed integer overflow: 169 * 12717677 cannot be...
Michael Niedermayer [Sat, 13 May 2017 21:16:44 +0000 (23:16 +0200)]
avcodec/svq3: Fix runtime error: signed integer overflow: 169 * 12717677 cannot be represented in type 'int'

Fixes: 1556/clusterfuzz-testcase-minimized-5027865978470400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 86b1b0d33dd7459f0d9c352c51ee2e374fd6f7fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mlpdec: Check that there is enough data for headers
Michael Niedermayer [Sat, 13 May 2017 21:13:38 +0000 (23:13 +0200)]
avcodec/mlpdec: Check that there is enough data for headers

Fixes: out of array access
Fixes: 1541/clusterfuzz-testcase-minimized-6403410590957568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3e51f8c14d22ae11684dcfe58df355f0f9e6401)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ac3dec: Keep track of band structure
Michael Niedermayer [Sat, 13 May 2017 17:28:01 +0000 (19:28 +0200)]
avcodec/ac3dec: Keep track of band structure

It is needed in some corner cases that seem not to be forbidden
Fixes: out of array index
Fixes: 1538/clusterfuzz-testcase-minimized-4696904925446144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9351a156de724edb69ba6e1f05884fe806a13a21)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Add missing input padding
Michael Niedermayer [Sat, 13 May 2017 16:27:27 +0000 (18:27 +0200)]
avcodec/webp: Add missing input padding

Fixes: 1536/clusterfuzz-testcase-minimized-5973925404082176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a3508cc3fe643a8adad6a82a60bece3ea3c5dc63)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Sat, 13 May 2017 16:13:48 +0000 (18:13 +0200)]
avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1

Fixes: 1535/clusterfuzz-testcase-minimized-5826695535788032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 26227d91865ddfbfe35c9ff84853cc469e1c7daf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacsbr_template: Do not change bs_num_env before its checked
Michael Niedermayer [Fri, 12 May 2017 02:12:15 +0000 (04:12 +0200)]
avcodec/aacsbr_template: Do not change bs_num_env before its checked

Fixes: 1489/clusterfuzz-testcase-minimized-5075102901207040
Fixes: out of array access

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 87b08ee6d2a3b0880f0a267c5d51dc7f415e81d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/scpr: Fix multiple runtime error: index 256 out of bounds for type 'unsigned...
Michael Niedermayer [Sat, 13 May 2017 13:39:32 +0000 (15:39 +0200)]
avcodec/scpr: Fix multiple runtime error: index 256 out of bounds for type 'unsigned int [256]'

Fixes: 1519/clusterfuzz-testcase-minimized-5286680976162816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2171dfae8c065878a2e130390eb78cf2947a5b69)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mlp: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Sat, 13 May 2017 12:39:26 +0000 (14:39 +0200)]
avcodec/mlp: Fix multiple runtime error: left shift of negative value -1

Fixes: 1512/clusterfuzz-testcase-minimized-4713846423945216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 74dc728a2c2cc353da20cdc09b8cdfbbe14b7be8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/xpmdec: Fix multiple pointer/memory issues
Michael Niedermayer [Thu, 11 May 2017 00:38:33 +0000 (02:38 +0200)]
avcodec/xpmdec: Fix multiple pointer/memory issues

Most of these were found through code review in response to
fixing 1466/clusterfuzz-testcase-minimized-5961584419536896
There is thus no testcase for most of this.
The initial issue was Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cb243972b121b1ae6b60a78ff55a0506c69f3879)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflo...
Michael Niedermayer [Wed, 10 May 2017 12:50:40 +0000 (14:50 +0200)]
avcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflow: -1366381240 + -1262413604 cannot be represented in type 'int'

Fixes: 1440/clusterfuzz-testcase-minimized-5785716111966208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ccce2248bf56692fc7bd436ca2c9acca772d486a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/avcodec: Limit the number of side data elements per packet
Michael Niedermayer [Thu, 11 May 2017 11:01:36 +0000 (13:01 +0200)]
avcodec/avcodec: Limit the number of side data elements per packet

Fixes: 1293/clusterfuzz-testcase-minimized-6054752074858496

See: [FFmpeg-devel] [PATCH] avcodec/avcodec: Limit the number of side data elements per packet

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d5711cb89121268e8d78ebe8563a68e67a236cbb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be repre...
Michael Niedermayer [Fri, 12 May 2017 11:15:33 +0000 (13:15 +0200)]
avcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be represented in type 'int'

Fixes: 1505/clusterfuzz-testcase-minimized-4561688818876416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f225003d17364cd38fd28f268ae2b29abd8e5024)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g723_1dec: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Fri, 12 May 2017 11:13:46 +0000 (13:13 +0200)]
avcodec/g723_1dec: Fix runtime error: left shift of negative value -1

Fixes: 1504/clusterfuzz-testcase-minimized-6249212138225664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4c0245686bc2fcc545644101c7b328fed71f268)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot...
Michael Niedermayer [Fri, 12 May 2017 11:05:46 +0000 (13:05 +0200)]
avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot be represented in type 'int'

Fixes: 1503/clusterfuzz-testcase-minimized-5369271855087616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit df640dbbc949d0f4deefaf43e86b8bd50ae997cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610
Michael Niedermayer [Thu, 11 May 2017 21:24:23 +0000 (23:24 +0200)]
avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610

Fixes: 1487/clusterfuzz-testcase-minimized-6288036495097856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6899e6e56065d9365963e02690dc9e2ce7866050)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/msmpeg4dec: Check for cbpy VLC errors
Michael Niedermayer [Thu, 11 May 2017 17:10:16 +0000 (19:10 +0200)]
avcodec/msmpeg4dec: Check for cbpy VLC errors

Fixes: runtime error: left shift of negative value -1
Fixes: 1480/clusterfuzz-testcase-minimized-5188321007370240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15e892aad12b23e9b5686cf66ca6fa739c734ead)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cllc: Check num_bits
Michael Niedermayer [Thu, 11 May 2017 16:39:33 +0000 (18:39 +0200)]
avcodec/cllc: Check num_bits

Fixes: runtime error: shift exponent -2 is negative
Fixes: 1479/clusterfuzz-testcase-minimized-6638493360979968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bfd0a97587d26c0c39413a6291ccc66e4a928d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers
Michael Niedermayer [Thu, 11 May 2017 16:35:24 +0000 (18:35 +0200)]
avcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e717fa1f0a66825fb10fec7debad768f311ee240)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/scpr: Check y in first line loop in decompress_i()
Michael Niedermayer [Thu, 11 May 2017 13:29:31 +0000 (15:29 +0200)]
avcodec/scpr: Check y in first line loop in decompress_i()

Fixes: out of array access
Fixes: 1478/clusterfuzz-testcase-minimized-5285486908145664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ac5067146613997bb38442cb022d7f41321a706)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dvbsubdec: Check entry_id
Michael Niedermayer [Thu, 11 May 2017 13:18:50 +0000 (15:18 +0200)]
avcodec/dvbsubdec: Check entry_id

Fixes: randomly writing over the array end
Fixes: 1473/clusterfuzz-testcase-minimized-5768907824562176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a69f2602fea04b7ebae2db16f2581e8ff5ee0cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit type...
Michael Niedermayer [Thu, 11 May 2017 13:13:53 +0000 (15:13 +0200)]
avcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit type 'int'

Fixes: 1471/clusterfuzz-testcase-minimized-6376460543590400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a0ff78168f80f5b2c5c5544325aca4023bc67a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mpeg12dec: Fixes runtime error: division by zero
Michael Niedermayer [Wed, 10 May 2017 22:49:31 +0000 (00:49 +0200)]
avcodec/mpeg12dec: Fixes runtime error: division by zero

Fixes: 1464/clusterfuzz-testcase-minimized-4925445571084288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0ece1f4addf8ac31df95775a2d36be2a55fc759)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/pixlet: Fix runtime error: signed integer overflow: 436207616 * -516023054526...
Michael Niedermayer [Wed, 10 May 2017 21:48:30 +0000 (23:48 +0200)]
avcodec/pixlet: Fix runtime error: signed integer overflow: 436207616 * -5160230545260541 cannot be represented in type 'long'

Fixes: 1462/clusterfuzz-testcase-minimized-6558894463647744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 60765cc42e3eb4a1193ef352a89946113a6e5802)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Always set pix_fmt
Michael Niedermayer [Wed, 10 May 2017 16:37:49 +0000 (18:37 +0200)]
avcodec/webp: Always set pix_fmt

Fixes: out of array access
Fixes: 1434/clusterfuzz-testcase-minimized-6314998085189632
Fixes: 1435/clusterfuzz-testcase-minimized-6483783723253760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavfilter/vf_uspp: Fix currently unused input frame dimensions
Michael Niedermayer [Wed, 10 May 2017 19:54:31 +0000 (21:54 +0200)]
avfilter/vf_uspp: Fix currently unused input frame dimensions

Found-by: Nicolas
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 942036e97c8b149ce2f3ec6e7cbc990df8713d0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/truemotion1: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Wed, 10 May 2017 17:09:31 +0000 (19:09 +0200)]
avcodec/truemotion1: Fix multiple runtime error: left shift of negative value -1

Fixes: 1446/clusterfuzz-testcase-minimized-5577409124368384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db5fae32294763677caa4c1417dcba704c7e764e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/eatqi: Fix runtime error: signed integer overflow: 4466147 * 1075 cannot...
Michael Niedermayer [Wed, 10 May 2017 17:02:05 +0000 (19:02 +0200)]
avcodec/eatqi: Fix runtime error: signed integer overflow: 4466147 * 1075 cannot be represented in type 'int'

Fixes: 1443/clusterfuzz-testcase-minimized-4826998612426752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8de60ba2740185c53cabbee6c00ed67a0d530e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dss_sp: Fix runtime error: signed integer overflow: 2147481189 + 4096 cannot...
Michael Niedermayer [Wed, 10 May 2017 16:51:58 +0000 (18:51 +0200)]
avcodec/dss_sp: Fix runtime error: signed integer overflow: 2147481189 + 4096 cannot be represented in type 'int'

Fixes: 1441/clusterfuzz-testcase-minimized-6223152357048320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ea428789371fa0601e9ebb5b7f2216d4e73e831)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavformat/wavdec: Check chunk_size
李赞 [Wed, 10 May 2017 12:55:34 +0000 (14:55 +0200)]
avformat/wavdec: Check chunk_size

Fixes integer overflow and out of array access

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d232196372f309a75ed074c4cef30578eec1782)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cavs: Check updated MV
Michael Niedermayer [Wed, 10 May 2017 12:41:23 +0000 (14:41 +0200)]
avcodec/cavs: Check updated MV

Fixes: runtime error: signed integer overflow: 251 + 2147483647 cannot be represented in type 'int'
Fixes: 1438/clusterfuzz-testcase-minimized-4917542646710272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5871adc90f8c1037535563e33ebeaf032bb4d5d6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/y41pdec: Fix width in input buffer size check
Michael Niedermayer [Wed, 10 May 2017 12:33:27 +0000 (14:33 +0200)]
avcodec/y41pdec: Fix width in input buffer size check

Fixes: out of array read
Fixes: 1437/clusterfuzz-testcase-minimized-4569970002362368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d8d3729475c7dce52d8fb9ffb280fd2ea62e1a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Fix multiple runtime error: signed integer overflow: -237341 * 24552...
Michael Niedermayer [Tue, 9 May 2017 23:26:39 +0000 (01:26 +0200)]
avcodec/svq3: Fix multiple runtime error: signed integer overflow: -237341 * 24552 cannot be represented in type 'int'

Fixes: 1429/clusterfuzz-testcase-minimized-5959951610544128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ae6fd1790f48c457a8cedb445dcac73f8f7b7698)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/texturedsp: Fix runtime error: left shift of 218 by 24 places cannot be repre...
Michael Niedermayer [Tue, 9 May 2017 23:18:36 +0000 (01:18 +0200)]
avcodec/texturedsp: Fix runtime error: left shift of 218 by 24 places cannot be represented in type 'int'

Fixes: 1428/clusterfuzz-testcase-minimized-5263281793007616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bd8eb05d21b582d627a93852b59cb3cfc305dae)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/lagarith: Check scale_factor
Michael Niedermayer [Tue, 9 May 2017 22:56:45 +0000 (00:56 +0200)]
avcodec/lagarith: Check scale_factor

Fixes: 1425/clusterfuzz-testcase-minimized-6295712339853312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed3c9b5b0dd5abb545c48e930e1c32c187b0776a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/lagarith: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Tue, 9 May 2017 22:50:05 +0000 (00:50 +0200)]
avcodec/lagarith: Fix runtime error: left shift of negative value -1

Fixes: 1424/clusterfuzz-testcase-minimized-6088327159611392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ddb2dd7edbccc5596d8e3c039133be8444cb1d02)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/takdec: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer [Tue, 9 May 2017 22:44:37 +0000 (00:44 +0200)]
avcodec/takdec: Fix multiple  runtime error: left shift of negative value -1

Fixes: 1423/clusterfuzz-testcase-minimized-5063889899225088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c5d2fa2fdff08e77bba0c9a31b91826a807c551c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/indeo2: Check for invalid VLCs
Michael Niedermayer [Mon, 8 May 2017 22:02:22 +0000 (00:02 +0200)]
avcodec/indeo2: Check for invalid VLCs

Fixes: timeout
Fixes: 1416/clusterfuzz-testcase-minimized-5536862435278848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 159fb8ff7e4038edf13e91d3c08bc7b8abc369b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g723_1dec: Fix several integer related cases of undefined behaviour
Michael Niedermayer [Mon, 8 May 2017 18:24:48 +0000 (20:24 +0200)]
avcodec/g723_1dec: Fix several integer related cases of undefined behaviour

Fixes: 1412/clusterfuzz-testcase-minimized-6561308772139008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d3088e0fd8749788818cb5df92abaa3b12e409e1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/htmlsubtitles: Check for string truncation and return error
Michael Niedermayer [Fri, 5 May 2017 23:42:53 +0000 (01:42 +0200)]
avcodec/htmlsubtitles: Check for string truncation and return error

Fixes out of array access
Fixes: 1354/clusterfuzz-testcase-minimized-5520132195483648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4ae3cce64bd46b1d539bdeac39753f83015f114)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/bmvvideo: Fix runtime error: left shift of 137 by 24 places cannot be represe...
Michael Niedermayer [Mon, 8 May 2017 13:46:55 +0000 (15:46 +0200)]
avcodec/bmvvideo: Fix runtime error: left shift of 137 by 24 places cannot be represented in type 'int'

Fixes: 1411/clusterfuzz-testcase-minimized-5776085184675840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 29692023b2f1e0580a4065f4c9b62bafd89ab337)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dss_sp: Fix multiple runtime error: signed integer overflow: -15699 * -164039...
Michael Niedermayer [Mon, 8 May 2017 13:40:30 +0000 (15:40 +0200)]
avcodec/dss_sp: Fix multiple runtime error: signed integer overflow: -15699 * -164039 cannot be represented in type 'int'

Fixed: 1409/clusterfuzz-testcase-minimized-5237365020819456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea59ef0c031b6b92f051f60c19fdd0a716769834)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dvbsubdec: check region dimensions
Michael Niedermayer [Mon, 8 May 2017 13:17:31 +0000 (15:17 +0200)]
avcodec/dvbsubdec: check region dimensions

Fixes: 1408/clusterfuzz-testcase-minimized-6529985844084736
Fixes: integer overflow

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0075d9eced22839fa4f7a6eaa02155803ccae3e6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/vp8dsp: Fixes: runtime error: signed integer overflow: 1330143360 - -10230405...
Michael Niedermayer [Mon, 8 May 2017 10:07:56 +0000 (12:07 +0200)]
avcodec/vp8dsp: Fixes: runtime error: signed integer overflow: 1330143360 - -1023040530 cannot be represented in type 'int'

Fixes: 1406/clusterfuzz-testcase-minimized-5064865125236736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8824b7370a9fb72f9c699c3751a5ceb56e0cc41d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/hqxdsp: Fix multiple runtime error: signed integer overflow: 248220 * 21407...
Michael Niedermayer [Mon, 8 May 2017 10:04:09 +0000 (12:04 +0200)]
avcodec/hqxdsp: Fix multiple runtime error: signed integer overflow: 248220 * 21407 cannot be represented in type 'int' in idct_col()

Fixes: 1405/clusterfuzz-testcase-minimized-5011491835084800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d5118f81bd51b9c33500616b3c637123e8e4691)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cavsdec: Check sym_factor
Michael Niedermayer [Mon, 8 May 2017 09:55:27 +0000 (11:55 +0200)]
avcodec/cavsdec: Check sym_factor

Fixes: runtime error: signed integer overflow: 25984 * 130560 cannot be represented in type 'int'

Fixes: 1404/clusterfuzz-testcase-minimized-5000441286885376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 279420b5a63b3f254e4932a4afb91759fb50186a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cdxl: Check format for BGR24
Michael Niedermayer [Mon, 8 May 2017 09:46:03 +0000 (11:46 +0200)]
avcodec/cdxl: Check format for BGR24

Fixes: out of array access
Fixes: 1427/clusterfuzz-testcase-minimized-5020737339392000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1e42736b95065c69a7481d0cf55247024f54b660)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ffv1dec: Fix copying planes of paletted formats
Michael Niedermayer [Mon, 8 May 2017 00:28:07 +0000 (02:28 +0200)]
avcodec/ffv1dec: Fix copying planes of paletted formats

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a4d387195a5eb3c1700071af8d8150e4f7f6600)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -12156865 cannot...
Michael Niedermayer [Sun, 7 May 2017 21:07:42 +0000 (23:07 +0200)]
avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -12156865 cannot be represented in type 'int'

Fixes: 1401/clusterfuzz-testcase-minimized-6526248148795392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b1f66cf5c2e4d29ae06cdf3f12cdd3d808006bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/xwddec: Check bpp more completely
Michael Niedermayer [Sun, 7 May 2017 16:50:49 +0000 (18:50 +0200)]
avcodec/xwddec: Check bpp more completely

Fixes out of array access
Fixes: 1399/clusterfuzz-testcase-minimized-4866094172995584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 441026fcb13ac23aa10edc312bdacb6445a0ad06)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/aacdec_template: Do not decode 2nd PCE if it will lead to failure
Michael Niedermayer [Mon, 10 Apr 2017 00:46:25 +0000 (02:46 +0200)]
avcodec/aacdec_template: Do not decode 2nd PCE if it will lead to failure

Fixes: out of array read
Fixes: 1072/clusterfuzz-testcase-6456688074817536
Fixes: 1398/clusterfuzz-testcase-minimized-4576913622302720

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5e0dbf530d447f36099aed575b34e9258c5d75a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/s302m: Fix left shift of 8 by 28 places cannot be represented in type 'int'
Michael Niedermayer [Sun, 7 May 2017 13:44:51 +0000 (15:44 +0200)]
avcodec/s302m: Fix left shift of 8 by 28 places cannot be represented in type 'int'

Fixes: 1395/clusterfuzz-testcase-minimized-5330939741732864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a38e9797cb4123d13ba871d166a737786ba04a9b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/eamad: Fix runtime error: signed integer overflow: 49674 * 49858 cannot be...
Michael Niedermayer [Sun, 7 May 2017 13:42:17 +0000 (15:42 +0200)]
avcodec/eamad: Fix runtime error: signed integer overflow: 49674 * 49858 cannot be represented in type 'int'

Fixes: 1394/clusterfuzz-testcase-minimized-6493376885030912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ac1c87194a67e6104a3d241a4dd1ca0808784bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g726: Fix runtime error: left shift of negative value -2
Michael Niedermayer [Sun, 7 May 2017 13:40:07 +0000 (15:40 +0200)]
avcodec/g726: Fix runtime error: left shift of negative value -2

Fixes: 1393/clusterfuzz-testcase-minimized-5948366791901184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c04aa148824f4fb7f4b70830ad3ca7a6cba8ab79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/magicyuv: Check len to be supported
Michael Niedermayer [Sun, 7 May 2017 12:53:31 +0000 (14:53 +0200)]
avcodec/magicyuv: Check len to be supported

Fixes: shift exponent -1 is negative
Fixes: 1390/clusterfuzz-testcase-minimized-5452757630713856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2162b862eba5aadb59c0cf7cc304c67f4a5fb946)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ra144: Fix runtime error: left shift of negative value -798
Michael Niedermayer [Sun, 7 May 2017 12:16:33 +0000 (14:16 +0200)]
avcodec/ra144: Fix runtime error: left shift of negative value -798

Fixes: 1388/clusterfuzz-testcase-minimized-6680800936329216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78bf446852a7e5e8aa52c7ca9889632e167b665f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mss34dsp: Fix multiple signed integer overflow
Michael Niedermayer [Sun, 7 May 2017 12:12:04 +0000 (14:12 +0200)]
avcodec/mss34dsp: Fix multiple signed integer overflow

Fixes: 1387/clusterfuzz-testcase-minimized-4802757766676480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 464c4b86ee43b7912e6f23fd3e5ba40381b4c371)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/targa_y216dec: Fix width type
Michael Niedermayer [Sun, 7 May 2017 01:49:06 +0000 (03:49 +0200)]
avcodec/targa_y216dec: Fix width type

Fixes out of array access
Fixes: 1376/clusterfuzz-testcase-minimized-6361794975105024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e56db892600c2fbe34782c6140f1ee832a2c344)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/texturedsp: Fix multiple runtime error: left shift of 255 by 24 places cannot...
Michael Niedermayer [Sun, 7 May 2017 01:27:17 +0000 (03:27 +0200)]
avcodec/texturedsp: Fix multiple runtime error: left shift of 255 by 24 places cannot be represented in type 'int'

Fixes: 1386/clusterfuzz-testcase-minimized-5323086394032128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e92fb2bea1800b987ebc3cbeef9d48cfe4bcd191)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/ivi_dsp: Fix multiple left shift of negative value -2
Michael Niedermayer [Sun, 7 May 2017 01:23:09 +0000 (03:23 +0200)]
avcodec/ivi_dsp: Fix multiple left shift of negative value -2

Fixes: 1385/clusterfuzz-testcase-minimized-5552882663292928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e88cc94e58e9e4d1293f9f56c973510e30495fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/svq3: Fix multiple runtime error: signed integer overflow: 44161 * 61694...
Michael Niedermayer [Sun, 7 May 2017 01:16:53 +0000 (03:16 +0200)]
avcodec/svq3: Fix multiple runtime error: signed integer overflow: 44161 * 61694 cannot be represented in type 'int'

Fixes: 1382/clusterfuzz-testcase-minimized-6013445293998080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 669419939c1d36be35196859dc73ec9a194157ad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/msmpeg4dec: Correct table depth
Michael Niedermayer [Sun, 7 May 2017 00:46:54 +0000 (02:46 +0200)]
avcodec/msmpeg4dec: Correct table depth

Fixes undefined shift
Fixes: 1381/clusterfuzz-testcase-minimized-5513944540119040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1121d9270783b284a70af317d8785eac7df1b72f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dds: Fix runtime error: left shift of 1 by 31 places cannot be represented...
Michael Niedermayer [Sat, 6 May 2017 20:31:23 +0000 (22:31 +0200)]
avcodec/dds: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

Fixes: 1380/clusterfuzz-testcase-minimized-650122545122508

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a8335de030aa6cb6356bb16c7d3aefc5a80e362)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/cdxl: Check format parameter
Michael Niedermayer [Sat, 6 May 2017 20:24:52 +0000 (22:24 +0200)]
avcodec/cdxl: Check format parameter

Fixes out of array access
Fixes: 1378/clusterfuzz-testcase-minimized-5715088008806400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavutil/softfloat: Fix overflow in av_div_sf()
Michael Niedermayer [Sat, 6 May 2017 19:31:49 +0000 (21:31 +0200)]
avutil/softfloat: Fix overflow in av_div_sf()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 277e397eb5964999bd76909f52d4bd3350289c22)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/hq_hqa: Fix runtime error: left shift of negative value -207
Michael Niedermayer [Sat, 6 May 2017 17:11:46 +0000 (19:11 +0200)]
avcodec/hq_hqa: Fix runtime error: left shift of negative value -207

Fixes: 1375/clusterfuzz-testcase-minimized-6070134701555712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1283c4244767bd19918f355c31d702a94ee0cc1b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mss3: Change types in rac_get_model_sym() to match the types they are initial...
Michael Niedermayer [Sat, 6 May 2017 17:07:59 +0000 (19:07 +0200)]
avcodec/mss3: Change types in rac_get_model_sym() to match the types they are initialized from

Fixes integer overflow
Fixes: 1372/clusterfuzz-testcase-minimized-5712192982745088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ef0f392711445e173a56b2c073dedb021ae3783)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/shorten: Check k in get_uint()
Michael Niedermayer [Sat, 6 May 2017 16:28:09 +0000 (18:28 +0200)]
avcodec/shorten: Check k in get_uint()

Fixes: undefined shift
Fixes: 1371/clusterfuzz-testcase-minimized-5770822591447040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b6a51f59c467ab9f4b73122dc269206fb517425)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/webp: Fix null pointer dereference
Michael Niedermayer [Sat, 6 May 2017 14:43:52 +0000 (16:43 +0200)]
avcodec/webp: Fix null pointer dereference

Fixes: 1369/clusterfuzz-testcase-minimized-5048908029886464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9bf4523e40148fdd27064ab570952bd8c4d1016e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/dfa: Fix signed integer overflow: -2147483648 - 1 cannot be represented in...
Michael Niedermayer [Sat, 6 May 2017 14:38:22 +0000 (16:38 +0200)]
avcodec/dfa: Fix signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'

Fixes: 1368/clusterfuzz-testcase-minimized-4507293276176384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12936a4585bc293c0f88327d6840f49e8e744b62)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/g723_1: Fix multiple runtime error: left shift of negative value
Michael Niedermayer [Sat, 6 May 2017 14:32:56 +0000 (16:32 +0200)]
avcodec/g723_1: Fix multiple runtime error: left shift of negative value

Fixes: 1367/clusterfuzz-testcase-minimized-571496882346393

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4ace2d22192f3995911ec926940125dcb29d606a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 years agoavcodec/mimic: Fix runtime error: left shift of negative value -1
Michael Niedermayer [Sat, 6 May 2017 13:17:29 +0000 (15:17 +0200)]
avcodec/mimic: Fix runtime error: left shift of negative value -1

Fixes: 1365/clusterfuzz-testcase-minimized-5624158450876416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fc2c420b82939a8f30838a6aa08bfd936099d3ce)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>