ffmpeg

mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-02-22 23:07:00 +00:00

Author	SHA1	Message	Date
Hendrik Leppkes	d12e316dbd	avcodec/vdpau_mpeg4: fix order of quant matrix coefficients The matrix coefficients are stored permutated for the IDCT, rather then in plain raster order, and need to be un-permutated for the hardware.	2023-05-15 18:50:36 +02:00
Hendrik Leppkes	419248dd19	avcodec/vdpau_mpeg12: fix order of quant matrix coefficients The matrix coefficients are stored permutated for the IDCT, rather then in plain raster order, and need to be un-permutated for the hardware.	2023-05-15 18:50:36 +02:00
Hendrik Leppkes	ab9b4ea207	avcodec/nvdec_mpeg4: fix order of quant matrix coefficients The matrix coefficients are stored permutated for the IDCT, rather then in plain raster order, and need to be un-permutated for the hardware.	2023-05-15 18:50:36 +02:00
Hendrik Leppkes	97c9af0cc9	avcodec/nvdec_mpeg2: fix order of quant matrix coefficients The matrix coefficients are stored permutated for the IDCT, rather then in plain raster order, and need to be un-permutated for the hardware.	2023-05-15 18:50:36 +02:00
Jiasheng Jiang	51efa68ec0	avcodec/vp3: Add missing check for av_malloc Since the av_malloc() may fail and return NULL pointer, it is needed that the 's->edge_emu_buffer' should be checked whether the new allocation is success. Fixes: `d14723861b` ("VP3: fix decoding of videos with stride > 2048") Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> (cherry picked from commit `656cb0450a`)	2022-12-18 07:53:04 -03:00
James Almer	a8a208b123	avcodec/mjpegenc: take into account component count when writing the SOF header size Fixes ticket #10069 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `1009396953`)	2022-11-28 08:48:42 -03:00
Martin Storsjö	f442a376a1	checkasm: float_dsp: Scale FLT/DBL_EPSILON sufficiently when comparing As the values generated by av_bmg_get can be arbitrarily large (only the stddev is specified), we can't use a fixed tolerance. This matches what was done for test_vector_dmul_scalar in `38f966b222`. This fixes the float_dsp checkasm test for some seeds, when built with clang for mingw/x86_32. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `8f70e261fa`) Fixes ticket #10010	2022-11-06 20:50:26 +01:00
Martin Storsjö	a4ba6e7d2c	swscale: aarch64: Fix yuv2rgb with negative strides Treat the 32 bit stride registers as signed. Alternatively, we could make the stride arguments ptrdiff_t instead of int, and changing all of the assembly to operate on these registers with their full 64 bit width, but that's a much larger and more intrusive change (and risks missing some operation, which would clamp the intermediates to 32 bit still). Fixes: https://trac.ffmpeg.org/ticket/9985 Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `cb803a0072`) Signed-off-by: Martin Storsjö <martin@martin.st>	2022-11-04 14:32:53 +02:00
Michael Niedermayer	a2e14839dc	Changelog: update Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-10 16:05:50 +02:00
Michael Niedermayer	c814c2a1ff	avcodec/dstdec: Check for overflow in build_filter() Fixes: signed integer overflow: 1917019860 + 265558963 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-4833165046317056 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8008940da5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:52 +02:00
Michael Niedermayer	056695bf43	avformat/spdifdec: Use 64bit to compute bit rate Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4075f0cec1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:52 +02:00
Michael Niedermayer	ae5b1998e3	avformat/xwma: Use av_rescale() for duration computation Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2c789f753c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:52 +02:00
Michael Niedermayer	02402b49af	avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `aa8eb1bed0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:51 +02:00
Michael Niedermayer	74b61efa91	avformat/rmdec: check tag_size Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2cb7ee8a36`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:51 +02:00
Michael Niedermayer	e474173f47	avformat/nutdec: Check fields Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2c146406ea`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:51 +02:00
Michael Niedermayer	167c0dcfdc	avformat/dxa: avoid bpc overflows Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `93db0f0740`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:50 +02:00
Michael Niedermayer	9fb728dd1c	avformat/cafdec: Check that nb_frasmes fits within 64bit Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d4bb4e3759`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:50 +02:00
Michael Niedermayer	955ed9b641	avformat/asfdec_o: Limit packet offset avoids overflows with it Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136 Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `736e9e69d5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:50 +02:00
Michael Niedermayer	3e208ef088	avformat/ape: Check frames size Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d0349c9929`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:49 +02:00
Michael Niedermayer	80ec0ca973	avformat/icodec: Check nb_pal Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `db73ae0dc1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:49 +02:00
Michael Niedermayer	d52ed1be9e	avformat/aiffdec: Use 64bit for block_duration use Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9303ba272e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:49 +02:00
Michael Niedermayer	9959b6e2eb	avformat/aiffdec: Check block_duration Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1c2b6265c8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:48 +02:00
Michael Niedermayer	e55980d3bf	avformat/mxfdec: only probe max run in Suggested-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1182bbb2c3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:48 +02:00
Michael Niedermayer	045ed347fb	avformat/mxfdec: Check run_in is within 65536 Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7786097825`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:48 +02:00
Michael Niedermayer	a101c97782	avcodec/apedec: Fix integer overflow in filter_3800() Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296 Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f05247f6a4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:47 +02:00
Michael Niedermayer	7d5e8bdb0a	avcodec/tta: Check 24bit scaling for overflow Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3993345f91`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:47 +02:00
Michael Niedermayer	53f3a25107	libavformat/hls: Free keys Fixes: memleak Fixes: 50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu <lingjiujianke@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d32a9f3137`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:47 +02:00
Michael Niedermayer	f0fb070286	avcodec/fmvc: Move frame allocation to a later stage This way more things are checked before allocation Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9783749c66`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:46 +02:00
Michael Niedermayer	c263380558	avcodec/speedhq: Check width Fixes: out of array access Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400 Alternatively the buffer size can be increased Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f0395f9ef6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:46 +02:00
Michael Niedermayer	b222272124	avcodec/bink: disallow odd positioned scaled blocks Fixes: out of array access Fixes: 47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b14104a637`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:46 +02:00
Michael Niedermayer	bf29c080b1	avformat/asfdec_o: limit recursion depth in asf_read_unknown() The threshold of 5 is arbitrary, both smaller and larger should work fine Fixes: Stack overflow Fixes: 50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1f1a368169`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:45 +02:00
Michael Niedermayer	8f443328c0	doc/git-howto.texi: Document commit signing Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ced0dc807e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:45 +02:00
Michael Niedermayer	82e77e0dec	libavcodec/8bps: Check that line lengths fit within the buffer Fixes: Timeout Fixes: undefined pointer arithmetic Fixes: 50330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5436287485607936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2316d5ec1a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:45 +02:00
Michael Niedermayer	37139adfbf	libavformat/iff: Check for overflow in body_end calculation Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 cannot be represented in type 'long' Fixes: 50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bcb4690304`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:44 +02:00
Michael Niedermayer	2f2a3397cc	avformat/avidec: Prevent entity expansion attacks Fixes: Timeout Fixes no testcase, this is the same idea as similar attacks against XML parsers Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f3e823c2aa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:44 +02:00
Michael Niedermayer	4d537913e5	avcodec/h263dec: Sanity check against minimal I/P frame size Fixes: Timeout Fixes: 49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ca4ff9c21c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:44 +02:00
Michael Niedermayer	ec9af84dc5	avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccel This is somewhat redundant with the is_decoded check. Maybe there is a nicer solution Fixes: Null pointer dereference Fixes: 49584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5297367351427072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3b51e19922`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:43 +02:00
Michael Niedermayer	8229f4327f	MAINTAINERS: Add ED25519 key for signing my commits in the future Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `05225180be`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:43 +02:00
Michael Niedermayer	0bea6b5d50	avcodec/hevc_filter: copy_CTB() only within width&height Fixes: out of array access Fixes: 49271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5424984922652672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `009ef35d38`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:43 +02:00
Michael Niedermayer	f198ffcf38	avformat/flvdec: Check for EOF in index reading Fixes: Timeout Fixes: 47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ceff5d7b74`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:42 +02:00
Michael Niedermayer	5cefe5d304	avformat/nutdec: Check get_packetheader() in mainheader Fixes; Timeout Fixes: 48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b5de084aa6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:42 +02:00
Michael Niedermayer	c9d8271274	avformat/asfdec_f: Use 64bit for packet start time Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Fixes: 49014/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6314973315334144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8ed78486fc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:42 +02:00
Michael Niedermayer	85d59a6a98	avcodec/lagarith: Check dst/src in zero run code Fixes: out of array access Fixes: 48799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-4764457825337344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9450f75974`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:41 +02:00
Michael Niedermayer	99f1f07b78	avcodec/h264dec: Skip late SEI Fixes: Race condition Fixes: clusterfuzz-testcase-minimized-mediasource_MP2T_AVC_pipeline_integration_fuzzer-6282675434094592 Found-by: google ClusterFuzz Tested-by: Dan Sanders <sandersd@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f7dd408d64`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:41 +02:00
Michael Niedermayer	5deba24c22	avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c() Fixes: signed integer overflow: 2147483645 + 16 cannot be represented in type 'int' Fixes: 46993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4759025234870272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1537f40516`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:41 +02:00
Michael Niedermayer	b3fdcaca7b	avfilter/vf_signature: Fix integer overflow in filter_frame() Fixes: CID1403233 The second of the 2 changes may be unneeded but will help coverity Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dd6040675e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:40 +02:00
Michael Niedermayer	6c1a7a829d	avformat/rtsp: break on unknown protocols This function needs more cleanup and it lacks error handling Fixes: use of uninitialized memory Fixes: CID700776 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `73c0fd27c5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:40 +02:00
Michael Niedermayer	8a4e3bc1c5	avcodec/hevcdsp_template: stay within tables in sao_band_filter() Fixes: out of array read Fixes: 47875/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5719393113341952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9c5250a561`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:40 +02:00
Michael Niedermayer	f9afd5cacc	avcodec/qpeldsp: copy less for the mc0x cases Fixes: out of array access Fixes: 47936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5745039940124672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e690d4edf5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:39 +02:00
Michael Niedermayer	f7b403bba6	avcodec/ffv1dec: Limit golomb rice coded slices to width 8M This limit is possibly not reachable due to other restrictions on buffers but the decoder run table is too small beyond this, so explicitly check for it. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b4431399ec`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-10-09 22:15:39 +02:00

1 2 3 4 5 ...

93651 Commits