This checks the value exactly for intra frames and checks it against a
minimum for inter frames as they can be variable.
Fixes: Timeout
Fixes: 10182/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZMBV_fuzzer-6245951174344704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e33b28cc79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
decomp_len is used in raw frames, so it should not be left at the value from
whatever was decoded previously (which may be any other frame)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d201b83cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Timeout
Fixes: 9961/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5687856176562176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 28b80c2d52)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Speed improvment 35.5 sec -> 34.7sec
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 71bf033050)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 697984b9db)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -26884 * 91439 cannot be represented in type 'int'
Fixes: 9687/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-4995588121690112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93a203662f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Entries are always at least 8 bytes per the parsing code, so if we
see an impossible entry count avoid massive allocations. This is
similar to an existing check in mov_read_stsc().
Since ff_mov_read_stsd_entries() does eof checks, an alternative
approach could be to clamp the entry count to atom.size / 8.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 320b631a99)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
AV_CODEC_FLAG_GLOBAL_HEADER should be set before calling avcodec_open2() to have any effect.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a82e4fb8c6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -19818 + -2147483648 cannot be represented in type 'int'
Fixes: 9545/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-4928769537081344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit acba153a14)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 168d8d56bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The specification states "NSV files may contain a single file header. "
Fixes: out of array access
Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421
Found-by: Paul Ch <paulcher@icloud.com>
Tested-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78d4b6bd43)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: dash-crash-da39a3ee5e6b4b0d3255bfef95601890afd80709.xml
Found-by: Paul Ch <paulcher@icloud.com>
Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 46753bfdd0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: infinite loop
Fixes: mlv-timeout-e3b8cab9835edecad6823baa057e029671329d04
Found-by: Paul Ch <paulcher@icloud.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1e71cb2c8e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: long running loop
Fixes: ivr-timeout-42468cb797f52f025fb329394702f5d4d64322d6
Found-by: Paul Ch <paulcher@icloud.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c2eec1762d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 9480/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6647324284551168 -rss_limit_mb=2000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b604e96a5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -540538872 + -2012739576 cannot be represented in type 'int'
Fixes: 9255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5758630052757504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db7e9082e1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -1813244069 + -1407981383 cannot be represented in type 'int'
Fixes: 8823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5643295618236416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47db5763e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes some SVQ3 encoded files which fail to decode correctly after 6d6faa2a2d.
These files exhibit lots of artifacts and logs show "Media key encryption is not implemented".
However they decode without artifacts before 6d6faa2a2d.
The attatched patch allows these files to successfully decode, but also reject media key files.
Tested on the files in #6094 and http://samples.mplayerhq.hu/V-codecs/SVQ3/Vertical400kbit.sorenson3.mov
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5aeb3b0080)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 8 * 340018243 cannot be represented in type 'int'
Fixes: 9441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5194665207791616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bed125b710)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 88 * 33685506 cannot be represented in type 'int'
Fixes: 9433/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5725943535501312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f457c0ad7f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 9291/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6324345860259840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 462d1be6de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6047609228623872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 69cac9e130)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -393471 * 5460 cannot be represented in type 'int'
Fixes: 8890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6299775379963904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5129040646)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: Marcin Gorzel <gorzel@google.com>
Reviewed-by: Marcin Gorzel <gorzel@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bce4da85e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be0b77e6e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This code came originally from gstreamer, where it was added in [1]
as a work-around for the Tegra 3. (The alignment was changed in [2]
as a response to [3], from 32-bit to 16-bit).
gstreamer only used this workaround in the case where the decoder
didn't return a slice-height property, but when the code was copied
into avcodec the conditional got lost. This commit restores the guard
and prefers the slice-height from the decoder when it is available.
This fixes segfaults decoding 1920x1080 h264 and mpeg2 videos on the
NVidia SHIELD after upgrading to Android Oreo.
[1] a870e6a5c3
[2] 21ff3ae0b0
[3] https://bugzilla.gnome.org/show_bug.cgi?id=748867
Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 476fd6ba3a)
Fixes crashes like "ffmpeg -h bsf" caused by passing NULL to strcmp()
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 3258cc6507)
On macOS, a zero rc_max_rate cause an error from
VTSessionSetProperty(kVTCompressionPropertyKey_DataRateLimits).
on iOS (depending on device/version), a zero rc_max_rate cause invalid
arguments from the vtenc_output_callback after few frames and then a crash
within the VideoToolbox library.
Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 93e157f40f)
Fixes: out of array read
Fixes: 9350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5746777750765568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cd86b5cfe2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
No testcase
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e6c843776)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: <jdarnley>
Tested-by: James Darnley <james.darnley@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 181435a4de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The version 1 needs the channel count and would divide by 0
Fixes: division by 0
Fixes: fpe_movenc.c_1108_1.ogg
Fixes: fpe_movenc.c_1108_2.ogg
Fixes: fpe_movenc.c_1108_3.wav
Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fa19fbcf71)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>