summaryrefslogtreecommitdiff
path: root/libavcodec
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/eatgq: : Check index increments in tgq_decode_block()Michael Niedermayer2023-04-071-3/+11
| | | | | | | | | | Fixes: out of array access Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGQ_fuzzer-6743211456724992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e7755b433e913e32bb061f17d5ecfcbcfef995b7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/scpr: Test bx before useMichael Niedermayer2023-04-071-0/+3
| | | | | | | | | | Fixes: out of array access on 32bit Fixes: 54850/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5302669294305280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1b59de3770b2e3f7f44ec4adba27c88b79adaaec) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sunrast: Fix maplength checkMichael Niedermayer2023-04-071-2/+17
| | | | | | | | | | Fixes: out of bounds read Found-by: Ibrahim Mohamed <ielsayed@meta.com> Reviewed-by; Ibrahim Mohamed <ielsayed@meta.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f8a2a65078eaac37eae4a0d7ef440849a9d8f5b5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Avoid undefined shift in get_tail()Michael Niedermayer2023-04-071-1/+1
| | | | | | | | | | Fixes: left shift of 1208485947 by 1 places cannot be represented in type 'int' Fixes: 54058/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5827521084260352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8374a747af247d45eb466fcb4aee90f3ae798aad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Check for end of input in wv_unpack_dsd_high()Michael Niedermayer2023-04-071-0/+4
| | | | | | | | | | Fixes: Timeout Fixes: 50793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-4980185027444736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ad7403bcee47e7c5e99a9c0266935e0da50c9d2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Ignore tile_countMichael Niedermayer2023-04-071-4/+2
| | | | | | | | | | Fixes: out of array access Fixes: 52427/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4849108968144896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65ce417828cc6f5209d8467bc7755f0c59e9aa49) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: restructure slice coordinate reading a bitMichael Niedermayer2023-04-071-27/+38
| | | | | | | | | | Fixes: signed integer overflow: -1094995528 * 8224 cannot be represented in type 'int' Fixes: 53508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-474551033462784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 74b6ac7ebb5c1e06a5fdfa29f79a18599942dbfa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mlpdec: Check max matrix instead of max channel in noise checkMichael Niedermayer2023-04-071-1/+1
| | | | | | | | | | | | | This is a regression since: adaa06581c5444c94eef72d61b8166f096e2687a Before this, max_channel and max_matrix_channel where compared for equality Fixes: out of array access Fixes: 53340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-514959011885875 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa79560de5e9596ada0345e5d12aa00dbeddaaa6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: The minimal block is at least 7 bitsMichael Niedermayer2023-04-071-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5280947fb6db37063334eae5b467cecd2417b063) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/speedhq: Check buf_size to be big enough for DCMichael Niedermayer2023-04-071-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 51919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-6023716480090112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9184d3d7b64459e975f26284a7b2e26cbf76480b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: Fail earlier if prior context is corruptedMichael Niedermayer2023-04-071-1/+4
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4df91e2215a79546a7f08faa457c05182646b302) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/nvenc: fix b-frame DTS behavior with fractional frameratesKyle Manning2023-04-031-1/+1
| | | | | | | | When using fractional framerates (or any fraction with a numerator != 1), DTS values for packets would be calculated incorrectly. Signed-off-by: Kyle Manning <tt2468@irltoolkit.com> Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
* avcodec/nvenc: fix vbv buffer size in cq modeTimo Rothenpieler2022-12-081-1/+2
| | | | | The CQ calculation gets thrown off and behaves very nonsensical if it isn't set to 0.
* avcodec/mjpegenc: take into account component count when writing the SOF ↵James Almer2022-11-281-1/+1
| | | | | | | | | header size Fixes ticket #10069 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 100939695307743396e30e6310d2ea9cf42f9aab)
* avcodec/dstdec: Check for overflow in build_filter()Michael Niedermayer2022-09-251-3/+8
| | | | | | | | | | Fixes: signed integer overflow: 1917019860 + 265558963 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-4833165046317056 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8008940da5aa43895fd4574114309c3324249eab) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Check for unsupported bayer caseMichael Niedermayer2022-09-251-0/+2
| | | | | | | | | | Fixes: out of array access Fixes: 51462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-662559341582745 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dd81cc22b3dd5bd6badf012b4fe4c19e062650f4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflow in filter_3800()Michael Niedermayer2022-09-251-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296 Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f05247f6a4698c14f1cd523daa90188f50dcf6ad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tta: Check 24bit scaling for overflowMichael Niedermayer2022-09-251-2/+9
| | | | | | | | | | Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3993345f915bccceee315f44d412445346990e14) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mobiclip: Check quantizer for overflowMichael Niedermayer2022-09-251-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 127 + 2147483536 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6014034970804224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 677e27a9afa7305a918336699b377fd5b42cc299) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check preview psizeMichael Niedermayer2022-09-251-2/+5
| | | | | | | | | | Fixes: signed integer overflow: 17121181824 * 538976288 cannot be represented in type 'long long' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5915330316206080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ac26712e35f5ebc726d1be14bb4a420949e66604) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Fix loop detectionMichael Niedermayer2022-09-251-2/+2
| | | | | | | | | Fixes regression with tickets/4364/L1004220.DNG Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 43a4854510a3d596e114d899177a5b3b323ca9fb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fmvc: Move frame allocation to a later stageMichael Niedermayer2022-09-251-6/+15
| | | | | | | | This way more things are checked before allocation Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9783749c66bf6ca2ce7a6db4c74957fe77cbe803) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/speedhq: Check widthMichael Niedermayer2022-09-251-1/+1
| | | | | | | | | | | | Fixes: out of array access Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400 Alternatively the buffer size can be increased Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f0395f9ef6051315973f1fdded1804f81458566d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/bink: disallow odd positioned scaled blocksMichael Niedermayer2022-09-251-1/+1
| | | | | | | | | | | Fixes: out of array access Fixes: 47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b14104a6376cd774b08cbe5fda56b34320a41b2e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavcodec/8bps: Check that line lengths fit within the bufferMichael Niedermayer2022-09-251-0/+3
| | | | | | | | | | | Fixes: Timeout Fixes: undefined pointer arithmetic Fixes: 50330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5436287485607936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2316d5ec1a95b13ff9a0ce80409fa367a041966d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/midivid: Perform lzss_uncompress() before ff_reget_buffer()Michael Niedermayer2022-09-251-7/+6
| | | | | | | | This would avoid regeting the frame on lzss errors Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 628fb97efb0b6202e56fab89670406261bf86d85) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h263dec: Sanity check against minimal I/P frame sizeMichael Niedermayer2022-09-251-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ca4ff9c21cb77e024fa4ff5889826a8bee4d0e0a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccelMichael Niedermayer2022-09-251-1/+1
| | | | | | | | | | | | | This is somewhat redundant with the is_decoded check. Maybe there is a nicer solution Fixes: Null pointer dereference Fixes: 49584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5297367351427072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3b51e1992289383aa9f083c88e153e34b6412c89) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpegaudiodec_template: use unsigned shift in handle_crc()Michael Niedermayer2022-09-251-1/+1
| | | | | | | | | | Fixes: left shift of 192 by 24 places cannot be represented in type 'int' Fixes: 49577/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP1FLOAT_fuzzer-5205996678545408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7086491fa0eca4ad647b5c9fae6d07344cc44ec0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: bayer and rct are incompatibleMichael Niedermayer2022-09-251-0/+6
| | | | | | | | | | Fixes: out of array read Fixes: 49434/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5208501080686592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a44f5a521227adc7be2f78b411f56da1a4d98704) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_filter: copy_CTB() only within width&heightMichael Niedermayer2022-09-251-1/+12
| | | | | | | | | | Fixes: out of array access Fixes: 49271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5424984922652672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 009ef35d384c3df22d8a8be7416dc9d532e91c52) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Check tile_length and tile_widthMichael Niedermayer2022-09-251-0/+3
| | | | | | | | | | Fixes: Division by 0 Fixes: 49235/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5495613847896064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 76112c2b4167bb3c40503b3334c8b38fd707a8d5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mss4: Check image size with av_image_check_size2()Michael Niedermayer2022-09-251-0/+4
| | | | | | | | | | Fixes: Timeout Fixes: 48418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MTS2_fuzzer-4834851466903552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4e145f1dcdcbe19e8f8e98940dab04e9332a8b5b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check x/ysizeMichael Niedermayer2022-09-251-2/+4
| | | | | | | | | | Fixes: OOM Fixes: 48911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6352002510094336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 614a4d1476c6e3561ebab3977cb43b2b4b6406fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/lagarith: Check dst/src in zero run codeMichael Niedermayer2022-09-251-0/+3
| | | | | | | | | | | Fixes: out of array access Fixes: 48799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-4764457825337344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9450f759748d02d1d284d2e4afd741cb0fe0c04a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264dec: Skip late SEIMichael Niedermayer2022-09-251-0/+4
| | | | | | | | | | | Fixes: Race condition Fixes: clusterfuzz-testcase-minimized-mediasource_MP2T_AVC_pipeline_integration_fuzzer-6282675434094592 Found-by: google ClusterFuzz Tested-by: Dan Sanders <sandersd@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f7dd408d64013ae177c1f8d0e04418e5075db5bc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c()Michael Niedermayer2022-09-251-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2147483645 + 16 cannot be represented in type 'int' Fixes: 46993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4759025234870272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1537f40516d625fc5fa57db4fdfb737312fbc500) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdsp_template: stay within tables in sao_band_filter()Michael Niedermayer2022-09-251-1/+1
| | | | | | | | | | Fixes: out of array read Fixes: 47875/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5719393113341952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9c5250a5612d4b32d79108de0c03945b2017963e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Check pixel format types for dngMichael Niedermayer2022-09-251-0/+3
| | | | | | | | | | Fixes: out of array access Fixes: 48271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6149705769287680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75f3d1b82261f31c6bbcee8046cec6792194355a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qpeldsp: copy less for the mc0x casesMichael Niedermayer2022-09-251-6/+6
| | | | | | | | | | Fixes: out of array access Fixes: 47936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5745039940124672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e690d4edf581c42dbd907c0fafe53fba86a00812) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: Limit golomb rice coded slices to width 8MMichael Niedermayer2022-09-251-0/+3
| | | | | | | | | This limit is possibly not reachable due to other restrictions on buffers but the decoder run table is too small beyond this, so explicitly check for it. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b4431399ec1e10afff458cf1ffae2a75987d725a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wnv1: Check for width =1Michael Niedermayer2022-09-251-0/+3
| | | | | | | | | | | | The decoder only outputs pixels for width >1 images, fail early Fixes: Timeout Fixes: 48298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WNV1_fuzzer-6198626319204352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d98d5a436aa70d3cef8f914c0467ef2fb2dd1dfc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec_template: fix indentionMichael Niedermayer2022-09-251-5/+5
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit eee7364c90699f50a36aaada38c52ccc0d6bf501) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aasc: Fix indentionMichael Niedermayer2022-09-251-17/+17
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit af2ed09220fe82e0aa479d1b93be6aadc4930efc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdrw: adjust max colors to array sizeMichael Niedermayer2022-09-251-1/+1
| | | | | | | | | | | Fixes: out of array access Fixes: 48429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDRAW_fuzzer-4608329791438848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cd847f86d31f87f0f7733ca6ab7a2c022a1398bd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alacdsp: Make intermediates unsignedMichael Niedermayer2022-09-251-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -14914387 + -2147418648 cannot be represented in type 'int' Fixes: 46464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-474307197311385 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8709f4c10a216cb3e11564bc392841e832f8e3b1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeglsdec: fix end check for xfrmMichael Niedermayer2022-09-251-4/+4
| | | | | | | | | | Fixes: out of array access Fixes: 47871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-5646305956855808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6a82412bf33108111eb3f63076fd5a51349ae114) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cdgraphics: limit scrolling to the lineMichael Niedermayer2022-09-251-1/+1
| | | | | | | | | | Fixes: out of array access Fixes: 47877/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5690504626438144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b7e30a13d4e4557b87f977b76a6bb5e3cbe5ac78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/texturedspenc: Fix indexing in color distribution determinationMichael Niedermayer2022-09-251-3/+3
| | | | | | | | | | | | Fixes CID1396405 MSE and PSNR is slightly improved, and some noticable corruptions disappear as well. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit ade36d61de8ea5a5acb30a05a0cbcda069127143) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/libxavs2: Improve r redundancy in occuredMichael Niedermayer2022-09-251-1/+1
| | | | | | | Reviewed-by: "mypopy@gmail.com" <mypopy@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f3b7ba21ba49b32b4476a8c7c5a9bcdad15e3943) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
View Lorry Controller Status