FFmpeg

Author	SHA1	Message	Date
James Almer	a15a3318e1	avcodec/cbs_av1: fix setting FrameWidth in frame_size_with_refs() Section 5.9.7 of the spec states UpscaledWidth = RefUpscaledWidth[ ref_frame_idx[ i ] ] FrameWidth = UpscaledWidth FrameHeight = RefFrameHeight[ ref_frame_idx[ i ] ] RenderWidth = RefRenderWidth[ ref_frame_idx[ i ] ] RenderHeight = RefRenderHeight[ ref_frame_idx[ i ] ] Meaning FrameWidth must not be set to RefFrameWidth[ ref_frame_idx[ i ] ] like we're currently doing. Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>	2020-09-05 22:30:38 -03:00
James Almer	f94134b22a	avcodec/cbs_av1: use a more appropiate AV1ReferenceFrameState pointer variable name frame is more commonly used for AV1RawFrameHeader and AV1RawFrame. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `97819f15a8`)	2020-09-05 22:30:32 -03:00
James Almer	74c9965096	avcodec/cbs_av1: fix handling reference frames on show_existing_frame frames Implement Section 7.21 "Reference frame loading process" and Section 7.20 "Reference frame update process" for show_existing_frame frames, as required by the definition in Section 7.4 "Decode frame wrapup process". Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `e76b4b2a6b`)	2020-09-05 22:30:23 -03:00
James Almer	af72c16468	avcodec/cbs_av1: infer frame_type in show_existing_frame frames earlier This follows the spec and will come in handy in the next commit. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `afbe9ebac7`)	2020-09-05 22:30:18 -03:00
James Almer	408592c838	avcodec/cbs_av1: add OrderHint to CodedBitstreamAV1Context This follows the spec and will come in handy in a following commit. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `e3ed0ce32a`)	2020-09-05 22:30:12 -03:00
James Almer	f73c4487ef	avcodec/cbs_av1: infer frame_type when parsing a show_existing_frame frame Reviewed-by: Mark Thompson <sw@jkqxz.net> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `6c20207dce`)	2020-09-05 22:30:07 -03:00
Mark Thompson	f070c53c7a	cbs_av1: Fix test for presence of buffer_removal_time element The frame must be in both the spatial and temporal layers for the operating point, not just one of them. (cherry picked from commit `b567cb8d0b`)	2020-09-05 22:30:01 -03:00
James Almer	3a66177fef	avcodec/cbs_av1: fix storage size for render_{width,height}_minus_1 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `751f2a27f7`)	2020-09-05 21:36:03 -03:00
Carl Eugen Hoyos	0a012a5338	lavc: Lower MediaFoundation audio encoder priority. The actual encoders may not be available. Fixes ticket #8699. (cherry picked from commit `13db5061ff`)	2020-08-25 18:58:59 +02:00
James Almer	590a36acbd	x86/h264_deblock: fix warning about trailing empty parameter Fixes part of ticket #8771 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `2c844c9828`)	2020-07-12 11:39:29 -03:00
Michael Niedermayer	5086d22697	avcodec/tiff: Check input space in dng_decode_jpeg() Fixes: out of array read Fixes: 24034/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5111884337119232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `79e8d17024`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-11 00:25:33 +02:00
Michael Niedermayer	3c4679c430	avcodec/mjpeg_parser: Adjust size rejection threshold Fixes: 86987846-429c8d80-c197-11ea-916b-bb4738e09687.jpg Fixes: Regression since `ec3d8a0e69` Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dde6077297`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-11 00:25:33 +02:00
Michael Niedermayer	832652a9d1	avcodec/cbs_jpeg: Fix uninitialized end index in cbs_jpeg_split_fragment() Fixes: Out of array read Fixes: 24043/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5084566275751936.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4a10bc8f6f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-11 00:25:33 +02:00
Michael Niedermayer	b021eba8b6	avcodec/apedec: Fix undefined integer overflow with 24bit Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int' Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9f7b252cdf`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-09 12:35:39 +02:00
Michael Niedermayer	093c2dd644	avcodec/loco: Fix integer overflow with large values from loco_get_rice() Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int' Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3ddc5e1f3c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-09 12:35:39 +02:00
Michael Niedermayer	b228e0c5f6	avcodec/tiff: Check frame parameters before blit for DNG Fixes: out of array access Fixes: 23888/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6021365974171648.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4091f4f780`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-09 12:35:39 +02:00
Michael Niedermayer	11a10e30a9	avcodec/mjpegdec: Limit bayer to single plane outputting format This reduces the number of paths reachable with DNG and should improve security Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `865a34970e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-09 12:35:39 +02:00
Michael Niedermayer	f98f29de5e	avcodec/pnmdec: Fix misaligned reads Found-by: "Steinar H. Gunderson" <steinar+ffmpeg@gunderson.no> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ea28ce9bc1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-09 12:35:39 +02:00
Michael Niedermayer	531ddbacb5	avcodec/mv30: Fix integer overflows in idct2_1d() Fixes: signed integer overflow: 6500736 * 473 cannot be represented in type 'int' Fixes: 23259/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5179394271477760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3b8d5bcc31`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-09 12:35:39 +02:00
Michael Niedermayer	d25345bb00	avcodec/hcadec: Check total_band_count against imdct_in size Fixes: index 128 out of bounds for type 'float [128]' Fixes: 23465/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5089866596745216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2d96c94531`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-09 12:35:39 +02:00
Michael Niedermayer	1ff86cb452	avcodec/scpr3: Fix out of array access with dectab Fixes: 23721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5914074721550336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c8de8dfba6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-09 12:35:39 +02:00
Michael Niedermayer	f1ebea7c91	avcodec/tiff: Do not overrun the array ends in dng_blit() Fixes: out of array access Fixes: 23589/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5110559589793792.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f35caea77f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-09 12:35:39 +02:00
Michael Niedermayer	c86a9d5b82	avcodec/dstdec: Replace AC overread check by sample rate check Real files do skip coding 0 bits at the end, thus this kind of check does not work reliable. Fixes: Ticket 8770 Fixes: dst-256fs44-6ch-refdstencoder.dff The samplerate is specified in ISO/IEC 14496-3:2005(E) as one of 3 fixed values, this also can be used to limit the duration and avoid the timeout This reverts commit `f6df99dba1`. (cherry picked from commit `1679f23beb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-09 12:35:39 +02:00
Andreas Rheinhardt	7cbb6ee2ee	avcodec/h264_metadata_bsf: Fix invalid av_freep This bug was introduced in `3c8a2a1180`. Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `04e06beb0a`) Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>	2020-07-04 22:33:21 +02:00
James Almer	acefb59ac5	avcodec/cbs_h265: set default VUI parameters when vui_parameters_present_flag is false Based on cbs_h264 code. Should fix ticket #8752. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `d1c55fc460`)	2020-07-02 22:26:39 -03:00
Manoj Bonda	797574400d	avcodec/av1_parser: initialize avctx->pix_fmt Initialize avctx->pix_fmt in av1_parser.c AV1 Chroma format is invalid when quering using below code if no AV1 decoder is available: iVideoStream = av_find_best_stream(fmtc, AVMEDIA_TYPE_VIDEO, -1, -1, NULL, 0); eChromaFormat = (AVPixelFormat)fmtc->streams[iVideoStream]->codecpar->format; Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `23d06f606e`)	2020-07-02 22:26:39 -03:00
James Almer	b303fe926e	avcodec/av1_parser: add missing parsing for RGB pixel format signaling Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `af6cddae1f`)	2020-07-02 22:26:39 -03:00
James Almer	8f5f453998	avcodec/av1_parser: set context values outside the OBU parsing loop Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `634a44db5a`)	2020-07-02 22:26:39 -03:00
Michael Niedermayer	f27a510211	avcodec/pngdec: Check for fctl after idat Fixes: out of array access Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `65b1ba680f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 10:20:36 +02:00
Michael Niedermayer	f4affa071a	avcodec/wmalosslessdec: fix overflow with pred in revert_cdlms Fixes: signed integer overflow: 2048 + 2147483646 cannot be represented in type 'int' Fixes: 23538/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5227567073460224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `21598d711d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 10:20:36 +02:00
Andreas Rheinhardt	b3d8e13a88	avcodec/cbs_av1: Fix writing uvlc numbers >= INT_MAX Fixes: assertion failure Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 23264/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6308429248593920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `6f06c17a55`) Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>	2020-07-01 19:01:31 +02:00
Andreas Rheinhardt	284fffa92f	avcodec/bitstream: Don't check for undefined behaviour after it happened Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `5e196dac22`) Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>	2020-07-01 18:59:57 +02:00
Michael Niedermayer	8e12af29d1	avcodec/tiff: Check stride for dng Fixes: assertion failure Fixes: 23422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5746026064642048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `276dfa9d91`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-15 20:41:15 +02:00
Andreas Rheinhardt	82d70d8038	avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit is so big that it extends beyond the end of the input packet; it does so only implicitly by using the checked version of the bytestream2 API. But this has downsides compared to real checks: It can lead to huge allocations (up to 2GiB) even when the input packet is just a few bytes. And furthermore it leads to uninitialized data being output. So add a check to error out early if it happens. Also check directly whether there is enough data for the length field. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `ea1b71e82f`)	2020-06-15 04:18:16 +02:00
Michael Niedermayer	a3e0c9f8f0	avcodec/ffwavesynth: Avoid undefined operation on ts overflow Alternatively these conditions could be treated as errors Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896 Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long') Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `584d334afd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	95b9ac040e	avcodec/mv30: check mode_size vs. input space Fixes: Timeout (longer than my patience vs 1sec) Fixes: 22984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5630021988515840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `75e2ac4f07`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	f823932349	avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv() Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int' Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e361785ee0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	fa0a71ac41	avcodec/jpeg2000dec: Fix/check for multiple integer overflows Fixes: shift exponent 35 is too large for 32-bit type 'int' Fixes: 22857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5202709358837760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c579ceffbe`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	e149b24c63	avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c() Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int' Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c0dfe134be`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	2ce670fc48	avcodec/sonic: Fix several integer overflows Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int' Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `75d520e337`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	c372189443	avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile Fixes: out of array access Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e53235f06c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	335ddf2fe9	avcodec/pixlet: Fix log(0) check Fixes: passing zero to clz(), which is not a valid argument Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bd0f81526d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	0e51c7b64a	avcodec/iff: Fix off by x error Fixes: out of array access Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `51225dee0a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	28460ece95	avcodec/wmalosslessdec: Check block_align maximum Fixes: Assertion failure Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `314d10f7a6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	63d14168a5	avcodec/loco: Fix signed integer overflow in loco_get_rice() Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `aa88cdfd90`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	e468d9248c	avcodec/cbs: Allocate more CodedBitstreamUnit at once in cbs_insert_unit() Fixes: Timeout (85sec -> 0.5sec) Fixes: 20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360 Fixes: 21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656 Fixes: 21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `49ba60fed0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	e625d40b93	avcodec/mpeg12dec: remove outdated comments Found-by: Kieran Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `48de8f5816`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	bb788dec83	avcodec/snowdec: Avoid integer overflow with huge qlog Fixes: integer overflow Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `38fbf33c72`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
Michael Niedermayer	611fc7244a	avcodec/movtextdec: Fix shift overflows in mov_text_init() Fixes: left shift of 243 by 24 places cannot be represented in type 'int' Fixes: 22716/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5704263425851392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d7a2311a2c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-06-14 22:02:34 +02:00
James Almer	dba8e32e44	avcodec/cbs_av1: abort when written inferred values don't match If this happens, it's a sign of parsing issues earlier in the process, or misuse by the calling module. Prevents writing invalid bitstreams. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `318a1a383d`)	2020-06-14 16:45:05 -03:00

1 2 3 4 5 ...

43129 Commits