[FFmpeg-cvslog] New commits on branch release/3.2
Git System
git at videolan.org
Sun Jul 8 23:06:43 EEST 2018
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=97321ae36056e2360e1c5a43cbdeef164fe34922
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 8 21:07:45 2018 +0200
Update for 3.2.11
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3571bec56eb302dfe01732cc0cdcf75b35ae8211
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 6 22:23:25 2018 +0200
avformat/movenc: Check input sample count
Fixes: division by 0
Fixes: fpe_movenc.c_199_1.wav
Fixes: fpe_movenc.c_199_2.wav
Fixes: fpe_movenc.c_199_3.wav
Fixes: fpe_movenc.c_199_4.wav
Fixes: fpe_movenc.c_199_5.wav
Fixes: fpe_movenc.c_199_6.wav
Fixes: fpe_movenc.c_199_7.wav
Found-by: #CHEN HONGXU# <HCHEN017 at e.ntu.edu.sg>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3a2d21bc5f97aa0161db3ae731fc2732be6108b8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=64993b613b3a296dcdc7e9b7037756bed4732b68
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 6 16:28:14 2018 +0200
avcodec/mjpegdec: Check for odd progressive RGB
Fixes: out of array access
Fixes: 9225/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5684770334834688
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ee1e3ca5eb1ec7d34e925d129c893e33847ee0b7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=92972f19168f323cfe133a42abf130a5f159bfd6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 27 16:51:51 2018 +0200
avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id
Fixes: out of array access
Fixes: ffmpeg_bof_1.avi
Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ed22dc22216f74c75ee7901f82649e1ff725ba50)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f65d6ff9ab06e2f4036a7e0f71072a216e66d239
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jul 3 20:33:04 2018 +0200
avformat/mms: Add missing chunksize check
Fixes: out of array read
Fixes: mms-crash-01b6c5d85f9d9f40f4e879896103e9f5b222816a
Found-by: Paul Ch <paulcher at icloud.com>
1st hunk by Paul Ch <paulcher at icloud.com>
Tested-by: Paul Ch <paulcher at icloud.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cced03dd667a5df6df8fd40d8de0bff477ee02e8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e82a06d2bef568124860090e2ec0b0de887c40a1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jul 3 22:14:42 2018 +0200
avformat/pva: Check for EOF before retrying in read_part_of_packet()
Fixes: Infinite loop
Fixes: pva-4b1835dbc2027bf3c567005dcc78e85199240d06
Found-by: Paul Ch <paulcher at icloud.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a42353c7a0c906a38c7cfc2fe29c0242a2c2231
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jul 3 21:37:46 2018 +0200
avformat/rmdec: Do not pass mime type in rm_read_multi() to ff_rm_read_mdpr_codecdata()
Fixes: use after free()
Fixes: rmdec-crash-ffe85b4cab1597d1cfea6955705e53f1f5c8a362
Found-by: Paul Ch <paulcher at icloud.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a7e032a277452366771951e29fd0bf2bd5c029f0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b8c152327b9a403a648376e1fd3891fcc5fbb38
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jul 2 01:26:44 2018 +0200
avcodec/indeo4: Check for end of bitstream in decode_mb_info()
Fixes: Timeout
Fixes: 8776/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5361788798369792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 267ba2aa96354c5b6a1ea89b2943fbd7a4893862)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c7dca182268ac493ba38a18d50c8fcce998ebcaa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jul 2 19:11:46 2018 +0200
avcodec/shorten: Fix undefined addition in shorten_decode_frame()
Fixes: signed integer overflow: 1139785606 + 1454196085 cannot be represented in type 'int'
Fixes: 8937/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6202943597445120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3b10bb8772c76177cc47b8d15a6970f19dd11039)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e1d4289596186980521a74e47486c25f93b9e3cf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jul 2 19:08:54 2018 +0200
avcodec/shorten: Fix undefined integer overflow
Fixes: signed integer overflow: 8454144 * 256 cannot be represented in type 'int'
Fixes: 8788/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5728205041303552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 70832333bba3b915040f415548518e136b44280e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c68a8137ce7322c815deeff0c0162bd574f39737
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jul 2 18:57:05 2018 +0200
avcodec/jpeg2000dec: Fixes invalid shifts in jpeg2000_decode_packets_po_iteration()
Fixes: shift exponent 47 is too large for 32-bit type 'int'
Fixes: 9163/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5661750182543360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 652d7c6348f96181fa69f8e2afb7b27a14c0a88a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=636081c982c18ec09f88ee562d5383af9ad049f2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jul 2 18:40:08 2018 +0200
avcodec/jpeg2000dec: Check that there are enough bytes for all tiles
Fixes: OOM
Fixes: 8781/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5810709081358336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0898a3d9909960324e27d3a7a4f48c4effbb654a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e6d3fd942f772f54ab6a5ca619cdaadef26b7702
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 27 17:27:50 2018 +0200
avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sample
Fixes: out of array read
Fixes: ffmpeg_crash_8.avi
Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 95556e27e2c1d56d9e18f5db34d6f756f3011148)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=09e4f8436542f93e70ad668ea3c22e10f451006a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 27 13:00:28 2018 +0200
avcodec/escape124: Fix spelling errors in comment
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f59c4e43915ed0528e2789f27ddb1635b59779df)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4bb368e6d9fe61fe7bda2696891e21d42d15af2c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 21 23:08:32 2018 +0200
avcodec/ra144: Fix integer overflow in ff_eval_refl()
Fixes: signed integer overflow: -4096 * -524288 cannot be represented in type 'int'
Fixes: 8650/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5734816036159488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b31189881a4cf54b0057ecf3eab917ad56eecfea)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=28a0f69987a49c9c0f78adf16c4261dea91fe845
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 22 01:18:20 2018 +0200
avcodec/cscd: Check output buffer size for lzo.
Fixes: Timeout
Fixes: 8665/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-5768442610188288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
(cherry picked from commit 78167b498f53c36c31105a2bf11e90b03637598f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dac23ef23c5ef416d1ed399dd8ea7b46d90e14c8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 24 19:23:02 2018 +0200
avcodec/escape124: Check buf_size against num_superblocks
Fixes: Timeout
Fixes: 8722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-4843268402577408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6677c98626489edfdb4b49b4f66ca91867768a9f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2a30376e5095feafced45964b0cc8fb507fdff61
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 22 21:45:59 2018 +0200
avcodec/h264_parser: Reduce needed history for parsing mb index
This fixes a bug/regression with very small packets
Fixes: output_file
Regression since: 0782fb6bcb32fe3ab956a99af4cc472ff81da0c2
Reported-by: Thierry Foucu <tfoucu at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d25c945247979a88fac6bb3b7a26370262b96ef1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=be9424966fff829e04d6f6f9c9cc5ca298993ece
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 21 22:48:54 2018 +0200
avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()
Fixes: Timeout
Fixes: 8648/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5108395525799936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 540e8c2d641bf90fc28e47e170f8c0b1962197e9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5cf8268b03fc45537effcf10dad674217a0a96a6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 14 16:41:49 2018 +0200
avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
Fixes: signed integer overflow: 1195517 * 2048 cannot be represented in type 'int'
Fixes: 8636/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4695836326887424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8bd514d9343746566b123275f8b6d0e9c11ec2b0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=836a9d62d121fd03b4c736c336b38d3779a3a208
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 14 16:37:32 2018 +0200
avcodec/dirac_dwt_template: Fix undefined behavior in interleave()
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8697/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5197148130902016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 575d8ca0260fabac29e5b3541154633569ce2b5d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=75c0be5b930ec64e5fe5c4099c594477a5646177
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 14 15:41:33 2018 +0200
avutil/common: Fix undefined behavior in av_clip_uintp2_c()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 8521/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5639024952737792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit aa41d322be71106ce147445f2b42bb763f1eff86)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=699e09f0de7c07bb1078bb9a6f6ebb190d777937
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 1 22:44:07 2018 +0200
fftools/ffmpeg: Fallback to duration if sample rate is unavailable
Regression since: af1761f7
Fixes: Division by 0
Fixes: ffmpeg_crash_1
Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 16d8b13b3b26c19d7f8856e039fe6662d96b4ff3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=39723d1ccbb2b0d11ed81be742d90232fcd788ef
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 16 23:35:58 2018 +0200
avformat/mov: Only set pkt->duration to non negative values
Reviewed-by: Sasi Inguva <isasi at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8176799f31b23849382623f0f9001acc5edf7c76)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=35cd7417f9ffcad57783cd479a6e6cc4543cb929
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 10 17:02:47 2018 +0200
avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in h264_sei
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b796c5ae9299c795cba0d16ce1d8eef05488953b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7281cf7195e3ff8adfb2dea0657d61306cf91726
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 8 18:25:14 2018 +0200
avcodec/h264_mc_template: Only prefetch motion if the list is used.
Fixes: index 59 out of bounds for type 'H264Ref [48]'
Fixes: 8232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5703295145345024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8b55591757244d8244a2be369c2b54c9ae79b02a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d18d83f5a165a3e697985f1ac5e158bfad02dd02
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 8 00:42:31 2018 +0200
avcodec/xwddec: Use ff_set_dimensions()
Fixes: OOM
Fixes: 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c2852e4e00de4073ff7de82d41cb3368702686e8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e1eebcbe3bfba5acd609544e283150dc44771218
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 8 00:07:04 2018 +0200
avcodec/wavpack: Fix overflow in adding tail
Fixes: signed integer overflow: 2146907204 + 26846088 cannot be represented in type 'int'
Fixes: 8105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-6233036682166272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d13379fb79708f550460dd6d698023bf26f968d5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eba50bdadcbc0f6961a24b30330a7581a2821981
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 13:19:35 2018 +0200
avcodec/shorten: Fix multiple integer overflows
Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int'
Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f2abd36b3863188894fd21964c662b6c17268bfb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=72aac791f1d4a316e1227abb6d81cc9c522301df
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 13:15:34 2018 +0200
avcodec/shorten: Fix undefined shift in fix_bitshift()
Fixes: left shift of negative value -9
Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 606c7148231404544005c0827b83c165dd6b39a8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e2207d5c46480679b51e00a4ba306d1d733a3418
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 13:12:54 2018 +0200
avcodec/shorten: Fix a negative left shift in shorten_decode_frame()
Fixes: left shift of negative value -9057
Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a711efe922b2bf1d363bdf7f8357656c3e35021e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9b1cbcdafb71617defbedf3ae7bef9b538a9d0e8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 13:03:48 2018 +0200
avcodec/shorten: Sanity check nmeans
Fixes: OOM
Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232
The reference software appears to use longs for 32bits and it uses int for nmeans
hinting that the intended maximum size was not 32bit.
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d91a0b503d7a886587281bc1ee42476aa5e89f85)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=60021049be014d4acc6ae3f77f4eeb1c73f27d50
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 02:33:43 2018 +0200
avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 424a81df107b63a166894a4aee3d27702ae3f459)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e520692e14af5ec6ca04cc680b0beb65a673894f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 02:17:24 2018 +0200
avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int'
Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 936f4a2c2e14ec753e8835f2e820b4cd9aec9a56)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=89c2b515794accc4e331ed0ad07082b7a6ca8d10
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 02:09:59 2018 +0200
avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
Fixes: signed integer overflow: 1077952576 + 1077952576 cannot be represented in type 'int'
Fixes: 7712/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5056281753681920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 79c6047c3668c639f717b3a7001a34dddba0ede2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5acbb27cbd635c32d591a95ae2f70bd00ea956d8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 3 01:33:54 2018 +0200
avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
Fixes: runtime error: signed integer overflow: -1440457022 - 785819492 cannot be represented in type 'int'
Fixes: 7700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OPUS_fuzzer-6595838684954624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e7dda51150b73e5fbdccf4c2d3a72e356980fba3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=008288c2c49110d3e6823ccf2ebc8c43b6c34268
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 3 00:48:06 2018 +0200
avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
This restructures the code slightly toward D_UTIL_dec_synthesis()
Fixes: 7420/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMRWB_fuzzer-6577305112543232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dce80a4b47efaba97707bda781a9ee57f5a26974)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a11c4955cd234a6c6b9b814d41c173c1f9b7b82
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 21 03:16:58 2018 +0200
avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
Fixes: #7165
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fe84f70819d6f5aab3c4823290e0d32b99d6de78)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d1f924319ee372f0d368b0b0f2e60af7f51ae5b8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 15 17:06:59 2018 +0200
avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
Without this some operations might overflow (undefined behavior)
even though the index adding loop would never execute
No testcase known
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 56e76bd0579cc7f7b28860885d9e569a39daf41b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6ad66ddce3fc4f73d5a5e932c64c0053f75b06c2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 5 23:42:36 2018 +0200
avcodec/fic: Avoid some magic numbers related to cursors
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c6a11714c4b1227be62cbc36651ccfc415e8e623)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9797767ff7e862612103dad802182d980fba3487
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 16 22:50:19 2018 +0200
avcodec/g2meet: ask for sample with overflowing RGB
Suggested-by: Tomas Härdin <tjoppen at acc.umu.se>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ab834b8f36c8157b7015e849405cbf6ae21e672f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec1aca850084462dba681bb5a4f87cbdfc9b4c9c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 25 22:06:48 2018 +0200
avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
Fixes: signed integer overflow: -2141499320 + -14469590 cannot be represented in type 'int'
Fixes: 7351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-6351214791884800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 90475db97e2e5931d295df6ab86519fa2e14d259)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=32aa3e55b1650ff24801c8d16c930bc5f0500813
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 25 22:02:20 2018 +0200
oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behavior
Fixes: signed integer overflow: 1073741842 + 1784008138 cannot be represented in type 'int'
Fixes: 6792/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5677589835284480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 62cb6fadf33de6db386deac92853d4b95c930015)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=55e4a40e96b8c4b4c7a3e7f508ca41d0e28500dd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 25 21:56:04 2018 +0200
avcodec/g723_1dec: Clip bits2 in both directions
Fixes: shift exponent 33 is too large for 32-bit type 'int'
Fixes: 6743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5823772687859712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 53f241218d9eac368e2e1c58bcca9bbdf10fd0e1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d6f8960812b0a4ceac299a9000a1e921c74e431a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 21 23:08:05 2018 +0200
avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
Fixes truncation
Fixes Assertion n <= 31 && value < (1U << n) failed at libavcodec/put_bits.h:169
Fixes: ffmpeg_crash_2.avi
Found-by: Thuan Pham <thuanpv at comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e1182fac1afba92a4975917823a5f644bee7e6e8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=99b4524bfb45f5c6e0672229f2da1a2b93622f15
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 17 13:58:46 2018 +0200
avcodec/mlpdec: Only change noise_type if the related fields are valid
Fixes: inconsistency
Fixes:runtime error: index 8 out of bounds for type 'int32_t [8]'
Fixes: 6686/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5191383498358784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 63c4a4b0d692bc86142790276358ba35129f2290)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2a9f93d8b0e6c3d4c38ca3b3ff955b283519df86
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 17 13:40:38 2018 +0200
indeo4: Decode all or nothing of a band header.
This avoids inconsistent value combinations.
Alternatively it would be possible to add more checks and careful use of
temporary variables, but my try of this quickly seemed to become
a rather large change.
The disadvantage of this, is that the struct is copied back and forth.
Fixes: index 6 out of bounds for type 'const uint16_t [5][16]'
Fixes: 6557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-4787296550256640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 10c8521265da86118597336c5589e26de377a374)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c3ff11cc08dd540f0da7998d69959812e638a9f8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 15 17:07:00 2018 +0200
avformat/mov: Only fail for STCO/STSC contradictions if both exist
Fixes regression with playback of GF9720Repeal20the20Eighth20with20Helen20Linehan.m4a
See: crbug 822666
Found-by: "Mattias Wadman <mattias.wadman at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2c2d689c56646cce64d02a3b75f61c12c5589260)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3a97317e8bec60781c2b89b4a9412587dbbb0066
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 14 00:10:33 2018 +0200
avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int');
Fixes: 6500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-4523620274536448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cb944fc7f1327443a0cf449afbce5a3e8712f90f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=837c42535b42917bc66923af7e0363f57e822e68
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 5 22:00:01 2018 +0200
avcodec/fic: Check available input space for cursor
Fixes: out of array read
Fixes: 6546/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-6317064647081984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cb2f7ea96b4f6e03ebf0c0563677745fc65f148e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8878f43cf573dd104024052633d5779b6f3b48f9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 27 20:16:13 2018 +0200
avcodec/g2meet: Check RGB upper limit
Fixes: runtime error: left shift of 1876744317 by 16 places cannot be represented in type 'int'
Fixes: 6799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5115274731716608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4dd2c8b9ea46b4e008a8bfc2077834428cd5a17c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=45b45ce240a510b599528a1567070af1e3be0237
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 4 19:18:25 2018 +0200
avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
Fixes: shift exponent 47 is too large for 32-bit type 'int'
Fixes: 7955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6016721977606144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 652ba72ed3124f201f98eea9bafb2232b535f549)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d3b48f2853f95e891e2dd76ea168b437e0e44d8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 4 19:11:36 2018 +0200
avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
Fixes: assertion failure
Fixes: 7949/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-4819602782552064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a96c131eb53b00de154f4773d96a3b323ea3daed)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b06c67cbf329d02321a18a47d44adf834c056ee5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 4 18:16:08 2018 +0200
avcodec/g2meet: Change order of operations to avoid undefined behavior
Fixes: signed integer overflow: 65280 * 196032 cannot be represented in type 'int'
Fixes: 7279/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5977332473921536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0a4745145840d97619c424961c1b5c625dbf516c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c21933835b4bb9294cefb8b940fd4da83a11fd33
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 30 22:20:28 2018 +0200
avcodec/flac_parser: Fix infinite loop
Fixes: crbug/827204
Reported-by: Frank Liberato <liberato at google.com>
Reviewed-by: Frank Liberato <liberato at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 15a2e35e9e74bba5a27e39c26da5be2361f27945)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6ea3a2a276c9dc8ca7dea2767d815b7e026ab205
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 27 21:44:07 2018 +0200
avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
Fixes: runtime error: signed integer overflow: 2147483637 + 128 cannot be represented in type 'int'
Fixes: 6701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5358324934508544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6e95d80e6fae978f8a44afc24b0c5097a062719f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1411eddce66b537a6cbc344447676b2f198683e0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 22 21:46:05 2018 +0200
avcodec/error_resilience: Fix integer overflow in filter181()
Fixes: runtime error: signed integer overflow: 197710 * 10923 cannot be represented in type 'int'
Fixes: 7010/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5667127596941312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1c97035e3b1677d6f0c5b6161ebfeffcf7bb638d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=95156bdb59ce0641267899e9b55a570a2addc43f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 22 21:07:45 2018 +0200
avcodec/h263dec: Check slice_ret in mspeg4 slice loop
Fixes infinite loop
Fixes: 6858/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_MSMPEG4V3_fuzzer-4681563766784000
Fixes: 6890/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_WMV1_fuzzer-4756103142309888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit de841fbea7655b74a9663001e01008a86c88779a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2901299610c05522bbaf9ba630ef8bf0843d19af
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 25 01:54:17 2018 +0200
avcodec/elsdec: Fix memleaks
Fixes: 6798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5135899701542912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0bd0401336df4e4ca7f3da6a7e226904fd7d5add)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=83e870beb80b1170f81910793c1347d3ae900878
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 23 02:08:10 2018 +0200
avcodec/vc1_block: simplify ac_val computation
also fixes: runtime error: index 1456 out of bounds for type 'int16_t [16]'
Found-by: durandal_1707
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d06b01fc2d4f5e031d45f9460d1eea610d23d6c5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e4bd765ac808106d5892c0ccb41fbb071f68efe
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 21 22:19:31 2018 +0200
avcodec/ffv1enc: Check that the crc + version combination is supported
The crc flag is only stored since version 3 thus before this crcs do not
work. We increase the version as needed same as we do with pix_fmts
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d9706f79c17a33bf97e51a7d6ab211ce83a463ee)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fbb65e77b6ee607747d0d8edaf692480b841b4b1
Author: Stephan Holljes <klaxa1337 at googlemail.com>
Date: Fri Jan 12 19:16:29 2018 +0100
lavf/http.c: Free allocated client URLContext in case of error.
Signed-off-by: Stephan Holljes <klaxa1337 at googlemail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b6b8c92652d6683d97515352e4a9a4147b7da7c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=05f4488bd7b9122b864fbea437573226d43237b8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 16 22:29:09 2018 +0200
avcodec/dsicinvideo: Fail if there is only a small fraction of the data available that comprises a full frame
Fixes: Timeout
Fixes: 6306/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSICINVIDEO_fuzzer-5079253549842432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5549488bbf3a23c0fb9833cefc6354f97055dd96)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8b89c007e822b606a19ec96bd5fa29f0e4a41262
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 16 22:28:23 2018 +0200
avcodec/dsicinvideo: Propagate errors from cin_decode_rle()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 942217b153a9bff2d17463957abd772fcd72b400)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e77fe2b7c4b38a8e8079311cfcfc893eef050f5e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 16 22:04:53 2018 +0200
avcodec/dfa: Check dimension against maximum
The headers from where the dimensions are read in actual files
are limited to 16bit per component.
Fixes: Timeout
Fixes: 6305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-4824270749302784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9d5a4fcfbb51edc871bdb1c67a88223cbfb1c0e4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6b382d4d8640fe9f7f96b440ab1408bf22ba7f62
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 17 02:13:43 2018 +0200
avcodec/cinepak: Skip empty frames
Speeds up decoding from 3 to 0.1 seconds for 6302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5626371985375232
Fixes: Timeout
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9033920bec9ccf17de205fc17c2b330906b200f5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b01b57f7e0428bc0b52828f7cee7cc5f28cf0422
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 17 02:13:42 2018 +0200
avcodec/cinepak: move some checks prior to frame allocation
Speeds up decoding from 8 to 3 seconds for 6302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5626371985375232
Fixes: Timeout
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2324ef1ff32e5effd6f295bca80580ae4816be0b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e7f1090a54c284d008e2b94db2d8cdd668815ae9
Author: Rahul Chaudhry <rahulchaudhry at chromium.org>
Date: Wed Apr 18 16:29:39 2018 -0700
swresample/arm: remove unintentional relocation.
Branch to global symbol results in reference to PLT, and when compiling
for THUMB-2 - in a R_ARM_THM_JUMP19 relocation. Some linkers don't
support this relocation (ld.gold), while others can end up truncating
the relocation to fit (ld.bfd).
Convert this branch through PLT into a direct branch that the assembler
can resolve locally.
See https://github.com/android-ndk/ndk/issues/337 for background.
The current workaround is to disable neon during gstreamer build,
which is not optimal and can be reverted after this patch:
https://github.com/freedesktop/gstreamer-cerbero/commit/41556c415739fbc3a72c7eaee7e70a565b719b2f
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b22db4f465c9adb2cf1489e04f7b65ef6bb55b8b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5a2a40fa78c4c5d7d66cc77ad812c39d964dff79
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 16 18:23:12 2018 +0200
doc/APIchanges: Fix typos in hashes
Thanks-to: Moritz Barsnick <barsnick at gmx.net> for finding the correct ones
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ec8a5262b03f85158d722dbc8b8f30cb6bd67e0f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bb6146ca6d66459254b5e332f258d3e9a72a20ea
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 13 11:38:48 2018 +0200
avformat/utils: Check cur_dts in update_initial_timestamps() more
Fixes: runtime error: signed integer overflow: 18133149658382192 - -9223090561878065151 cannot be represented in type 'long long'
Fixes: crbug 831552
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 37d46dc21d708192b12aa13617ebe6a117b07363)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1fbd13ebe529ef6e17bb66f2216271d933c70c39
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 11 19:50:52 2018 +0200
avcodec/utils: Enforce minimum width also for VP5/6
Fixes: out of array access
Fixes: poc_0411
Found-by: GwanYeong Kim <gy741.kim at gmail.com>
Tested-by: GwanYeong Kim <gy741.kim at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 544324827e0131e43af1a54fb790a48a25fd7ba4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c512be126b46ac5e05ab60f82cbdf89747395f74
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 10 22:24:03 2018 +0200
avcodec/truemotion2: Propagate out of bounds error from GET_TOK()
Fixes: Timeout
Fixes: 6389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5695918121680896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f6304af2341d0cee51c2116766622e3ac567b7a0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8d40798dd09ed9f61978c4f88893920e1ae5aa2d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 11 18:55:57 2018 +0200
avformat/utils: Fix integer overflow in end time calculation in update_stream_timings()
Fixes: crbug 829153
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c48ceff786bdc96fdc64417118c457d03bd19871)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8b0de157d2754ee101f5e3ed6e4df331761a0500
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 10 16:12:15 2018 +0200
avcodec/mjpegdec: Check input buffer size.
Fixes: Timeout
Fixes: 6381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5665032743419904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8d381b57fd9d17fb5c3a851ca46c738b3afc33a2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b545cc000d5f6e1e3a7795225c8cab3aa3cfd7d7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 6 23:56:57 2018 +0200
avformat/mov: Fix extradata memleak
Fixes: crbug 822705
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0a8133119ca5d087c7c7140d100406ff84c477ee)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c2e611fef6a80f598fa2f25bf4a28522779565e2
Author: Matt Wolenetz <wolenetz at google.com>
Date: Tue Apr 10 13:59:25 2018 -0700
lavc/libopusdec: Allow avcodec_open2 to call .close
If there is a decoder initialization failure detected in avcodec_open2
after .init is called, allow graceful decoder .close to prevent leaking
libopus decoder allocations.
BUG=828526
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e43e97f0e0f0596b56ceb2f887fe7414f202f081)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=173fdd9b65a877946b6a8decaaafcd5295c3517b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 8 03:29:44 2018 +0200
avcodec/movtextdec: Check style_start/end
Limits based on 3GPP TS 26.245 V14.0.0
Fixes: Timeout
Fixes: 6377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5175929115508736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Philip Langdale <philipl at overt.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 249aca8f98ff7fb09c12ea68e23c862c62203b95)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=626da21af80ca3db94b85bc2bcd1799fff7b5ee5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 7 21:55:06 2018 +0200
avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble()
Fixes: runtime error: signed integer overflow: 2052929346 + 204817098 cannot be represented in type 'int'
This was missed in b1bef755f617af9685b592d866b3eb7f3c4b02b1
Fixes: 5275/clusterfuzz-testcase-minimized-5367635958038528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c837918f50a7bbd6150afd340857ea43fe4717c7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c66c4da55a5e103bfb67b3009b6c51142806dfaf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 2 20:01:07 2018 +0200
libavcodec/rv34: error out earlier on missing references
Fixes visual corruption on seeking
Fixes: downloadTest_clip_24M.rmvb
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6cd81d68c5e4b0ff00288970c4151ff4031c0ea9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=da51b8be0b3f02b9d717195ff129d0f85b1f567d
Author: Hendrik Schreiber <hs at tagtraum.com>
Date: Thu Apr 5 13:58:37 2018 +0200
swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering.
Removed +len1 in call to s->mix_2_1_f() as I found no logical explanation for it. After removal, problem was gone.
Signed-off-by: Hendrik Schreiber <hs at tagtraum.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 647fd4b8292e3bfae30b1086aa842a5ee47ee868)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f14c3cfbc3da465fc6f7903bf1fc4ade0cb8b4fa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 31 21:19:19 2018 +0200
avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed()
I was not able to reproduce this, this fix is based on just the fuzzer log.
Fixes: 4959/clusterfuzz-testcase-minimized-6035350934781952
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 197a4e8feed45b2e5868760240e83636818f32a9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=050d779a1f7e576122494a16a11bf8a2aa23959e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 12 00:05:04 2018 +0100
avcodec/cscd: Error out when LZ* decompression fails
Fixes: Timeout
Fixes: 6304/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-5754772461191168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d52be5d4e91871a22dac70af3e0ab429e95a2d10)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e0888e57588fd90ea648b0dac12ed6df6ec79cfe
Author: heimdallr <heimdallr at ngs.ru>
Date: Sat Mar 31 19:37:23 2018 +0700
avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list()
example:
AVPixelFormat pixFmts[] = { AV_PIX_FMT_RGB24, AV_PIX_FMT_RGBA };
int loss = 0;
AVPixelFormat best = avcodec_find_best_pix_fmt_of_list(pixFmts, AV_PIX_FMT_BGRA, 1, &loss);
best is AV_PIX_FMT_RGB24. But AV_PIX_FMT_RGBA is better.
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 354b26a3945eadd4ed8fcd801dfefad2566241de)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7050970d066b853f82b0891fd7b57c19b4fd9095
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 31 03:10:43 2018 +0200
avcodec/utvideodec: Set pro flag based on fourcc
This avoids mixing 8bit variants with pro and 10bit with non pro mode.
Fixes: out of array read
Fixes: poc_03_30.avi
Found-by: GwanYeong Kim <gy741.kim at gmail.com>
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 47b7c68ae54560e2308bdb6be4fb076c73b93081)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3d329dc8c3f1285e7ded4fd234ab0eac637ed69f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Mar 25 01:51:28 2018 +0100
avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
Fixes: 2018_03_23_poc.wav
Found-by: GwanYeong Kim <gy741.kim at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ea15915b2dc5aaa80c91879fbd183475a7e66e54)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3ffdf43e659f9d016bae45823a918c0af68a9d2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 29 01:07:24 2018 +0200
avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables
Found-by: James Almer <jamrial at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5c75438b893539dd17998c489fb4c540fc5a6e48)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ea209bee9c05cb6a70ec3ab163598afafbdc4710
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Feb 3 21:36:22 2018 +0100
avformat/mov: Move +1 in check to avoid hypothetical overflow in add_ctts_entry()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit eb60b9d3aaaa42265fb1960be6fff6383cfdbf37)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e054e9fb20bfb3b077095c47e21e91d5f2067509
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 24 01:38:53 2018 +0100
avcodec/get_bits: Make sure the input bitstream with padding can be addressed
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e529fe7633762cb26a665fb6dee3be29b15285cc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0288fa9319d5f3f7aa65c37d26ec7f90bfcdae02
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 16 19:53:36 2018 +0100
avformat/mov: Check STSC and remove invalid entries
Fixes assertion failure
Fixes: crbug 822547, crbug 822666 and crbug 823009
Affects: aark15sd_9A62E2FA.mp4
Found-by: ClusterFuzz
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9e67447a4ffacf28af8bace33faf3ea432ddc43e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f6a55b04904e3de235075c5e8b657c534cbe0d24
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 27 15:17:12 2018 +0100
avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
Fixes: Timeout
Fixes: 6297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-4882404863901696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 939440ad1aa820bed51f54d273b4fa6c5016d9f9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=da1b72ae357b9142130c26d261ef76fbe3f4bee5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 27 15:17:12 2018 +0100
avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
Fixes: Timeout
Fixes: 6297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-4882404863901696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8ee3265dbe2e85537affe3b3055b00ba8646aa70)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7a5630b56a8bb0422c3946601e2c95cd6ea53956
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Mar 11 00:13:57 2018 +0100
avcodec/wmalosslessdec: Reset num_saved_bits on error path
Fixes: NULL pointer dereference
Fixes: poc-201803.wav
Found-by: GwanYeong Kim <gy741.kim at gmail.com>
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 64c9ce0abc0fd8774b523afda3ddb17c86caa86a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=791c0940f588ba10a460b2d3eb4e927b922fef8d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 9 16:43:29 2018 +0100
avformat/mov: Fix integer overflows related to sample_duration
Fixes: runtime error: signed integer overflow: -9166684017437101870 + -2495066639299164439 cannot be represented in type
Fixes: Chromium bug 791349
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2f37082827a405430c40408ee2db19ea2866ce64)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=25830222664463088e600f79cd7b262ea6d3fda2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 8 17:28:36 2018 +0100
avformat/oggparsedaala: Do not adjust AV_NOPTS_VALUE
Fixes: potential signed integer overflow
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f655ddfb47e8484b205b14c7f871c643ad24d701)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=723f154ae09aa04042398a31b14ed6c721578959
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 9 01:05:20 2018 +0100
avformat/oggparseogm: Check lb against psize
No testcase, this was found during code review
Found-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3e7c847aaf5a298b62afae12b4ecfb8e12385998)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bdb68741ba221bd73f924bdacadccfcc1180f2fc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 8 23:14:04 2018 +0100
avformat/oggparseogm: Fix undefined shift in ogm_packet()
Fixes: shift exponent 48 is too large for 32-bit type 'int'
Fixes: Chromium bug 786793
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 010b7b30b721b90993e05e9ee6338e88bb8debb3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=35194c4e02579014d84214e8925919f9d217f0f9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 8 22:40:50 2018 +0100
avformat/avidec: Fix integer overflow in cum_len check
Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long'
Fixes: Chromium bug 791237
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 06e092e7819b9437da32925200e7c369f93d82e7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=adfbb5112dd4d1585ef029e436eae2de76923da9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 8 17:28:36 2018 +0100
avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
Fixes: Chromium bug 795653
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 02ecda4aba69670ca744ccc640391b7621f01fb0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d3e6b38a413d645e76327ae9a3296793b865d896
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 7 00:10:11 2018 +0100
avformat/utils: Fix integer overflow of fps_first/last_dts
Fixes: runtime error: signed integer overflow: 7738135736989908991 - -7898362169240453118 cannot be represented in type 'long'
Fixes: Chromium bug 796778
Reported-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b1362e408cd6acb63fef126b814b0d16562aa8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4c1d58f937c0f24b6d06bde1a7b5219055e6b4d6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 6 18:14:12 2018 +0100
libavformat/oggparsevorbis: Fix memleak on multiple headers
Fixes: Chromium bug 800123
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3934aa495d786845d9f541c84ee405c096938f76)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7fafcad8d53a3e55fceed2a688fed07806892f3e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Feb 22 03:04:40 2018 +0100
avcodec/truemotion2rt: Check input buffer size
Fixes: Timeout
Fixes: 6250/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2RT_fuzzer-5479814011027456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8b5c29b6c2ab00f8fb545475238a99f575b5d81d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b827d3a35230d7a3d523fea894352f58def38e03
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 21 04:29:44 2018 +0100
avcodec/exr: fix invalid shift in unpack_14()
Fixes: 6154/clusterfuzz-testcase-minimized-5762231061970944
Fixes: runtime error: shift exponent 63 is too large for 32-bit type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 49062a90174b6e4104876c0257dc673a0da854ca)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2dc487bcb08e98ca739c04a9b9bbd534217ebf52
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 26 21:17:08 2018 +0100
avcodec/bintext: sanity check dimensions
Fixes: Timeout
Fixes: 6277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XBIN_fuzzer-6047202288861184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 090c0abff9c8b27304614f15d9464dbf4ea59833)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9c0593576454992e5739729623ca3ed1fe93d12e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 26 03:02:48 2018 +0100
avcodec/utvideodec: Check subsample factors
Fixes: Out of array read
Fixes: heap_poc
Found-by: GwanYeong Kim <gy741.kim at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7414d0bda7763f9bd69c26c068e482ab297c1c96)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=36268aa8960e289596287a9a7d5d30ed13c90b86
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 23 03:40:02 2018 +0100
avcodec/smc: Check input packet size
Fixes: Timeout
Fixes: 6261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-5811309653262336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0293663483ab5dbfff23602a62800d84e021b33c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=72f06b3a2c17233a9bfd52a1ba0baf379b651ecc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 20 23:11:01 2018 +0100
avcodec/cavsdec: Check alpha/beta offset
Fixes: Integer overflow
Fixes: 6183/clusterfuzz-testcase-minimized-6269224436629504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ae2eb04648839bfc6c61c32cb0f124e91bb7ff8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=51f64667fc55a72d5ba11645fe4e979b95900fc3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Feb 18 21:51:38 2018 +0100
avcodec/diracdec: Fix integer overflow in mv computation
Fixes: signed integer overflow: -2072 + -2147483646 cannot be represented in type 'int'
Fixes: 6097/clusterfuzz-testcase-minimized-5034145253163008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 47e65ad63b3d067445c4de41a7718b83fc07767c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c08bd58d876482f1ab0f8f465c818f152ccba6b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Feb 18 17:12:28 2018 +0100
avcodec/h264_parse: Clear invalid chroma weights in ff_h264_pred_weight_table()
Fixes: 6037/clusterfuzz-testcase-minimized-5030249784934400
Fixes: signed integer overflow: 256 * 16992036 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 85c85fffff3f9c75301db3eba1bd5f2fb1e6285d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=145e40c0d0d82e7ef234dac8c0e2dab3bd8a3a8e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Feb 18 16:55:52 2018 +0100
avcodec/aacdec_templat: Fix integer overflow in apply_ltp()
Fixes: signed integer overflow: -1625276744 + -1041893960 cannot be represented in type 'int'
Fixes: 5948/clusterfuzz-testcase-minimized-5791479856365568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33fe17bdc88d51a8e0c87aa1e8011aaaf38a7a90)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=83609209720df8acecbe50e2edec4939f3d0b477
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Feb 18 00:11:33 2018 +0100
avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
Fixes: 5918/clusterfuzz-testcase-minimized-5120505435652096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 793347a54579ee954b58d336b82eed4a1786de21)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=736ef72bffcbfb12ff58735ab841b8eb09b292fd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Feb 17 23:54:44 2018 +0100
avcodec/diracdec: Use int64 in global mv to prevent overflow
Fixes: runtime error: signed integer overflow: 361 * -6295541 cannot be represented in type 'int'
Fixes: 5911/clusterfuzz-testcase-minimized-6450382197751808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cbcbefdc3b4cbc917d2f8b2dd216fb12121a838b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1c905c02d059b22bd1ab2e011ec4977d937da916
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Feb 17 21:27:16 2018 +0100
avcodec/dxtory: Remove code that corrupts dimensions
Fixes: Timeout
Fixes: 5796/clusterfuzz-testcase-minimized-5206729085157376
Does someone have a valid sample that triggers this path ?
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3748746a4d6988484d34516f7a3c6febf7bdf488)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=db617c9520257b2b28f319fed324f9d618dc8433
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Feb 17 21:47:09 2018 +0100
avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i()
Fixes: 5894/clusterfuzz-testcase-minimized-5315325420634112
Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 647fa49495c39a48b7ccb92acd8fb975b1575456)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca859294402cfb7a867eae57114589629d556047
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Feb 17 04:20:52 2018 +0100
avcodec/vp8: Check for bitstream end before vp7_fade_frame()
Fixes: Timeout
Fixes: 5653/clusterfuzz-testcase-5497680018014208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit de675648cef7e451ca82fabaee0d8ec1fe653311)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a7bd00eab49708a6da64c9ea7983a0714e7b1a08
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 14 13:01:46 2018 +0100
avcodec/exr: Check remaining bits in last get code loop
Fixes: runtime error: shift exponent -7 is negative
Fixes: 3902/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6081926122176512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dd8351b1184b8054925c28ecc5fcb6dbbc177fad)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fc9dcfb9f23d4559f47471beeb492477639595b0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 14 03:54:13 2018 +0100
avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c()
Fixes: 5567/clusterfuzz-testcase-minimized-5769966247739392
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ab6f571ef71967da7c7c1cfba483d3597c7357d5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed04cbf62b48ef987da547af1a1ba5216a14e037
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 14 00:32:30 2018 +0100
avcodec/h264_cabac: Tighten allowed coeff_abs range
Fixes: integer overflows
Reported-by: "Xiaohan Wang (王消寒)" <xhwang at chromium.org>
Based on limits in "8.5 Transform coefficient decoding process and picture
construction process prior to deblocking filter process"
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f26a63c4ee1bdbe21d7ab462cd66f8ba20b14244)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f4ff8845e232db35c2fbd36f877b2597b6287fec
Author: Xiaohan Wang <xhwang at chromium.org>
Date: Sat Feb 3 01:43:35 2018 -0800
avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc()
When ff_h264_decode_mb_cavlc() failed due to wrong sl->qscale values,
e.g. dquant out of range, set the qscale to be a valid value before
returning -1 and exiting the function. The qscale value can be used
later e.g. in loop filter.
BUG=806122
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 71f39de2a57efc8db1d607b09c162c3b806cd45d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e38388fb090882f7b6e54bb132b12f875a56217a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Feb 11 03:38:54 2018 +0100
avcodec/vp3: Error out on invalid num_coeffs in unpack_vlcs()
This fixes a hypothetical integer overflow
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f2318aee8ca8df1c84092f7d6691a2d0df02c474)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6098d54fbd5cab8c85e8644843e1bad3c91cf77a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 9 22:24:58 2018 +0100
avcodec/mpeg4videodec: Ignore multiple VOL headers
Fixes: Ticket7005
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 63a4bdbf3b732504e54cc2b9ec0886e6242a90bc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=218574f24b0a2535bdf5479c502eedb420beb31a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 9 04:17:16 2018 +0100
avcodec/vp3: Check eob_run
Fixes: out of array access
Fixes: 5919/clusterfuzz-testcase-minimized-5859311382167552
Fixes: special case for theora (untested due to lack of sample)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 570023eab3e2962b4ad8345a157c1e18ca1a6eca)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5aa07015d7e96682c53527eaa3615bc997397adb
Author: Nekopanda <pianoyayaninth-at-yahoo.co.jp at ffmpeg.org>
Date: Sat Feb 10 18:36:32 2018 +0900
avcodec/mpeg2dec: Fix field selection for skipped macroblocks
For B field pictures, the spec says,
> The prediction shall be made from the field of the same parity as the field being predicted.
I did it.
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8b154cb3e90a3e599cadf477d815a9854b7bb4e1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40b7dc104a30ee19c2bcb184a157fd6292407301
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 31 19:20:10 2018 +0100
avcodec/huffyuvdec: Check input buffer size
Fixes: Timeout
Fixes: 5487/clusterfuzz-testcase-4696837035393024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 08c220d26cff51ca2f6896b65aebfa3accc67290)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=22aa37c0fedf14531783189a197542a055959b6c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 2 21:44:57 2018 +0100
avcodec/utvideodec: Fix bytes left check in decode_frame()
Fixes: out of array read
Fixes: poc-2017.avi
Found-by: GwanYeong Kim <gy741.kim at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 118e1b0b3370dd1c0da442901b486689efd1654b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7cc7346dfdefb91c99b6dea9222a2cebc53c8a04
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 31 02:50:18 2018 +0100
avcodec/wavpack: Fix integer overflow in FFABS
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 5396/clusterfuzz-testcase-minimized-6558555529281536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8e50bd61e4ff97bd7fc6cbd7ec4ca514e17a70c4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7aed596664424074196474e311f6084f10ae725d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 31 18:13:07 2018 +0100
avcodec/aacsbr_fixed: Fix overflows in rounding in sbr_hf_assemble()
Fixes: runtime error: signed integer overflow: 2052929346 + 204817098 cannot be represented in type 'int'
Fixes: 5275/clusterfuzz-testcase-minimized-5367635958038528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b1bef755f617af9685b592d866b3eb7f3c4b02b1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=08deabae3860f3cf7ee409fdbe18332fc994feff
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 25 23:14:37 2018 +0100
avcodec/dirac_dwt: Fix several integer overflows
Fixes: runtime error: signed integer overflow: -2146071175 + -268479557 cannot be represented in type 'int'
Fixes: 5237/clusterfuzz-testcase-minimized-4569895275593728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fe1e6c06d03432c3e9208f019533c1d701f485d0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e67ae6dc192b097c216222b359e3ed030d31eed3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jan 26 00:24:49 2018 +0100
avcodec/indeo5: Do not leave frame_type set to an invalid value
Fixes: null pointer dereference
Fixes: 5264/clusterfuzz-testcase-minimized-4621956621008896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2ff9f178519b68d4d1d606eb5451ad81da948efc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2bf49f9b1c24d1be4f6431f897fe3265e963aee3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 24 03:15:23 2018 +0100
avcodec/hevc_ps: Check log2_sao_offset_scale_*
Fixes: 4868/clusterfuzz-testcase-minimized-6236542906400768
Fixes: runtime error: shift exponent 126 is too large for 32-bit type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4a75a75c62efc645ec28444e4675c325b8f2bb1a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=55776eae21164f5f34652bf8a9299650ba01ebc8
Author: Aman Gupta <aman at tmm1.net>
Date: Tue Sep 26 18:04:12 2017 -0700
avcodec/hevc_ps: extract one SPS fields required for hvcC construction
Signed-off-by: Aman Gupta <aman at tmm1.net>
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f7f814ade8c262f476b5b7eca9cea8829d25ef28
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 28 02:29:02 2018 +0100
avcodec/mpeg4videodec: Avoid possibly aliasing violating casts
Found-by: kierank
Reviewed-by: Kieran Kunhya <kieran618 at googlemail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d4967c04e040b3b2f937cad88599af825147ec94)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fbc5e36fdd0baff7202bc8b603979d68e72b69cf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 28 02:29:01 2018 +0100
avcodec/get_bits: Document the return code of get_vlc2()
Found-by: kierank
Reviewed-by: Kieran Kunhya <kieran618 at googlemail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4a94ff4ccd4f2329c599e37cabe4152dae60359e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef80b1402b127e774b768d55681ca9ee47c1d57f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 28 02:29:00 2018 +0100
avcodec/mpeg4videodec: Check mb_num also against 0
The spec implies that 0 is invalid in addition to the existing checks
Found-by: <kierank>
Reviewed-by: Kieran Kunhya <kieran618 at googlemail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 05f4703a168a336363750e32bcfdd6f303fbdbc3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c4ba170cad2ccdd896ea6fd3a890980008606541
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 24 19:38:05 2018 +0100
avfilter/vf_transpose: Fix used plane count.
Fixes out of array access
Fixes: poc.mp4
Found-by: GwanYeong Kim <gy741.kim at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c6939f65a116b1ffed345d29d8621ee4ffb32235)
(cherry picked from commit 3f621455d62e46745453568d915badd5b1e5bcd5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6abe8c7563a8c247ff2d0f3caa809299ae6182b7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jan 15 23:46:44 2018 +0100
avcodec/hevc_cabac: Check prefix so as to avoid invalid shifts in coeff_abs_level_remaining_decode()
I suspect that this can be limited tighter, but i failed to find anything
in the spec that would confirm that.
Fixes: 4833/clusterfuzz-testcase-minimized-5302840101699584
Fixes: runtime error: left shift of 134217730 by 4 places cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a026a3efaeb9c2026668dccbbda339a21ab3206b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=71524db178ee63dd2e518375e86a9e68ed5075be
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 24 03:28:49 2018 +0100
avcodec/mjpegdec: Fix integer overflow in DC dequantization
Fixes: runtime error: signed integer overflow: -65535 * 65312 cannot be represented in type 'int'
Fixes: 4900/clusterfuzz-testcase-minimized-5769019744321536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1bfc1aa004950c5ad527d823a08b8a19eef34eb0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7348bbf9c28c7acb3ca8173b0f4e993dac0dfc11
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jan 22 14:02:59 2018 +0100
avcodec/dxtory: Fix bits left checks
Fixes: Timeout
Fixes: 4863/clusterfuzz-testcase-6347354178322432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6e1a167c5564085385488b4f579e9efb987d4bfa)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8b92327f8cd3161934c5f6151db289d370702bf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jan 15 23:42:57 2018 +0100
avcodec/hevc_cabac: Move prefix check in coeff_abs_level_remaining_decode() down
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 94d4237a7a294ce80e1e577b38e9c93e8882aff9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d39b17f2375a4bf7c8a477b1881d9e8b1d007670
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 20 04:10:50 2018 +0100
avcodec/truemotion2: Fix integer overflow in TM2_RECALC_BLOCK()
Fixes: signed integer overflow: 1477974040 - -1877995504 cannot be represented in type 'int'
Fixes: 4861/clusterfuzz-testcase-minimized-4570316383715328
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 56a53340ed4cc55898e49c07081311ebb2816630)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eea05ba855c01b756dbc559e449cb3d57ede75d2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jan 15 03:03:36 2018 +0100
avcodec/snowdec: Fix integer overflow before htaps check
Fixes: runtime error: signed integer overflow: -1094995529 * 2 cannot be represented in type 'int'
Fixes: 4828/clusterfuzz-testcase-minimized-5100849937252352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2eecf3cf8eeae67697934df326e98df2149881e5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8ce2c38226667bd4e2803f3f78f07648081f5675
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jan 15 19:03:48 2018 +0100
avcodec/ulti: Check number of blocks at init
Fixes: Timeout
Fixes: 4832/clusterfuzz-testcase-4699096590843904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 725353525e73bbe5b6b4d01528252675f2417a02)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7d79d8f6ef79afc42defe37e7191dc0d65f1f1fc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 14 00:39:39 2018 +0100
avcodec/ac3dec_fixed: Fix integer overflow in scale_coefs()
Fixes: runtime error: signed integer overflow: 2147483520 + 128 cannot be represented in type 'int'
Fixes: 4800/clusterfuzz-testcase-minimized-6110372403609600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a1f38c75893c852cf19dcf3e4553549ba1e70950)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4eb8e1bce212fae4eab043d0eb095d36a133e6cd
Author: Nikolas Bowe <nbowe-at-google.com at ffmpeg.org>
Date: Fri Jan 19 13:17:07 2018 -0800
avformat/lrcdec: Fix memory leak in lrc_read_header()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ef5994e09d07ace62a672fcdc84761231288edad)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e7701e89ece5e9edfc6f88b3ac242a50e70a5b7d
Author: Nikolas Bowe <nbowe-at-google.com at ffmpeg.org>
Date: Thu Jan 18 15:21:56 2018 -0800
avformat/matroskadec: Fix float-cast-overflow undefined behavior in matroska_parse_tracks()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e07649e618caedc07eaf2f4d09253de7f77d14f0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
More information about the ffmpeg-cvslog
mailing list