FFmpeg

Author	SHA1	Message	Date
Michael Niedermayer	bbf911b660	avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int() Fixes: runtime error: signed integer overflow: -163654656 * 256 cannot be represented in type 'int' Fixes: 2367/clusterfuzz-testcase-minimized-4648678897745920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ea5366670e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-07-19 02:45:51 +02:00
Michael Niedermayer	5bb861d45b	avcodec/apedec: Fix integer overflow Fixes: out of array access Fixes: PoC.ape and others Found-by: Bingchang, Liu@VARAS of IIE Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ba4beaf614`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-07-16 17:02:30 +02:00
Michael Niedermayer	fc24783c6d	avcodec/wavpack: Fix integer overflow in wv_unpack_stereo() Fixes: runtime error: signed integer overflow: 2080374785 + 2080374784 cannot be represented in type 'int' Fixes: 2351/clusterfuzz-testcase-minimized-5359403240783872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `73ea2a028e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-25 02:52:40 +02:00
Michael Niedermayer	a2bde1363c	avcodec/mpeg4videodec: Fix GMC with videos of dimension 1 Fixes: runtime error: shift exponent -1 is negative Fixes: 2338/clusterfuzz-testcase-minimized-5153426541379584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4976a3411f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-25 02:48:00 +02:00
Michael Niedermayer	a7c0243e2f	avcodec/wavpack: Fix integer overflow Fixes: runtime error: signed integer overflow: 227511904 + 1964113935 cannot be represented in type 'int' Fixes: 2331/clusterfuzz-testcase-minimized-6182185830711296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `24e95f9d4d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-23 03:05:54 +02:00
Michael Niedermayer	00a6211b45	avcodec/takdec: Fix integer overflow Fixes: runtime error: signed integer overflow: 512 + 2147483146 cannot be represented in type 'int' Fixes: 2314/clusterfuzz-testcase-minimized-4519333877252096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0c2ef4f6b4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-23 03:05:43 +02:00
Michael Niedermayer	220ee7e583	avcodec/tiff: Update pointer only when the result is used Fixes: runtime error: signed integer overflow: 538976288 * 32 cannot be represented in type 'int' Fixes: 2310/clusterfuzz-testcase-minimized-4534784887881728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `27f80ab016`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-23 03:05:33 +02:00
Michael Niedermayer	9bca2f698b	avcodec/cfhd: Check bpc before setting bpc in context Fixes: runtime error: shift exponent 32 is too large for 32-bit type 'int' Fixes: 2306/clusterfuzz-testcase-minimized-5002997392211968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6f1d2355a7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-22 03:09:17 +02:00
Michael Niedermayer	6d951be24d	avcodec/cfhd: Fix undefined shift Fixes: runtime error: left shift of negative value -1 Fixes: 2303/clusterfuzz-testcase-minimized-5529675273076736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5a950f4e32`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-22 03:08:57 +02:00
Michael Niedermayer	80dc5b497e	avcodec/hevc_filter: Fix invalid shift Fixes: runtime error: left shift of negative value -1 Fixes: 2299/clusterfuzz-testcase-minimized-4843509351710720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d7b3d5c3f2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-22 03:08:44 +02:00
Michael Niedermayer	dd4fd80fe6	avcodec/mpeg4videodec: Fix overflow in virtual_ref computation Fixes: runtime error: signed integer overflow: 262144 * -16120 cannot be represented in type 'int' Fixes: 2292/clusterfuzz-testcase-minimized-6156080415506432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5443c4bdf4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-22 03:08:34 +02:00
Michael Niedermayer	b97e0e98b4	avcodec/lpc: signed integer overflow in compute_lpc_coefs() (aacdec_fixed) Fixes: runtime error: signed integer overflow: -1575818955 + -915383657 cannot be represented in type 'int' Fixes: 2224/clusterfuzz-testcase-minimized-6208559949807616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e95fcfe8fb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-22 03:08:22 +02:00
Michael Niedermayer	9125bbb3e5	avcodec/wavpack: Fix undefined integer negation Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 2291/clusterfuzz-testcase-minimized-5538453481586688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5f89747086`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-22 03:07:19 +02:00
Michael Niedermayer	27ad04e128	avcodec/aacdec_fixed: Check s for being too small Fixes: runtime error: shift exponent -8 is negative Fixes: 2286/clusterfuzz-testcase-minimized-5711764169687040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cf7edbd6c5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-22 03:07:07 +02:00
Michael Niedermayer	66735ddd72	avcodec/htmlsubtitles: Replace very slow redundant sscanf() calls by cleaner and faster code This reduces the worst case from O(n²) to O(n) time Fixes Timeout Fixes: 2127/clusterfuzz-testcase-minimized-6595787859427328 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4132218b87`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-22 03:06:42 +02:00
Anton Mitrofanov	f7addaece8	avcodec/h264: Fix mix of lossless and lossy MBs decoding Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit `cf231b68da`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-20 03:09:08 +02:00
Anton Mitrofanov	b36c97a0ae	avcodec/h264_mb: Fix 8x8dct in lossless for new versions of x264 Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit `06dda70f1e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-20 03:03:12 +02:00
Anton Mitrofanov	312f96053a	avcodec/h264_cabac: Fix CABAC+8x8dct in 4:4:4 Use the correct ctxIdxInc calculation for coded_block_flag. Keep old behavior for old versions of x264 for backward compatibility. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit `840b41b2a6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-20 01:53:29 +02:00
Michael Niedermayer	e5d9f0c3cd	avcodec/takdec: Fixes: integer overflow in AV_SAMPLE_FMT_U8P output Fixes: runtime error: signed integer overflow: 2147483543 + 128 cannot be represented in type 'int' Fixes: 2234/clusterfuzz-testcase-minimized-6266896041115648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `27c2006805`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-18 15:17:13 +02:00
Michael Niedermayer	74cf081ef0	avcodec/jpeg2000dsp: Reorder operations in ict_int() to avoid 2 integer overflows Fixes: runtime error: signed integer overflow: 58065 * 51981 cannot be represented in type 'int' Fixes: 2271/clusterfuzz-testcase-minimized-5778297776504832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c746f92a8e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-17 23:34:47 +02:00
Michael Niedermayer	b7362f3c6b	avcodec/hevcpred_template: Fix left shift of negative value Fixes: runtime error: left shift of negative value -1 Fixes: 2250/clusterfuzz-testcase-minimized-5693382112313344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c94326c1fc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-17 23:34:18 +02:00
Michael Niedermayer	a2055f8e3f	avcodec/hevcdec: Fix signed integer overflow in decode_lt_rps() Fixes: runtime error: signed integer overflow: 2147483647 + 6 cannot be represented in type 'int' Fixes: 2263/clusterfuzz-testcase-minimized-4800359627227136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1edbf5e20c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-17 02:25:54 +02:00
Michael Niedermayer	c00ef60abd	avcodec/jpeg2000dec: Check nonzerobits more completely Fixes: runtime error: shift exponent 36 is too large for 32-bit type 'int' Fixes: 2239/clusterfuzz-testcase-minimized-5639766592716800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dfb61ea263`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-17 02:25:27 +02:00
Michael Niedermayer	12cf6ace44	avcodec/shorten: Sanity check maxnlpc Fixes OOM Fixes: 2131/clusterfuzz-testcase-minimized-4718045157130240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e77ddd31a8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-17 02:23:53 +02:00
Michael Niedermayer	39d9308b99	avcodec/truemotion2: Move skip computation after checks Fixes: runtime error: signed integer overflow: 630067357 * 4 cannot be represented in type 'int' Fixes: 2233/clusterfuzz-testcase-minimized-5943031318446080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3c716682a8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-17 02:23:07 +02:00
Michael Niedermayer	d09ec6c27f	avcodec/jpeg2000: Fixes integer overflow in ff_jpeg2000_ceildivpow2() Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 2231/clusterfuzz-testcase-minimized-4565181982048256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e3fadc57c5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:43:37 +02:00
Michael Niedermayer	31c1c0b46a	avcodec/dnxhd_parser: Do not return invalid value from dnxhd_find_frame_end() on error Fixes: Null pointer dereference Fixes: CVE-2017-9608 Found-by: Yihan Lian Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `611b356274`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:15:51 +02:00
Michael Niedermayer	6d77a3ff3c	avcodec/hevcdec: Check nb_sps Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bc40674462`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	81527019b1	avcodec/hevc_refs: Check nb_refs in add_candidate_ref() Fixes: runtime error: index 16 out of bounds for type 'int [16]' Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1cb4ef526d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	3c6aa2e0d1	avcodec/mpeg4videodec: Check sprite delta upshift against overflowing. Fixes: runtime error: signed integer overflow: -268386304 * 16 cannot be represented in type 'int' Fixes: 2204/clusterfuzz-testcase-minimized-5616756909408256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `12245ab1f6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	46acaabd2a	avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 case Fixes: runtime error: signed integer overflow: 131072 + 2147352576 cannot be represented in type 'int' Fixes: 2192/clusterfuzz-testcase-minimized-5370387988742144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0a87be404a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	c1e2c1e84e	avcodec/aacsbr_fixed: Check shift in sbr_hf_assemble() Fixes: runtime error: shift exponent -10 is negative Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d1992448d3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	15a408f182	avcodec/sbrdsp_fixed: Return an error from sbr_hf_apply_noise() if operations are impossible Fixes: 1775/clusterfuzz-testcase-minimized-5330288148217856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d549f026d8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	22a6713ce9	avcodec/libvpxdec: Check that display dimensions fit in the storage dimensions Fixes assertion failure Fixes: 2112/clusterfuzz-testcase-minimized-4526878557732864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f8593c2f49`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	61bf10368c	avcodec/jpeg2000dwt: Fix runtime error: left shift of negative value -123 Fixes: 2208/clusterfuzz-testcase-minimized-5976593765761024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d24043e1a2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	266ecedc75	avcodec/wavpack: Fix runtime error: signed integer overflow: 1886191616 + 277872640 cannot be represented in type 'int' Fixes: 2181/clusterfuzz-testcase-minimized-6314784322486272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c996374d4d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	753d04b618	avcodec/snowdec: Fix runtime error: left shift of negative value -1 Fixes: 2197/clusterfuzz-testcase-minimized-6010716676947968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2e44126363`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	1df8547366	avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1297616 Fixes: 2195/clusterfuzz-testcase-minimized-4736721533009920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6d499ecef9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	722cbfc5e1	avcodec/tiff: Fix leak of geotags[].val Fixes: 2176/clusterfuzz-testcase-minimized-5908197216878592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `22a25ab389`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	9a8419541f	avcodec/ra144: Fix runtime error: signed integer overflow: -2200 * 1033073 cannot be represented in type 'int' Fixes: 2175/clusterfuzz-testcase-minimized-5809657849315328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `71da0a5c97`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	ef157cec81	avcodec/flicvideo: Fix runtime error: signed integer overflow: 4864 * 459296 cannot be represented in type 'int' Fixes: 2174/clusterfuzz-testcase-minimized-5739234533048320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `90e8317b3b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	1f1b73cb16	avcodec/cfhd: Check band parameters before storing them Fixes out of array read Fixes: 2169/clusterfuzz-testcase-minimized-5688641642823680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `54aaadf648`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:30 +02:00
Michael Niedermayer	e5714e4ccb	avcodec/h264_parse: Check picture structure when initializig weight table Fixes: runtime error: index 49 out of bounds for type 'int [48][2][2]' Fixes: 2159/clusterfuzz-testcase-minimized-5267945972301824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3a1ad368a78b153b63ccc07af864b3611e2a4ac3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:29 +02:00
Michael Niedermayer	e93ffb4888	avcodec/indeo4: Check remaining data in Pic hdr extension parsing code Fixes: Timeout Fixes: 2115/clusterfuzz-testcase-minimized-6594111748440064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a3b5b60bdf`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:29 +02:00
Michael Niedermayer	f7ea74422f	avcodec/ac3dec_fixed: Fix multiple runtime error: signed integer overflow: -39271008 * 59 cannot be represented in type 'int' Fixes: 2113/clusterfuzz-testcase-minimized-6510704959946752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4e3ab1a5c1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:29 +02:00
Michael Niedermayer	d528414568	avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 53098 * 40448 cannot be represented in type 'int' Fixes: 2106/clusterfuzz-testcase-minimized-6136503639998464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `18bca25adb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:29 +02:00
Michael Niedermayer	fe5b764e6a	avcodec/pafvideo: Fix assertion failure Fixes: 2100/clusterfuzz-testcase-minimized-4522961547558912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c4360559ee`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:29 +02:00
Michael Niedermayer	f865aa6bee	avcodec/takdec: Fix multiple runtime error: signed integer overflow: 637072 * 4096 cannot be represented in type 'int' Fixes: 2079/clusterfuzz-testcase-minimized-5345861779324928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e4efd41b83`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:29 +02:00
Michael Niedermayer	873397e27e	avcodec/mjpegdec: Check that reference frame matches the current frame Fixes: out of array read Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4705edbbb9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:29 +02:00
Michael Niedermayer	260a286e53	avcodec/tiff: Avoid loosing allocated geotag values Fixes memleak Fixes: 2076/clusterfuzz-testcase-minimized-6542640243802112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d7cbeab4c1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:29 +02:00

1 2 3 4 5 ...

36914 Commits