Fixes: out of array access
Fixes: 22892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5135996772679680.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 22686/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5121369624018944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
the target_dec_fuzzer is checking for the avpkt.data pointer but if the
bmp parser cannot combine the frame, the poutbuf is not set.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
the target_dec_fuzzer is checking for the avpkt.data pointer but if the
mlp parser cannot combine the frame, the poutbuf is not set.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
the target_dec_fuzzer is checking for the avpkt.data pointer but if the
png parser cannot combine the frame, the poutbuf is not set.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -4869937 * 473 cannot be represented in type 'int'
Fixes: 21934/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5667289925156864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: 21804/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5673678898724864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483636 + 2048 cannot be represented in type 'int'
Fixes: 22016/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5109395618004992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1080285923 - -1130879337 cannot be represented in type 'int'
Fixes: 22002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-6260237310099456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 22692/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5678686190960640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: David Bryant <david@wavpack.com>
Tested-by: David Bryant <david@wavpack.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: array end overread
Fixes: 22395/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BITPACKED_fuzzer-5760940300828672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Darnley <james.darnley@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Prevent codecpar->codec_id from getting out of sync with the codec instantiated for probing.
Signed-off-by: Samuel Foss <sfoss@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
make checkheaders will get error as follow:
CC libavutil/hwcontext_vulkan.h.o
In file included from libavutil/hwcontext_vulkan.h.c:1:
./libavutil/hwcontext_vulkan.h:130:23: error: ‘AV_NUM_DATA_POINTERS’ undeclared here (not in a function)
130 | void *alloc_pnext[AV_NUM_DATA_POINTERS];
| ^~~~~~~~~~~~~~~~~~~~
./libavutil/hwcontext_vulkan.h:199:43: warning: ‘enum AVPixelFormat’ declared inside parameter list will not be visible outside of this definition or declaration
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
Finishes fixing the regression introduced in a1133db30ef07896afd96f067e5c51531a4e85ab
after the partial fix in b6d6597bef66531ec07c07a7125b88aee38fb220.
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: use after free
Fixes: 22484/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5671488765296640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Gautam Ramakrishnan <gautamramk@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
There are two different ways KLV is used in MISB specs - sync and async.
The corresponding text (in ST1401) says:
ISO/IEC 13818-1 Table-34 defines a stream_type = 0x15 for “Metadata carried in PES packets,”
and Table 2-22 defines a stream_id = 0xFC for “metadata stream.”
and
In ISO/IEC 13818-1, Table-34 defines a stream_type = 0x06 for “PES packets containing private
data,” and Table 2-22 defines a stream_id = 0xBD for “private_stream_1.”
These constants allow us to distinguish the two cases, as codec profiles.
Signed-off-by: Marton Balint <cus@passwd.hu>
Then one doesn't need to free the frame in case the length turns out to
be insufficient.
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>