[FFmpeg-cvslog] New commits on branch release/3.2
Git System
git at videolan.org
Sat Jun 17 04:51:05 EEST 2017
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1a54f239ad00371777535adcf8be2e9212c1e10d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 17 02:30:36 2017 +0200
Update for 3.2.6
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a2055f8e3f1411dc40ca52da1d42af7d8c6400d0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 17 00:34:08 2017 +0200
avcodec/hevcdec: Fix signed integer overflow in decode_lt_rps()
Fixes: runtime error: signed integer overflow: 2147483647 + 6 cannot be represented in type 'int'
Fixes: 2263/clusterfuzz-testcase-minimized-4800359627227136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1edbf5e20c75f06d6987bc823e63aa4e649ccddd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c00ef60abda2a8b16c49acefb938eb87ab7b40a3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 16 19:57:08 2017 +0200
avcodec/jpeg2000dec: Check nonzerobits more completely
Fixes: runtime error: shift exponent 36 is too large for 32-bit type 'int'
Fixes: 2239/clusterfuzz-testcase-minimized-5639766592716800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dfb61ea2630029b7aec7911aade769bf1a914eea)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=12cf6ace44f667da5be32c68408db19482ee994a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 9 02:16:54 2017 +0200
avcodec/shorten: Sanity check maxnlpc
Fixes OOM
Fixes: 2131/clusterfuzz-testcase-minimized-4718045157130240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e77ddd31a8e14bcf5eccd6008d866ae90b4b0d4c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=39d9308b992a4d90349fd1b001f34b15fdb0ab02
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 15 23:41:46 2017 +0200
avcodec/truemotion2: Move skip computation after checks
Fixes: runtime error: signed integer overflow: 630067357 * 4 cannot be represented in type 'int'
Fixes: 2233/clusterfuzz-testcase-minimized-5943031318446080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3c716682a8b69e6644a385a663aaf0e5dc808ae8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d09ec6c27f853a47893a917992038d0b2c28359a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 15 23:26:18 2017 +0200
avcodec/jpeg2000: Fixes integer overflow in ff_jpeg2000_ceildivpow2()
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 2231/clusterfuzz-testcase-minimized-4565181982048256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e3fadc57c5c170f31455abacbcbd67115d7321d7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=31c1c0b46a7021802c3d1d18039fca30dba5a14e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 14 16:58:20 2017 +0200
avcodec/dnxhd_parser: Do not return invalid value from dnxhd_find_frame_end() on error
Fixes: Null pointer dereference
Fixes: CVE-2017-9608
Found-by: Yihan Lian
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 611b35627488a8d0763e75c25ee0875c5b7987dd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d77a3ff3cd8360874d6f1787c482e09c5239511
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 15 01:28:28 2017 +0200
avcodec/hevcdec: Check nb_sps
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bc406744620710911de9157eafa3e61d0246566f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=81527019b1d1eb3652b63816738f961cf9a64f49
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 15 01:26:01 2017 +0200
avcodec/hevc_refs: Check nb_refs in add_candidate_ref()
Fixes: runtime error: index 16 out of bounds for type 'int [16]'
Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1cb4ef526dd1e5f547d0354efb0831d07e967919)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3c6aa2e0d12f403cba22bd95a675f975e8e6bb3b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 14 23:55:17 2017 +0200
avcodec/mpeg4videodec: Check sprite delta upshift against overflowing.
Fixes: runtime error: signed integer overflow: -268386304 * 16 cannot be represented in type 'int'
Fixes: 2204/clusterfuzz-testcase-minimized-5616756909408256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 12245ab1f677074b8ff83e87f76a41aba692ccd6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=46acaabd2a1318cd57260a64a21aa80a9cbda05b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 14 23:49:23 2017 +0200
avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 case
Fixes: runtime error: signed integer overflow: 131072 + 2147352576 cannot be represented in type 'int'
Fixes: 2192/clusterfuzz-testcase-minimized-5370387988742144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0a87be404ab7e3f47e67e79160dcc9623e36835b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c1e2c1e84e3a08ecb0a1389e829160a1f461f786
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 13 16:25:59 2017 +0200
avcodec/aacsbr_fixed: Check shift in sbr_hf_assemble()
Fixes: runtime error: shift exponent -10 is negative
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d1992448d37f7cfa2acda5cc729dc0ff1b019390)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=15a408f1822fb6652405fa1230fafc000ff6f55a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 13 13:28:23 2017 +0200
avcodec/sbrdsp_fixed: Return an error from sbr_hf_apply_noise() if operations are impossible
Fixes: 1775/clusterfuzz-testcase-minimized-5330288148217856
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d549f026d8b64b879c3ce3b8c7d153c82aa5eb52)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=22a6713ce9e185e134a3236b3bcde018b89f3237
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 7 19:17:30 2017 +0200
avcodec/libvpxdec: Check that display dimensions fit in the storage dimensions
Fixes assertion failure
Fixes: 2112/clusterfuzz-testcase-minimized-4526878557732864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f8593c2f492a514b67533a877b716a25d3770418)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=61bf10368c2b3307d25524fba2efcd0ba42a479a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 11 20:28:46 2017 +0200
avcodec/jpeg2000dwt: Fix runtime error: left shift of negative value -123
Fixes: 2208/clusterfuzz-testcase-minimized-5976593765761024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d24043e1a2f93f206a2ad59054f24f45ff023e5c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=266ecedc75f2f40d333dfb7644118f52bbc67474
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 11 20:19:59 2017 +0200
avcodec/wavpack: Fix runtime error: signed integer overflow: 1886191616 + 277872640 cannot be represented in type 'int'
Fixes: 2181/clusterfuzz-testcase-minimized-6314784322486272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c996374d4d86e0efbef71812448b4c65656bc667)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=753d04b618e7b87ffdad6dd3189c031f4d01b038
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 11 14:34:54 2017 +0200
avcodec/snowdec: Fix runtime error: left shift of negative value -1
Fixes: 2197/clusterfuzz-testcase-minimized-6010716676947968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2e44126363bc9e23093ceced5d7bde1ee4bbb338)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1df8547366469036eb162acac697b6354aa535d1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 11 14:32:35 2017 +0200
avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1297616
Fixes: 2195/clusterfuzz-testcase-minimized-4736721533009920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6d499ecef9c2467772b6066176ffda0b7ab27cc2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=722cbfc5e163d2ecf9339f262c4cf354c20c371d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 11 01:05:26 2017 +0200
avcodec/tiff: Fix leak of geotags[].val
Fixes: 2176/clusterfuzz-testcase-minimized-5908197216878592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 22a25ab3896cbb8dceebdba4d439e8b2b398ff0e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9a8419541f2b91b1d88425042cc4b69bf1f415bf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 11 00:45:20 2017 +0200
avcodec/ra144: Fix runtime error: signed integer overflow: -2200 * 1033073 cannot be represented in type 'int'
Fixes: 2175/clusterfuzz-testcase-minimized-5809657849315328
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 71da0a5c9750e9fd0c9609470f610d32952923eb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef157cec81308476deaf129f799884dea7aac339
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 10 19:43:25 2017 +0200
avcodec/flicvideo: Fix runtime error: signed integer overflow: 4864 * 459296 cannot be represented in type 'int'
Fixes: 2174/clusterfuzz-testcase-minimized-5739234533048320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 90e8317b3b33dcb54ae01e419d85cbbfbd874963)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1f1b73cb1666172eba2ab955f56dfd023f6894ba
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 10 18:45:08 2017 +0200
avcodec/cfhd: Check band parameters before storing them
Fixes out of array read
Fixes: 2169/clusterfuzz-testcase-minimized-5688641642823680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 54aaadf648073149f1ac34f56cbde4e6c5aa22ef)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e5714e4ccbc95f5001bc33914c2a3f8c1c4e5572
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 10 00:13:07 2017 +0200
avcodec/h264_parse: Check picture structure when initializig weight table
Fixes: runtime error: index 49 out of bounds for type 'int [48][2][2]'
Fixes: 2159/clusterfuzz-testcase-minimized-5267945972301824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3a1ad368a78b153b63ccc07af864b3611e2a4ac3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e93ffb488844e5d5a06c219715dc3e5913181561
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 8 13:58:47 2017 +0200
avcodec/indeo4: Check remaining data in Pic hdr extension parsing code
Fixes: Timeout
Fixes: 2115/clusterfuzz-testcase-minimized-6594111748440064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a3b5b60bdf451faefeeec07c4e684a251968bf2d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f7ea74422f252718bd2d84ade9bb8fd0a83ab0a0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 8 13:44:32 2017 +0200
avcodec/ac3dec_fixed: Fix multiple runtime error: signed integer overflow: -39271008 * 59 cannot be represented in type 'int'
Fixes: 2113/clusterfuzz-testcase-minimized-6510704959946752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4e3ab1a5c12fe3a88f44b734d3f2e25f4769ec47)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d5284145680f728a55283ba95cb75bcec398abf0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 6 16:28:57 2017 +0200
avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 53098 * 40448 cannot be represented in type 'int'
Fixes: 2106/clusterfuzz-testcase-minimized-6136503639998464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 18bca25adbae9d010d75f9fc197c0af656af758d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe5b764e6aa982cb58408ecb82ead7e7e045363b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 6 16:21:37 2017 +0200
avcodec/pafvideo: Fix assertion failure
Fixes: 2100/clusterfuzz-testcase-minimized-4522961547558912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c4360559ee2a6c8c624f24fc7e2a1cf00972ba68)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f865aa6beeb42440e3ddadaa47060cc75fbd5792
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 6 16:01:16 2017 +0200
avcodec/takdec: Fix multiple runtime error: signed integer overflow: 637072 * 4096 cannot be represented in type 'int'
Fixes: 2079/clusterfuzz-testcase-minimized-5345861779324928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e4efd41b83e78c7f2ee3e74bee90226110743a8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=873397e27e9780fe29ad13acfebfc8070d7579d8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 5 22:23:15 2017 +0200
avcodec/mjpegdec: Check that reference frame matches the current frame
Fixes: out of array read
Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4705edbbb96e193f51c72248f508ae5693702a48)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=260a286e5308ce9e6e4585aa7347194d34e2cc19
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 5 20:39:21 2017 +0200
avcodec/tiff: Avoid loosing allocated geotag values
Fixes memleak
Fixes: 2076/clusterfuzz-testcase-minimized-6542640243802112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d7cbeab4c1381f95ed0ebf85d7950bee96f66164)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fb0d1cafab1df3e6e34124dda19cd94a8f43298b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 5 19:33:56 2017 +0200
avcodec/cavs: Fix runtime error: signed integer overflow: -12648062 * 256 cannot be represented in type 'int'
Fixes: 2067/clusterfuzz-testcase-minimized-5578430902960128
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1e6ee86d9254e8fd2158cc9a31d3be96b0809411)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=25dac3128b605f2867e3e0f0288b896f84d3a033
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 3 21:20:04 2017 +0200
avformat/hls: Check local file extensions
This reduces the attack surface of local file-system
information leaking.
It prevents the existing exploit leading to an information leak. As
well as similar hypothetical attacks.
Leaks of information from files and symlinks ending in common multimedia extensions
are still possible. But files with sensitive information like private keys and passwords
generally do not use common multimedia filename extensions.
It does not stop leaks via remote addresses in the LAN.
The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder becomes sensitive as well.
The only obvious solution is to prevent access to sensitive information. Or to
disable hls or possibly some of its feature. More complex solutions like
checking the path to limit access to only subdirectories of the hls path may
work as an alternative. But such solutions are fragile and tricky to implement
portably and would not stop every possible attack nor would they work with all
valid hls files.
Developers have expressed their dislike / objected to disabling hls by default as well
as disabling hls with local files. There also where objections against restricting
remote url file extensions. This here is a less robust but also lower
inconvenience solution.
It can be applied stand alone or together with other solutions.
limiting the check to local files was suggested by nevcairiel
This recommits the security fix without the author name joke which was
originally requested by Nicolas.
Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 189ff4219644532bdfa7bab28dfedaee4d6d4021)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c82f67012c33842a620315a6a73dfde57e504f1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 4 21:37:47 2017 +0200
avcodec/qdrw: Fix null pointer dereference
The RGB555 PACKBITSRGN case tries to read a palette, if such
palette is actually stored then it accesses a null pointer.
All 16bit samples i could find use DIRECTBITSRGN.
Fixes: 2065/clusterfuzz-testcase-minimized-6298930457346048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 46b865ea9f86cbd12e1bf701913263c7932cccb0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=25b7dc959a087455834585d8e2c0c5a639f2d8e8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 4 20:45:09 2017 +0200
avutil/softfloat: Fix sign error in and improve documentation of av_int2sf()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6019d721d4c10bf73018d68511d9d0a914c0a389)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c2c0979e243a779c665597e99a4fa0a8bac2612
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 4 17:06:27 2017 +0200
avcodec/hevc_ps: Fix runtime error: index 32 out of bounds for type 'uint8_t [32]'
Fixes: 2010/clusterfuzz-testcase-minimized-6209288450080768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 29808fff339da3e0f26131f7a6209b853947a54b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=439757d38a6a88d1202766cd712d6f2da263461d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 4 15:41:18 2017 +0200
avcodec/dxv: Check remaining bytes in dxv_decompress_raw()
Fixes: Timeout
Fixes: 2006/clusterfuzz-testcase-minimized-5766515037044736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit eb5049227033d946add93c0714bb8a28d94166f1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=90c38d6ab8df4198ee2ecb32e0f05af9ffb0a65a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 4 13:38:02 2017 +0200
avcodec/pafvideo: Check packet size and frame code before ff_reget_buffer()
Fixes 1745/clusterfuzz-testcase-minimized-6160693365571584
Fixes: Timeout
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit faa5a2181df53b5226f998a20b735798addcd365)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7edf95874053c05f36c256f9fdd08bc0e4825a4b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 4 13:02:51 2017 +0200
avcodec/ac3dec_fixed: Fix runtime error: left shift of 419 by 23 places cannot be represented in type 'int'
Fixes: 1352/clusterfuzz-testcase-minimized-5757565017260032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 136ce8baa4fc16cf38690cb457f7356c00e00a28)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=858adb27a0c9019e98e3dca167d5cc48cd6178c9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 2 14:47:16 2017 +0200
avformat/options: log filename on open
The loglevel is choosen so that the main filename and any images of
multi image sequences are shown only at debug level to avoid
clutter.
This makes exploits in playlists more visible. As they would show
accesses to private/sensitive files
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 53e0d5d7247548743e13c59c35e59fc2161e9582)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a44539bc80046676e5b0eee1a29af420a540299
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 2 22:31:02 2017 +0200
avcodec/aacps: Fix runtime error: left shift of 1073741824 by 1 places cannot be represented in type 'INTFLOAT' (aka 'int')
Fixes: 2005/clusterfuzz-testcase-minimized-5744226438479872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9faf098163b33e7b0f5baafa3371ef5401f4105d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b7afa9f8aad0da942e7a528faadba6285596e234
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 1 18:48:37 2017 +0200
avcodec/wavpack: Fix runtime error: shift exponent 32 is too large for 32-bit type 'int'
Fixes: 1967/clusterfuzz-testcase-minimized-5757031199801344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8b3e580b7f436206e84dac89415e057fa9abdab8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8643da03a98562d4ea3a687beac486677e93916
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 1 18:32:52 2017 +0200
avcodec/cfhd: Fix runtime error: signed integer overflow: 65280 * 65288 cannot be represented in type 'int'
Fixes: 1925/clusterfuzz-testcase-minimized-5564569688735744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cd6f319a7470394044627d1bd900e21b9aca5f4a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe2a92cfd43d105d0fdb061f92571a08825f0979
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 31 22:53:02 2017 +0200
avcodec/wavpack: Fix runtime error: signed integer overflow: 2013265955 - -134217694 cannot be represented in type 'int'
Fixes: 1922/clusterfuzz-testcase-minimized-5561194112876544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a47273c803edfbc43793349b74429ae29b05c003)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1d6983c89907b1540d71ba0df6b5f96a8d828635
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 31 22:18:23 2017 +0200
avcodec/cinepak: Check input packet size before frame reallocation
Reduces time spend decoding 1917/clusterfuzz-testcase-minimized-5023221273329664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e47057e932ff9a071d52fa1d5d4a956340eb2475)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=64ecc9eda97600a6a778eac84796e837354b0b36
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 31 22:02:07 2017 +0200
avcodec/hevc_ps: Fix runtime error: signed integer overflow: 2147483628 + 256 cannot be represented in type 'int'
Fixes: 1909/clusterfuzz-testcase-minimized-6732072662073344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6726328f7940a76c43b4d97ac37ababf363d042f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cb14b289bc994f3a77d317db23be7e89e03caf07
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 31 15:52:56 2017 +0200
avcodec/ra144: Fixes runtime error: signed integer overflow: 7160 * 327138 cannot be represented in type 'int'
Fixes: 1908/clusterfuzz-testcase-minimized-5392712477966336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 08cb69e870c1b2fdc3574780a3662b92bfd6ef79)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ccc598dbcb79694d85a633b06c96624ed27073d1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 31 13:39:45 2017 +0200
avcodec/pnm: Use ff_set_dimensions()
Fixes: OOM
Fixes: 1906/clusterfuzz-testcase-minimized-4599315114754048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a1c0d1d906d27d3f9e1b058bb065f897f90c1c7c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79a5cac077548869bcf30c2f8a67f5da3f918b5d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 31 13:21:58 2017 +0200
avcodec/cavsdec: Fix runtime error: signed integer overflow: 59 + 2147483600 cannot be represented in type 'int'
Fixes: 1903/clusterfuzz-testcase-minimized-5359318167715840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 58f8cd4ac576028ef492a005bd06b1f22c3a6879)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5415c88e370692a3cf10b998ab230b4a02fc237f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 30 21:29:20 2017 +0200
avformat/avidec: Limit formats in gab2 to srt and ass/ssa
This prevents part of one exploit leading to an information leak
Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a5d849b149ca67ced2d271dc84db0bc95a548abb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=625fb0895980ea3b5177cf035b9cc06ba20a7cd4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 30 04:03:09 2017 +0200
avcodec/acelp_pitch_delay: Fix runtime error: value 4.83233e+39 is outside the range of representable values of type 'float'
Fixes: 1902/clusterfuzz-testcase-minimized-4762451407011840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 87bddba43b725d43767f2a387cdea0936ac1b549)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d5f5d213227775cd2389efdcc95106107d413fb9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 30 03:13:21 2017 +0200
avcodec/wavpack: Check float_shift
Fixes: runtime error: shift exponent 40 is too large for 32-bit type 'unsigned int'
Fixes: 1898/clusterfuzz-testcase-minimized-5970744880136192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4020b009d1e88ff10abd25fb768165afa546851d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b424fde5decd155837aee85c038f4619fed54884
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 30 03:09:11 2017 +0200
avcodec/wavpack: Fix runtime error: signed integer overflow: 24 * -2147483648 cannot be represented in type 'int'
Fixes: 1894/clusterfuzz-testcase-minimized-4716739789062144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d90c5bf10559554d6f9cd1dfb90767b991b76d5d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=df7f051f4dbfd7b2b11c47582776c6ddf3ca39ca
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 29 14:07:33 2017 +0200
avcodec/ansi: Fix frame memleak
Fixes: 1892/clusterfuzz-testcase-minimized-4519341733183488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e091b9b3c7859030f2896ca2ae96faa3afc694a1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9f8da7e2aa6224fd4792c231d15076fb8d3a7c49
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 29 13:51:08 2017 +0200
avcodec/dds: Fix runtime error: left shift of 145 by 24 places cannot be represented in type 'int'
Fixes: 1891/clusterfuzz-testcase-minimized-6274417925554176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c49fa2a51452eeba0cf2c14ce999ddeadf69aa4f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1d4199e02311592dd4ea3077d07b3ad1eda91bf4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 29 13:45:29 2017 +0200
avcodec/jpeg2000dec: Use ff_set_dimensions()
Fixes: OOM
Fixes: 1890/clusterfuzz-testcase-minimized-6329019509243904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f3da6fbff864e05e8871dd04222143abdee9e77b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ba925988efe75adfcc33f9235e6b1ccda7bf994b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 21:54:02 2017 +0200
avcodec/truemotion2: Fix passing null pointer to memset()
Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c901627918ff7480c1bb6f9cae507ee2c7c933d8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=362a98eea9b85324a733e653dbe06bea124014a9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 21:54:02 2017 +0200
avcodec/truemotion2: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c9e884f3d98df85bf7f2cf30d71877b22929fdcb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5b6d056da8a1f403ef30106f7b5aee98a192a4f2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 21:44:32 2017 +0200
avcodec/ra144: Fix runtime error: signed integer overflow: -2449 * 1398101 cannot be represented in type 'int'
Fixes: 1885/clusterfuzz-testcase-minimized-5336328549957632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7c845450d2daa0d066045cf94ab51cb496f1b824)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=efe4dbb6e6507ab313f88e2f0c7b33eb0cced6ad
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 21:38:24 2017 +0200
avcodec/ra144: Fix runtime error: signed integer overflow: 11184810 * 404 cannot be represented in type 'int'
Fixes: 1884/clusterfuzz-testcase-minimized-4637425835966464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4c472c52525fcab4c80cdbc98b4625d318c84fcb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1b048028a71d68e999c4e059788a868c82e6ed06
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 20:08:49 2017 +0200
avcodec/aac_defines: Add missing () to AAC_HALF_SUM() macro
Fixes: runtime error: shift exponent 1073741848 is too large for 32-bit type 'INTFLOAT' (aka 'int')
Fixes: 1880/clusterfuzz-testcase-minimized-4900645322620928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 872bac81590ccbec40ba7ad203421d9e38d1b253)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=66c9e5e3eb43d91dfa827d3edf8b0e802d3933f0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 10 18:37:50 2017 +0200
avcodec/webp: Fixes null pointer dereference
Fixes: 1470/clusterfuzz-testcase-minimized-5404421666111488
Fixes: 1472/clusterfuzz-testcase-minimized-5677426430443520
Fixes: 1875/clusterfuzz-testcase-minimized-5536474562822144
Approved-by: BBB
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 67020711b7d45afa073ef671f755765035a64373)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a871e42e30c3a7fb0f503465fec6ae9a292c6f16
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 18:09:47 2017 +0200
avcodec/aacdec_fixed: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 1878/clusterfuzz-testcase-minimized-6441918630199296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6b9cb5d26a2d9905093621d12785bc5903dce66d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b08f7e592f89de8d1a655170387f165ce92c5a69
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 17:20:42 2017 +0200
avcodec/ylc: Check count in build_vlc()
Fixes: runtime error: signed integer overflow: 211633430 + 2147483647 cannot be represented in type 'int'
Fixes: 1874/clusterfuzz-testcase-minimized-5037763613163520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 67b30decf7793523f7fdaef6fdf7f1179ef42b18)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b220944e98a7ae4908b8a829354992053b6b70c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 17:12:35 2017 +0200
avcodec/snow: Fix runtime error: signed integer overflow: 1086573993 + 1086573994 cannot be represented in type 'int'
Fixes: 1871/clusterfuzz-testcase-minimized-5719950331215872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b9c032ebc0ad17ac0ffefb915ff96baf9d79cab1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ee202d98ce181cf8b05043bca91105c3f8f62b10
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 14:00:30 2017 +0200
avcodec/jpeg2000: Fix runtime error: signed integer overflow: 4185 + 2147483394 cannot be represented in type 'int'
Fixes: 1870/clusterfuzz-testcase-minimized-4686788029317120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 781f88bb26534ececc76eaa972f02536ba2f0f55)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f720b436152a9128b6bc0446eaf5f8c5d8eb72bd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 13:52:13 2017 +0200
avcodec/jpeg2000dec: Check tile offsets more completely
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9c1812491f7be2730351969f4abd9b99d300d604)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f5839a78266985d4c0bc23571e77cca81ee4bd85
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 13:30:46 2017 +0200
avcodec/sheervideo: Check input buffer size before allocating and decoding
Fixes: Timeout
Fixes: 1858/clusterfuzz-testcase-minimized-6450473802399744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d8030c14bd7ac983b81ebe898631979f6b5aea09)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b1da01c05169c7c11bdf69a638c9bed852e6fb21
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 03:34:09 2017 +0200
avcodec/aacdec_fixed: Fix multiple runtime error: shift exponent 127 is too large for 32-bit type 'int'
Fixes: 1851/clusterfuzz-testcase-minimized-5692607495667712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6c3a63fc3d1be7ac947e38a165a299c9e5d37764)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7108189a54f381a3eff3fea20dfc8d20c3101e30
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 03:18:02 2017 +0200
avcodec/wnv1: More strict buffer size check
This requires at least 25% of a picture to allocate and decode it
Fixes: Timeout
Fixes: 1845/clusterfuzz-testcase-minimized-5075974343360512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7f50c25124a015a539823077bb302ff0c7ce8963)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e18bd51596b78721bc14727bf551c7d7131c7a22
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 25 03:21:50 2017 +0200
avcodec/libfdk-aacdec: Correct buffer_size parameter
the timeDataSize argument to aacDecoder_DecodeFrame() seems undocumented and until
2016 04 (203e3f28fbebec7011342017fafc2a0bda0ce530) unused.
after that commit libfdk-aacdec interprets it as size in sample units and memsets that on error.
FFmpeg as well as others (like GStreamer) did interpret it as size in bytes
Fixes: 1442/clusterfuzz-testcase-minimized-4540199973421056 (This requires recent libfdk to reproduce)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ca6776a993903dbcfef5ae8a18556c40ecf83e1c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e7776cedf58604f210b7e9f4cd5c941972920380
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 23 21:08:48 2017 +0200
avcodec/sbrdsp_template: Fix: runtime error: signed integer overflow: 849815297 + 1315389781 cannot be represented in type 'int'
Fixes: 1770/clusterfuzz-testcase-minimized-5285511235108864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7c36ee216f1e668e2c2af1573bd9dbbb2a501f48)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6eb1a6f48b17c249ca67595c793f5b3746930c9b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 28 03:03:46 2017 +0200
avcodec/ivi_dsp: Fix runtime error: left shift of negative value -2
Fixes: 1839/clusterfuzz-testcase-minimized-6238490993885184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 357f2316a08478a4442e8051978c7b161e10281c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=706bbb22b1b3537c53ab7bc99cf359be4f26ae03
Author: Kevin Mark <kmark937 at gmail.com>
Date: Sat May 27 10:10:46 2017 -0400
doc/filters: Clarify scale2ref example
Signed-off-by: Kevin Mark <kmark937 at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 114e8716214d414d7965029ae5fe74668ed69e4a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e74ee34f978feb430fb16c25963c62eea534d92
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 27 13:17:34 2017 +0200
avcodec/mlpdec: Do not leave invalid values in matrix_out_ch[] on error
Fixes: runtime error: index 12 out of bounds for type 'uint8_t [8]'
Fixes: 1832/clusterfuzz-testcase-minimized-6574546079449088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ac8dfcbd89a818b786d05ebc1af70f7bf6aeb86e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=288eb8b17ef558620da3ff252ad6b9ef691d23ed
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 27 13:07:00 2017 +0200
avcodec/ra144dec: Fix runtime error: left shift of negative value -17
Fixes: 1830/clusterfuzz-testcase-minimized-5828293733384192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 53c0c637d36c1de9ea461a8d863e8703da090894)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9b27474cdfd87a8d6c78879ea90a1fc65348afed
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 26 18:01:31 2017 +0200
avformat/mux: Fix copy an paste typo
Found-by: Roger Scott <rscott at grammatech.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1a36354698fc0453ba4d337786d2cb4d3e374cfb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=af71771a6ce342c9f1b056a67251c3386c60e9c7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 7 13:49:09 2017 +0200
avutil/internal: Do not enable CHECKED with DEBUG
This avoids potential undefined behavior in debug mode while still allowing
developers which want to check for potential additional overflows to do so
by manually enabling this.
Reviewed-by: wm4
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a44b3abb4cf922e379fbac55452d0482a8223597)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7072201271d3563b38b07be8c02e7f3246d8453e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 25 23:01:27 2017 +0200
avcodec/aacdec_fixed: Fix runtime error: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 1825/clusterfuzz-testcase-minimized-6002833050566656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8e87d146d798ca25d8f3a4520a6deb7946b39d73)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c419022789030b87d3558cae65ff33786b69a983
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 25 20:07:49 2017 +0200
avcodec/smc: Check remaining input
Fixes: Timeout
Fixes: 1818/clusterfuzz-testcase-minimized-5039166473633792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 356194fcb17375de2472f4cbff6ede48d6a374b2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8cbe7461b364ef86c31ec56fd903aa6cb6d82c5f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 25 16:35:40 2017 +0200
avcodec/diracdec: Fix off by 1 error in quant check
Fixes: out of array read
Fixes: 1781/clusterfuzz-testcase-minimized-4617176877105152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b946bd8ef2c7aeee09469a4901182a44f9b67189)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fdba18c0683b8eb194eb26356efc5cbaf0dc406c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 25 11:11:33 2017 +0200
avcodec/jpeg2000dec: Fix copy and paste error
Found-by: jamrial
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5782e0ba8cc30bb08a806cdeda1adfb89a0556b4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6b1a01f3ec84ba4852d9595b00293ddfc6c95d19
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 24 19:40:42 2017 +0200
avcodec/jpeg2000dec: Check tile offsets
Fixes: runtime error: signed integer overflow: 4096 - -2147483648 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 89325417e7b33f4b08171d9d609c48662d96b2d3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=66aa3c61fe897748e303a67ea65fb4a171a88b89
Author: Max Justicz <maxj at mit.edu>
Date: Wed May 24 15:25:50 2017 +0200
avcodec/sanm: Fix uninitialized reference frames
Fixes: poc.snm
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ca616b0f72c65b0ef5f9e1e6125698b15f50a26e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8d7ccdf873ade74fa0618adac10d3f8dbc2deb72
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 23 22:18:52 2017 +0200
avcodec/jpeglsdec: Check get_bits_left() before decoding a picture
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4bc3008d04451cd31818e21703ed7ed96b6ff074)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b0f0dab4aeda2eef11fc42082e1c5ba22c4d390
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 22 01:19:50 2017 +0200
avcodec/ivi_dsp: Fix multiple runtime error: left shift of negative value -71
Fixes: 1734/clusterfuzz-testcase-minimized-5385630815092736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8fb00b3e858b7a5aeccfe6bdfc10290c2121c3ec)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a7f35b7f358b066ed83083668405c05dc8e3ce81
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 21 21:49:54 2017 +0200
avcodec/mjpegdec: Fix runtime error: signed integer overflow: -32767 * 130560 cannot be represented in type 'int'
Fixes: 1724/clusterfuzz-testcase-minimized-4842395432648704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 40fa6a2fa2c255293a780a194eecae5df52644a1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=43db1288dd9a1521c24756b206a644e4b2ba4ea4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 21 16:53:55 2017 +0200
avcodec/aacdec_fixed: Fix runtime error: shift exponent 34 is too large for 32-bit type 'int'
Fixes: 1721/clusterfuzz-testcase-minimized-4719352135811072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b5228e44c7f3a5eba537c8a39a45cfbf2961a28d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=510f968849c435686f96430b0e7dab8dec0ea877
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 21 16:01:27 2017 +0200
avcodec/mpeg4videodec: Check for multiple VOL headers
Fixes multiple: runtime error: signed integer overflow: 2147115008 + 413696 cannot be represented in type 'int'
Fixes: 1723/clusterfuzz-testcase-minimized-5309409372667904
Fixes: 1727/clusterfuzz-testcase-minimized-5900685306494976
Fixes: 1737/clusterfuzz-testcase-minimized-5922321338466304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit efeb47fd5d5cbf980e52a6d5e741c3c74b94b5e2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eed9fc2f61a3b7f04a89fe7600817679f8020aa1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 21 13:22:16 2017 +0200
avcodec/vmnc: Check location before use
Fixes: runtime error: signed integer overflow: 65535 * 64256 cannot be represented in type 'int'
Fixes: 1717/clusterfuzz-testcase-minimized-5491696676634624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ec2b76aab44f55be22eb12d86eb0dfd2eff68581)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=228b1e3f40a314def820f43b52f8fdd0731ede44
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 17 00:07:02 2017 +0200
avcodec/takdec: Fix runtime error: signed integer overflow: 8192 * 524308 cannot be represented in type 'int'
Fixes: 1630/clusterfuzz-testcase-minimized-6326111917047808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 955db411929a9876d3cd016fbbb9c49b6362feba)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bc95cd1480175c5fdf2be9fd29e3db0094a2c1ad
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 21 02:51:04 2017 +0200
avcodec/aac_defines: Fix: runtime error: left shift of negative value -2
Fixes: 1716/clusterfuzz-testcase-minimized-4691012196761600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c3547dcbc326474745f02a618e01848a293f3f92)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20363bef602d2e9a4d19f88958aa24e0123d7ce2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 21 02:46:55 2017 +0200
avcodec/takdec: Fix runtime error: left shift of negative value -63
Fixes: 1713/clusterfuzz-testcase-minimized-5791887476654080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d66193252b4067144f11211f8f3e1d5a50146235)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e1e7b75cbf8bbfec5fce545d6e2653c49ab1a47a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 21 02:42:12 2017 +0200
avcodec/mlpdsp: Fix runtime error: signed integer overflow: -24419392 * 128 cannot be represented in type 'int'
Fixes: 1711/clusterfuzz-testcase-minimized-5248503515185152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1d04fc94e1021b70e542dc01a48b8398c6fc6325)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=90ff230fd18e720c6923e4488bb05ca557a360d9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 21 01:43:04 2017 +0200
avcodec/sbrdsp_fixed: fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: part of 1709/clusterfuzz-testcase-minimized-4513580554649600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 384508b2ff69bc3fad1e1c2e7de0dcd0913c6208)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f5212833b2e2ddd009faa6089df6d1640c8b85b3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 21 00:06:10 2017 +0200
avcodec/aacsbr_fixed: Fix multiple runtime error: shift exponent 170 is too large for 32-bit type 'int'
Fixes part of 1709/clusterfuzz-testcase-minimized-4513580554649600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6310fc714de3cd73848416ead73228fcef8b6dc0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1d52ed4da8b5dfabb7b641eb3a30fc98a9f6312a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 20 01:23:01 2017 +0200
avcodec/mlpdec: Do not leave a invalid num_primitive_matrices in the context
Fixes: runtime error: index 8 out of bounds for type 'uint8_t [8]'
Fixes: 1699/clusterfuzz-testcase-minimized-6327177438035968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 64ea4d102a070b95832ae4a751688f87da7760a2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ff8f9b8e000af4a62132c16a263366b3c581d94
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 19 12:25:52 2017 +0200
avcodec/aacsbr_fixed: Fix multiple runtime error: shift exponent 150 is too large for 32-bit type 'int'
Fixes: 1681/clusterfuzz-testcase-minimized-5970545365483520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3fb104f4476ad238e2ca768e9b80dc314e6e856d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bc133fe409fe1427db7f55c1a5569a6dd648b987
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 18 17:46:56 2017 +0200
avcodec/mimic: Use ff_set_dimensions() to set the dimensions
Fixes: OOM
Fixes: 1671/clusterfuzz-testcase-minimized-4759078033162240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e434840fd4b3c854beec845f950b80bc1bf93b60)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4f40dac0afa7d3823ea1c175f007872351129648
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 18 17:13:18 2017 +0200
avcodec/fic: Fix multiple runtime error: signed integer overflow: 5793 * 419752 cannot be represented in type 'int'
Fixes: 1669/clusterfuzz-testcase-minimized-5287529198649344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a173f484b52ed63292439de5347e49bd78cad0ed)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6ee9d6e32fe4b7c477ed1c2749a39ebb186e6a0c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 18 02:07:17 2017 +0200
avcodec/mlpdec: Fix: runtime error: left shift of negative value -8
Fixes: 1658/clusterfuzz-testcase-minimized-4889937130291200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 25c81e4b737bcc737b13c9a752cb301a28cb3906)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=70247373a1c73099bf2f799556a4a0495fe540c6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 18 01:54:43 2017 +0200
avcodec/dfa: Fix: runtime error: signed integer overflow: -14202 * 196877 cannot be represented in type 'int'
Fixes: 1657/clusterfuzz-testcase-minimized-4710000079405056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 58ac7fb9c395ab91cb321fa4c8c9e127ce8147c3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dd01941b9a74df0eb55a3ea96642f9a90cc8e2b5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 17 16:45:46 2017 +0200
avcodec/aacdec: Fix runtime error: signed integer overflow: 2147483520 + 255 cannot be represented in type 'int'
Fixes: 1656/clusterfuzz-testcase-minimized-5900404925661184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 94d05ff15985d17aba070eaec82acd21c0da3d86)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f66f1c5232587affacb8cecc230f5020a2f512c2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 17 15:51:46 2017 +0200
avcodec/aacdec_template: Fix fixed point scale in decode_cce()
Fixes: runtime error: shift exponent 1073741824 is too large for 32-bit type 'int'
Fixes: 1654/clusterfuzz-testcase-minimized-5151903795118080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 53a502206a9ea698926694d7252526fe00d1ea44)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3814f965aa0737f9103c1d2cf457e5c74dec7011
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 17 01:12:55 2017 +0200
avcodec/flicvideo: Check frame_size before decrementing
Fixes: runtime error: signed integer overflow: -2147483627 - 22 cannot be represented in type 'int'
Fixes: 1637/clusterfuzz-testcase-minimized-5376582493405184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 355e27e24dc88d6ba8f27501a34925d9d937a399)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e74ec432932a81c85e37b28dfe460052083abe78
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 17 00:53:32 2017 +0200
avcodec/mlpdec: Fix runtime error: left shift of negative value -1
Fixes: 1636/clusterfuzz-testcase-minimized-5310494757879808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 552adf1dd3a38fb7a1a6109dd2b517d63290f20e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b4bb262b485f8e0c519d725ee14977191fc065d3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 17 00:44:36 2017 +0200
avcodec/takdec: Fix runtime error: left shift of negative value -42
Fixes: 1635/clusterfuzz-testcase-minimized-4992749856096256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 99c4c76cfbc4ae56dc8c37f5fab02f88f6b2cb48)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a9bb748cee2b0eeaa79a8fafe9ff8138481e96da
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 16 23:44:24 2017 +0200
avcodec/hq_hqa: Fix: runtime error: signed integer overflow: -255 * 10180917 cannot be represented in type 'int'
Fixes: 1626/clusterfuzz-testcase-minimized-6416580571299840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3d9cb583c8f005a260d255853ef5f1c21e8599a0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
More information about the ffmpeg-cvslog
mailing list