summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update for FFmpeg 4.3.6n4.3.6Michael Niedermayer2023-04-163-2/+56
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/escape124: Check that blocks are allocated before useMichael Niedermayer2023-04-151-1/+1
| | | | | | | | | | Fixes: NULL pointer dereference Fixes: 57819/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-5077280228769792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5366ae12b9ba60404822f6b39b41f6c0d98a7c8a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/huffyuvdec: Fix undefined behavior with shiftMichael Niedermayer2023-04-151-2/+2
| | | | | | | | | | Fixes: left shift of negative value -1 Fixes: 57554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFVHUFF_fuzzer-4853603839115264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 27e7857bd1127974ffe1512293abee83b1035194) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/j2kenc: Replace RGB24 special case by generic testMichael Niedermayer2023-04-151-1/+2
| | | | | | | | This fixes RGB48 with libavcodec as decoder Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ad4d647591dbd953a5cf3a32a779ee5e42465bbb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/j2kenc: Fix funky bpno errors on decodingMichael Niedermayer2023-04-151-2/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 816676085e3d32f27d4001d9b95590046c487eb6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/j2kenc: remove misleading pred valueMichael Niedermayer2023-04-151-1/+1
| | | | | | | | This field is only checked for being 0 or not and not zero means 5/3 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0adb375377f369b69b24d86bbfe674b7693ccf3c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/j2kenc: fix 5/3 DWT identiferMichael Niedermayer2023-04-151-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f6955b6df4b599ff5604e82987b96957414f8dd5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp3: Check width to avoid assertion failureMichael Niedermayer2023-04-151-1/+7
| | | | | | | | | | | Fixes: Assertion failure on x86-32 av_assert2(block_w * sizeof(pixel) <= FFABS(buf_linesize)); in ff_emulated_edge_mc() Fixes: 39641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5925660741206016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dab1cd2dc0471d497f481736059b2023c5b7986a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g729postfilter: Limit shift in long term filterMichael Niedermayer2023-04-151-1/+1
| | | | | | | | | | Fixes: shift exponent 34 is too large for 32-bit type 'int' Fixes: 57389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-6229522659016704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6d1d8609ac1054017ea3d11b325ed94a1205e9fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* configure: update copyright yearLynne2023-04-151-1/+1
| | | | | (cherry picked from commit 62da0b4a741a064f118a0eece496d6bcc437ec91) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tests/snowenc: Fix 2nd testMichael Niedermayer2023-04-151-2/+2
| | | | | (cherry picked from commit 163013c72452621624f634c706824c77222b77c5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tests/snowenc: return a failure if DWT/IDWT mismatchesMichael Niedermayer2023-04-151-3/+10
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 771c266c0be29e6a1001fbd6795dd343147da1f2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snowenc: Fix visual weight calculationMichael Niedermayer2023-04-158-40/+44
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5b5fcadea059ab458a886261a5b7a1cc134b517a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tests/snowenc: unbreak DWT testsMichael Niedermayer2023-04-151-9/+14
| | | | | | | | the IDWT data type mismatched current code Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8b3351bbead47f7f306621b45c8f2391b6bd23d2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/escape124: Fix some return codesMichael Niedermayer2023-04-151-7/+7
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 98df605f7a8e80471a113f7beb0983c90aa84525) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/escape124: fix signdness of end of input checkMichael Niedermayer2023-04-151-1/+1
| | | | | | | | | | Fixes: Timeout Fixes: 56561/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-5560363635834880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 87ad0a5dd7d12c91badc215c3b5d6745fa7acb02) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Use https for repository linksMichael Niedermayer2023-04-153-5/+5
| | | | | | | Reviewed-by: Stefano Sabatini <stefasab@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 011f30fc8205eff8e775d04afb98e02685cd8a7a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/motionpixels: Mask pixels to valid valuesMichael Niedermayer2023-04-151-1/+1
| | | | | | | | | | Fixes: out of array access Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-6724203352555520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ac6eec1fc258efce219e4fccb84312a1b13a7a23) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/xpmdec: Check size before allocation to avoid truncationMichael Niedermayer2023-04-151-0/+3
| | | | | | | | | | | Fixes:OOM Fixes:out of array access (no testcase) Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-6573323838685184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 95f0f84dae4f040d91f1e60dc5438612c58e8906) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/bink: Avoid undefined out of array end pointers in binkb_decode_plane()Michael Niedermayer2023-04-151-4/+4
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ea9deafd3b13233802c4548c4c58a707d76805a3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/bink: Fix off by 1 error in ref endMichael Niedermayer2023-04-151-1/+1
| | | | | | | | | | | | | | Fixes: out of array access Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6657932926517248 Alterantivly to this it is possibly to allocate a bigger array Note: oss-fuzz assigned this issue to a unrelated theora bug so the bug number matches that Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 49487045dde6f69194332aac51fd4e598e19c7b6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Ensure linesize for SVQ3Michael Niedermayer2023-04-151-0/+3
| | | | | | | | | | Fixes: Assertion block_w * sizeof(uint8_t) <= ((buf_linesize) >= 0 ? (buf_linesize) : (-(buf_linesize)) Fixes: 54861/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5352418248622080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4eef658ca59d3d6ba46ab52a36d7faf5fe820874) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: allocate a line more for VC1 and WMV3Michael Niedermayer2023-04-151-0/+1
| | | | | | | | | | | | | | Fixes: out of array read on 32bit Fixes: 54857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5840588224462848 The chroma MC code reads over the currently allocated frame. Alternative fixes would be allocating a few bytes more at the end instead of a whole line extra or to adjust the threshold where the edge emu code is activated Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 01636a63d452c592ece35af6f72bb7affcad58f2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/videodsp_template: Adjust pointers to avoid undefined pointer thingsMichael Niedermayer2023-04-151-2/+2
| | | | | | | | | | Fixes: subtraction of unsigned offset from 0xf6602770 overflowed to 0xf6638c80 Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-495074400600064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f0150cd41c2d3c01050a6c4f3df1de511a217913) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pngdec: Check deloco index more exactlyMichael Niedermayer2023-04-151-1/+1
| | | | | | | | | | | | Fixes: out of array access: Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-6716193709096960 Alternatively it should be possible to limit this to 3 plane RGB 8 /16bit to ensure the size is what it should be Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d5bae704068dc37191280e024eecb8d02b762b28) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: Check that num h/v slices is supportedMichael Niedermayer2023-04-151-0/+5
| | | | | | | | | | Fixes: out of array access Fixes: 55597/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-4898293416329216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8ead0ae68eb64ad325efafd686c434727f3d666a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Check samplesize and offset to avoid integer overflowMichael Niedermayer2023-04-151-0/+7
| | | | | | | | | | Fixes: signed integer overflow: 9223372036854775584 + 536870912 cannot be represented in type 'long' Fixes: 55844/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-510613920664780 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 53c1f5c2e28e54ea8174b196d5cf4a158907395a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pictordec: Remove mid exit branchMichael Niedermayer2023-04-151-2/+0
| | | | | | | | | | | This causes the RLE decoder to exit before applying the last RLE run All images i tested with are unchanged, this makes the special case for handling the last run unused for non truncated images. Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 88f0e05c72f0de0cae3d9f0c5644f1965632b641) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/eac3dec: avoid float noise in fixed mode addition to overflowMichael Niedermayer2023-04-152-1/+5
| | | | | | | | | | Fixes: 2.28595e+09 is outside the range of representable values of type 'int' Fixes: 54644/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-4816961584627712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2f48d227c153fa6f0a2156f3e8d18ea1bfedf18d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: use 32pixel alignment for binkMichael Niedermayer2023-04-151-0/+2
| | | | | | | | | | | | bink supports 16x16 blocks in chroma planes thus we need to allocate enough. Fixes: out of array access Fixes: 55026/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6013915371012096 Reviewed-by: Peter Ross <pross@xvid.org> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b95b2c8492fc1b52afd8fbe67b3be3cd518485d6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/scpr3: Check bxMichael Niedermayer2023-04-151-0/+3
| | | | | | | | | | Fixes: Out of array access Fixes: 55102/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-4877396618903552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cc7e984a05b28dcfaaaad95afa061be71b4ba7fc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/012v: Order operations for odd size handlingMichael Niedermayer2023-04-151-2/+2
| | | | | | | | | | | | Fixes: out of array access Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZERO12V_fuzzer-6714182078955520.fuzz Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZERO12V_fuzzer-6698145212137472.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4d42d82563d806b5610c0c91497e24ef7f37d4cf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/eatgq: : Check index increments in tgq_decode_block()Michael Niedermayer2023-04-151-3/+11
| | | | | | | | | | Fixes: out of array access Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGQ_fuzzer-6743211456724992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e7755b433e913e32bb061f17d5ecfcbcfef995b7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/scpr: Test bx before useMichael Niedermayer2023-04-151-0/+3
| | | | | | | | | | Fixes: out of array access on 32bit Fixes: 54850/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5302669294305280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1b59de3770b2e3f7f44ec4adba27c88b79adaaec) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mxfdec: Use 64bit in remainderMichael Niedermayer2023-04-151-2/+2
| | | | | | | | | | | Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int' Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <git@haerdin.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 64a04fc165d453fe49906b228ac16385eda28564) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sunrast: Fix maplength checkMichael Niedermayer2023-04-151-2/+17
| | | | | | | | | | Fixes: out of bounds read Found-by: Ibrahim Mohamed <ielsayed@meta.com> Reviewed-by; Ibrahim Mohamed <ielsayed@meta.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f8a2a65078eaac37eae4a0d7ef440849a9d8f5b5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Avoid undefined shift in get_tail()Michael Niedermayer2023-04-151-1/+1
| | | | | | | | | | Fixes: left shift of 1208485947 by 1 places cannot be represented in type 'int' Fixes: 54058/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5827521084260352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8374a747af247d45eb466fcb4aee90f3ae798aad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Check for end of input in wv_unpack_dsd_high()Michael Niedermayer2023-04-151-0/+4
| | | | | | | | | | Fixes: Timeout Fixes: 50793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-4980185027444736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ad7403bcee47e7c5e99a9c0266935e0da50c9d2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/id3v2: Check taglen in read_uslt()Michael Niedermayer2023-04-151-2/+2
| | | | | | | | | | | Fixes: Timeout (read mostly the same data repeatly) Fixes: 52457/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-6610706313379840 Fixes: 53098/clusterfuzz-testcase-minimized-ffmpeg_dem_SOL_fuzzer-6481382981632000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a798af91d7d1fc31cfc1ae09cc6ab3907304f44f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Ignore tile_countMichael Niedermayer2023-04-151-4/+2
| | | | | | | | | | Fixes: out of array access Fixes: 52427/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4849108968144896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65ce417828cc6f5209d8467bc7755f0c59e9aa49) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: restructure slice coordinate reading a bitMichael Niedermayer2023-04-151-27/+38
| | | | | | | | | | Fixes: signed integer overflow: -1094995528 * 8224 cannot be represented in type 'int' Fixes: 53508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-474551033462784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 74b6ac7ebb5c1e06a5fdfa29f79a18599942dbfa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mlpdec: Check max matrix instead of max channel in noise checkMichael Niedermayer2023-04-151-1/+1
| | | | | | | | | | | | | This is a regression since: adaa06581c5444c94eef72d61b8166f096e2687a Before this, max_channel and max_matrix_channel where compared for equality Fixes: out of array access Fixes: 53340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-514959011885875 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa79560de5e9596ada0345e5d12aa00dbeddaaa6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* swscale/input: Use more unsigned intermediatesMichael Niedermayer2023-04-151-12/+12
| | | | | | | | | | | | | Same principle as previous commit, with sufficiently huge rgb2yuv table values this produces wrong results and undefined behavior. The unsigned produces the same incorrect results. That is probably ok as these cases with huge values seem not to occur in any real use case. Fixes: signed integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ba209e3d5142fd31bb6c3e05c5b183118a278afc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: The minimal block is at least 7 bitsMichael Niedermayer2023-04-151-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5280947fb6db37063334eae5b467cecd2417b063) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/replaygain: avoid undefined / negative absMichael Niedermayer2023-04-151-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -2147483648 * 100000 cannot be represented in type 'int' Fixes: 52060/clusterfuzz-testcase-minimized-ffmpeg_dem_MP3_fuzzer-5131616708329472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2532b20b17ec557f1b925bfc41c00e7d4e17356c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* swscale/output: Bias 16bps output calculations to improve non overflowing rangeMichael Niedermayer2023-04-151-60/+60
| | | | | | | | | | | Fixes: integer overflow Fixes: ./ffmpeg -f rawvideo -video_size 66x64 -pixel_format yuva420p10le -i ~/videos/overflow_input_w66h64.yuva420p10le -filter_complex "scale=flags=bicubic+full_chroma_int+full_chroma_inp+bitexact+accurate_rnd:in_color_matrix=bt2020:out_color_matrix=bt2020:in_range=full:out_range=full,format=rgba64[out]" -pixel_format rgba64 -map '[out]' -y overflow_w66h64.png Found-by: Drew Dunne <asdunne@google.com> Tested-by: Drew Dunne <asdunne@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0f0afc7fb5d30c40108d81b320823d8f5c9fbedc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/speedhq: Check buf_size to be big enough for DCMichael Niedermayer2023-04-151-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 51919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-6023716480090112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9184d3d7b64459e975f26284a7b2e26cbf76480b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: Fail earlier if prior context is corruptedMichael Niedermayer2023-04-151-1/+4
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4df91e2215a79546a7f08faa457c05182646b302) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_untile: swap the chroma shift values used for plane offsetsJames Almer2023-03-161-2/+2
| | | | | | | Fixes ticket #10265 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit dc61d5cf195bc6de9263883c42a58348863e6d4f)
* avcodec/vp3: Add missing check for av_mallocJiasheng Jiang2022-12-181-1/+6
| | | | | | | | | | Since the av_malloc() may fail and return NULL pointer, it is needed that the 's->edge_emu_buffer' should be checked whether the new allocation is success. Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048") Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
View Lorry Controller Status