summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Changelog: updaten3.0.10Michael Niedermayer2017-12-021-0/+41
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vorbis: Fix another 1 << 31 > int32_t::max() with 1u.Dale Curtis2017-12-021-1/+1
| | | | | | | | | Didn't notice this one when 9648cc6d was landed. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 95bacb521af8cd28f146f045437c9f75717a493a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Don't manipulate duration when it's AV_NOPTS_VALUE.Dale Curtis2017-12-021-1/+1
| | | | | | | | | This leads to signed integer overflow. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit c5fd57f483d2ad8e34551b78509f1e14136f73c0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vorbis: 1 << 31 > int32_t::max(), so use 1u << 31 instead.Dale Curtis2017-12-021-1/+1
| | | | | | | Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9648cc6d7fdbb0a260bed1e3e23300569cff9579) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Prevent undefined shift with wrap_bits > 64.Dale Curtis2017-12-021-2/+3
| | | | | | | | | | | 2LL << (wrap_bits=64 - 1) does not fit in int64_t; change the code to use a uint64_t (2ULL) and add an av_assert2() to ensure wrap_bits <= 64. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 03fbc0daa7e37af024f8b017a28105c32bbe25ca) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/j2kenc: Fix out of array access in encode_cblk()Michael Niedermayer2017-12-021-1/+2
| | | | | | | | | Fixes: 4427/clusterfuzz-testcase-minimized-5106919271301120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0674087004538599797688785f6ac82358abc23b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdsp_template: Fix undefined shift in put_hevc_epel_bi_w_h()Michael Niedermayer2017-12-021-1/+1
| | | | | | | | | | Fixes: runtime error: left shift of negative value -127 Fixes: 4397/clusterfuzz-testcase-minimized-4779061080489984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0409d333115e623b5ccdbb364d64ca2a52fd8467) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mlpdsp: Fix signed integer overflow, 2nd tryMichael Niedermayer2017-12-021-1/+1
| | | | | | | | | | | | The outputted bits should match what is used in the lossless check Fixes: runtime error: signed integer overflow: -538697856 * 256 cannot be represented in type 'int' Fixes: 4326/clusterfuzz-testcase-minimized-5689449645080576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 97c00edaa043043c29d985653e7e1687b56dfa23) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/kgv1dec: Check that there is enough input for maximum RLE compressionMichael Niedermayer2017-12-021-0/+3
| | | | | | | | | | Fixes: Timeout Fixes: 4271/clusterfuzz-testcase-4676667768307712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3aad94bf2b140cfba8ae69d018da05d4948ef37f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt: Fix integer overflow in COMPOSE_FIDELITYi*Michael Niedermayer2017-12-021-2/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -2143827186 - 7404944 cannot be represented in type 'int' Fixes: 4354/clusterfuzz-testcase-minimized-4671122764201984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2b6964f764382742bb052a1ee3b7167cac35332f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Check also for negative versions in the validity checkMichael Niedermayer2017-12-021-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0e7865ce4152f8b04cda6a698bbee4fd4a94009d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Close ogg stream upon error when using AV_EF_EXPLODE.Dale Curtis2017-12-021-1/+3
| | | | | | | | | | Without this there can be multiple memory leaks for unrecognized ogg streams. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bce8fc0754c4b31f574a4372c6d7996ed29f7c2a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Fix undefined shift on assumed 8-bit input.Dale Curtis2017-12-021-2/+9
| | | | | | | | | | | | | | | decode_user_data() attempts to create an integer |build| value with 8 bits of spacing for 3 components. However each component is an int32_t, so shifting each component is undefined for values outside of the 8 bit range. This patch simply clamps input to 8-bits per component and prints out a warning that the values were clamped. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7010dd98b575d2e39fca947e609b85be7490b269) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Use ff_thread_once for fixed, float table init.Dale Curtis2017-12-021-2/+6
| | | | | | | | | | These tables are static so they should only be initialized once instead of on every call to ff_mpadsp_init(). Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5eaaffaf64d1854493f0fe9ec822eed1b3cd9fe1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Propagate errors in mov_switch_root.Jacob Trimble2017-12-021-2/+5
| | | | | | | Signed-off-by: Jacob Trimble <modmaker@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2d9cf3bf16b94cd9db10dabad695c69c5cff4f58) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdsp_template: Fix invalid shift in put_hevc_epel_bi_w_v()Michael Niedermayer2017-12-021-1/+1
| | | | | | | | | | Fixes: runtime error: left shift of negative value -255 Fixes: 4037/clusterfuzz-testcase-minimized-5290998163832832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7d88586e4728e97349f98e07ff782bb168ab96c3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mlpdsp: Fix undefined shift ff_mlp_pack_output()Michael Niedermayer2017-12-021-1/+1
| | | | | | | | | | Fixes: runtime error: left shift of negative value -7862264 Fixes: 4074/clusterfuzz-testcase-minimized-4516104123711488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f7f70738e8dd77a698a5e28bba552ea7064af21) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/zmbv: Check that the buffer is large enough for mvecMichael Niedermayer2017-12-021-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 4143/clusterfuzz-testcase-4736864637419520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2ab9568a2c3349039eec29fb960fe39de354b514) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD137iL0()Michael Niedermayer2017-12-021-1/+1
| | | | | | | | | | Fixes: 4035/clusterfuzz-testcase-minimized-6479308925173760 Fixes: runtime error: signed integer overflow: 9 * 402653183 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 73964680d7bce6d81ddc553a24d73e9a1c9156f9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmv2dec: Check end of bitstream in parse_mb_skip() and ↵Michael Niedermayer2017-12-021-2/+16
| | | | | | | | | | | | ff_wmv2_decode_mb() Fixes: Timeout Fixes: 3200/clusterfuzz-testcase-5750022136135680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65e0a7c473f23f1833538ffecf53c81fe500b5e4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowdec: Check for remaining bitstream in decode_blocks()Michael Niedermayer2017-12-021-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 3142/clusterfuzz-testcase-5007853163118592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4527ec2216109867498edc3ac8a17fd879b5d017) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowdec: Check intra block dc differences.Michael Niedermayer2017-12-021-4/+13
| | | | | | | | | | Fixes: Timeout Fixes: 3142/clusterfuzz-testcase-5007853163118592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c3b9bbcc6edf2d83fe4857484cfa0839872188c6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Check size of STSC allocationFredrik Hubinette2017-12-021-0/+2
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a6fdd75fe6440d2f4150cb456a9078aa68b00fdb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc2enc: Clear coef_buf on allocationMichael Niedermayer2017-12-021-1/+1
| | | | | | | | | | Fixes: Use of uninitialized memory Fixes: assertion failure Reviewed-by: <atomnuker> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6d00905f8134a2932e5c00dd1ec8b2a1f0a38035) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264dec: Fix potential array overreadMichael Niedermayer2017-12-021-0/+1
| | | | | | | | | | add padding before scantable arrays See: 522d850e68ec4b77d3477b3c8f55b1ba00a9d69a Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 380b48fb9fdc7b0c40d67e026f9b3accb12794eb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/x86/mpegvideodsp: Fix signedness bug in need_emuMichael Niedermayer2017-12-021-2/+3
| | | | | | | | | | | Fixes: out of array read Fixes: 3516/attachment-311488.dat Found-by: Insu Yun, Georgia Tech. Tested-by: wuninsu@gmail.com Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 58cf31cee7a456057f337b3102a03206d833d5e8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacpsdsp_template: Fix integer overflows in ps_decorrelate_c()Michael Niedermayer2017-12-021-4/+4
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 1939661764 - -454942263 cannot be represented in type 'int' Fixes: 3191/clusterfuzz-testcase-minimized-5688798451073024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2afe05402f05d485f0c356b04dc562f0510d317d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_fixed: Fix undefined shiftMichael Niedermayer2017-12-021-1/+1
| | | | | | | | | | Fixes: runtime error: left shift of negative value -801112064 Fixes: 3492/clusterfuzz-testcase-minimized-5784775283441664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fca198fb5bf42ba6b765b3f75b11738e4b4fc2a9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mdct_*: Fix integer overflow in addition in RESCALE()Michael Niedermayer2017-12-022-11/+11
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 1219998458 - -1469874012 cannot be represented in type 'int' Fixes: 3443/clusterfuzz-testcase-minimized-5369987105554432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 770c934fa1635f4fadf5db4fc5cc5ad15d82455a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowdec: Fix integer overflow in header parsingMichael Niedermayer2017-12-021-5/+5
| | | | | | | | | | Fixes: 3984/clusterfuzz-testcase-minimized-5265759929368576 Fixes: runtime error: signed integer overflow: -1085585801 + -1094995529 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c897a9285846b6a072b9650976afd4f091b7a71f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cngdec: Fix integer clippingMichael Niedermayer2017-12-021-1/+1
| | | | | | | | | | Fixes: runtime error: value -36211.7 is outside the range of representable values of type 'short' Fixes: 2992/clusterfuzz-testcase-6649611793989632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 51090133b31bc719ea868db15d3ee38e9dbe90f1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sbrdsp_fixed: Fix integer overflow in shift in sbr_hf_g_filt_c()Michael Niedermayer2017-12-021-5/+7
| | | | | | | | | | Fixes: runtime error: shift exponent 66 is too large for 64-bit type 'long long' Fixes: 3642/clusterfuzz-testcase-minimized-5443853801750528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 981e99ab99986935affad7c164ebdfe28e8ea7f8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/softfloat: Add FLOAT_MINMichael Niedermayer2017-12-021-0/+1
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacsbr_fixed: Fix division by zero in sbr_gain_calc()Michael Niedermayer2017-12-021-0/+1
| | | | | | | | | Fixes: 3642/clusterfuzz-testcase-minimized-5443853801750528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7d1dec466895eed12f2c79b7ab5447f5390fe869) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264idct_template: Fix integer overflows in ff_h264_idct8_add()Michael Niedermayer2017-12-021-4/+4
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -503316480 + -2013265038 cannot be represented in type 'int' Fixes: 3805/clusterfuzz-testcase-minimized-6578427831255040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e131b8cedb00043dcc97cc05ca04749ec8ff57de) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/xan: Check for bitstream end in xan_huffman_decode()Michael Niedermayer2017-12-021-1/+4
| | | | | | | | | | Fixes: Timeout Fixes: 3707/clusterfuzz-testcase-6465922706440192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4b51437dccd62fc5491280db44e3c21b44aeeb3f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat: Free the internal codec context at the endLuca Barbato2017-12-021-6/+1
| | | | | | | Avoid a use after free in avformat_find_stream_info. (cherry picked from commit 9e4a5eb51b9f3b2bff0ef08e0074b7fe4893075d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/xan: Improve overlapping checkMichael Niedermayer2017-12-021-1/+1
| | | | | | | | | | Fixes: memcpy-param-overlap Fixes: 3612/clusterfuzz-testcase-minimized-6393461273001984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e8fafef1db43ead4eae5a6301ccc300e73aa47da) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_fixed: Fix integer overflow in apply_dependent_coupling_fixed()Michael Niedermayer2017-12-021-1/+1
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 623487 * 536870912 cannot be represented in type 'int' Fixes: 3594/clusterfuzz-testcase-minimized-4650622935629824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 41d96af2a74cb5df50346b160067facd43149667) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_fixed: Fix integer overflow in predict()Michael Niedermayer2017-12-021-2/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -2110708110 + -82837504 cannot be represented in type 'int' Fixes: 3547/clusterfuzz-testcase-minimized-6009386439802880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0976752420706c0a8b3cb8fd61497a47c7d7270f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeglsdec: Check for end of bitstream in ls_decode_line()Michael Niedermayer2017-12-021-0/+3
| | | | | | | | | | | Fixes: 1773/clusterfuzz-testcase-minimized-4832523987189760 Fixes: Timeout Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f80224ed19a4c012549fd460d529c7c04e68cf21) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeglsdec: Check ilv for being a supported valueMichael Niedermayer2017-12-021-0/+4
| | | | | | | | | Fixes: 1773/clusterfuzz-testcase-minimized-4832523987189760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe533628b9604e2f8e5179d5c5dd17c3cb764265) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* vc2enc_dwt: pad the temporary buffer by the slice sizeRostislav Pehlivanov2017-11-093-6/+15
| | | | | | | | | | | | | | | | Since non-Haar wavelets need to look into pixels outside the frame, we need to pad the buffer. The old factor of two seemed to be a workaround that fact and only padded to the left and bottom. This correctly pads by the slice size and as such reduces memory usage and potential exploits. Reported by Liu Bingchang. Ideally, there should be no temporary buffer but the encoder is designed to deinterleave the coefficients into the classical wavelet structure with the lower frequency values in the top left corner. Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com> (cherry picked from commit 3228ac730c11eca49d5680d5550128e397061c85)
* Update for 3.0.10Michael Niedermayer2017-10-263-2/+73
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowdec: Check mv_scaleMichael Niedermayer2017-10-151-1/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2 * -1094995530 cannot be represented in type 'int' Fixes: 3512/clusterfuzz-testcase-minimized-4812747210489856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 393d6fc7395611a38792e3c271b2be42ac45e672) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pafvideo: Check for bitstream end in decode_0()Michael Niedermayer2017-10-151-1/+4
| | | | | | | | | | Fixes: Timeout Fixes: 3529/clusterfuzz-testcase-5057068371279872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9c85329cd02e9284892bf263ce6133b2fc479792) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: Fix out of array read in slice countingMichael Niedermayer2017-10-131-1/+1
| | | | | | | | | Fixes: test-201710.mp4 Found-by: 连一汉 <lianyihan@360.cn> and Zhibin Hu Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c20f4fcb74da2d0432c7b54499bb98f48236b904) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt: Fix integer overflow in COMPOSE_53iL0()Michael Niedermayer2017-10-131-2/+2
| | | | | | | | | | Fixes: runtime error: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int' Fixes: 3485/clusterfuzz-testcase-minimized-4940429332054016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bdee75a4e750735ab3039f004275ac8479072048) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg_er: Clear mcsel in mpeg_er_decode_mb()Michael Niedermayer2017-10-131-0/+1
| | | | | | | | | | Fixes out of array read Should fix: 3516/clusterfuzz-testcase-minimized-4608518562775040 (not reprodoceable) Found-by: Insu Yun, Georgia Tech. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 127a362630e11fe724e2e63fc871791fdcbcfa64) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Use 64 bit intermediates for sprite deltaMichael Niedermayer2017-10-131-39/+40
| | | | | | | | | | | Fixes: runtime error: signed integer overflow: -104713 * 65536 cannot be represented in type 'int' Fixes: 3453/clusterfuzz-testcase-minimized-5555554657239040 Fixes: 3528/clusterfuzz-testcase-minimized-6283628420005888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e38f280fece38e270a6462a02cc034f4116a7912) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
View Lorry Controller Status