Michael Niedermayer
57e603fd9f
avcodec/webp: Fix null pointer dereference
...
Fixes: 1369/clusterfuzz-testcase-minimized-5048908029886464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9bf4523e40michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
65f3fffbcf
avcodec/dfa: Fix signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
...
Fixes: 1368/clusterfuzz-testcase-minimized-4507293276176384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 12936a4585michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
37d51c242f
avcodec/g723_1: Fix multiple runtime error: left shift of negative value
...
Fixes: 1367/clusterfuzz-testcase-minimized-571496882346393
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4ace2d2219michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
054a16d375
avcodec/mimic: Fix runtime error: left shift of negative value -1
...
Fixes: 1365/clusterfuzz-testcase-minimized-5624158450876416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fc2c420b82michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
aa39ca14d6
avcodec/fic: Fix multiple left shift of negative value -15
...
Fixes: 1356/clusterfuzz-testcase-minimized-6008489086287872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b20c71409bmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
4ee1e00f08
avcodec/mlpdec: Fix runtime error: left shift of negative value -22
...
Fixes: 1355/clusterfuzz-testcase-minimized-6662205472768000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c535436cbemichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
2d3da218ce
avcodec/snowdec: Check qbias
...
Fixes: signed integer overflow: -1094995529 * 131 cannot be represented in type 'int'
Fixes: 1353/clusterfuzz-testcase-minimized-5208180449607680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 523205ce1emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
2a6cad221b
avcodec/aacsbr_template: Do not leave bs_num_env invalid
...
Fixes out of array read
Fixes: 1349/clusterfuzz-testcase-minimized-5370707196248064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a8ad83b793michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
1f91d66a62
avcodec/mdec: Fix signed integer overflow: 28835400 * 83 cannot be represented in type 'int'
...
Fixes: 1346/clusterfuzz-testcase-minimized-5776732600664064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a234b5ade3michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
536af42121
avcodec/dfa: Fix off by 1 error
...
Fixes out of array access
Fixes: 1345/clusterfuzz-testcase-minimized-6062963045695488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f52fbf4f3emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
9c7184ae63
avcodec/nellymoser: Fix multiple left shift of negative value -8591
...
Fixes: 1342/clusterfuzz-testcase-minimized-5490842129137664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0953736b7emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
0f6f163922
avcodec/cdxl: Fix signed integer overflow: 14243456 * 164 cannot be represented in type 'int'
...
Fixes: 1341/clusterfuzz-testcase-minimized-5441502618583040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1002932a3bmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
db8f28fd3f
avcodec/g722: Fix multiple runtime error: left shift of negative value -1
...
Fixes: 1340/clusterfuzz-testcase-minimized-4669892148068352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f55df62998michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
77aa9eddbc
avcodec/dss_sp: Fix multiple left shift of negative value -466
...
Fixes: 1339/clusterfuzz-testcase-minimized-4614671485108224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 38152d9368michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
5fb14cc889
avcodec/wnv1: Fix runtime error: left shift of negative value -1
...
Fixes: 1338/clusterfuzz-testcase-minimized-6485546354343936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9fac508ca4michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
a78cfe84f9
avcodec/tiertexseqv: set the fixed dimenasions, do not depend on the demuxer doing so
...
Fixes: out of array access
Fixes: 1348/clusterfuzz-testcase-minimized-6195673642827776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ce551a3925michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
b0d6bff2f2
avcodec/mjpegdec: Fix runtime error: signed integer overflow: -24543 * 2031616 cannot be represented in type 'int'
...
Fixes: 943/clusterfuzz-testcase-5114865297391616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a78ae465fdmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
231e242ed2
avcodec/cavsdec: Fix undefined behavior from integer overflow
...
Fixes: 1335/clusterfuzz-testcase-minimized-5566961566089216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a0e5f7f363michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
58b05f8720
avcodec/dvdsubdec: Fix runtime error: left shift of 242 by 24 places cannot be represented in type 'int'
...
Fixes: 1080/clusterfuzz-testcase-5353236754071552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ce7098b8f2michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
5aa97eb1a6
libavcodec/mpeg4videodec: Convert sprite_offset to 64bit
...
This avoids intermediates from overflowing (the final values are checked)
Fixes: runtime error: signed integer overflow: -167712 + -2147352576 cannot be represented in type 'int'
Fixes: 1298/clusterfuzz-testcase-minimized-5955580877340672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c1c3a14073michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
6bdc6bef2a
avcodec/pngdec: Use ff_set_dimensions()
...
Fixes OOM
Fixes: 1314/clusterfuzz-testcase-minimized-4621997222920192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a0296fc056michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
03dee014f4
avcodec/msvideo1: Check buffer size before re-getting the frame
...
Fixes timeout
Fixes: 1306/clusterfuzz-testcase-minimized-6152296217968640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cabfed6895michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
56f8ab1802
avcodec/h264_cavlc: Fix undefined behavior on qscale overflow
...
Fixes: 1214/clusterfuzz-testcase-minimized-6130606599569408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fc8cff96edmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
4674c4594f
avcodec/dcadsp: Fix runtime error: signed integer overflow
...
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9244b839b7michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
f66140a1bd
avcodec/svq3: Reject dx/dy beyond 16bit
...
The code does use 16bit sized arrays later so larger deltas would not work
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 48b3117844michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
fa595a94a1
avcodec/svq3: Increase offsets to prevent integer overflows
...
Fixes: 1280/clusterfuzz-testcase-minimized-6102353767825408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 382b4fc9b5michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
8fee7589d5
avcodec/indeo2: Check remaining bits in ir2_decode_plane()
...
Fixes: 1290/clusterfuzz-testcase-minimized-5815578902134784
Fixes: timeout
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b29feec982michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
bd2e3b0e90
avcodec/vp3: Check remaining bits in unpack_dct_coeffs()
...
Decreases the time spend decoding junk.
May fix: 1283/clusterfuzz-testcase-minimized-6221126759874560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2f00300b77michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
50cd472ce6
avcodec/mdec: Fix runtime error: left shift of negative value -127
...
Fixes undefined behavior
Fixes: 1275/clusterfuzz-testcase-minimized-6718162017976320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6ca82975b7michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
8fb0b9ae35
avcodec/x86/vc1dsp_init: Fix build failure with --disable-optimizations and clang
...
compilers doing DCE at -O0 do not necessarily understand "complex" boolean expressions
Build succeeds with this change, this was the only failure
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fa8fd0808fmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Martin Vignali
0ed8bab02f
libavcodec/exr : fix float to uint16 conversion for negative float value
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e46d637452michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
0a6598536c
avcodec/dvdsubdec: Fixes 2 runtime error: left shift of 170 by 24 places cannot be represented in type 'int'
...
Fixes: 619/clusterfuzz-testcase-5803914534322176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 61ee2ca775michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
7655f73c45
avcodec/h264: Check weight values to be within the specs limits.
...
Fixes: integer overflows
Fixes: 911/clusterfuzz-testcase-5415105606975488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 08117a4015michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
wm4
4ed0177e4a
avcodec: fix uninitialized variable read
...
This cna happen if the user tries to call the new decode API for
subtitles.
Fixes CID 1402071.
(cherry picked from commit b4b8ca24f6michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
4dcceb650d
avcodec/tiff: Perform multiply in tiff_unpack_lzma() as 64bit
...
This should make no difference as the value should not be able to be that large
but its more correct this way
Fixes CID1348138
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f48b6b8b91michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Timothy Gu
efc708afae
omx: Fix OOM check
...
Also use av_mallocz_array().
Fixes CID1396839.
(cherry picked from commit 16a75304femichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Philip Langdale
d4f4fa22d7
avcodec/vdpau_hevc: Fix potential out-of-bounds write
...
The maximum number of references is 16, so the index value cannot
exceed 15.
Fixes Coverity CID 1348139, 1348140, 1348141
(cherry picked from commit 4e6d1c1f4emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
8ee3f73464
avcodec/h264_ps: Fix runtime error: signed integer overflow: 2147483647 + 26 cannot be represented in type 'int'
...
Fixes: 902/clusterfuzz-testcase-4561155144024064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f727fbc73michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
fc863900b7
avcodec/tiff: Check geotag count for being non zero
...
Fixes memleak
Fixes: 874/clusterfuzz-testcase-5252796175613952
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3182e19c1cmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
6f0a892ba0
avcodec/vp56: Check avctx->error_concealment before enabling EC
...
Fixes timeout with 847/clusterfuzz-testcase-5291877358108672
Fixes timeout with 850/clusterfuzz-testcase-5721296509861888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 98da63b3f5michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
a7ccd87090
avcodec/tiff: Check stripsize strippos for overflow
...
Fixes: 861/clusterfuzz-testcase-5688284384591872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5d996b5649michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
6652799267
avcodec/mpegaudiodec_template: Make l3_unscale() work with e=0
...
Fixes undefined behavior
Fixes: 830/clusterfuzz-testcase-6253175327686656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8ebed703f1michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
6ee76fab4c
avcodec/tiff: Check for multiple geo key directories
...
Fixes memleak
Fixes: 826/clusterfuzz-testcase-5316921379520512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 108b02e547michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
81ea01fb1c
avcodec/wavpack: Fix runtime error: shift exponent 32 is too large for 32-bit type 'int'
...
Fixes: 822/clusterfuzz-testcase-4873433189974016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7cebc5a9ccmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
b0c5fff859
avcodec/rv34: Fix runtime error: signed integer overflow: 36880 * 66288 cannot be represented in type 'int'
...
Fixes: 768/clusterfuzz-testcase-4807444305805312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a66c6e28b5michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
8eadc50021
avcodec/amrwbdec: Fix runtime error: left shift of negative value -1
...
Fixes: 763/clusterfuzz-testcase-6007567320875008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 44e2105189michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
f03bab0240
avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: -135088512 * 16 cannot be represented in type 'int'
...
Fixes: 736/clusterfuzz-testcase-5580263943831552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e2a4f1a9ebmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
7c349ae7e9
avcodec/h264_mvpred: Fix runtime error: left shift of negative value -1
...
Fixes: 734/clusterfuzz-testcase-4821293192970240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 222c9f031dmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
60385207aa
avcodec/mjpegdec: Fix runtime error: left shift of negative value -127
...
Fixes: 733/clusterfuzz-testcase-4682158096515072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 800d02abe0michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
d63cec6ce3
avcodec/wavpack: Fix runtime error: left shift of negative value -5
...
Fixes: 729/clusterfuzz-testcase-5154831595470848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3016e919d4michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
