36944 Commits

Author	SHA1	Message	Date
Michael Niedermayer	d7c29005a4	avcodec/xan: Check for bitstream end in xan_huffman_decode() ... Fixes: Timeout Fixes: 3707/clusterfuzz-testcase-6465922706440192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4b51437dcc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Michael Niedermayer	8b8502a66f	avcodec/exr: fix undefined shift in pxr24_uncompress() ... Fixes: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' Fixes: 3787/clusterfuzz-testcase-minimized-5728764920070144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 66f0c958bf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Michael Niedermayer	0bd6717c0f	avcodec/xan: Improve overlapping check ... Fixes: memcpy-param-overlap Fixes: 3612/clusterfuzz-testcase-minimized-6393461273001984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e8fafef1db) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Michael Niedermayer	8bd2ba44a1	avcodec/aacdec_fixed: Fix integer overflow in apply_dependent_coupling_fixed() ... Fixes: runtime error: signed integer overflow: 623487 * 536870912 cannot be represented in type 'int' Fixes: 3594/clusterfuzz-testcase-minimized-4650622935629824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 41d96af2a7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Michael Niedermayer	fcfa854abd	avcodec/aacdec_fixed: Fix integer overflow in predict() ... Fixes: runtime error: signed integer overflow: -2110708110 + -82837504 cannot be represented in type 'int' Fixes: 3547/clusterfuzz-testcase-minimized-6009386439802880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0976752420) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Michael Niedermayer	7373064247	avcodec/jpeglsdec: Check for end of bitstream in ls_decode_line() ... Fixes: 1773/clusterfuzz-testcase-minimized-4832523987189760 Fixes: Timeout Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f80224ed19) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Michael Niedermayer	374a2d2250	avcodec/jpeglsdec: Check ilv for being a supported value ... Fixes: 1773/clusterfuzz-testcase-minimized-4832523987189760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe533628b9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-08 23:19:14 +01:00
Rostislav Pehlivanov	519a54cc19	vc2enc_dwt: pad the temporary buffer by the slice size ... Since non-Haar wavelets need to look into pixels outside the frame, we need to pad the buffer. The old factor of two seemed to be a workaround that fact and only padded to the left and bottom. This correctly pads by the slice size and as such reduces memory usage and potential exploits. Reported by Liu Bingchang. Ideally, there should be no temporary buffer but the encoder is designed to deinterleave the coefficients into the classical wavelet structure with the lower frequency values in the top left corner. Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com> (cherry picked from commit 3228ac730c)	2017-11-09 02:10:46 +00:00
Michael Niedermayer	70d0cc8221	avcodec/snowdec: Check mv_scale ... Fixes: runtime error: signed integer overflow: 2 * -1094995530 cannot be represented in type 'int' Fixes: 3512/clusterfuzz-testcase-minimized-4812747210489856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 393d6fc739) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-15 00:45:24 +02:00
Michael Niedermayer	1959c0f9f9	avcodec/pafvideo: Check for bitstream end in decode_0() ... Fixes: Timeout Fixes: 3529/clusterfuzz-testcase-5057068371279872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9c85329cd0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-15 00:45:10 +02:00
Michael Niedermayer	f052d1df3e	avcodec/ffv1dec: Fix out of array read in slice counting ... Fixes: test-201710.mp4 Found-by: 连一汉 <lianyihan@360.cn> and Zhibin Hu Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c20f4fcb74) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-13 13:02:23 +02:00
Michael Niedermayer	11f5a13196	avcodec/dirac_dwt: Fix integer overflow in COMPOSE_53iL0() ... Fixes: runtime error: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int' Fixes: 3485/clusterfuzz-testcase-minimized-4940429332054016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bdee75a4e7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-13 13:01:58 +02:00
Michael Niedermayer	b2c9771dd4	avcodec/mpeg_er: Clear mcsel in mpeg_er_decode_mb() ... Fixes out of array read Should fix: 3516/clusterfuzz-testcase-minimized-4608518562775040 (not reprodoceable) Found-by: Insu Yun, Georgia Tech. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 127a362630) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-13 12:59:47 +02:00
Michael Niedermayer	16b07d59de	avcodec/mpeg4videodec: Use 64 bit intermediates for sprite delta ... Fixes: runtime error: signed integer overflow: -104713 * 65536 cannot be represented in type 'int' Fixes: 3453/clusterfuzz-testcase-minimized-5555554657239040 Fixes: 3528/clusterfuzz-testcase-minimized-6283628420005888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e38f280fec) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-13 12:58:58 +02:00
Michael Niedermayer	0eb0b21c7f	avcodec/x86/lossless_videoencdsp: Fix handling of small widths ... Fixes out of array access Fixes: crash-huf.avi Regression since: 6b41b44149 This could also be fixed by adding checks in the C code that calls the dsp Found-by: Zhibin Hu and 连一汉 <lianyihan@360.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit df62b70de8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-05 01:33:26 +02:00
Michael Niedermayer	2db9b31996	avcodec/truemotion2: Fix integer overflows in tm2_high_chroma() ... Fixes: runtime error: signed integer overflow: -1408475220 + -1408475220 cannot be represented in type 'int' Fixes: 3336/clusterfuzz-testcase-minimized-5656839179993088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 44874b4f5e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-05 01:30:02 +02:00
Michael Niedermayer	d9630deca4	avcodec/aacdec_template: Clear tns present flag on error ... Fixes: 3444/clusterfuzz-testcase-minimized-6270352105668608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dcf9bae4a9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-05 01:29:44 +02:00
Michael Niedermayer	79bec49315	avcodec/proresdec2: SKIP_BITS() does not work with len=32 ... Fixes: invalid shift Fixes: 3482/clusterfuzz-testcase-minimized-5446915875405824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c37138e01a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-05 01:28:21 +02:00
Michael Niedermayer	2293e5a78a	avcodec/hevcdsp_template: Fix undefined shift ... Fixes: runtime error: left shift of negative value -255 Fixes: 3373/clusterfuzz-testcase-minimized-5604083912146944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fbdab6eca7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-05 01:27:59 +02:00
Michael Niedermayer	74b28c54d9	avcodec/jpeg2000: Check that codsty->log2_prec_widths/heights has been initialized ... Fixes: OOM Fixes: 2225/clusterfuzz-testcase-minimized-5505632079708160 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 64e034da95) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-05 01:26:57 +02:00
Michael Niedermayer	04be199f8e	avcodec/takdec: Fix integer overflow in decode_lpc() ... Fixes: runtime error: signed integer overflow: 16748560 + 2143729712 cannot be represented in type 'int' Fixes: 3202/clusterfuzz-testcase-minimized-4988291642294272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5d31f03a02) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-25 11:10:29 +02:00
Michael Niedermayer	9e8a636551	avcodec/proresdec2: Check bits in DECODE_CODEWORD(), fixes invalid shift ... Fixes: runtime error: shift exponent 42 is too large for 32-bit type 'unsigned int' Fixes: 3410/clusterfuzz-testcase-minimized-5313377960198144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f5eaf0b59) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-25 11:10:14 +02:00
Michael Niedermayer	397674a3fb	avcodec/takdec: Fix integer overflows in decode_subframe() ... Fixes: runtime error: signed integer overflow: -1562477869 + -691460395 cannot be represented in type 'int' Fixes: 3196/clusterfuzz-testcase-minimized-4528307146063872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3dabb9c69d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-25 11:09:05 +02:00
Michael Niedermayer	720a44f3a3	avcodec/dirac_dwt: Fix integer overflow in COMPOSE_FIDELITYi*() ... Fixes: runtime error: signed integer overflow: 161 * 13872281 cannot be represented in type 'int' Fixes: 3295/clusterfuzz-testcase-minimized-4738998142500864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 67da2685e0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-24 02:43:52 +02:00
Michael Niedermayer	5cf5a1034c	avcodec/ffv1dec: Fix integer overflow in read_quant_table() ... Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 3361/clusterfuzz-testcase-minimized-5065842955911168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d00fc952b6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-24 02:41:18 +02:00
Michael Niedermayer	6b66cd8c40	avcodec/svq3: Fix overflow in svq3_add_idct_c() ... Fixes: runtime error: signed integer overflow: 2147392585 + 524288 cannot be represented in type 'int' Fixes: 3348/clusterfuzz-testcase-minimized-4809500517203968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2c933c5168) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-24 02:40:59 +02:00
Michael Niedermayer	ab2d991382	avcodec/pngdec: Clean up on av_frame_ref() failure ... Fixes: memleak Fixes: 3203/clusterfuzz-testcase-minimized-4514553595428864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5480e82d77) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-20 03:09:14 +02:00
Michael Niedermayer	0a5251d28e	avcodec/hevc_ps: Fix c?_qp_offset_list size ... Fixes: runtime error: index 5 out of bounds for type 'int8_t const[5]' Fixes:3175/clusterfuzz-testcase-minimized-4736774054084608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit abf3f9fa23) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	2cfabd8ce7	avcodec/shorten: Move buffer allocation and offset init to end of read_header() ... They are time consuming operations, performing them after the other checks improves the speed with damaged input dramatically. Fixes: Timeout Fixes: 2928/clusterfuzz-testcase-4992812120539136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 380659604f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	87ef295ddf	avcodec/jpeg2000dsp: Fix multiple integer overflows in ict_int() ... Fixes: runtime error: signed integer overflow: 22553 * -188962 cannot be represented in type 'int' Fixes: 3042/clusterfuzz-testcase-minimized-5174210131394560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2d025e7428) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	03bf78eba6	avcodec/hevcdsp_template: Fix undefined shift in put_hevc_pel_bi_w_pixels ... Fixes: runtime error: left shift of negative value -95 Fixes: 3077/clusterfuzz-testcase-minimized-4684917524922368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c225da68cf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	f3c3cd5afb	avcodec/diracdec: Fix overflow in DC computation ... Fixes: runtime error: signed integer overflow: 11896 + 2147483646 cannot be represented in type 'int' Fixes: 3053/clusterfuzz-testcase-minimized-6355082062856192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b5995856a4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	256ebf8bb4	avcodec/dirac_vlc: limit res_bits in APPEND_RESIDUE() ... Fixes: runtime error: left shift of 1073741838 by 1 places cannot be represented in type 'int32_t' (aka 'int') Fixes: 3279/clusterfuzz-testcase-minimized-4564805744590848 Suggested-by: <atomnuker> Reviewed-by: <atomnuker> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d98d29a775) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Mark Wachsler	36c0958fbd	libavcodec/h264_parse: don't use uninitialized value when chroma_format_idc==0 ... When parsing a monochrome file, chroma_log2_weight_denom was used without being initialized, which could lead to a bogus error message being printed, e.g. [h264 @ 0x61a000026480] chroma_log2_weight_denom 24576 is out of range It also could led to warnings using AddressSanitizer. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fde5c7dc79) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	372bb59438	avcodec/dirac_vlc: Fix invalid shift in ff_dirac_golomb_read_32bit() ... Fixes: runtime error: shift exponent 64 is too large for 64-bit type 'residual' (aka 'unsigned long') Fixes: 2838/clusterfuzz-testcase-minimized-6260066086813696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c595139f1f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	d5b42af8e7	avcodec/dirac_dwt: Fix multiple overflows in 9/7 lifting ... Fixes: runtime error: signed integer overflow: 1073901567 + 1073901567 cannot be represented in type 'int' Fixes: 3124/clusterfuzz-testcase-minimized-454643435752652 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f71cd44147) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	2173539519	avcodec/diracdec: Fix integer overflow in INTRA_DC_PRED() ... Fixes: runtime error: signed integer overflow: 1168175789 + 1168178473 cannot be represented in type 'int' Fixes: 3081/clusterfuzz-testcase-minimized-4807564879462400 Fixes: 2844/clusterfuzz-testcase-minimized-5561715838156800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2a0823ae96) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	e29c9ef2d5	avcodec/snowdec: Fix integer overflow in decode_subband_slice_buffered() ... Fixes: runtime error: signed integer overflow: 267 * 8388608 cannot be represented in type 'int' Fixes: 2743/clusterfuzz-testcase-minimized-5820652076400640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 732f976456) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	50d726273e	avcodec/hevc_ps: Fix undefined shift in pcm code ... Fixes: runtime error: shift exponent -1 is negative Fixes: 3091/clusterfuzz-testcase-minimized-6229767969832960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2a83866c9f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	a4cc1101cc	avcodec/sbrdsp_fixed: Fix undefined overflows in autocorrelate() ... Fixes: runtime error: signed integer overflow: 8903997421129740175 + 354481484684609529 cannot be represented in type 'long' Fixes: 2045/clusterfuzz-testcase-minimized-6751255865065472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit eefb68c9c3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	3738a41830	avcodec/hevc_ps: Check delta_pocs in ff_hevc_decode_short_term_rps() ... Fixes: integer overflow Fixes: 2893/clusterfuzz-testcase-minimized-5809330567774208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2b44dcbc44) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Vitaly Buka	febea34f91	avcodec/utils: Fix signed integer overflow in rc_initial_buffer_occupancy initialization ... Signed integer overflow is undefined behavior. Detected with clang and -fsanitize=signed-integer-overflow Signed-off-by: Vitaly Buka <vitalybuka@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c2bb10ddf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	6da5e63ba7	avcodec/aacdec_template: Fix running cleanup in decode_ics_info() ... Fixes: out of array read Fixes: 2873/clusterfuzz-testcase-minimized-5924145713905664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Previous version reviewed-by: Alex Converse <alex.converse@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6f03ffb47d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	d15b1da8bc	avcodec/me_cmp: Fix crashes on ARM due to misalignment ... Adds a diff_pixels_unaligned() Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872503 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bc488ec28a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	dc86479e5f	avcodec/dirac_dwt_template: Fix integer overflow in vertical_compose53iL0() ... Fixes: runtime error: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int' Fixes: 3013/clusterfuzz-testcase-minimized-4644084197097472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a165b53daa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	98cd9cd4c2	avcodec/fic: Fixes signed integer overflow ... Fixes: runtime error: signed integer overflow: 1037142357 + 1227025305 cannot be represented in type 'int' Fixes: 3024/clusterfuzz-testcase-minimized-5885660323905536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0c9d5b015c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	bd09e3b19c	avcodec/snowdec: Fix off by 1 error ... Fixes: runtime error: index 4 out of bounds for type 'int8_t [4]' Fixes: 3023/clusterfuzz-testcase-minimized-6421736130084864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d132683ddd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	5bc3b18e3d	avcodec/diracdec: Fixes integer overflow ... Fixes: runtime error: signed integer overflow: 340018243 * 27 cannot be represented in type 'int' Fixes: 2861/clusterfuzz-testcase-minimized-5361070510178304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 92da23093c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	952393b69e	avcodec/diracdec: Check perspective_exp and zrs_exp. ... Fixes: undefined shift Fixes: runtime error: shift exponent 264 is too large for 32-bit type 'int' Fixes: 2860/clusterfuzz-testcase-minimized-4672811689836544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1e6cab8745) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00
Michael Niedermayer	04db307c77	avcodec/ffv1dec_template: Fix undefined shift ... Fixes: runtime error: left shift of negative value -127 Fixes: 2834/clusterfuzz-testcase-minimized-5988039123795968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 62702eebde) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-17 12:21:32 +02:00