RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-02-22 23:07:00 +00:00
Code Issues Projects Releases Wiki Activity
95,029 Commits 37 Branches 400 Tags 272 MiB
cb667b6460
Commit Graph

95029 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
cb667b6460 avformat/mpeg: Check avio_read() return value in get_pts() 
Found-by: Thierry Foucu <tfoucu@gmail.com>
Fixes: Use-of-uninitialized-value
Reviewed-by: Thierry Foucu <tfoucu@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e8a88a16f7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-10-05 21:28:08 +02:00
Michael Niedermayer
8ae6def1e0 avcodec/tiff: Check bpp/bppcount for 0 
Fixes: division by zero
Fixes: 24253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6250318007107584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be090da25f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-10-05 21:28:08 +02:00
Michael Niedermayer
f955b6efab avcodec/snowdec: Sanity check hcoeff 
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 24011/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5486376610168832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d51d569cf6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-10-05 21:28:08 +02:00
Michael Niedermayer
c9a546aeda avformat/mov: Check comp_brand_size 
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 24457/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5760093644390400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ffa6072fc7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-10-05 21:28:08 +02:00
Michael Niedermayer
185a720a4d avcodec/alac: Check decorr_shift to avoid invalid shift 
Later the decorrelate_stereo call is guarded by channels == 2
and non-zero decorr_left_weight. Make sure decorr_shift is in
the expected shift range for that case.

Fixes: shift exponent 128 is too large for 32-bit type 'int'
Fixes: 23860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5751138914402304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4333718b35)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-10-05 21:28:08 +02:00
Michael Niedermayer
fdaead7e23 avcodec/tdsc: Fix tile checks 
Fixes: out of array access
Fixes: crash.asf

Found-by: anton listov <greyfarn7@yandex.ru>
Reviewed-by: anton listov <greyfarn7@yandex.ru>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 081e3001ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-10-05 21:28:08 +02:00
Michael Niedermayer
ed54e26463 avcodec/cbs_jpeg: Fix uninitialized end index in cbs_jpeg_split_fragment() 
Fixes: Out of array read
Fixes: 24043/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5084566275751936.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a10bc8f6f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-10-05 21:28:08 +02:00
Timo Rothenpieler
c9f3835b2b avcodec/cuviddec: backport extradata fixes 2020-10-01 21:51:44 +02:00
Timo Rothenpieler
05097aff47 avcodec/cuviddec: handle arbitrarily sized extradata 2020-09-30 14:07:58 +02:00
Błażej Szczygieł
03d6632f96 lavf/tls_gnutls: check for interrupt inside handshake loop 
fixes #8080

Signed-off-by: Błażej Szczygieł <spaz16@wp.pl>
(cherry picked from commit 561ba15c97)
 2020-09-04 21:34:37 +03:00
Jan Ekström
1e7b385199 avformat/tls_schannel: immediately return decrypted data if available 
Until now, we would have only attempted to utilize already decrypted
data if it was enough to fill the size of buffer requested, that could
very well be up to 32 kilobytes.

With keep-alive connections this would just lead to recv blocking
until rw_timeout had been reached, as the connection would not be
officially closed after each transfer. This would also lead to a
loop, as such timed out I/O request would just be attempted again.

By just returning the available decrypted data, keep-alive based
connectivity such as HLS playback is fixed with schannel.

(cherry picked from commit 6f8826e4aa)
 2020-09-04 19:04:55 +03:00
Jan Ekström
93d1993181 avformat/tls_schannel: always decrypt all received data 
The dec_buf seems to be properly managed between read calls,
and we have no logic to decrypt before attempting socket I/O.
Thus - until now - such data would not be decrypted in case of
connections such as HTTP keep-alive, as the recv call would
always get executed first, block until rw_timeout, and then get
retried by retry_transfer_wrapper.

Thus - if data is received - decrypt all of it right away. This way
it is available for the following requests in case they can be
satisfied with it.

(cherry picked from commit 39977fff20)
 2020-09-04 19:04:06 +03:00
Andreas Rheinhardt
d359b750af avformat/sdp: Fix potential write beyond end of buffer 
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 5d91b7718e)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
 2020-07-10 21:31:39 +02:00
Andreas Rheinhardt
40e049856e avformat/mm: Check for existence of audio stream 
No audio stream is created unconditionally and if none has been created,
no packet with stream_index 1 may be returned. This fixes an assert in
ff_read_packet() in libavformat/utils reported in ticket #8782.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit ec59dc73f0)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
 2020-07-10 21:31:36 +02:00
Michael Niedermayer
f9f95ceebf Changelog: update 2020-07-09 01:30:42 +02:00
Zhao Zhili
a06587b01a avformat/mov: Fix unaligned read of uint32_t and endian-dependance in mov_read_default 
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 806a4d5187)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-07 21:05:23 +02:00
Michael Niedermayer
f9a7ca5911 Update for 4.2.4 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-07 20:39:24 +02:00
Michael Niedermayer
11c1e1d6d0 avcodec/apedec: Fix undefined integer overflow with 24bit 
Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int'
Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9f7b252cdf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-07 19:30:17 +02:00
Michael Niedermayer
b8f3879bcc avcodec/loco: Fix integer overflow with large values from loco_get_rice() 
Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int'
Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3ddc5e1f3c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-07 19:29:23 +02:00
Michael Niedermayer
bcbfcf1300 avformat/smjpegdec: Check the existence of referred streams 
Fixes: Assertion failure
Fixes: 23758/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5160954605338624.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 321ea59dac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-07 19:28:29 +02:00
Michael Niedermayer
7d3da77756 avcodec/pnmdec: Fix misaligned reads 
Found-by: "Steinar H. Gunderson" <steinar+ffmpeg@gunderson.no>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea28ce9bc1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-06 01:50:33 +02:00
Michael Niedermayer
a957f43072 avcodec/scpr3: Fix out of array access with dectab 
Fixes: 23721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5914074721550336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8de8dfba6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:57 +02:00
Michael Niedermayer
2cebde69e0 avcodec/dstdec: Replace AC overread check by sample rate check 
Real files do skip coding 0 bits at the end, thus this kind of check
does not work reliable.

Fixes: Ticket 8770
Fixes: dst-256fs44-6ch-refdstencoder.dff

The samplerate is specified in ISO/IEC 14496-3:2005(E) as one of 3 fixed
values, this also can be used to limit the duration and avoid the timeout

This reverts commit f6df99dba1.

(cherry picked from commit 1679f23beb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:57 +02:00
Michael Niedermayer
9fd30d0bdf avutil/avsscanf: Add () to avoid integer overflow in scanexp() 
Fixes: signed integer overflow: 2147483610 + 52 cannot be represented in type 'int'
Fixes: 23260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-5187871274434560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 42b28565aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:57 +02:00
Michael Niedermayer
6fe28832a9 avformat/utils: reorder duration computation to avoid overflow 
Fixes: signed integer overflow: 8 * 9223372036854774783 cannot be represented in type 'long'
Fixes: 23381/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4818340509122560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 10cc82c35b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:57 +02:00
Michael Niedermayer
3ea2cfe162 avcodec/pngdec: Check for fctl after idat 
Fixes: out of array access
Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 65b1ba680f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:57 +02:00
Michael Niedermayer
57970c41f5 avformat/hls: Pass a copy of the URL for probing 
The segments / url can be modified by the io read when reloading

This may be an alternative or additional fix for Ticket8673
as a further alternative the reload stuff could be disabled during
probing

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5e39880fb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:57 +02:00
Steven Liu
c00e881a45 avformat/hls: check segment duration value of EXTINF 
fix ticket: 8673
set the default EXTINF duration to 1ms if duration is smaller than 1ms

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
(cherry picked from commit 9dfb19baeb)
 2020-07-05 01:47:57 +02:00
Michael Niedermayer
0c4fcdead8 avutil/common: Fix integer overflow in av_ceil_log2_c() 
Fixes: left shift of 1913647649 by 1 places cannot be represented in type 'int'
Fixes: 23572/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5082619795734528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e409262837)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:57 +02:00
Michael Niedermayer
e02303282d avcodec/wmalosslessdec: fix overflow with pred in revert_cdlms 
Fixes: signed integer overflow: 2048 + 2147483646 cannot be represented in type 'int'
Fixes: 23538/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5227567073460224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 21598d711d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:57 +02:00
Michael Niedermayer
98ff949451 avformat/mvdec: Fix integer overflow with billions of channels 
Fixes: signed integer overflow: 1394614304 * 2 cannot be represented in type 'int'
Fixes: 23491/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5697377020411904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b6fbbe08c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
a720e4d3c9 avformat/microdvddec: skip malformed lines without frame number. 
Fixes: signed integer overflow: 1 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 23490/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5133490093031424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8fb7612a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
774efe1ece avformat/mxfdec: free duplicated utf16 strings 
Fixes: memleak
Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744

Suggested-by: Marton Balint <cus@passwd.hu>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0aa2768cb2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
5fd3af45bc avformat/4xm: Check that a video stream was created before returning packets for it 
Fixes: assertion failure
Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c517c3f474)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
19d9c40647 avcodec/ffwavesynth: Avoid undefined operation on ts overflow 
Alternatively these conditions could be treated as errors
Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long')

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 584d334afd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
ee14b82ee0 avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv() 
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int'
Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e361785ee0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
7a00fd4964 avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c() 
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int'
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0dfe134be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
1a74a8078c avcodec/sonic: Fix several integer overflows 
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int'
Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 75d520e337)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
8c7a41b455 avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile 
Fixes: out of array access
Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e53235f06c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
17175055f8 avcodec/pixlet: Fix log(0) check 
Fixes: passing zero to clz(), which is not a valid argument
Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bd0f81526d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
3a8ae4f297 avcodec/iff: Fix off by x error 
Fixes: out of array access
Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 51225dee0a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
9641fcb355 avcodec/wmalosslessdec: Check block_align maximum 
Fixes: Assertion failure
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 314d10f7a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
035d30ba17 avcodec/loco: Fix signed integer overflow in loco_get_rice() 
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa88cdfd90)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
4f92e48d5c avformat/thp: Check fps 
Fixes: division by zero
Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0e15b01b4e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
374a18fbc8 avformat/mpl2dec: Fix integer overflow with duration 
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9a42a67c5c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
75df98c0a0 avcodec/cbs: Allocate more CodedBitstreamUnit at once in cbs_insert_unit() 
Fixes: Timeout (85sec -> 0.5sec)
Fixes: 20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360
Fixes: 21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656
Fixes: 21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 49ba60fed0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
c540f6939d avcodec/mpeg12dec: remove outdated comments 
Found-by: Kieran
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 48de8f5816)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
4dec5b22ac avcodec/snowdec: Avoid integer overflow with huge qlog 
Fixes: integer overflow
Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38fbf33c72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Dale Curtis
361416218a avformat/mov: Check if DTS is AV_NOPTS_VALUE in mov_find_next_sample(). 
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf446711bc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00
Michael Niedermayer
500965b7ee avcodec/mpeg12dec: Fix got_output 
This makes got_output consistent with the code in slice_end() which sets the output

in slice_end()
 if (s->pict_type == AV_PICTURE_TYPE_B || s->low_delay) {
     int ret = av_frame_ref(pict, s->current_picture_ptr->f);
     ...
 } else {

Fixes: assertion failure
Fixes: 22178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5664234440753152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f33a9803a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-05 01:47:56 +02:00