Andreas Rheinhardt
1cf238d3bf
avcodec/cbs: Factor out common code for writing units
...
All cbs-functions to write units share a common pattern:
1. They check whether they have a write buffer (that is used to store
the unit's data until the needed size becomes known after writing the
unit when a dedicated buffer will be allocated).
2. They use this buffer for a PutBitContext.
3. The (codec-specific) writing takes place through the PutBitContext.
4. The return value is checked. AVERROR(ENOSPC) here always indicates
that the buffer was too small and leads to a reallocation of said
buffer.
5. The final buffer will be allocated and the data copied.
This commit factors this common code out in a single function in cbs.c.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 7c92eaace2
2019-12-31 16:57:37 -03:00
Michael Niedermayer
cb3a59ca82
avcodec/ffwavesynth: Fix undefined overflow in wavesynth_synth_sample()
...
Fixes: signed integer overflow: 2147464192 + 21176 cannot be represented in type 'int'
Fixes: 19042/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5719828090585088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit fa47f6412dmichael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
25b5331a1d
avcodec/cook: Use 3 stage VLC decoding for channel_coupling
...
Fixes: shift exponent -1 is negative
Fixes: out of array read
Fixes: 19028/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5759766471376896
Fixes: 19037/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5734106625474560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 89fd76db71michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
525a8ee3d8
avcodec/wmalosslessdec: Fixes undefined overflow in dequantization in decode_subframe()
...
Fixes: signed integer overflow: 47875596 * 45 cannot be represented in type 'int'
Fixes: 19082/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5687766512041984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 53efab44a9michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
9bea771035
avcodec/sonic: Check e in get_symbol()
...
Fixes: signed integer overflow: 1721520852 + 1721520852 cannot be represented in type 'int'
Fixes: 18346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5709623893426176
Fixes: 18753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5663299131932672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aea6755611michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
4abd0e1282
avcodec/twinvqdec: Correct overflow in block align check
...
Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int'
Fixes: 19126/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TWINVQ_fuzzer-5687464110325760
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4dc93ae3d7michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
fd674648a2
avcodec/vc1dec: Fix "return -1" cases
...
Reviewed-by: "mypopy@gmail.com " <mypopy@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 26f040bcb4michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
31e169948d
avcodec/vc1dec: Free sprite_output_frame on error
...
Fixes: memleaks
Fixes: 19471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5688035714269184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3ee9240be3michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
cb1111b04a
avcodec/atrac9dec: Clamp band_ext_data to max that can be read if skipped.
...
Fixes: out of array read
Fixes: 19327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5679823087468544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 18ff210efbmichael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
067b2c0c28
avcodec/agm: Include block size in the MV check for flags == 3
...
Fixes: out of array read
Fixes: 19331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5644115983466496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1f20969457michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
8681622d7b
avcodec/wmadec: Keep track of exponent initialization per channel
...
Fixes: division by 0
Fixes: 19123/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5655493121146880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bf5c850b79michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
3679bda78b
avcodec/iff: Check that video_size is large enough for the read parameters
...
video is allocated before parameters like bpp are read.
Fixes: out of array access
Fixes: 19084/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5718556033679360
Fixes: 19465/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5759908398235648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f1b97f62f8michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
affedbd027
avcodec/cbs_vp9: Check data_size
...
Fixes: out of array access
Fixes: 19542/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5659498341728256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4fa2d5a692michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
d7fbabaeb5
avcodec/cbs_vp9: Check index_size
...
Fixes: out of array read
Fixes: 19300/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_METADATA_fuzzer-5653911730126848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d6553e2e60michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
9511cfe07f
avcodec/adpcm: Clip predictor for APC
...
Fixes: signed integer overflow: -2147483648 - 13 cannot be represented in type 'int'
Fixes: 18893/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_APC_fuzzer-5630760442920960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9fe07908c3michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
5f14ba4776
avcodec/targa: Check colors vs. available space
...
Fixes: Timeout (37sec -> 52ms)
Fixes: 18892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TARGA_fuzzer-5739537854889984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 01593278cemichael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
bc17113954
avcodec/dstdec: Use get_ur_golomb_jpegls()
...
Fixes: shift exponent -4 is negative
Fixes: 17793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5766088435957760
Fixes: 18989/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5175008116867072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a76690c02bmichael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
ddb35d510e
avcodec/wmavoice: Check remaining input in parse_packet_header()
...
Fixes: Infinite loop
Fixes: 18914/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5731902946541568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 19c41969b2michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
846c61789c
avcodec/wmalosslessdec: Fix 2 overflows in mclms
...
Fixes: signed integer overflow: 2038337026 + 109343477 cannot be represented in type 'int'
Fixes: 18886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5673660505653248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 92455c8c65michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
01f5442b82
avcodec/wmaprodec: Fixes integer overflow with 32bit samples
...
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 18860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5755223125786624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a9cc69c0d5michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
090d10ce60
avcodec/adpcm: Fix invalid shift in xa_decode()
...
Fixes: left shift of negative value -1
Fixes: 18859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5748474213040128
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 50db30b47dmichael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
7a1b6aa6ac
avcodec/wmalosslessdec: Fix several integer issues
...
Fixes: shift exponent -1 is negative (and others)
Fixes: 18852/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5660855295541248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ec3fe67074michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
19691eb4d5
avcodec/wmalosslessdec: Check that padding bits is not more than sample bits
...
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 18817/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5713317180211200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9d42826580michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
ef722f7692
avcodec/iff: Skip overflowing runs in decode_delta_d()
...
Fixes: Timeout (107sec - 75ms>
Fixes: 18812/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6295585225441280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 185f441ba2michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
3c0fcc7779
avcodec/pnm: Check that the header is not truncated
...
Fixes: Ticket8430
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c94cb8d9b2michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
60605ffa5c
avcodec/mp3_header_decompress_bsf: Check sample_rate_index
...
Fixes: out of array read
Fixes: 19309/clusterfuzz-testcase-minimized-ffmpeg_BSF_MP3_HEADER_DECOMPRESS_fuzzer-5651002950942720
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f064c7c449michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
075b337798
avcodec/cbs_av1_syntax_template: Check num_y_points
...
"It is a requirement of bitstream conformance that num_y_points is less than or equal to 14."
Fixes: index 24 out of bounds for type 'uint8_t [24]'
Fixes: 19282/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_MERGE_fuzzer-5747424845103104
Note, also needs a23dd33606https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: jamrial
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bbe27890ffmichael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
1f88bbc9f2
avcodec/agm: Do not allow MVs out of the picture area as no edge is allocated
...
Fixes: out of array access
Fixes: 18499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5749038406434816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7a1b30c871michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
d6cc432751
avcodec/apedec: Fix 2 integer overflows
...
Fixes: signed integer overflow: 2119056926 - -134217728 cannot be represented in type 'int'
Fixes: 18728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5747539563511808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6e15ba2d1fmichael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
96e1ca6e05
avcodec/wmaprodec: Set packet_loss when we error out on a sanity check
...
Fixes: left shift of negative value -34
Fixes: 18719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5642658173419520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a9cbd25d89michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
50ed50a03b
avcodec/wmaprodec: Check offset
...
Fixes: index 33280 out of bounds for type 'float [32768]'
Fixes: 18718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5635373899710464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5473c7825emichael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
6bb2004c82
avcodec/truemotion2: Fix 2 integer overflows in tm2_low_res_block()
...
Fixes: signed integer overflow: 1778647621 + 574372924 cannot be represented in type 'int'
Fixes: 18692/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-6248679635943424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 93d52a181emichael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
7bf4d235c0
avcodec/wmaprodec: Check if the channel sum of all internal contexts match the external
...
Fixes: NULL pointer dereference
Fixes: 18689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5715114640015360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 090ac57997michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
3bd30882b1
avcodec/atrac9dec: Check q_unit_cnt more completely before using it to access at9_tab_band_ext_group
...
Fixes: index 8 out of bounds for type 'const uint8_t [8][3]'
Fixes: 19127/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5709394985091072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e1d836d237michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
573cfcc52b
avcodec/fitsdec: Use lrint()
...
Fixes: fate-fitsdec-bitpix-64
Possibly Fixes: -nan is outside the range of representable values of type 'unsigned short'
Possibly Fixes: 17769/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5678314672357376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 37f31f4e50michael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
fe04b47cea
avcodec/g729dec: Avoid using buf_size
...
buf_size is not updated as buf is advanced so it is wrong after the first
iteration
Fixes: Timeout (160sec -> 27sec)
Fixes: 18658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5729784269373440
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 336f9461dfmichael@niedermayer.cc >
2019-12-31 19:51:57 +01:00
Michael Niedermayer
3292f6c6be
avcodec/g729dec: Factor block_size out
...
This will be used in the next commit
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 576746b4e3michael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
c98cecea59
avcodec/g729dec: require buf_size to be non 0
...
The 0 case was added with the support for multiple packets. It
appears unintended and causes extra complexity and out of array
accesses (though within padding)
No testcase
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f64be9da4cmichael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
d808a43e29
avcodec/alac: Fix integer overflow in lpc_prediction() with sign
...
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 18643/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5672182449700864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7686ba1f14michael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
079db0014b
avcodec/wmaprodec: Fix buflen computation in save_bits()
...
Fixes: Assertion failure
Fixes: 18630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5201588654440448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 589cb44498michael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
7ee5d5bf66
avcodec/vc1_block: Fix integer overflow in AC rescaling in vc1_decode_i_block_adv()
...
Fixes: signed integer overflow: 50176 * 262144 cannot be represented in type 'int'
Fixes: 18629/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5182370286403584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0e010e489bmichael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
e0f9f52938
avcodec/vmdaudio: Check chunk counts to avoid integer overflow
...
Fixes: signed integer overflow: 4 * 538976288 cannot be represented in type 'int'
Fixes: 18622/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-5092166174507008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 47d963335emichael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
b02b306f73
avcodec/nuv: Use ff_set_dimensions()
...
Fixes: OOM
Fixes: 18956/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5766505644163072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1ca978d636michael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
31240bb703
avcodec/ffwavesynth: Fix integer overflow with pink_ts_cur/next
...
Fixes: signed integer overflow: 6175076100092079360 - -5034989061050195840 cannot be represented in type 'long'
Fixes: 18614/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5704508847423488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d82ab96e76michael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
8c1c43c6c1
avcodec/ralf: Fix integer overflows with the filter coefficient in decode_channel()
...
Fixes: signed integer overflow: 1145975808 - -1146173210 cannot be represented in type 'int'
Fixes: 18616/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5121296757424128
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 721624c2f6michael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
10fb811c0d
avcodec/g729dec: Use 64bit and clip in scalar product
...
The G729 reference decoder clips after each individual operation and keeps track if overflow
occurred (in the fixed point implementation), this here is
simpler and faster but not 1:1 the same what the reference does.
Non fuzzed samples which trigger any such overflow are welcome, so
the need and impact of different clipping solutions can be evaluated.
Fixes: signed integer overflow: 1271483721 + 1073676289 cannot be represented in type 'int'
Fixes: 18617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5137705679978496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bf9c4a1275michael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
1aeef9979d
avcodec/mxpegdec: Check for multiple SOF
...
Fixes: Timeout (14sec -> 9ms)
Fixes: 18598/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5726095261564928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 75b64e5aa3michael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
4cd8ae5b9c
avcodec/nuv: Move comptype check up
...
Fixes: Timeout (23sec -> 5ms)
Fixes: 18517/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5753135536013312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1138cdecbemichael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
0ae9a8cdbb
avcodec/wmavoice: Fix integer overflow in synth_frame()
...
Fixes: left shift of negative value -3
Fixes: 18518/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-6560514359951360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cf323f4d38michael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
Michael Niedermayer
b56388541b
avcodec/rawdec: Check bits_per_coded_sample more pedantically for 16bit cases
...
Fixes: shift exponent -14 is negative
Fixes: 18335/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RAWVIDEO_fuzzer-5723267192586240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5634e20525michael@niedermayer.cc >
2019-12-31 19:51:56 +01:00
