Michael Niedermayer
477020fdf1
avcodec/takdec: Fix multiple runtime error: left shift of negative value -1
...
Fixes: 1423/clusterfuzz-testcase-minimized-5063889899225088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c5d2fa2fdfmichael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
ebbf9e1eb8
avcodec/indeo2: Check for invalid VLCs
...
Fixes: timeout
Fixes: 1416/clusterfuzz-testcase-minimized-5536862435278848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 159fb8ff7emichael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
1219924dbe
avcodec/g723_1dec: Fix several integer related cases of undefined behaviour
...
Fixes: 1412/clusterfuzz-testcase-minimized-6561308772139008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d3088e0fd8michael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
350f7f0bdf
avcodec/htmlsubtitles: Check for string truncation and return error
...
Fixes out of array access
Fixes: 1354/clusterfuzz-testcase-minimized-5520132195483648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f4ae3cce64michael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
f47b687067
avcodec/bmvvideo: Fix runtime error: left shift of 137 by 24 places cannot be represented in type 'int'
...
Fixes: 1411/clusterfuzz-testcase-minimized-5776085184675840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 29692023b2michael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
14da95af46
avcodec/dss_sp: Fix multiple runtime error: signed integer overflow: -15699 * -164039 cannot be represented in type 'int'
...
Fixed: 1409/clusterfuzz-testcase-minimized-5237365020819456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ea59ef0c03michael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
afa243bdf0
avcodec/dvbsubdec: check region dimensions
...
Fixes: 1408/clusterfuzz-testcase-minimized-6529985844084736
Fixes: integer overflow
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0075d9ecedmichael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
05efc2bab7
avcodec/vp8dsp: Fixes: runtime error: signed integer overflow: 1330143360 - -1023040530 cannot be represented in type 'int'
...
Fixes: 1406/clusterfuzz-testcase-minimized-5064865125236736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8824b7370amichael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
f06fae660b
avcodec/hqxdsp: Fix multiple runtime error: signed integer overflow: 248220 * 21407 cannot be represented in type 'int' in idct_col()
...
Fixes: 1405/clusterfuzz-testcase-minimized-5011491835084800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5d5118f81bmichael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
862b16aabf
avcodec/cavsdec: Check sym_factor
...
Fixes: runtime error: signed integer overflow: 25984 * 130560 cannot be represented in type 'int'
Fixes: 1404/clusterfuzz-testcase-minimized-5000441286885376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 279420b5a6michael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
7f3a671ece
avcodec/cdxl: Check format for BGR24
...
Fixes: out of array access
Fixes: 1427/clusterfuzz-testcase-minimized-5020737339392000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1e42736b95michael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
4aea3cd974
avcodec/ffv1dec: Fix copying planes of paletted formats
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3a4d387195michael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
ed06434bff
avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -12156865 cannot be represented in type 'int'
...
Fixes: 1401/clusterfuzz-testcase-minimized-6526248148795392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8b1f66cf5cmichael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
85c8c0c826
avcodec/xwddec: Check bpp more completely
...
Fixes out of array access
Fixes: 1399/clusterfuzz-testcase-minimized-4866094172995584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 441026fcb1michael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
332a9cbbf7
avcodec/aacdec_template: Do not decode 2nd PCE if it will lead to failure
...
Fixes: out of array read
Fixes: 1072/clusterfuzz-testcase-6456688074817536
Fixes: 1398/clusterfuzz-testcase-minimized-4576913622302720
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5e0dbf530michael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
36dd76ef14
avcodec/s302m: Fix left shift of 8 by 28 places cannot be represented in type 'int'
...
Fixes: 1395/clusterfuzz-testcase-minimized-5330939741732864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a38e9797cbmichael@niedermayer.cc >
2017-05-14 12:20:16 +02:00
Michael Niedermayer
e9a8242b96
avcodec/eamad: Fix runtime error: signed integer overflow: 49674 * 49858 cannot be represented in type 'int'
...
Fixes: 1394/clusterfuzz-testcase-minimized-6493376885030912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0ac1c87194michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
408b4fb430
avcodec/g726: Fix runtime error: left shift of negative value -2
...
Fixes: 1393/clusterfuzz-testcase-minimized-5948366791901184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c04aa14882michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
fe09596f49
avcodec/ra144: Fix runtime error: left shift of negative value -798
...
Fixes: 1388/clusterfuzz-testcase-minimized-6680800936329216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 78bf446852michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
8d17000794
avcodec/mss34dsp: Fix multiple signed integer overflow
...
Fixes: 1387/clusterfuzz-testcase-minimized-4802757766676480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 464c4b86eemichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
5c81cf8225
avcodec/targa_y216dec: Fix width type
...
Fixes out of array access
Fixes: 1376/clusterfuzz-testcase-minimized-6361794975105024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3e56db8926michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
a7ca51b273
avcodec/texturedsp: Fix multiple runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
...
Fixes: 1386/clusterfuzz-testcase-minimized-5323086394032128
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e92fb2bea1michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
1514e432f9
avcodec/ivi_dsp: Fix multiple left shift of negative value -2
...
Fixes: 1385/clusterfuzz-testcase-minimized-5552882663292928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9e88cc94e5michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
a3e3d72d12
avcodec/svq3: Fix multiple runtime error: signed integer overflow: 44161 * 61694 cannot be represented in type 'int'
...
Fixes: 1382/clusterfuzz-testcase-minimized-6013445293998080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 669419939cmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
89e26447fa
avcodec/msmpeg4dec: Correct table depth
...
Fixes undefined shift
Fixes: 1381/clusterfuzz-testcase-minimized-5513944540119040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1121d92707michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
207f2874c0
avcodec/dds: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
...
Fixes: 1380/clusterfuzz-testcase-minimized-650122545122508
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8a8335de03michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
7a69c1b2ab
avcodec/cdxl: Check format parameter
...
Fixes out of array access
Fixes: 1378/clusterfuzz-testcase-minimized-5715088008806400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e1b60aad77michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
f20c485e4e
avcodec/hq_hqa: Fix runtime error: left shift of negative value -207
...
Fixes: 1375/clusterfuzz-testcase-minimized-6070134701555712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1283c42447michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
db83541205
avcodec/mss3: Change types in rac_get_model_sym() to match the types they are initialized from
...
Fixes integer overflow
Fixes: 1372/clusterfuzz-testcase-minimized-5712192982745088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2ef0f39271michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
8bf18194ab
avcodec/shorten: Check k in get_uint()
...
Fixes: undefined shift
Fixes: 1371/clusterfuzz-testcase-minimized-5770822591447040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7b6a51f59cmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
57e603fd9f
avcodec/webp: Fix null pointer dereference
...
Fixes: 1369/clusterfuzz-testcase-minimized-5048908029886464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9bf4523e40michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
65f3fffbcf
avcodec/dfa: Fix signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
...
Fixes: 1368/clusterfuzz-testcase-minimized-4507293276176384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 12936a4585michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
37d51c242f
avcodec/g723_1: Fix multiple runtime error: left shift of negative value
...
Fixes: 1367/clusterfuzz-testcase-minimized-571496882346393
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4ace2d2219michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
054a16d375
avcodec/mimic: Fix runtime error: left shift of negative value -1
...
Fixes: 1365/clusterfuzz-testcase-minimized-5624158450876416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fc2c420b82michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
aa39ca14d6
avcodec/fic: Fix multiple left shift of negative value -15
...
Fixes: 1356/clusterfuzz-testcase-minimized-6008489086287872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b20c71409bmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
4ee1e00f08
avcodec/mlpdec: Fix runtime error: left shift of negative value -22
...
Fixes: 1355/clusterfuzz-testcase-minimized-6662205472768000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c535436cbemichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
2d3da218ce
avcodec/snowdec: Check qbias
...
Fixes: signed integer overflow: -1094995529 * 131 cannot be represented in type 'int'
Fixes: 1353/clusterfuzz-testcase-minimized-5208180449607680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 523205ce1emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
2a6cad221b
avcodec/aacsbr_template: Do not leave bs_num_env invalid
...
Fixes out of array read
Fixes: 1349/clusterfuzz-testcase-minimized-5370707196248064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a8ad83b793michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
1f91d66a62
avcodec/mdec: Fix signed integer overflow: 28835400 * 83 cannot be represented in type 'int'
...
Fixes: 1346/clusterfuzz-testcase-minimized-5776732600664064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a234b5ade3michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
536af42121
avcodec/dfa: Fix off by 1 error
...
Fixes out of array access
Fixes: 1345/clusterfuzz-testcase-minimized-6062963045695488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f52fbf4f3emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
9c7184ae63
avcodec/nellymoser: Fix multiple left shift of negative value -8591
...
Fixes: 1342/clusterfuzz-testcase-minimized-5490842129137664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0953736b7emichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
0f6f163922
avcodec/cdxl: Fix signed integer overflow: 14243456 * 164 cannot be represented in type 'int'
...
Fixes: 1341/clusterfuzz-testcase-minimized-5441502618583040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1002932a3bmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
db8f28fd3f
avcodec/g722: Fix multiple runtime error: left shift of negative value -1
...
Fixes: 1340/clusterfuzz-testcase-minimized-4669892148068352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f55df62998michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
77aa9eddbc
avcodec/dss_sp: Fix multiple left shift of negative value -466
...
Fixes: 1339/clusterfuzz-testcase-minimized-4614671485108224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 38152d9368michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
5fb14cc889
avcodec/wnv1: Fix runtime error: left shift of negative value -1
...
Fixes: 1338/clusterfuzz-testcase-minimized-6485546354343936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9fac508ca4michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
a78cfe84f9
avcodec/tiertexseqv: set the fixed dimenasions, do not depend on the demuxer doing so
...
Fixes: out of array access
Fixes: 1348/clusterfuzz-testcase-minimized-6195673642827776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ce551a3925michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
b0d6bff2f2
avcodec/mjpegdec: Fix runtime error: signed integer overflow: -24543 * 2031616 cannot be represented in type 'int'
...
Fixes: 943/clusterfuzz-testcase-5114865297391616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a78ae465fdmichael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
231e242ed2
avcodec/cavsdec: Fix undefined behavior from integer overflow
...
Fixes: 1335/clusterfuzz-testcase-minimized-5566961566089216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a0e5f7f363michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
58b05f8720
avcodec/dvdsubdec: Fix runtime error: left shift of 242 by 24 places cannot be represented in type 'int'
...
Fixes: 1080/clusterfuzz-testcase-5353236754071552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ce7098b8f2michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
Michael Niedermayer
5aa97eb1a6
libavcodec/mpeg4videodec: Convert sprite_offset to 64bit
...
This avoids intermediates from overflowing (the final values are checked)
Fixes: runtime error: signed integer overflow: -167712 + -2147352576 cannot be represented in type 'int'
Fixes: 1298/clusterfuzz-testcase-minimized-5955580877340672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c1c3a14073michael@niedermayer.cc >
2017-05-14 12:20:15 +02:00
