[FFmpeg-cvslog] New commits on branch release/4.1
Git System
git at videolan.org
Thu Sep 9 21:32:26 EEST 2021
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dfb9a3f7f3ca35eb2dbedb79d117bf14a796e709
Author: James Almer <jamrial at gmail.com>
Date: Wed Jul 21 01:02:44 2021 -0300
avcodec/utils: don't return negative values in av_get_audio_frame_duration()
In some extrme cases, like with adpcm_ms samples with an extremely high channel
count, get_audio_frame_duration() may return a negative frame duration value.
Don't propagate it, and instead return 0, signaling that a duration could not
be determined.
Fixes ticket #9312
Signed-off-by: James Almer <jamrial at gmail.com>
(cherry picked from commit e01d306c647b5827102260b885faa223b646d2d1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=608be8437b70ef672901be1fe80dfc5bed43ad11
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 5 21:00:38 2021 +0200
avcodec/jpeg2000dec: Check that atom header is within bytsetream
Fixes: Infinite loop
Fixes: 36666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5912760671141888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3c659f861856d751fe3aa1358b1cccff3117f948)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5240beb4c591994282107af8aceea133e21de233
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 4 19:55:28 2021 +0200
avcodec/apedec: Fix 2 integer overflows in filter_3800()
Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int'
Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33feb527fff9bf547c4118147434869875cf0c3d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=29d6be42d1f4a79dbec05d0dee67bc7ef8d878e0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Sep 3 18:54:08 2021 +0200
avcodec/xpmdec: Move allocations down after more error checks
Fixes: Timeout
Fixes: 37035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5142718576721920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e58692837c20c8484a23cd9beb63ac422f82458a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=feba3d29be7b0da1e4ae2fd65bb91616afaa51a3
Author: Martin Storsjö <martin at martin.st>
Date: Wed Dec 11 14:18:43 2019 +0200
network: Define ENOTCONN as WSAENOTCONN if not defined
This fixes compilation with old mingw.org toolchains, which has got
much fewer errno.h entries.
Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit 6569e9505c781468092c15fa84d034c9e37d26ca)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3837ebef6ebcdd9ebbbd49a37d902a8e00f0cb86
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 11 18:54:53 2021 +0200
avformat/avidec: Use 64bit for frame number in odml index parsing
Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int'
Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a4c98c507ed3c729fc92d641b974385f8aa37b33)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=772e8bf0e79bdd81359634c10e4ac402b4e6ae1b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 22 20:47:00 2021 +0200
avcodec/mjpegdec: Check for bits left in mjpeg_decode_scan_progressive_ac()
Fixes: Timeout
Fixes: 36262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4969052454912000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 909faca929cf30dcd439fa33479177e76fb5121d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=db3dd0545cdf690ee22f8b9807096d580bb8eb24
Author: maryam ebrahimzadeh <me22bee at outlook.com>
Date: Wed Aug 4 16:15:18 2021 -0400
avformat/adtsenc: return value check for init_get_bits in adts_decode_extradata
As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary.
'buf' is part of 'AVPacket pkt'.
replace init_get_bits with init_get_bits8.
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ad3df92f538abae3578e6be4991879b56f02d6cd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 25 15:50:54 2021 +0200
avcodec/webp: Check available space in loop in decode_entropy_coded_image()
Fixes: Timeout
Fixes: 35401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5714401821851648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5e00eab61112c52f27a09fe77d50e6fc508f9c53)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d6d46907c6a23671115d0ab6be6c138ee89183cc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 8 20:46:32 2021 +0200
avcodec/vc1dec: ff_print_debug_info() does not support WMV3 field_mode
Fixes: out of array read
Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c59b5e3d1e0121ea23b5b326529f5bdca44cf982)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=51292064a2ce71b2adfc090ed7302b0ed3f0eab9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Aug 14 09:55:00 2021 +0200
avcodec/frame_thread_encoder: Free AVCodecContext structure on error during init
Fixes: MemLeak
Fixes: 8281
Fixes: PoC_option158.jpg
Fixes: CVE-2020-22037
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7bba0dd6382e30d646cb406034a66199e071d713)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=907273ca20457107ef1b9b5891e8a8e109831756
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jul 31 21:17:23 2021 +0200
avcodec/faxcompr: Check for end of input in cmode == 1 in decode_group3_2d_line()
Fixes: Infinite loop
Fixes: 35591/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4503764022198272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f803635c4fac761ac68b39a369272d4c26433dc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0b63cee7a09c1490d26ccc4dd14f3cf5a233f443
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jul 31 00:01:53 2021 +0200
avcodec/vc1dec: Disable error concealment for *IMAGE
The existing error concealment makes no sense for the image formats, they
use transformed source images which is different from keyframe + MC+difference
for which the error concealment is designed.
Of course feel free to re-enable this if you have a case where it works and
improves vissual results
Fixes: Timeout
Fixes: 36234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6300306743885824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 643b2d49bf52d5a3205ce3db732e0c4c396bd457)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8c9f389083eb2f210867bc48c86c54a746c57735
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 30 23:04:08 2021 +0200
avcodec/sbrdsp_fixed: Fix negation overflow in sbr_neg_odd_64_c()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 35593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5182217725804544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8f2856a1daa4e3d5767b6efe7a70ec86926dba47)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f32abd61b93d23c2d63034eecfdedef70cc0cc28
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 1 20:42:53 2021 +0200
avformat/wtvdec: Check for EOF before seeking back in parse_media_type()
Fixes: Infinite loop
Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 89505d38de989bddd579ce3b841f1c011f1d7bf2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cb253316a86d6a0202b214ab95082984d57c5099
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 27 20:57:02 2021 +0200
avformat/wavdec: Use 64bit in new_pos computation
Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9b57d2f0a967195dc1c72fda8f3a983a0132a243)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=55922a70d9fc074ac143842e19e93ee63b7cb8bd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 27 20:53:32 2021 +0200
avformat/sbgdec: Check for overflow in timestamp preparation
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9dbed908403b0d97ae70881fab68020f148b6b11)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d92939f984ccd28f361599c6f8ebe80f0c41a7fa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 19:44:08 2021 +0200
avformat/dsicin: Check packet size for overflow
Fixes: signed integer overflow: 24672 + 2147483424 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSICIN_fuzzer-6731325979623424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9d1c47ec033d038e04578eaf0767c8983250d03d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8cacdaf8197222a04ce40c37b2f56c4516cb1a92
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 19:33:58 2021 +0200
avformat/bfi: check nframes
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6737028768202752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b4e77dfca1c2970446f79277034d8e60c3fe3f4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a7c6df6df0ef1b5fdc92ebb395ac11b82b66eb6f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 19:11:03 2021 +0200
avformat/avidec: fix position overflow in avi_load_index()
Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 527821a2dd6f19d9a4d2abe05833346ae86c66c6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c064645bdf08977b3e17335747493aa53cb64daa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 17:35:20 2021 +0200
avformat/asfdec_f: Check sizeX against padding
Fixes: signed integer overflow: 2147483607 + 64 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6753897878257664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f034c2e36acb7d0c11dc1849ddf8a67bde44eff4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=150642566c84a92070ddf7d0bbdbec52b2a77cbf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 17:28:29 2021 +0200
avformat/aiffdec: Check for size overflow in header parsing
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bae2e1977744f42d56b85193d4910811de829714)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7cf552af041988d81c79757dd945c8181bf43bf8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 31 21:00:32 2021 +0200
avcodec/aaccoder: Add minimal bias in search_for_ms()
Fixes: floating point division by 0
Fixes: Ticket8218
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 75a099fc734a4ee2b1347d0a3d8c53d883b95174)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d71d3cc9f6bc3012c06e7b6ef7215b1857242a0d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 5 20:28:24 2021 +0200
avfilter/af_drmeter: Check that there is data
Fixes: floating point division by 0
Fixes: -nan is outside the range of representable values of type 'int'
Fixes: Ticket8307
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f49fa6abe89e2fca2585cac4c63190315972cf0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6ce4989432d6ac71ad05c5e82f551545258c0b3e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 5 20:04:45 2021 +0200
avfilter/vf_mestimate: Check b_count
Fixes: left shift of negative value -1
Fixes: Ticket8270
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 06af6e101bbd04e8ecc5337bc3b6894a5e058e14)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fb7379f7ef2bf3df27c8e889573b6b0b08da848b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 11 14:27:22 2021 +0200
avformat/mov: do not ignore errors in mov_metadata_hmmt()
Fixes: Timeout
Fixes: 35637/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6311060272447488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c52c99a18f6e40973e52d99d4bb29e34a66c695a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9784a783be17dc1c80e3d0f9fe9e0dceff38204
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 11 12:39:34 2021 +0200
avformat/mxfdec: Check size for shrinking
av_shrink_packet() takes int size, so size must fit in int
Fixes: out of array access
Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 65b862ab59c4bfaae98be596b84a072f52444398)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff3ae6999959150ef488b170bbcc2fb6610b3572
Author: maryam ebr <me22bee at outlook.com>
Date: Tue Aug 3 01:05:47 2021 -0400
avcodec/dnxhddec: check and propagate function return value
Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
crafted DNxHD data can cause unspecified impact.
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: James Almer <jamrial at gmail.com>
(cherry picked from commit 7150f9575671f898382c370acae35f9087a30ba1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ffc6af3157126aa22bd87feff2217d098d671f59
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 9 15:20:47 2021 +0200
swscale/slice: Fix wrong return on error
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7874d40f10cca922797a8da14189a53ee52f0156)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=39085528404933317ee9faae99e2e3450f84cf5d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jul 7 14:05:26 2021 +0200
swscale/slice: Check slice for allocation failure
Fixes: null pointer dereference
Fixes: alloc_slice.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 997f9cfc1295769be8d3180860ceebbc16f59069)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eed7a662af1632378777981713fc66579cc767f5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 11 18:40:32 2021 +0200
avformat/matroskadec: Fix handling of huge default durations
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 343d950a4a8a8c32f5f7d9d4ac1fbe317cb9cc80)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3631197f67515be61f249c9feee67661d4c7d24d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 31 15:27:18 2021 +0200
avcodec/lpc: check for zero err in normalization in compute_lpc_coefs()
Fixes: floating point division by 0
Fixes: Ticket8213
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 70874e024a6eae0f95bd8dd4b9b4367ffd937f41)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fdff986dc493dc383d8e7dd711c388b06ff9e5b3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 18 22:38:40 2021 +0200
avformat/ftp: Check for av_strtok() failure
Fixes: CID1396258 Dereference null return value
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9d40782088cf969fbadc881e4a97ec22b8ae0177)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5878ac10079d858ed6597ef2c19666a102e2584a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 16 20:36:46 2021 +0200
tools/cws2fws: Check read() for failure
Fixes: CID1452579 Argument cannot be negative
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0b3cdd7cc2c63969e144cc3eb39d0c61260509ee)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5246201182eedc3e002e3314b6f478d1452414aa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 21 22:59:04 2021 +0200
avcodec/cpia: Fix missing src_size update
Fixes: out of array read
Fixes: 35210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5669199688105984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cea05864e65db9a2dc8af82b2c63fb8f03c5f876)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9b6158958c75c35e71be817a34fdc62493abdb1e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 21 21:02:39 2021 +0200
avcodec/clearvideo: Check tile_size to be not too large
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 35023/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-6740166587842560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 11fac9613e6a340d4d9968e2d8a43c3726ab57d3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2beb60777f3bea20d71a0dbc9453004898040790
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 24 20:00:05 2021 +0200
avcodec/utils: Use 64bit for intermediate in AV_CODEC_ID_ADPCM_THP* duration calculation
Fixes: signed integer overflow: 486539264 * 14 cannot be represented in type 'int'
Fixes: 35281/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6068262742917120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 00ae9b77ef757f82660b4b3d2f490374a4f209fd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fd21f6a0cc5f5cb732757679ce3ab94f081ca803
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 26 22:35:37 2021 +0200
avformat/rmdec: Check old_format len for overflow
Maybe such large values could be disallowed earlier and closer to where
they are set.
Fixes: signed integer overflow: 538976288 * 8224 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6704350354341888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 06d174e289eb185f03a34a738965f0042f39c038)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c7678193cf111d6128d8ca88b7b8be646f442b17
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 20:45:10 2021 +0200
avformat/realtextdec: Check the pts difference before using it for the duration computation
Fixes: signed integer overflow: 5404200000 - -9223372031709351616 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-6737340551790592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fe12aa689003db9b07a6e1b837031dcc57a71435)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=14b04b9fd6e1d35b1d04d67b09e7e05365e52651
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 20:16:38 2021 +0200
avformat/qcp: Avoid negative nb_rates
Fixes: signed integer overflow: 2 * -1725947872 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_QCP_fuzzer-6726807632084992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b865cc703d29cb307e1fa628aa02940d54eb42a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c9e43e7f8b24acdf840758c093119d00ee9a8b9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 20:01:03 2021 +0200
avformat/nutdec: Check tmp_size
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6739990530883584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1ca00b5e44f21840b608e238fa135a1aab6e576b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b11977c9ed728f50dd70db646472552044aed6e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 19:54:19 2021 +0200
avformat/msf: Check that channels doesnt overflow during extradata construction
Fixes: signed integer overflow: 2048 * 1122336 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6726959600107520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a1a277926b49dad60d9e78c6c7a8c6b5d0d6d7c9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dea3933dd57ad14f91f78ded26309b7b39c69aa9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 24 17:42:19 2021 +0200
avformat/mpc8: Check for position overflow in mpc8_handle_chunk()
Fixes: signed integer overflow: 15 + 9223372036854775796 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6723520756318208
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6739833034768384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8ef25d118246bf443900033fb3588dba628d11b0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b38d513080b0013430e6333912a7df93c6c641ca
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 24 15:41:16 2021 +0200
avformat/iff: Use 64bit in duration computation
Fixes: signed integer overflow: 588 * 16719904 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6748331936186368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 93d964689c3b2bae26e6e3f502c1ffc4c2e46989)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a059124e849abf06707652f0a0a4ef7fd89a9927
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 24 13:08:24 2021 +0200
avformat/dxa: Check fps to be within the supported range more precissely
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: assertion failure
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6744985740378112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6ea494befcb5d944ce8275e6f59de1a24c25ffb6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=459a60c3b1cd33bb22896b0091aa0cbf4a46bd49
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 4 22:52:41 2021 +0200
avcodec/iff: Only write palette to plane 1 if its PAL8
Fixes: null pointer passed as argument 1, which is declared to never be null
Fixes: 33791/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5107575256383488.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 216eb60b853e9a230c1238ab7d1c63d3fa892d34)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d358379349973b79bbabc6525a787c40547e00de
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 4 18:34:44 2021 +0200
avformat/tta: Check for EOF in index reading loop
Fixes: OOM
Fixes: 33585/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-4564665830080512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b72d657b73b2aa4a2a2f72f613199e6080ad48c0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=37449dfb9241253ccaeb007dcd2c8b4639a5ec34
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 17 18:37:01 2021 +0200
Update missed irc links
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c067d20177613e9cf74bcbd2a26e729ef7ababdb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=81a32fe24e15e79e5248a8c45b8a1bd051d4500f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 10 20:35:43 2021 +0200
avformat/rpl: The associative law doesnt hold for signed integers in C
Add () to avoid undefined behavior
Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long'
Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 480f11bdd713c15e4964093be7ef0adf5b619cc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=386190d873d0eb23e41cf941d009f99214a5b120
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 9 21:25:58 2021 +0200
avcodec/faxcompr: Check available bits in decode_uncompressed()
Fixes: Timeout
Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Fixes: 34966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4587409334468608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ff56c139e07a4de2803b974b6595f6b71fbf53bd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=791d33c57aef14864b7ae1377fb94b584b65e3b2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 9 21:20:04 2021 +0200
avcodec/faxcompr: Check if bits are available before reading in cmode == 9 || cmode == 10
Fixes: Timeout
Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7d8421e3d5bc1300687a65384baccbcb3874b7ac)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b2c565a40c712f91078404b22f3f61619f8338b4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 28 16:50:13 2021 +0200
avcodec/utils: do "calc from frame_bytes, channels, and block_align" in 64bit
Fixes: signed integer overflow: 104962766 * 32 cannot be represented in type 'int'
Fixes: 33614/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6252129036664832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3447979d08d701581a65f7275425cb1a59302319)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e6799156d87c384ce31dbc8d3f204774cbbabf86
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 8 20:10:56 2021 +0200
avcodec/ttadata: Add sentinel at the end of ff_tta_shift_1
Fixes: out of array access
Fixes: 34933/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5629322560929792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dbbcfbcc4e4f0e91f814f2e13ced7b6d99069518)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9b39340f954de5c6d42c2a4c61fe1fe2857f95e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 8 18:14:21 2021 +0200
avformat/mov: Check for duplicate mdcv
Fixes: memleak
Fixes: 34932/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5456227658235904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f54d85cee64b98bca5d2bee703f2a266ea75dce7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5498836d7da25342b0595e4908a529d169a22fb9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 5 20:00:38 2021 +0200
avfilter/vf_dctdnoiz: Check threads
Fixes: floating point division by 0
Fixes: Ticket 8269
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4a3917c02c428b11128ac3d4a01b780ea44aa53c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5625dc1f3234020cddf3e7217ecc455249f3f647
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 5 19:54:45 2021 +0200
avfilter/vf_ciescope: Fix undefined behavior in rgb_to_xy() with black
Fixes: floating point division by 0
Fixes: undefined behavior in handling NaN
Fixes: Ticket 8268
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3d500e62f6206ad11308b18976246366aed8c1a5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d9c4cfba9f3d8634cfb9ecbc33a7771871885c01
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 3 22:46:05 2021 +0200
avformat/rpl: Check for EOF and zero framesize
Fixes: Infinite loop
Fixes: 34751/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5439330800762880
Fixes: 34774/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5851571660390400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a0a4a527c3b0819368d9b148542bb7663f39df79)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=68765c25cd1534e685477c7bc21dbed5be979a8d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 31 21:40:17 2021 +0200
avcodec/vc2enc: Check for non negative slice bounds
Fixes: invalid shifts
Fixes: Ticket 8221
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f7862e82686b347eb6a9e64fa7ccdf25d5a76b4b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=97d0d3ae61683b000faa67d1260c4bb33fa42f73
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 26 22:43:51 2021 +0200
avformat/rpl: Use 64bit in bitrate computation and check it
Fixes: signed integer overflow: 777777776 * 4 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6726188921913344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 29b244ffc15abe2c24d2145f63048e8b3bdaa303)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d2e90cde299d0ba0cf41287c5ae33f2e9c9900ee
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 30 18:09:37 2021 +0200
avcodec/svq1enc: Do not print debug RD value before it has been computed
Avoids floating point division by 0
Fixes: Ticket8191
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c297f7e57a223da9f0d350e30456d60c8c87f902)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b2094c54151f147185c8dfde69ef6386a3d6b0a2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 17:50:27 2021 +0200
avcodec/aacpsy: Check bandwidth
Fixes: Ticket8011
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 36dead4bc28ca8aab13c61661f28c68bdefa5e9d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8b67497df009518a9f6a5632a1dd8acf3b644dfe
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 17:49:22 2021 +0200
avcodec/aacenc: Do not divide by lambda_count if it is 0
Avoids Floating point division by 0
Fixes: Ticket8011
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c520b986915a3fdf3a20f6ce0ad5833eccfb7a91)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9546b0a9d30d5cf5214fea76be8bec5f3b805dc2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 1 10:07:05 2021 +0200
avcodec/aacenc: Use FLT_EPSILON for lambda minimum
(cherry picked from commit 4b89cf7aa49191c7f8a5ae6e9cf6cfc79ff4ee5e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5b15e02fa45f2a6f4fdeb2a8d7e5e8f328c08a53
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 22:42:54 2021 +0100
avformat/cinedec: Fix index_entries size check
Fixes: out of array access
Fixes: 29868/clusterfuzz-testcase-minimized-ffmpeg_dem_CINE_fuzzer-5692001957445632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b5ffefdd61c94eb98b1ca555b855e2c0bdd953d6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 11:17:35 2021 +0200
avfilter/vf_yadif: Fix handing of tiny images
Fixes: out of array access
Fixes: Ticket8240
Fixes: CVE-2020-22021
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7971f62120a55c141ec437aa3f0bacc1c1a3526b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c7da0dad1f17856a12c98135eae9824f771e8f3a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 09:58:31 2021 +0200
avfilter/vf_vmafmotion: Check dimensions
Fixes: out of array access
Fixes: Ticket8241
Fixes: Ticket8246
Fixes: CVE-2020-22019
Fixes: CVE-2020-22033
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 82ad1b76751bcfad5005440db48c46a4de5d6f02)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=14e172600e65817144be48a774c9b699b9563653
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 09:22:27 2021 +0200
avformat/movenc: Check pal_size before use
Fixes: assertion failure
Fixes: out of array read
Fixes: Ticket8190
Fixes: CVE-2020-22015
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4c1afa292520329eecd1cc7631bc59a8cca95c46)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9dd54c28df57821b1afb81d00928ed9bba71c691
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 28 20:31:19 2021 +0200
avcodec/lpc: Avoid floating point division by 0
Fixes: Ticket7996
Fixes: CVE-2020-20445
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 38d18fb57863bb9c54e68ae44aa780c5c282a184)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b290d6b41e446aa0e56584bacf26317797bf643f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 28 20:18:25 2021 +0200
avcodec/aacpsy: Avoid floating point division by 0 of norm_fac
Fixes: Ticket7995
Fixes: CVE-2020-20446
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 223b5e8ac9f6461bb13ed365419ec485c5b2b002)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e431babf71b620197bc7f642c0b030598bf99928
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 28 21:37:26 2021 +0200
avcodec/aacenc: Avoid 0 lambda
Fixes: Ticket8003
Fixes: CVE-2020-20453
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=892f0ac5b235a630b50670a9a74500f224fd0abf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 20 20:24:21 2021 +0200
avcodec/exr: x/ymax cannot be INT_MAX
The code uses x/ymax + 1 so the maximum is INT_MAX-1
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 33158/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5545462457303040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 48342aa0750f83006582d1598b5f22297f6dbf83)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=69ef25f012e592b241229b7f885cefc13b3df672
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 20 21:16:52 2021 +0200
avformat/avio: Check av_opt_copy() for failure
Fixes: CID1477416 Unchecked return value
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f8611ae1efc47fbe1aff140c89bee4fd1d62d3e1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f2685c9ec30b25a5e1618de0d0698fc3a33ffabc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 16:46:08 2021 +0200
avcodec/clearvideo: Check for 0 tile_shift
Fixes: shift exponent -1 is negative
Fixes: 33401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5908683596890112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 63e75e09aef5836330a2786f0a9229ed82239e6b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9ce7856341294dae8940ce44157a044d87f468f3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 15:50:43 2021 +0200
avcodec/vc1: Check remaining bits in ff_vc1_parse_frame_header()
Fixes: Timeout
Fixes: 33156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-6259655027326976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 38c47615880357314ba30727a85bf7b00989706a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed99d350bca70dd758770e616050139e9c764bb1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 13:37:26 2021 +0200
avformat/mov: Ignore duplicate CoLL
Fixes: memleak
Fixes: 32146/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5377612845285376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9548dc74d8db2bc002e1195dbd076f621f5c3ea1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e7dc9e1d25d3b9e93f685cfb0b7d30bf050f895d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 13:30:17 2021 +0200
avformat/mov: Limit nb_chapter_tracks to input size
Fixes: Timeout (15k loop iterations instead of 400m)
Fixes: 31368/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6601583174483968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 299a56c9006b2eb8807c3e3efefb91a78fe6b3b2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3dd661bf7b04a2d6dd20173f47376c470caafd02
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 12 22:33:06 2021 +0200
avformat/utils: Use 64bit earlier in r_frame_rate check
Fixes: signed integer overflow: 1406796319 * 2 cannot be represented in type 'int'
Fixes: 32777/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5632576913014784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 578633fc1ac8c02a36a706bd71f775550412d1e1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=80937873d5cb61a2b9ee8f1c06f76cb340678c03
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 28 16:44:13 2021 +0200
avformat/mvdec: Check sample rate in parse_audio_var()
Fixes: signed integer overflow: -635424002382840000 * 16 cannot be represented in type 'long'
Fixes: 33612/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5704741108711424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0ff60249a57cba00ab679ca6190a802cc0c7b9c7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0d633d2fd4d79fa0c34371e6c2479d24adfe5def
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 28 16:58:50 2021 +0200
avcodec/faxcompr: Check for end of bitstream in decode_group3_1d_line() and decode_group3_2d_line()
Fixes: infinite loop
Fixes: 33674/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4816457818046464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 08d2df41538b583932c1a6772e3c8978a2334107)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3767b14c7ee4344c8ab805ccb4f6411efd442c58
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Apr 29 21:21:27 2021 +0200
avcodec/utils: treat PAL8 for jpegs similar to other colorspaces
Fixes: out of array access
Fixes: 33713/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5778775641030656
Fixes: 33717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4960397238075392
Fixes: 33718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-5314270096130048.fuzz
Fixes: 33719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5352721864589312
Fixes: 33721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5938892055379968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f0ce023ddb8863d16ab650fcc0731851a55db084)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=93506a7bf7a4461cb5fe1e5f507ee3cfa8653be3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 2 15:49:55 2021 +0200
avcodec/jpeglsdec: Set alpha plane in PAL8 so image is not 100% transparent
Fixes: tickets/3933/128.jls
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 011006874cb46325b6bc83234f81879ff421c05f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c1d8652b5bcb33e5f08cbfdba51bde0faac8e482
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 17:16:20 2021 +0200
avformat/asfdec_o: Use ff_get_extradata()
Fixes: OOM
Fixes: 27240/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5937469859823616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 098314e1e5142aa2b53dc5371a9d01eb09ddd30f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=588c22d057e9469c46af042408facd8b07e5a4aa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 20:23:44 2021 +0200
avformat/id3v2: Check end for overflow in id3v2_parse()
Fixes: signed integer overflow: 9223372036840103978 + 67637280 cannot be represented in type 'long'
Fixes: 33341/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6408154041679872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit efdb56450418933965dc6e27f0b1625d25e44a8c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=06342bca35e7963c03414ddd8e1670566eecfc0e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 20:23:41 2021 +0200
avformat/wtvdec: Improve size overflow checks in parse_chunks()
Fixes: signed integer overflow: 32 + 2147483647 cannot be represented in type 'int
Fixes: 32967/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5132856218222592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f8ec1da8ac8e3daf2403e744f166ea9557b2d333)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b655cebd913d24a9e304f843103268eba2c4ce99
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Apr 15 20:08:22 2021 +0200
avcodec/faxcompr: Check remaining bits on error in decode_group3_1d_line()
Fixes: Timeout
Fixes: 32886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4779761466474496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b3881f0da6da00cb6b5b123328e2fbfca936c47)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dcdb7d2dabed024f1a56a7f8b7b58739c6e20dbd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 10 20:32:55 2021 +0200
avcodec/utils: Check ima wav duration for overflow
Fixes: signed integer overflow: 44331634 * 65 cannot be represented in type 'int'
Fixes: 32120/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-5760221223583744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f40e9b13554d88cbdd6cd2b4a3da2cbea9590f5d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=05954971bae8700ab7961156d04b8ad6cefa4467
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 9 22:46:13 2021 +0200
avformat/cafdec: Check channels
Fixes: signed integer overflow: -1184429040541376544 * 32 cannot be represented in type 'long'
Fixes: 31788/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6236746338664448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 641c1db22bb27752b925293ad93f68843baa43bf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1630c9e0b6e62a2ec03533a95d8bea7b4fc72183
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 11 21:04:12 2021 +0200
avcodec/dpx: Check bits_per_color earlier
Fixes: shift exponent 251 is too large for 32-bit type 'int'
Fixes: 32147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-5519111675314176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c093eb30311b7148a4da1c7555498187c8cdf0db)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5213143514001604562590e6cf2e8c030948e9ef
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 30 13:22:14 2021 +0200
avcodec/pnm_parser: Check image size addition for overflow
Fixes: assertion failure
Fixes: out of array access
Fixes: 32664/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6533642202513408.fuzz
Fixes: 32669/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6001928875147264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 79ac8d55468adc9cb9a0908e671807a2a789b7d0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=54d921f1594e2e739477f5706fe05b179b44fd67
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 30 12:36:08 2021 +0200
avcodec/h265_metadata_bsf: Check nb_units before accessing the first in h265_metadata_update_fragment()
Fixes: null pointer dereference
Fixes: 32113/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-4803262287052800
Same as 0c48c332eeb2866d9353125f701e099c48889463
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 497ea04dbda78d4eb9cffd208737b676f838725c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7274684a29091a99cb68abe0de8dfbbd9acd8fd7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 30 11:03:56 2021 +0200
avformat/rmdec: use larger intermediate type for audio_framesize * sub_packet_h check
Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
Fixes: 31406/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5024692843970560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cf2fd9204b3c707d9e414583b043ee88b8e8c52e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3d7e6dbaf3c650f247d9e93a0236b885c049e5f9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 20 14:36:28 2021 +0100
avcodec/h264_slice: Check input SPS in ff_h264_update_thread_context()
Fixes: crash
Fixes: check_pkt.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ceae92cb291c2536a93482cdf3c1ae3f7330b924)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f46a15a82dc5d479bbf8e6e8e01754b5c5cd9daa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 22 15:22:35 2021 +0100
avcodec/mpegvideo: Update chroma_?_shift in ff_mpv_common_frame_size_change()
Fixes: out of array access
Fixes: 31201/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4627865612189696.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 87d87e6587deec1fa8ed5f5c6901535becdb0358)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cf8fa41490698922020a54152c6889fc0b2a8c0d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 24 17:03:08 2021 +0100
avformat/mov: Ignore multiple STSC / STCO
Fixes: STSC / STCO inconsistency and assertion failure
Fixes: crbug1184666.mp4
Found-by: Chromium ASAN fuzzer
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2611d20d353026f996cb9aaced8b35db37f490d4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=930f1fcccd502a74fecb4650781dcd788ba6b4c6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 2 17:29:23 2021 +0100
avformat/utils: Extend overflow check in dts wrap in compute_pkt_fields()
Fixes: signed integer overflow: -9223372032574480351 - 4294967296 cannot be represented in type 'long long'
Fixes: 30022/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5568610275819520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b37ff29e0e093b15585e9fb44bbd82bdf14b5230)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2d99005df746c27a28f14645f4080e03c65c616b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 19 21:43:45 2021 +0100
avfilter/vf_scale: Fix adding 0 to NULL (which is UB) in scale_slice()
Found-by: Jeremy Leconte <jleconte at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1cf96ce269364e3c2b4ec2097f121ad42b336839)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fb9905d7eb3d57c5b06d75ea80af82ef397b39ad
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 15 09:47:43 2021 +0100
avutil/common: Add FF_PTR_ADD()
Suggested-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 522a5259e9cc17faf1f83c9cfb93c960a2ecf8a2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4779c0ea924e13f66558d02eb42e9f645ac476ab
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 4 00:30:45 2021 +0100
avformat/wtvdec: Check size in SBE2_STREAM_DESC_EVENT / stream2_guid
Fixes: signed integer overflow: 539033600 - -1910497124 cannot be represented in type 'int'
Fixes: 30928/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5922630966312960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1f74661543c0c336e88846f90608fda7bd12deac)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0a8717e4b3a2b545a58b69ece8c097277b6eaf26
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 4 19:21:35 2021 +0100
avformat/cafdec: Do not build an index if all packets are the same
Fixes: Timeout
Fixes: 28214/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6495999421579264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ea12590c8ecc1e3c4c7732e5adced21fb5feffa6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7d5b285e73de83867169299ab4e8a38823a8e8b8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 10 23:05:17 2021 +0100
avcodec/sonic: Use unsigned temporary in predictor_calc_error()
Fixes: signed integer overflow: -2147471366 - 18638 cannot be represented in type 'int'
Fixes: 30157/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5171199746506752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 075d793ba87635b77f8302d8a454fa681f90d267)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8cfab28cbe59df847749fb6ee8a4bc096ff6bbe
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Feb 11 22:58:53 2021 +0100
avformat/flvdec: Check array entry number
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 30209/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-5724831658147840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b5d8fe1c874947ca67ee8117b18f8052f0e590fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=322a0a6dd2a2a5f3df10b8b2453ee0494d03741a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 20 17:02:36 2021 +0100
avcodec/h264_slice: Check sps in h264_slice_header_init()
Fixes: null pointer dereference
Fixes: h264_slice_header_init.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Tested-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 80472438996ed1928b30f6ac4e0d17a492de2cdf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=61f87c7207b5d468b540526baa483bb3ee91f00f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 18 18:01:52 2021 +0100
avformat/movenc: Avoid loosing cluster array on failure
Fixes: crash
Fixes: check_pkt.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5c2ff44f915d6ceeea36a2f99e534562764218dd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d4d9c117ebd99123a55025c605c33c8a321876b3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 18 10:59:19 2021 +0100
avformat/avidec: Check for dv streams before using priv_data in parse ##dc/##wb
Fixes: null pointer dereference
Fixes: 31588/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6165716135968768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f733688d30021587c3f3a1b280d6ece8b04f26ff)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c450dcc5e2b95eb54f6a702b853958fe5b5f72da
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 17 23:39:04 2021 +0100
avformat/mov: Check sample size for overflow in mov_parse_stsd_audio()
Fixes: signed integer overflow: 2 * 1914708000 cannot be represented in type 'int'
Fixes: 31639/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6303428239294464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d35677736a59ec6579b4da63d9b1444986ba339e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=64a715b5ed457bf4533a5fe717256088d5959cae
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 5 20:27:50 2021 +0100
avcodec/ffwavesynth: Avoid signed integer overflow in phi_at()
Fixes: signed integer overflow: 2314885530818453536 - -9070214327174160352 cannot be represented in type 'long'
Fixes: 31000/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-6558389742206976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit be08b84f8bb7acc0c45800c7f488399327a22961)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6bb271c52675de962dfe9660da555c599a77d2bf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 19 16:30:08 2021 +0100
avcodec/mpeg4videoenc: Check extradata malloc()
Fixes: Null pointer dereference
Fixes: any mpeg4 testcase which fails the malloc at that exact spot
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33a1687bf623cdd5c6ffe8f63024d22ed20b4ead)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4760b9d04849c5138f0beb59d3397460a5998eba
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 17 13:14:39 2021 +0100
avcodec/speedhq: Width < 8 is not supported
Fixes: out of array access
Fixes: 31733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4704307963363328
Fixes: 31736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-6190960292790272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 462b8261aa3c4f9844b2e050c74b9a2018e3649d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7b660aa875dcedaca8cf01066a7f03e3ef9ccdb5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jan 29 21:18:36 2021 +0100
avformat/matroskadec: Check for EOF in resync loop
Fixes: Timeout (too long -> instantly)
Fixes: 29136/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4586141227548672
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5282147d0c92ac821e85b93e2db6704f4720e0c1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=727711d842ceb8490d37cc4f6b0080f185f748b8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 1 19:55:03 2021 +0100
avcodec/utils: Use more bits for intermediate for AV_CODEC_ID_ADPCM_MS
Fixes: signed integer overflow: 1172577312 * 2 cannot be represented in type 'int'
Fixes: 29924/clusterfuzz-testcase-minimized-ffmpeg_dem_BOA_fuzzer-4882912874594304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0f441b9063281d8ef5d4c30b10379d08aad8924f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4c0931688683348201d1c4434787f359a4d05e0b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 2 20:07:13 2021 +0100
avcodec/jpegls: Check A[Q] for overflow in ff_jpegls_update_state_regular()
Fixes: Timeout
Fixes: 30912/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5556235476795392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8a3fea802a3e4274dbe084d372ec8aeab3932b3e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6f711672d6e7204a81de614a242e933fad94ed12
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 2 20:47:06 2021 +0100
avformat/voc_packet: prevent remaining size from becoming negative in ff_voc_get_packet()
Fixes: memleak
Fixes: 30909/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4886284057313280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 337984c13327bc67e1e9e3e9bfd743cfbfbc42f8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4f813f7f132dca891d805936e730295953b598e0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 1 13:44:12 2021 +0100
avutil/timecode: Avoid fps overflow
Fixes: Integer overflow and division by 0
Fixes: poc-202102-div.mov
Found-by: 1vanChen of NSFOCUS Security Team
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c94875471e3ba3dc396c6919ff3ec9b14539cd71)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7560bd30bad9529e89f9bfd8308039bbee2c9edd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 22 20:20:48 2021 +0100
avformat/mvi: Check audio size for more overflows
Fixes: left shift of negative value -352256000
Fixes: 30837/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5755626262888448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 403b35e16e16a8c4a13e531ccdc23598f685ca20)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=161717ee5aaec312d683f1cc9832b510135f16b9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 9 00:55:38 2021 +0100
avcodec/flacdec: Avoid undefined shift in error case
Fixes: flac_1040988
Reported-by: Thomas Guilbert <tguilbert at google.com>
Reviewed-by: Thomas Guilbert <tguilbert at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bd525e2876bef428e896b8da5e5b5507451f4ed5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4393c27e190a921a6b3b7922435cad8cf6daf6ea
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 21:22:11 2021 +0100
avcodec/ffv1dec: Check if trailer is available
Fixes: out of array read
Fixes: 29750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-4808377272238080.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 36ad2f41e30ad9f2a8ead76e0b1526b9712f0925)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6505b2f7a80a6a10f4f19fbed195d16fc4d350f3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 9 21:39:30 2021 +0100
avcodec/4xm: Check pre_gb in decode_i_block()
Fixes: Timeout
Fixes: 31257/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5150866229297152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b87781649e2862d07fcb8d322289d89b47a530b6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a0bda2923b0426984c6ed9d9ce127c6a165f9361
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 30 19:09:36 2021 +0100
avcodec/dcadsp: Fix integer overflow in dmix_add_c()
Fixes: signed integer overflow: 1515225320 + 759416059 cannot be represented in type 'int'
Fixes: 29256/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DCA_fuzzer-5719088561258496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b4ebf483bcbf2e5db6bd29607142741f62598b4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b2c3461b57dbe6f5f0a5e74d69b31b4b4a2b71bd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 26 16:50:10 2021 +0100
avformat/flvdec: Check double before cast in parse_keyframes_index()
Fixes: -2.21166e+304 is outside the range of representable values of type 'long'
Fixes: 29169/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5725452796821504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 09e5e406c7b9d7c1ee97ebae1476a2f68e6a90d1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c7476379197ec5acd288ad616418037bccecaf17
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 20 00:11:34 2021 +0100
avformat/paf: Check for EOF before allocation in read_header()
Fixes: OOM
Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bcb1e9d3b9b97359e01e5978067c8ee558efa8b4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=90205d2107316e9d68b19f4d450cdbd2546fffaf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 20 23:56:43 2021 +0100
avcodec/aacdec_template: Avoid undefined negation in imdct_and_windowing_eld()
Fixes: negation of -2147483648 cannot be represented in type 'INTFLOAT' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 29057/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5642758933053440
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 633924539aae73714facf31aa7001d01e8be48a1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d958e1bd1c303efc5ec0757237b9a9975f669ecc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 22:08:25 2021 +0100
avformat/lxfdec: Fix multiple integer overflows related to track_size
Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_LXF_fuzzer-6634030636335104
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7819412f4468514a2bab924291d79806a569388c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=183fca09b08c56cbd8a27a80996170537f0c2a6c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 25 00:23:12 2020 +0200
avcodec/exr: skip bottom clearing loop when its outside the image
Fixes: signed integer overflow: 1633771809 * 32960 cannot be represented in type 'int'
Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3366136aeb8faf54bc5d71dc917dc52931b15e27
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 21:11:05 2021 +0100
avutil/parseutils: Check sign in av_parse_time()
Fixes: signed integer overflow: -9223372053736 * 1000000 cannot be represented in type 'long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6607924558430208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5d7f17e885ef3a7aae2035bed54604938d83e98d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=584afd367824e65064bb7c8b2f2bd26a7c7546c1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 3 10:49:04 2021 +0100
avformat/aiffdec: Check that SSND is at least 8 bytes
Fixes: Infinite loop
Fixes: 30874/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5933710488764416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 460d3dc41f57a6dcefbd72db6e2e368fee05340b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f48e4903fb82a38dff61a8df884da3c869d01697
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 3 10:49:03 2021 +0100
avformat/dcstr: Check sample rate
Fixes: signed integer overflow: -1300248894420254720 * 16 cannot be represented in type 'long'
Fixes: 30879/clusterfuzz-testcase-minimized-ffmpeg_dem_DCSTR_fuzzer-5094464215449600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fdcb966f4a3c6f872891b8dd554e3652b9e02d4f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b14418c0cb8b7246800ef4240013327c53702c21
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 1 23:24:37 2021 +0100
avcodec/alsdec: Check bitstream input in read_block()
Fixes: Timeout
Fixes: 28110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5036338973507584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 53d739db4e528388fae89459e887a633ffbce12c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9a797b31d0f913f1ac5c52ccf6e9e20c8f5e7ff4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Dec 13 00:08:46 2020 +0100
avformat/mov: Extend data_size check in mov_read_udta_string()
Fixes: signed integer overflow: -2147483634 - 16 cannot be represented in type 'int'
Fixes: 28322/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5711888402612224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 74c4c539538e36d8df02de2484b045010d292f2c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec231f9662235405fe6d19e12b4d2d4d983d1623
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 12 22:19:22 2020 +0100
avformat/aadec: Check for EOF while reading chapters
Fixes: timeout
Fixes: 28199/clusterfuzz-testcase-minimized-ffmpeg_dem_AA_fuzzer-4896162657861632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bcc7d14453ea2bafa6569a07002943808f2a396a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0fb1a9f6ecfc753824b707a4c251b5abe37acd0e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 12 01:24:42 2020 +0100
avformat/voc_packet: Add a basic check on max_size
Fixes: signed integer overflow: -2147483648 - 4 cannot be represented in type 'int'
Fixes: 28127/clusterfuzz-testcase-minimized-ffmpeg_dem_VOC_fuzzer-4880586455646208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 52f75181bfada2b4b127e744674591c7753c4b7d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1506eb092b45245a0bab1b7be0d856649dc38dff
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 11 01:06:46 2020 +0100
avformat/microdvddec: use 64bit for durations
Fixes: signed integer overflow: 7 - -2147483647 cannot be represented in type 'int'
Fixes: 28036/clusterfuzz-testcase-minimized-ffmpeg_dem_MICRODVD_fuzzer-5171698751766528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f569ac4ce0514bf4e0dd768c5ed007c82548d326)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a53c0d14ae2e9328cfb1a43b1cc481469fc59e2d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 19 21:16:25 2021 +0100
avcodec/hapdec: Change compressed_offset to unsigned 32bit
Fixes: out of array access
Fixes: 29345/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5401813482340352
Fixes: 30745/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5762798221131776
Suggested-by: Anton
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 89fe1935b18621af06587c76bcde6adcdc8f2249)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2273d721f526b16ccf9a5f4b16b9a6d30735db9a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 15 20:52:17 2021 +0100
avformat/rmdec: Check codec_length without overflow
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 30333/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5175286983426048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d558c9f2375fd2136d20422cb1119cfbf872abeb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7b9e1a5fcf6ed6465ae7b772e2967c71b7778344
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 15 20:41:31 2021 +0100
avformat/mov: Check element count in mov_metadata_hmmt()
Fixes: Timeout
Fixes: 30325/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6048395703746560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1d277b92fa4c149d589e6828d4e18ad578406f1f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b6a33b6606ec572e895d86be7d2436c30fe0056
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 2 19:28:15 2021 +0100
avcodec/fits: Check gcount and pcount being non negative
Fixes: signed integer overflow: 9223372036854775807 - -30069403896 cannot be represented in type 'long'
Fixes: 30046/clusterfuzz-testcase-minimized-ffmpeg_dem_FITS_fuzzer-5807144773484544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c000a9128815e7cee4316dc45605259bbaa138ff)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=245b7cd4c9f1e48de9ee8cc6fe7f7acab996895a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 19 00:00:40 2020 +0100
avformat/nutdec: Check timebase count against main header length
Fixes: Timeout (long -> 3ms)
Fixes: 28514/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6078669009321984
Fixes: 30095/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-5074433016463360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c425198558826795d94af45eeb9d94e4436c9a0f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3d2dd0eaa7be4cbb21aeb7b828d0b8f99bbce43e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Feb 11 22:40:21 2021 +0100
avformat/electronicarts: Clear partial_packet on error
Fixes: Infinite loop
Fixes: 30165/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6224642371092480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 59bb9dc2a670cbe5d659585392b6d79f7bb6d40f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a32db8ce15875d58c19c202ecf0bf203e6ffa4d5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 10 23:21:53 2021 +0100
avformat/r3d: Check samples before computing duration
Fixes: signed integer overflow: -4611686024827895807 + -4611686016279904256 cannot be represented in type 'long'
Fixes: 30161/clusterfuzz-testcase-minimized-ffmpeg_dem_R3D_fuzzer-5694406713802752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7a2aa5dc2af6c4fc66aaedd341b0886fbc746f0d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b713f01bb3b11eeea4c9f76959d15594fd8718c2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 10 22:28:20 2021 +0100
avcodec/pnm_parser: Check av_image_get_buffer_size() for failure
Fixes: out of array access
Fixes: 30135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-4997145650397184
Fixes: 30208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5605891665690624.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5314a4996cc76e2a8534c74a66f5181e95ac64fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d4dc6d2041395dddf05f1e0cf62316577864297f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 24 00:22:39 2020 +0100
avformat/wavdec: Consider AV_INPUT_BUFFER_PADDING_SIZE in set_spdif()
The buffer is read by using the bit reader
Fixes: out of array read
Fixes: 27539/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5650565572591616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0a7c648e2d85a59975cc88079975cf9f3306ed0a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=47047bf6850fc98cad0024b1de4fd6509c22ef2e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 30 22:04:37 2020 +0100
avformat/rmdec: Check remaining space in debug av_log() loop
Fixes: Timeout (long -> 2 ms)
Fixes: 26709/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5665833403285504
Fixes: 27522/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-6321071221112832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a8fe78decd700afec461f06df4ce0d36f3e9cc4b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b4317e0a2b77f9ddebd7590baa3fe42990630b71
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Nov 23 21:42:23 2020 +0100
avformat/flvdec: Treat high ts byte as unsigned
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 27516/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5152854660349952
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f514113cfa9fc44d80086bb2a2b783e8026dc3a9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fa4ee8600805b063437ccf374697a2745a8c72e6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 17:00:38 2021 +0100
avformat/samidec: Sanity check pts
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 29743/clusterfuzz-testcase-minimized-ffmpeg_dem_SAMI_fuzzer-5499256859394048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2014b0135293c41d261757bfa1aaba51653bab8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b79830a53a1300dea8ea44f6a3a1de71ece2418a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:54:06 2021 +0100
avcodec/jpeg2000dec: Check atom_size in jp2_find_codestream()
Fixes: Infinite loop
Fixes: 29722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6412228041506816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2a2082a41bca9dbb22c45288972f2da309443cf8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1d6055972e50ef8757c8d2a3408a9a84bf6838fd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:30:59 2021 +0100
avformat/avidec: Use 64bit in get_duration()
Fixes: signed integer overflow: 2147483424 + 8224 cannot be represented in type 'int'
Fixes: 29619/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5191424373030912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a0ceb0cdd41b56241697cd8f83e22cdb4822d2d9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3c20077e753ee474d1fc86833c2b776191c76858
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:28:08 2021 +0100
avformat/mov: Check for duplicate st3d
Fixes: memleak
Fixes: 29585/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6594188688490496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 658f0606cba0f866714cbe09af30ec40c4168930)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4d977e643de5070b4dc8f8485b4b6c6853641250
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:19:42 2021 +0100
avformat/mvdec: Check for EOF in read_index()
Fixes: Timeout
Fixes: 29550/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5094307193290752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6c64351bb1f4dc148069a37754b746fcd4c784cf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eb1dc002c6d661652afbedc9e8b942a7b961b4c9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 30 19:37:52 2021 +0100
avcodec/jpeglsdec: Fix k=16 in ls_get_code_regular()
Fixes: Timeout
Fixes: left shift of 33046 by 16 places cannot be represented in type 'int'
Fixes: 29258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-4889231489105920
Fixes: 29515/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-6161940391002112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 980900d991606cbc3747b37d6e83c7aae98cbecc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9ab85e03ca9b4ec8e918b46466a18301da96d471
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:14:03 2021 +0100
avformat/id3v2: Check the return from avio_get_str()
Fixes: out of array access
Fixes: 29446/clusterfuzz-testcase-minimized-ffmpeg_dem_AAC_fuzzer-5096222622875648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 25f240fcb398eb499ca4b70c026a8bb9f2a32731)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fec6a5d940f7b792cf86ddaa38bf16926f873882
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 14:59:27 2021 +0100
avcodec/hevc_sei: Check payload size in decode_nal_sei_message()
Fixes: out of array access
Fixes: 29392/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4821602850177024.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0791a515d38fd35c1e2a309ec8f4015153687b8c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=afc9f2c236f2289b83610b723513f68fc162abd9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:22:53 2021 +0100
libavutil/eval: Remove CONFIG_TRAPV special handling
Fixes: division by zero
Fixes: 29555/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVO_fuzzer-5149951447400448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8574fcbfc7784173347418e09035ff8121574571)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f083f20fd215ef8c0b7fa9f4abf885df6d322b8a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 8 14:29:01 2021 +0100
avformat/wtvdec: Check len in parse_chunks() to avoid overflow
Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int'
Fixes: 30084/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6192261941559296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5552ceaf568915e668679f9581e07eb5507cafc4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a4c627df67ce6d1fc5a52c830d270485cf205249
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Feb 7 21:50:03 2021 +0100
avformat/asfdec_f: Add an additional check for the extradata size
Fixes: OOM
Fixes: 30066/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6182309126602752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2c8cd4490a6ab2742e6ad1ce059b4f4957b39500)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=99a5e67fe3b786602291b80a28e8e518ce1102d1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 8 14:29:02 2021 +0100
avformat/3dostr: Check sample_rate
Fixes: signed integer overflow: -1268324762623155200 * 8 cannot be represented in type 'long'
Fixes: 30123/clusterfuzz-testcase-minimized-ffmpeg_dem_THREEDOSTR_fuzzer-6710765123928064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7e5034f97e41d3f8112c1f8da3b5274ab99ef6f8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8bcf54cf72d517e8a9cdc275acc33e8cc492d001
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 20:41:56 2020 +0100
avformat/4xm: Make audio_frame_count 64bit
Fixes: signed integer overflow: 2099257366 * 2 cannot be represented in type 'int'
Fixes: 27486/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-5112179134824448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 842c268c6436c9e90e689402be138c2e539f7059)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7186342a505d9617fdd1a80dac702a4b5da5462e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 19:13:01 2020 +0100
avformat/mov: Use av_mul_q() to avoid integer overflows
Fixes: signed integer overflow: 538976288 * 538976288 cannot be represented in type 'int'
Fixes: 27473/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5758978289827840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f70e1ec0cfa8ae24b224faf522c1d6ca95a42f6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b8b7cf353eb7769d9e858e95b496666ce3212f5e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 17:55:12 2020 +0100
avcodec/vp9dsp_template: Fix integer overflows in itxfm_wrapper
Fixes: signed integer overflow: 2147483641 + 32 cannot be represented in type 'int'
Fixes: 27452/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5078752576667648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4dfb7ff528c02afbafba14676c139ecb82164c44)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7d3c6b4f059de972591dfca1491b893ff6773fd1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 3 00:54:46 2020 +0100
avformat/rmdec: Reorder operations to avoid overflow
Fixes: signed integer overflow: -2147483648 - 14 cannot be represented in type 'int'
Fixes: 27659/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5697250168406016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b12e713b8061cc6a71ec69da946552bc593d5fa7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=16f0553a56bd066935229ea8442a87ca38e50cf0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 3 00:31:07 2020 +0100
avcodec/mxpegdec: fix SOF counting
Fixes: Timeout (>10sec -> 15ms)
Fixes: 27652/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5125920868007936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 401495def62638a205569cac0f7861c7faba4d18)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=95ffb56c6c75ef7958d7e70a5df493d13452ed95
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 00:31:47 2020 +0100
avcodec/rscc: Check inflated_buf size whan it is used
Fixes: out of array access
Fixes: 27434/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RSCC_fuzzer-5196757675540480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
(cherry picked from commit a5ed6da9bdbe32408aabe1c75e4b55fcaeec1e9b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=26e5301458ea47f9ed7bba20f86bef08a6aab832
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 2 20:47:10 2021 +0100
avformat/mvdec: Sanity check SAMPLE_WIDTH
Fixes: signed integer overflow: 999999999 * 8 cannot be represented in type 'int'
Fixes: 30048/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5864289917337600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ab82c105787fa81d1e35b9209f3d53e98be936a4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5267cf2084493e949af544d873448438cf1efa28
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 18 23:13:58 2020 +0100
avformat/rmdec: Fix codecdata_length overflow check
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 28509/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-6310969680723968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3c41d0bfd6041890b394a3e6eb2f8da92b83416b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e26851dcd11b79152870dc9a2921920edf7655d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 18 00:31:08 2020 +0100
avcodec/simple_idct: Fix undefined integer overflow in idct4row()
Fixes: signed integer overflow: -1498310196 - 902891776 cannot be represented in type 'int'
Fixes: 28445/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5075163389493248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 57f7e5caa324fd760aa9e134ee963e9936083c59)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=305ae7fc02b5331995a7694ceef2d818c96c7d37
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 22:57:28 2021 +0100
avformat/tta: Use 64bit intermediate for index
Fixes: signed integer overflow: 42032 * 51092 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-6679539648430080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fd61b42b4c8709a7888fa5c9cce0c19d754e39fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9bb8a4f773ca65fe924863ddc539cd2a1c1fcfb7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 22:52:59 2021 +0100
avformat/soxdec: Check channels to be positive
Fixes: signed integer overflow: 32 * -1795162112 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SOX_fuzzer-6724151473340416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b0588b73daeb0e6a0741f39b33943c67eac71619)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef8ece49acfa8ef5af56d712672d9804265f3efa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 11 23:17:50 2020 +0100
avcodec/cscd: Check output len in zlib as in lzo
Fixes: Timeout (>10sec -> 134ms)
Fixes: 27245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-575318210772992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6de039823c2ffcf88e8bfff0d4e3ed9d5601a122)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a7cfa5a89c671386aa75d833f1a219527070271
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 30 00:46:26 2021 +0100
avcodec/vp3: Check input amount in theora_decode_header()
Fixes: Timeout
Fixes: 29226/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-6195092572471296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 869fe41d1088c4badcd98ee1ca2490451a07b173)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=624afab90a276459b465246c8bba101abb1b7e70
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jan 29 23:58:04 2021 +0100
avformat/wavdec: Check avio_get_str16le() for failure
Fixes: out of array access
Fixes: 29195/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5037853281222656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d7594ee751e621f6c7ef4d4977c4a3ce169ae0af)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dcd5b364fb8e4f26caa2cd53e7c8df15b13867d1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 12 21:54:31 2021 +0100
avformat/flvdec: Check for EOF in amf_skip_tag()
Fixes: Timeout
Fixes: 29070/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5650106766458880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9725d07a1770fbfafe5f7b3f7d95a2a513308538)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=67dff50ad857c8b888e311cc6ca7f1e95a350be3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 10 23:01:12 2020 +0100
avformat/aiffdec: Check size before subtraction in get_aiff_header()
Fixes: Infinite loop
Fixes: 27235/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5761398380167168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8af299acde9601e64740b75430960503615873b4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4db70e21390abadc6087ebad7b1ff80a06209af8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 12 22:18:59 2021 +0100
avformat/electronicarts: More chunk_size checks
Fixes: Timeout
Fixes: 26909/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6489496553783296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d03f0ec9a1ce9903ae533059d30758bede238e40)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20b13122ec42398936f9e97c88b827792d583bc0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 8 00:08:35 2020 +0100
avcodec/cfhd: check peak.offset
Fixes: signed integer overflow: -2147483648 - 4 cannot be represented in type 'int'
Fixes: 26907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5746202330267648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 386faeda5ff1924c17766248ce19528dbf90cf15)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0dcc435972db32a7750ec7c456ec96e74cfa606e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 7 21:11:32 2020 +0100
avformat/tedcaptionsdec: Check for overflow in parse_int()
Fixes: signed integer overflow: 1111111111111111111 * 10 cannot be represented in type 'long'
Fixes: 26892/clusterfuzz-testcase-minimized-ffmpeg_dem_TEDCAPTIONS_fuzzer-5756045055754240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b0f8586ca9853ab3d324ccd3c42bad4375000b0a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aff85abab4ed97a13b0e50f4d8f40756d8fb756d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 6 23:42:39 2021 +0100
avformat/nuv: Check channels
Fixes: signed integer overflow: -3468545475927866368 * 4 cannot be represented in type 'long'
Fixes: 28879/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-6303367307591680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fc45d924d7ff6be80e90870540ba35efc290e428)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c79401d76ebef1dd7705a9b0d0182d6fca883458
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 24 20:42:27 2020 +0100
avformat/mpc8: Check size before implicitly converting to int
Fixes: Timeout
Fixes: 28551/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6229183210586112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 78d6d8ddb571ecca54616517defbf894a45ea9c3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b9b7d76f8ca6cd21b158fcf9f19c67c4b08133e5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 16 22:44:33 2021 +0100
avformat/nutdec: Fix integer overflow in count computation
Note, the value is checked a few lines later already
Fixes: signed integer overflow: -440402016 - 1879048064 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6603876618469376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0014249fd92132515b3ff0ce034dd65e745cb400)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=51cd4084420378c69fec221164a81a5d5a20202f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 16 22:20:37 2021 +0100
avformat/mvi: Use 64bit for testing dimensions
Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-6649291124899840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 48fb752767086a48e599f9e86d87096f66cc7590)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6202f716dc30c966e1e6fc2be6ac2a1c4170fc88
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 16 22:05:53 2021 +0100
avformat/utils: Check dts in update_initial_timestamps() more
Fixes: signed integer overflow: -9223372036853488158 - 90000000 cannot be represented in type 'long long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MPSUB_fuzzer-6696625298866176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 29851cb840c176d514573914799ca6c95f3f4e8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2f0ae564600475eed5342e3de7cc07822c60d623
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 26 17:41:28 2021 +0100
avformat/flvdec: Check for avio_read() failure in amf_get_string()
Suggested-by: Anton Khirnov <anton at khirnov.net>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cb316676112c01e8d66420908b6b3d06b3b498e3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a3f5c9d76d0b64f1e08b12f6cd4502d092efef7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 23 22:00:40 2021 +0100
avformat/flvdec: Check for nesting depth in amf_skip_tag()
Fixes: out of array access
Fixes: 29440/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5985279812960256.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2ef522c918d48b9f101548b2cadce02003cb3510)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a280136c7a1cfdce11216ab02b0195d9ce2ce772
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 23 21:20:57 2021 +0100
avformat/flvdec: Check for nesting depth in amf_parse_object()
Fixes: out of array access
Fixes: 29202/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5112845840809984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 074e204b42acdacc0a055671481e00914524af93)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f5f93d498df2e3bbc6d7cf16e6a69d5de48e066
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 20 00:00:27 2021 +0100
avformat/asfdec_o: Check for EOF in asf_read_marker()
Fixes: Timeout
Fixes: 26460/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5710884393189376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9e3d09f435f83f9653056b2fecc4d03ac45f3ffd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b53629bef13722aa6a8b180cf0f4ff2e52451317
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 21:29:01 2021 +0100
avformat/utils: Check dts - (1<<pts_wrap_bits) overflow
Fixes: signed integer overflow: -9223372036842389247 - 2147483648 cannot be represented in type 'long long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-4845007531671552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d82ee907d6caafbc1212c4b63ecac2dcd30f23b0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=268f25c7744c7a0cc79d6baf18ff6af600826fad
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 18:41:41 2021 +0100
avformat/bfi: Check chunk_header
Fixes: signed integer overflow: -2147483648 - 3 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6665764123836416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 638a151a877c27a46c15643db26c9ba726feecde)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d72a06402c2de9bb8b319f460258efaee8300425
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 18:38:16 2021 +0100
avformat/ads: Check size
Fixes: signed integer overflow: -2147483616 - 64 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_ADS_fuzzer-6617769344892928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c78b2b138ce222de2f4cecac8fd4361f05ee9428)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a39c4ce6b15f8f7f1dcc1ab242c11a4f78be858e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 2 00:58:42 2021 +0100
avformat/iff: Check block align also for ID_MAUD
Fixes: Timeout & OOM
Fixes: 28701/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5185094964871168
Fixes: 29116/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4874284795297792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b17ffe8f8f30ba03901bcf7caa6c523e874e8fde)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=567c02a19aee51158702d6647615dab421b0c1fa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 3 19:21:18 2020 +0100
avcodec/utils: Check for integer overflow in get_audio_frame_duration() for ADPCM_DTK
Fixes: signed integer overflow: 131203586 * 28 cannot be represented in type 'int'
Fixes: 26817/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6296902548848640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2488ba85a0fa5ee4125888258d3d95ce3f03bbb6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8f5cce4b17ea6bc2e94bc7143df3bd5b56cc516c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 3 23:41:36 2020 +0100
avformat/fitsdec: Better size checks
Fixes: out of array access
Fixes: 26819/clusterfuzz-testcase-minimized-ffmpeg_dem_FITS_fuzzer-5634559355650048
Fixes: 26820/clusterfuzz-testcase-minimized-ffmpeg_dem_FITS_fuzzer-5760774955597824
Fixes: 27379/clusterfuzz-testcase-minimized-ffmpeg_dem_FITS_fuzzer-5129775942991872.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 14bbb6bb30a6053e82f865c2d69d1a4dd2297fc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b0edf37cb2f17cc3661992d63236fa750eb18913
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 21 21:41:41 2021 +0100
avformat/mxfdec: Fix integer overflow in next position in mxf_read_local_tags()
Fixes: signed integer overflow: 9223372036854775723 + 8192 cannot be represented in type 'long'
Fixes: 29072/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4812604904177664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d3d9b1fc8e2dfc8b4d66c9916ab7221062ff4660)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=661d36175b5b143122da822dca7e4caf7e9da105
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Nov 9 21:48:31 2020 +0100
avformat/avidec: dv does not support palettes
Fixes: memleak
Fixes: 26937/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5763003338981376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b373b41d940e3058cdfb3d17703e23ed665353c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=387e0b3359c81bbc9f7334790c6bd1f13b0fb706
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Nov 9 19:58:20 2020 +0100
libavformat/utils: consider avio_size() failure in ffio_limit()
Fixes: Timeout (>20sec -> 3ms)
Fixes: 26918/clusterfuzz-testcase-minimized-ffmpeg_dem_THP_fuzzer-5750425191710720
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b1dac2716d713dfd6949b7eb4a3c18c16f1faf6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=32e5b0ab99b5004c7506b0cb3d37dfd57c56b914
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 00:07:26 2021 +0100
avformat/nistspheredec: Check bits_per_coded_sample and channels
Fixes: signed integer overflow: 80 * 92233009 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NISTSPHERE_fuzzer-6669100654919680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 60770a50fba0d47203d417b048b37d314918085d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d31c6fdf3522f715fec601995a60a8972c24245a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 12 21:17:18 2021 +0100
avformat/asfdec_o: Check size vs. offset in detect_unknown_subobject()
Fixes: signed integer overflow: 2314885530818453566 + 7503032301549264928 cannot be represented in type 'long'
Fixes: 26639/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6024222100684800
Alternatively this could be ignored but then the end condition of the loop
would be hard to reach as avio_tell() is int64_t
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0bee216ad454dd7238a03dd9a76428cc6c3233cc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b9570ed6f3a159ee8b354af9dfb770bcb3518fd7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Aug 15 22:52:42 2020 +0200
avformat/utils: check for integer overflow in av_get_frame_filename2()
Fixes: signed integer overflow: 317316873 * 10 cannot be represented in type 'int'
Fixes: 24708/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5731180885049344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 03c479ce236955fc329c7f9f4765ee1ec256bb73)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8d260b66ac0f71c2092e632bd9521698aca620b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 28 21:31:16 2020 +0100
avutil/timecode: Avoid undefined behavior with large framenum
Fixes: signed integer overflow: 2147462079 + 2149596 cannot be represented in type 'int'
Fixes: 27565/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5091972813160448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b1905739638c22b476c99c679b41f29fa00bf07)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0c45348beffde91fc5a702273d79b5b4437c014f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 28 21:20:43 2020 +0100
avformat/mov: Check a.size before computing next_root_atom
Fixes: signed integer overflow: 64 + 9223372036854775799 cannot be represented in type 'long'
Fixes: 27563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6244650163372032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8c9a5a0fe9f27be35332a2b8f604dc85d219a056)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3df814c73540be949993bf1185b1388dda92d4bb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 00:07:29 2021 +0100
avformat/sbgdec: Reduce the amount of floating point in str_to_time()
Fixes: 1e+75 is outside the range of representable values of type 'long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6626834808700928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ac6c8993f79eaefb76e1fdf0eef5373ab3a46a4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d7566366ffc26feb6e5099ef144103b7b3312ff5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 20:22:48 2020 +0200
avformat/mxfdec: Free all types for both Descriptors
Fixes: memleak
Fixes: 26352/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5201158714687488
Suggested-by: Tomas Härdin <tjoppen at acc.umu.se>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 88519be8db66811e203408b413d9039ac9c3fe91)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4520a4efa413a67bf18c049f50934a04e08a00d4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 18:01:11 2020 +0200
uavformat/rsd: check for EOF in extradata
Fixes: OOM
Fixes: 26503/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6530816735444992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7186ec88b98bc589f1403985ab10cc7f77461ec8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=35729e0fdb47ca6aeb8cec33b8a35a9448b8b873
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 4 00:52:47 2020 +0100
avcodec/wmaprodec: Check packet size
Fixes: left shift of negative value -25824
Fixes: 27754/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5760255962906624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 69aeba8a19ac2fa6e1c9bdfb19229b513f314bb1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62dd7e3dc06d12364b820317ce301b9c6684595c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 3 23:41:10 2020 +0100
avcodec/rasc: Check frame before clearing
Fixes: null pointer dereference
Fixes: 27737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RASC_fuzzer-5769028685266944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 380a3a0adfae7aa898d2ec8a5b0d5cd949a11111)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f8940d51047c1adce67c30a2f274dd9d08272664
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 26 18:55:08 2020 +0100
avcodec/alsdec: Fix integer overflow with quant_cof
Fixes: signed integer overflow: -210824 * 16384 cannot be represented in type 'int'
Fixes: 28670/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5682310846480384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7ce40dde03ea56684f2cb6b40991a90bc38c3ad9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=94fbe523eebd15b0469323a8154680d3de3c89d9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Dec 27 18:47:44 2020 +0100
avformat/mpegts: Fix argument type for av_log
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 654b21ef176a807bf4e8359a4ed52c629d766100)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e015c01a2f536fcc26229e4363feb5a94e0ff81
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 18 00:48:26 2020 +0100
avformat/cafdec: clip sample rate
Fixes: 1.21126e+111 is outside the range of representable values of type 'int'
Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5412960339755008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 684aec6a6872c9e3bb0afee1979f1cd3edd1f8ce)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed4e706190342fce2c8e8e2d8933e749189315a8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 19 00:22:04 2020 +0100
avcodec/ffv1dec: Fix off by 1 error with quant tables
Fixes: assertion failure
Fixes: 28447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5369575948550144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5cae71d2b722d0beed4d46f189db42fbb57d877b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5d4d2910a543b090e78ff2261bac68ea461c44fa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 19 00:22:01 2020 +0100
avformat/mpegts: Increase pcr_incr width to 64bit
Fixes: division by zero
Fixes: 26459/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5666350112178176
Fixes: 28154/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5195728439476224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ef7b117b7be8a81d6b245cadf096cbe4b1a12987)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=85cdb58efb53b92509148341dd13df950b4460f4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 25 19:19:54 2020 +0100
avcodec/utils: Check bitrate for overflow in get_bit_rate()
Fixes: signed integer overflow: 617890810133996544 * 16 cannot be represented in type 'long'
Fixes: 26565/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5092054700654592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8aadae670f28b88e94770262cd1136562bdb2f45)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7c36b9496626255df69302156e2bf985bd927faf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 25 18:39:45 2020 +0100
avformat/mov: Check if hoov is at the end
Fixes: Timeout, probably infinite loop
Fixes: 26559/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5391165484171264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0afbaabdca2730d3f8d88719d64802d50b92d351)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cb1f3b5fc6158a8c119340332a6fba2a00456b96
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 18 23:05:22 2020 +0100
avcodec/hevc_ps: check scaling_list_dc_coef
Fixes: signed integer overflow: 2147483640 + 8 cannot be represented in type 'int'
Fixes: 28449/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5686013259284480
Reviewed-by: James Almer <jamrial at gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f1700bd8bb983bb3b56c3a1f8b9078cb62a44f65)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6c57a7ce4d96a14707f8c5f82222d14da7dc2928
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 11 00:49:23 2020 +0100
avformat/iff: Check data_size
Fixes: infinite loop
Fixes: 27834/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5694930919620608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 001bc594d82f3df67a6e96c6ea022f4e39002385)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b12ef6f7acd4573c0b2d7a26e26c29b147479456
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Dec 7 00:37:25 2020 +0100
avformat/matroskadec: Sanity check codec_id/track type
Fixes: memleak
Fixes: 27766/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5198300814508032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b88dd8f0cb48b46f3178d274a9117a3d2307f4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9ca2abb90c20d31ad39641af8a20dd3d4cd38f46
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Dec 9 00:49:29 2020 +0100
avformat/rpl: Check the number of streams
Fixes: out of memory access
Fixes: 27787/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4743666463408128.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0677bdb1f522d0d25b47bca3d8e09ece83083678)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=57c8136d6c14bc3f41bfd4c5cc0f9db159f4fcf5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Nov 5 22:14:21 2020 +0100
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
Fixes: signed integer overflow: -2105540608 - 2105540608 cannot be represented in type 'int'
Fixes: 26870/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5656647567147008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 51dfd6f1bdb03bfc7574b12e921fb3b8639ba5cf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=471c8ae5b6eb632930585590fafbd74b7d39b74e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Nov 5 21:22:13 2020 +0100
avformat/dsfdec: Check block_align more completely
Fixes: infinite loop
Fixes: 26865/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-5649473830912000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 65b8974d54455adc7a462f0f7385b76e1d08101c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6eba6551b81b36e7233601f5a1f8b4c184a16890
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 30 21:50:32 2020 +0100
avformat/mpc8: Check remaining space in mpc8_parse_seektable()
Fixes: Fixes infinite loop
Fixes: 26704/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6327056939614208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f66dd13d08d063e2748d172239df595078ff624)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e4a9d64d1f361aa2f475f3006524d2526c5a359
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 7 21:39:21 2020 +0100
avformat/id3v2: Sanity check tlen before alloc and uncompress
Fixes: Timeout (>20sec -> 65ms)
Fixes: 26896/clusterfuzz-testcase-minimized-ffmpeg_dem_DAUD_fuzzer-5691024049176576
Fixes: 27627/clusterfuzz-testcase-minimized-ffmpeg_dem_AEA_fuzzer-4907019324358656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d7f87a4b9ef18a9846439b7787874cc11e5940de)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a290ea51274a46faa095bc71c32bdc806c45e059
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 1 20:20:02 2020 +0100
avformat/vqf: Check len for COMM chunks
Fixes: Infinite loop
Fixes: 26696/clusterfuzz-testcase-minimized-ffmpeg_dem_VQF_fuzzer-5648269168082944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a834af133b1fe8f29b4075808710ffd98abcac40)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bb81e6eb55bc4ce702b8926dd3d32f9b3c202520
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 00:24:01 2020 +0200
avcodec/hevc_cabac: Limit value in coeff_abs_level_remaining_decode() tighter
The max depth is 16bps, the max allowed coefficient depth is depth+6
Fixes: signed integer overflow: 1074266112 + 1073725439 cannot be represented in type 'int'
Fixes: 26493/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657763331702784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7cf852b03c3ae6b61f89614371d2cb308d0b7f86)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=44e692bb0a54d39b08bdbb2c0692bf1a06592194
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 23:13:16 2020 +0200
avformat/cafdec: Check the return code from av_add_index_entry()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9dc3301745d8271ae3ba0f1b998d8e6a0aa01bc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aeef24785a82362fdeeebf0969a938c309a6d533
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 18 00:58:37 2020 +0100
avformat/cafdec: Check for EOF in index read loop
Fixes: OOM
Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-541296033975500
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit eb46939e3ab3e0e4df69486b1a037bffc50493bd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6723d6db9bbc506bf42ba0d4d51bf0c220391a3d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 23:08:13 2020 +0200
avformat/cafdec: Check that bytes_per_packet and frames_per_packet are non negative
These fields are not signed in the spec (1.0) so they cannot be negative
Changing bytes_per_packet to unsigned would not solve this as it is exported
as block_align which is signed
Fixes: Infinite loop
Fixes: 26492/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5632087614554112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5eed718087f2ba307a3d1d294016d2ebae9230f3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6379a6f34325c4e359bb0cafe09e7af9f3ca2789
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 30 21:50:32 2020 +0100
avformat/mpc8: correct integer overflow in mpc8_parse_seektable()
Fixes: signed integer overflow: -4683718486770919638 * 2 cannot be represented in type 'long'
Fixes: 26704/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6327056939614208
Fixes: 27550/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6259212652642304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0897402ac8a2045691395380a9fd2ea88c0d3798)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2cb42f5cc077b2c3d2e6cfe9e7c82c7a34352f85
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 3 01:14:26 2020 +0100
avformat/mpc8: correct 32bit timestamp truncation
Fixes: left shift of 65536 by 15 places cannot be represented in type 'int'
Fixes: 26801/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-5164313092030464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ad3e495657eaa24cba9251c2379797c208998201)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40f056abed4e0b0bc8e037da8b56bcb93d5660f2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 24 22:21:48 2020 +0200
avcodec/exr: Check ymin vs. h
Fixes: out of array access
Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344
Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3e5959b3457f7f1856d997261e6ac672bba49e8b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f149875325cd1d3f8d0f0fa28971e8acccb390d9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 25 00:23:10 2020 +0200
avformat/avs: Use 64bit for the avio_tell() output
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 26549/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4844306424397824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1278f117d75ab9238ef181ba29b31c6ea569571b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=56789d3ea3ffcda6696677197a6a3d41f1b17aca
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 14 22:13:52 2020 +0100
avformat/wavdec: More complete size check in find_guid()
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 27341/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5442833206738944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a207df2acb92d6366ab2f0f18ba35709066b8eec)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=71411669cd5f4f2c21e7821eec8ac0e2263ac255
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 14 20:59:01 2020 +0100
avformat/iff: Check size before skip
Fixes: Infinite loop
Fixes: 27292/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5731168991051776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8b50e8bc2975fad85e0713e05940ee9ecb5e8a18)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=680f50938f22384bc33c19dfb401c8a87421c17f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Nov 13 23:30:47 2020 +0100
avformat/rmdec: Check for EOF in index packet reading
Fixes: Timeout(>10sec -> 1ms)
Fixes: 27284/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6304211110985728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ebf4bc629e6d0dbb4bb6725849bdd06456e4c8af)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0dc749187972332d26e13405df3b5a82da0fde2f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 4 01:06:46 2020 +0100
avformat/icodec: Check for zero streams and stream creation failure
Fixes: NULL pointer dereference
Fixes: 26814/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5758487797432320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b33233bd53f74f94f4cd7be0645a99a9549a913e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2781ce1ea95734d9ba25d1efc922e2f6a888a4ae
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 4 01:06:45 2020 +0100
avformat/icodec: Factor failure code out in read_header()
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 27ee67c00f4402030af3b7477dd5088464d31d80)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=158f357b1070bc86af09ab2d78da1b7c8b23ac83
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 31 13:51:47 2020 +0100
avformat/bintext: Check width
Fixes: division by 0
Fixes: 26780/clusterfuzz-testcase-minimized-ffmpeg_dem_ADF_fuzzer-5117945027756032
Fixes: 26998/clusterfuzz-testcase-minimized-ffmpeg_dem_ADF_fuzzer-5119352359354368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f6dc285fb5f30406b275b968ee438a738da799d1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=82728dee12b1261af1d28920f450039c52716cb3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 10 00:04:50 2020 +0100
avformat/sbgdec: Check that end is not before start
Fixes: signed integer overflow: -9223372036854775808 + -5279949906739200 cannot be represented in type 'long'
Fixes: 26908/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6329610851319808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9ef60a66f1f155605049402415bd901c8baf1a24)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a675945380498ffa2a8ac511a2b70602c6308388
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 8 00:17:09 2020 +0100
avformat/lvfdec: Check stream_index before use
Fixes: assertion failure
Fixes: 26905/clusterfuzz-testcase-minimized-ffmpeg_dem_LVF_fuzzer-5724267599364096.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b1d99ab14f2fd273e678dcb618dabfb38aab91b6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5d0d405d6c34ff83c19c387802e540bc890c699a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Nov 5 20:23:54 2020 +0100
avformat/au: cleanup on EOF return in au_read_annotation()
Fixes: memleak
Fixes: 26841/clusterfuzz-testcase-minimized-ffmpeg_dem_AU_fuzzer-5174166309044224
Regression since: e680d50eb4feddafb2d8575b21fc5fc8764f4801
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d16974c3dd3a05900aa080ea0729284aea358d10)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9cde79ca7f984e47e29d414cdc58a83793f55eb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 4 01:06:47 2020 +0100
avformat/mpegts: Limit copied data to space
Fixes: out of array access
Fixes: 26816/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-6282861159907328.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 79cf7c71910a69b9f22b3e7ee6508a771262abaf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c2221da01937dc79080a38ca75115e65af6a5623
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 31 13:51:47 2020 +0100
avformat/bintext: Check width in idf_read_header()
Fixes: division by 0
Fixes: 26802/clusterfuzz-testcase-minimized-ffmpeg_dem_IDF_fuzzer-5180591554953216.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 442d53f409c8d84c7db120227caac00af54aa884)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9d2df3050e6e76aeec5b6403c6dde0b2cba91170
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 27 21:51:08 2020 +0100
avformat/iff: check size against INT64_MAX
Bigger sizes are misinterpreted as negative numbers by the API
Fixes: infinite loop
Fixes: 26611/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4890614975692800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f291cd681b1235e150464ad83974d60d6879b492)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=72a8fb594d3954c64bd2a8e477fe56921ec089d5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 24 20:30:48 2020 +0200
avformat/paf: Check for EOF in read_table()
Fixes: OOM
Fixes: 26528/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5081929248145408
Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 437b7302b09a04e0fbfcd594114b52c5c6d89d32)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=da5220bc06bf53725f3bfe58e384780584b7e9c0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 26 21:08:55 2020 +0100
avformat/gxf: Check pkt_len
Fixes: Infinite loop
Fixes: 26576/clusterfuzz-testcase-minimized-ffmpeg_dem_GXF_fuzzer-4823080360476672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dad9a86ca7bf912289aafb33d96980630e6ec53a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5a76224c8826b3b7719a97e47ac9d2120a0fc419
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 26 20:55:31 2020 +0100
avformat/aiffdec: Check packet size
Fixes: Fixes infinite loop
Fixes: 26575/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5727522236661760
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0ba71a72d3a617b255b71988a000d5093222f779)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4ed66956584c881c29b1381fbd573adeaa5c4338
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 31 23:46:33 2020 +0100
avformat/concatdec: use av_strstart()
Fixes: out array read
Fixes: 26610/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5631838049271808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2610acb49a140901dacbd36c598a5514cf9ade0d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=26db6eccce82d3e44c3d0d0257f8f579b3326018
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 17 23:50:57 2020 +0200
avformat/wavdec: Refuse to read chunks bigger than the filesize in w64_read_header()
Fixes: OOM
Fixes: 26414/clusterfuzz-testcase-minimized-ffmpeg_dem_FWSE_fuzzer-5070632544632832
Fixes: 26475/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5770207722995712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b2244565ac8cb1eddd085e1a382a893ac03bfb4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c07f2cfaec7eb96aeacd948c8979e7983cfa1f8f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Oct 21 18:15:53 2020 +0200
avformat/rsd: Check size and start before computing duration
Fixes: signed integer overflow: 100794754 * 28 cannot be represented in type 'int'
Fixes: 26474/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-5181797606096896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c79d8a685182a8d8735887399bf0f3742b020597)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=36ff07fd0281f6b5b9ed6466d23b82c1e91c4906
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Oct 21 22:56:17 2020 +0200
avformat/iff: More completely check body_size
Fixes: infinite loop
Fixes: 26485/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5126561373880320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3588e2e6b05ba92f0907e9ffe263c2e65d53e346)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bb88c223d6b414cf939dc8143f41a36da332ab30
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Oct 21 19:37:45 2020 +0200
avformat/xwma: Check for EOF in dpds_table read code
Fixes: Timeout (>30 -> 140ms)
Fixes: 26478/clusterfuzz-testcase-minimized-ffmpeg_dem_XWMA_fuzzer-5918147066200064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 44b18a76b8d4e01c7ce62474aaf196857e75e976)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c07661c8cd9508d4db1ea8cd408ecc078acc7d0b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 27 17:21:19 2020 +0100
avcodec/utils: Check sample rate before use for AV_CODEC_ID_BINKAUDIO_DCT in get_audio_frame_duration()
Fixes: shift exponent 95 is too large for 32-bit type 'int'
Fixes: 26590/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-5120609937522688
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ec7e0d42884b40ce93b6b5e94de5f7849310f8a0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8d46937051b282a0fdb49c09ad2a3970d37becbb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 20:29:50 2020 +0200
avcodec/dirac_parser: do not offset AV_NOPTS_OFFSET
Fixes: signed integer overflow: -9223372036854775807 - 48000 cannot be represented in type 'long long'
Fixes: 26521/clusterfuzz-testcase-minimized-ffmpeg_dem_DIRAC_fuzzer-5635536506847232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev at lynne.ee>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 343c3149ab3d77be76f035d3b18bb2b2da48ce1f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7487e6b6a74726c9f1371a2f84f84f12908923e4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 21:32:59 2020 +0200
avformat/rmdec: Make expected_len 64bit
Fixes: signed integer overflow: 1347551268 * 14 cannot be represented in type 'int'
Fixes: 26458/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5655364324032512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 728330462cadb765307cc132377b6b5d177a225c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d608ea00275f9f7110b1616026f774814d291df7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 21:44:32 2020 +0200
avformat/pcm: Check block_align
Fixes: signed integer overflow: 321 * 8746632 cannot be represented in type 'int'
Fixes: 26461/clusterfuzz-testcase-minimized-ffmpeg_dem_PVF_fuzzer-6326427831762944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b23a619c132a8ad5282a5fd02bfe8b253101c79d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c7a3dacf539c45157b4f763c95f61c4f8311db0e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 21:55:13 2020 +0200
avformat/lrcdec: Clip timestamps
Fixes: signed integer overflow: 7111111111111531010 - -7335632962598013506 cannot be represented in type 'long'
Fixes: 26463/clusterfuzz-testcase-minimized-ffmpeg_dem_LRC_fuzzer-6015558333759488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 80bc2ac3c06319cf85428c58c471d105d25ae987)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ce445adcbd8abcc3d22af8752f6a792e09cbca3c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 24 19:24:30 2020 +0200
avformat/electronicarts: Check for EOF in each iteration of the loop in ea_read_packet()
Fixes: timeout(>20sec -> 1ms)
Fixes: 26526/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-5672328069120000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 857aba7c45faf0335ad91ecabc0bce8b94320758)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=57396f97ca37b5a94d723a9c888f7129ec2fe901
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 18 22:04:14 2020 +0200
avcodec/vp9dsp_template: Fix some overflows in iadst8_1d()
Fixes: signed integer overflow: 190587 * 11585 cannot be represented in type 'int'
Fixes: 26407/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5086348408782848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bca0735be52e471b1906aed34c60028d90646d90)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3ce851aab3acdee92ca0a8d3149de3e3878e28bb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 18 21:54:14 2020 +0200
avcodec/fits: Check bscale
Fixes: division by 0
Fixes: 26208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-6270472117026816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c2ccd76fd000f69e355280b487213fb63821c8aa)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f608e7801634f0ac9b661a22033be06ab5f5180b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 10:53:31 2020 +0200
avformat/nistspheredec: Check bps
Fixes: left shift of 1111111190 by 3 places cannot be represented in type 'int'
Fixes: 26437/clusterfuzz-testcase-minimized-ffmpeg_dem_NISTSPHERE_fuzzer-4886896091856896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7c144b363e67bef7651108c88687b38155172c1f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b7b6f4c557c7306c1aab56a3fb6632aa7b88de8d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:29:01 2020 +0200
avformat/jacosubdec: Use 64bit inside get_shift()
Fixes: signed integer overflow: 111111111 * 30 cannot be represented in type 'int'
Fixes: 26448/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5638440374501376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 715ff75e5dbbbefff7337351db596a9b7a5d4379)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a090f4cf0ca714eb64095acf6b8b98e56757002b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:05:01 2020 +0200
avformat/genh: Check block_align
Fixes: infinite loop
Fixes: 26440/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5632134020333568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 37396e9ba85d8969a3b5e3314ab99ff604845628)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=afb0664623c7b345f8ae5e57a07801c937be114b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:39:30 2020 +0200
avformat/mvi: Check count for overflow
Fixes: left shift of 21378748 by 10 places cannot be represented in type 'int'
Fixes: 26449/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5680463374712832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a413ed98632127342ad04b26e0ba0dc26adb70c9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=be62e519435b7995cc551740e3dd81c7d3c96ef4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 20:39:33 2020 +0200
avcodec/magicyuv: Check slice size before reading flags and pred
Fixes: heap-buffer-overflow
Fixes: 26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0dc42147b6843b133d4fa46bf1c2568a837b4bec)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c7fd8744b5861eb908e9a4d28e6450a331056e96
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 11:13:19 2020 +0200
avformat/asfdec_f: Check for negative ext_len
Fixes: Infinite loop
Fixes: 26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016
Fixes: 26377/clusterfuzz-testcase-minimized-ffmpeg_dem_TY_fuzzer-4838195726123008
Fixes: 26384/clusterfuzz-testcase-minimized-ffmpeg_dem_G729_fuzzer-5173450337157120
Fixes: 26396/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_S24BE_fuzzer-5071092206796800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 209b9ff5c3f337da4a3d82e59b8815eca2737ffa)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6cc18dca5547099c924736cbbe7a47eb5d75ca19
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 17 22:19:58 2020 +0200
avformat/bethsoftvid: Check image dimensions before use
Fixes: signed integer overflow: 55255 * 53207 cannot be represented in type 'int'
Fixes: 26387/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS2_fuzzer-5684222226071552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 50b29f081e9620dc39727adef707c2c323a8c095)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cb961b232229415afc3d06826db788e6ad6cde1c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 17 23:40:57 2020 +0200
avformat/genh: Check block_align for how it will be used in SDX2_DPCM
Fixes: signed integer overflow: 19922944 * 1024 cannot be represented in type 'int'
Fixes: 26402/clusterfuzz-testcase-minimized-ffmpeg_dem_VMD_fuzzer-5745470053548032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c95b47e18fdb43a4c667ae22a5d3a5ee6cf7782d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5be63051e7ba70afc8660ecb81071679695af255
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 15 22:19:32 2020 +0200
avformat/au: Check for EOF in au_read_annotation()
Fixes: Timeout (too looong -> 1 ms)
Fixes: 26366/clusterfuzz-testcase-minimized-ffmpeg_dem_SDX_fuzzer-5655584843759616
Fixes: 26391/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-5484026133217280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e680d50eb4feddafb2d8575b21fc5fc8764f4801)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5aaf7f46460f6811a41623d36112abfb80b80257
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 18:18:43 2020 +0200
avformat/segafilm: Do not assume AV_CODEC_ID_NONE is 0
Suggested-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d34e4904cd6d965693b285713660f4e84200d60b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5fc65636a7ae89aedcdfab10a023f4ce0f65409c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 00:37:25 2020 +0200
avformat/segafilm: Check that there is a stream
Fixes: assertion failure
Fixes: 26472/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5759751591559168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c0d7fd269beed030fc767fee28d9dbe111bc4427)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ee0f51886ad30a6247875c6654b15d4563185ec
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:59:53 2020 +0200
avformat/wtvdec: Check dir_length
Fixes: Infinite loop
Fixes: 26445/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5125558331244544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1868cb731660490beb750389266adb6e68e9123d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d2cefe21e1d61e940c11e64233d3ceaf46c40c3c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 13 23:01:38 2020 +0200
avcodec/decode/ff_get_buffer: Check for overflow in FFALIGN()
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 26218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5734075396259840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 939b72b02e40a7db440b68f31ab23bd550785344)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c8c0ed9e2bf8c26eec22bd2fb8c4daa1cf6f3e2c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 18:08:37 2020 +0200
avcodec/exr: Check limits to avoid overflow in delta computation
Fixes: signed integer overflow: 553590816 - -2145378049 cannot be represented in type 'int'
Fixes: 26315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5938755121446912
Fixes: 26340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5644316208529408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6910e0f4e5c40b5b902e4dd87256327d860d53f5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=253b1ed27ef5a5b2a61d616d80a28d939972d3ab
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 19:09:37 2020 +0200
avformat/boadec: Check that channels and block_align are set
Fixes: Infinite loop
Fixes: 26381/clusterfuzz-testcase-minimized-ffmpeg_dem_BOA_fuzzer-5745789089087488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 44ff5a1bff424b1576dff366ccd246805b4e5567)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=31517647e5dda2990f524e04bddf08ab2075e8aa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 15 22:04:56 2020 +0200
avformat/asfdec_f: Check name_len for overflow
Fixes: signed integer overflow: -1172299744 * 2 cannot be represented in type 'int'
Fixes: 26258/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5672758488596480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0d088a47ca0243576078f109fff20617d1fac382)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=366e5e489d87632ed7dd2377d692c14006ce3702
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 15 21:35:43 2020 +0200
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
Fixes: signed integer overflow: 241173056 + 1953511200 cannot be represented in type 'int'
Fixes: 26086/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5068366420901888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d1983628394e076001cc67d85656f9842b7282a3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=92b8c0a8c102a25cc117b9853ced649c709c3a8d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 12 17:11:27 2020 +0200
avcodec/aacdec_fixed: Limit index in vector_pow43()
Fixes: out of array access
Fixes: 26087/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5724825462767616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f83a536384afda45acb6d7cdd22017c8c314f9e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=75ce842d7c3de47ffbe86b3c1f6c1cbc912daf14
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 16 18:05:34 2020 +0200
avformat/rmdec: sanity check coded_framesize
Fixes: signed integer overflow: -14671840 * 8224 cannot be represented in type 'int'
Fixes: 24793/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5101884323659776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit aee8477c6ba20469ebe531448d31c642717b5f48)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=13de14d44da9d224152620b39040dbf01cb94f86
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 8 20:44:23 2020 +0200
avformat/flvdec: Check for EOF in amf_parse_object()
Fixes: Timeout (too long -> 1ms)
Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33624f4f2e1feb08f277126e637d4a28016eb07a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=29dade5fea9d207112fccc089085fd5db7cff8d7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 2 10:54:31 2020 +0200
avcodec/smacker: Check remaining bits in SMK_BLK_FULL
Fixes: out of array access
Fixes: 26047/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5083031667474432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 42ded4d1e6fb0086a235dc584118414ae2bf30c9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1f8aa084ea9011307d322eb399aaeaf51c929794
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 27 20:23:10 2020 +0200
avcodec/cook: Check subpacket index against max
Fixes: off by 1 error
Fixes: index 5 out of bounds for type 'COOKSubpacket [5]'
Fixes: 25772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5762459498184704.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5a2a7604da5f7a2fc498d1d5c90bd892edac9ce8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6778e41252a4c4f78f30638c9e66447d8d3ed2ef
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 13:30:29 2020 +0200
avcodec/utils: Check for overflow with ATRAC* in get_audio_frame_duration()
Fixes: signed integer overflow: 1024 * 13129048 cannot be represented in type 'int'
Fixes: 26378/clusterfuzz-testcase-minimized-ffmpeg_dem_CODEC2RAW_fuzzer-5634018353348608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 01bb12f883dccc419317516e093fdc6dfa41bc31)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=85cf8124426ad9e5ab981aa1525aadd4e623f073
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 13:30:28 2020 +0200
avcodec/hevcpred_template: Fix diagonal chroma availability in 4:2:2 edge case in intra_pred
Fixes: pixel decode issue.ts
Fixes: raw frame.hevc
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3fbf8737923ac49754946a2505367630544b87f1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d7fd7eb2974f6bb5ef8db7e1ee6404345267f83d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 19:05:23 2020 +0200
avformat/icodec: Change order of operations to avoid NULL dereference
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3300f5c133650ba25f94531d40ecc94c79b84457)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8bcad00e41869840aaf55dc52cff252671dbb8c0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 26 21:58:37 2020 +0200
avcodec/exr: Fix overflow with many blocks
Fixes: signed integer overflow: 1073741827 * 8 cannot be represented in type 'int'
Fixes: 25621/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6304841641754624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7265b7d904f86ec1c681222310c739f92ba55e5e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f2025f4ed7551ad2692754d16594137abb370270
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 16:40:22 2020 +0200
avcodec/vp9dsp_template: Fix integer overflows in idct16_1d()
Fixes: signed integer overflow: -190760 * 11585 cannot be represented in type 'int'
Fixes: 25471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5743354917421056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 394e8bb385a351091cb1ba0be986f3bbb15039fd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c58f0345b89d2eaa9e692717a2c71ecd79237105
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 21:17:32 2020 +0200
avcodec/ansi: Check initial dimensions
Fixes: Timeout (minutes to less than 1sec)
Fixes: 25682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ANSI_fuzzer-6320712032452608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 949f0a6be974e4083f8e130c2d6870ef26f0eece)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4b6bcdd9973bb97e3b57afc742a596d5f46f40de
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 16:29:15 2020 +0200
avcodec/hevcdec: Check slice_cb_qp_offset / slice_cr_qp_offset
Fixes: signed integer overflow: 29 + 2147483640 cannot be represented in type 'int'
Fixes: 25413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5697909331591168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 106f11f68af643ad1f372b840d38a0a30c6e9bcf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d859b40bf2b074cd5be69e978177a5cec4ce65be
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 11:29:01 2020 +0200
avcodec/sonic: Check for overread
Fixes: Timeout (too long -> 1.3 sec)
Fixes: 24358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5107284099989504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit eeabdef1bf96cdecf80aeb8d0478d008457b048c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=db94bff82687a55b7ec86db5b927c04008ad8756
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 19 17:13:10 2020 +0200
avformat/subviewerdec: fail on AV_NOPTS_VALUE
Such values are not supported by ff_subtitles_queue*
Fixes: signed integer overflow: 10 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 24193/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5714901855895552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b7f51428b1c73ab5840485ce537ce098a85d0881)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=13a10e107a6dd8e7b0a0319b0d53bf0b05b39abb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 26 22:04:16 2020 +0200
avcodec/exr: Check line size for overflow
Fixes: signed integer overflow: 570425356 * 6 cannot be represented in type 'int
Fixes: 25929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5099197739827200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9b72cea4463dd2fabcd9ba1454a0855e521d0148)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a4aab7f0f3d61bc58c1d547192389ced0295c23
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 26 21:54:36 2020 +0200
avcodec/exr: Check xdelta, ydelta
Fixes: assertion failure
Fixes: 25617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5648746061496320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6949df35d0c69ae91bb0f49069e0703deb9bd676)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c275fefad981f5875101d044b1cefa57f87e53e8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 23 23:31:59 2020 +0200
avcodec/celp_filters: Avoid invalid negation in ff_celp_lp_synthesis_filter()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 25675/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-4786580731199488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 11a6347f9e544a1b9fba059ae02c30c0e512c195)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dc12287307d87ac25a9307c6de2844cd558c71bb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Sep 24 21:59:04 2020 +0200
avcodec/takdsp: Fix negative shift in decorrelate_sf()
Fixes: left shift of negative value -4
Fixes: 25723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6250580752990208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f54f530039db149808478796e8389c14eb73095)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d8359218a27a7419eced067d4f4089c035b3b543
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 2 14:59:13 2020 +0200
avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420()
Fixes: left shift of negative value -640
Fixes: 26044/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5631057602543616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3291d994b76db4b6e67c8467367ce68f79785e60)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6bbc565af821104ffbbd9b03cdf752fc5de257da
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 12 19:44:35 2020 +0200
avformat/asfdec_f: Change order or operations slightly
Fixes: signed integer overflow: 20 * 5184056935931942919 cannot be represented in type 'long'
Fixes: 25466/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4798660247552000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 686f0151901849de3b2073fa73265472073e0208)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5a86c28a73a39a200310b1fee47be7ad78795599
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 2 23:13:00 2020 +0200
avformat/dxa: Use av_rescale() for duration computation
Fixes: signed integer overflow: 8224000000 * 1629552639 cannot be represented in type 'long'
Fixes: 24908/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4658478506049536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c313089fbe1df71b5406dd9d7e4d36361051c620)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cb6cdd3f84b9a7ed1a83e78d76ec0fc13025b384
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 2 22:42:05 2020 +0200
avcodec/vc1_block: Fix integer overflow in ac value
Fixes: signed integer overflow: 25488 * 87381 cannot be represented in type 'int'
Fixes: 24765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5108259565076480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3056e19e68122b9464b24870488f8faca4e78ea8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c242e3efe0a512855356147c46ddc0c8cc7746f6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 27 22:20:52 2020 +0200
avformat/iff: Check data_size not overflowing int64
Fixes: Infinite loop
Fixes: 25844/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5660803318153216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 24352ca79207d3311ee544fcba908a64004763ef)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8b84fcb78f9ab25dbe1949433b58a33861118629
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Sep 25 20:08:37 2020 +0200
avcodec/dxtory: Fix negative shift in dx2_decode_slice_410()
Fixes: left shift of negative value -768
Fixes: 25574/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-6012596027916288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit abebd87764992dc22c82802bdc75d40aac14ab86)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=91f7983a8959b6c5d14eed21bb575ecd88065bd9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Sep 24 22:20:39 2020 +0200
avcodec/sonic: Check channels before deallocating
Fixes: heap-buffer-overflow
Fixes: 25744/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5172961169113088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f249981976b18438cfb646183d4c21fb051e1ad4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b81d1379c296de48ebcc7ead0b3f22a4265b0ea1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 20 20:53:31 2020 +0200
avformat/wvdec: Check rate for overflow
Fixes: signed integer overflow: 6000 * -2147483648 cannot be represented in type 'int'
Fixes: 25700/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6578316302352384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 688c1175ba91d0477cc461e5bfda210d6659a3b8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f4d75810b4575a35fd02ede8137f4bb3e8488aba
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 20:48:38 2020 +0200
avcodec/ansi: Check nb_args for overflow
Fixes: Integer overflow (no testcase)
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bc0e776c9aaf06f437bf21e05a713fd54dc85400)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=124a433d159bcba054afc01459b7c71ecdff30ad
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 19 15:20:14 2020 +0200
avformat/wc3movie: Move wc3_read_close() up
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0c635f2ce6c18d448e77605ee83b55bd8250f812)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6afbda6ce89c7c3347b2262d2e9c004a30833be4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jul 18 14:30:19 2020 +0200
avcodec/diracdsp: Fix integer anomaly in dequant_subband_*
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 23760/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-604209011412172
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ca3c6c981aa5b0af8a5576020b79fdd3cdf9ae9e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d3bbc76f8e4f5c314668515cb8ad7ceb9dc087b7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jul 16 22:58:13 2020 +0200
avutil/fixed_dsp: Fix integer overflows in butterflies_fixed_c()
Fixes: signed integer overflow: 0 - -2147483648 cannot be represented in type 'int'
Fixes: 23646/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5480991098667008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4a02ae49c26395fc3ae2d38c733a2a13bd3080e7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2fee883f527ad0fdc3bf3b69143f8d1c161c1dab
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 13 21:12:17 2020 +0200
avcodec/wmalosslessdec: Check remaining space before padding and channel residue
Fixes: Timeout (1101sec -> 0.4sec)
Fixes: 24491/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5725337036783616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c467adf3bf9bb4b7fd28956ec698d884e63f145d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b9c0480f175be26fda2d84b61af6d5637e34fe0f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 19 16:54:28 2020 +0200
avformat/cdg: Fix integer overflow in duration computation
Fixes: signed integer overflow: 8398407 * 300 cannot be represented in type 'int'
Fixes: 23914/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4702539290509312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit aa8935b395162f8438d1f055e671e92685ed1586)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d5e57e749684f4937cb9fc32386a5b0bd4687ecd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 10 19:04:23 2020 +0200
avcodec/mpc: Fix multiple numerical overflows in ff_mpc_dequantize_and_synth()
Fixes: -2.4187e+09 is outside the range of representable values of type 'int'
Fixes: signed integer overflow: -14512205 + -2147483648 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Fixes: 23528/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2b9f39689ab19c68ff37b5a4ac71e8fb7f58c487)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca56067055f7ef1e26be58c951dfb9b5f33d5d68
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Sep 7 00:09:33 2020 +0200
avformat/electronicarts: Check if there are any streams
Fixes: Assertion failure (invalid stream index)
Fixes: 25120/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6565251898933248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 39a98623edbbdcf9d9b76e9d7aff3ce086ebfbfe)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=df6725090355db9505035d3ba248902077873565
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 5 17:58:53 2020 +0200
avcodec/ffwavesynth: Fix integer overflow in wavesynth_synth_sample / WS_SINE
Fixes: signed integer overflow: -1429092 * -32596 cannot be represented in type 'int'
Fixes: 24419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5157849974702080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a0da95df77a528251a326fc8b7e2ff48c60e41d0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=de79966a44145408f781cd89e764472b6ba1e343
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 22 00:24:55 2020 +0200
avcodec/vp9dsp_template: Fix integer overflow in iadst8_1d()
Fixes: signed integer overflow: 998938090 + 1169275991 cannot be represented in type 'int'
Fixes: 23411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-4644692330545152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d182d8f10cf69c59ef9c21df4b06e5478df063ef)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca689b00023c07fde16b0cb599b6b6c601a063e0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 22 00:09:05 2020 +0200
avformat/avidec: Fix io_fsize overflow
Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long'
Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cf0c700b0c25f5d9fe50dd27086a06812822f11a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9474d161c254d7f1c7d79d91da4209acc3c722fc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Aug 28 00:17:41 2020 +0200
avcodec/cfhd: Check transform type
Fixes: out of array access
Fixes: 24823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4855119863349248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 659658d08bb2e7219001795c78efd24f381446e2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a4f01dfad9f4294f7393f67b0d7bbb45e9c46f23
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Aug 20 01:05:35 2020 +0200
avcodec/tiff: Restrict tag order based on specification
"The entries in an IFD must be sorted in ascending order by Tag. Note that this is
not the order in which the fields are described in this document."
This way various dimensions, sample and bit sizes cannot be changed at
arbitrary times which reduces the potential for bugs.
The tag reading code also on various places assumes that numerically previous
tags have already been parsed, so this needs to be enforced one way or another.
If this commit causes problems with real world files which are not easy to fix
then some other form of checks are needed to ensure the various dependencies
in the tag reading are not violated.
Fixes: out of array access
Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ad29f9e47cb848e11ee1d358d2bae15cd35ef04b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e9d90680d2ca8911525de59d464ac3796844fb4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Aug 11 14:41:13 2020 +0200
avformat/siff: Reject audio packets without audio stream
Fixes: Assertion failure
Fixes: 24612/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6600899842277376.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8931c55789a69f717b4a6954c5bb7acf5475a134)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f13fb1cfb8e1d367224f8ab6a99cde05285af849
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Aug 15 01:07:44 2020 +0200
avformat/mpeg: Check avio_read() return value in get_pts()
Found-by: Thierry Foucu <tfoucu at gmail.com>
Fixes: Use-of-uninitialized-value
Reviewed-by: Thierry Foucu <tfoucu at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e8a88a16f78e66c8d7645b5f71dc8390b033fa70)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b0fd8d6b1523f4f89f20e3a34ffa6a39156a2d56
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Aug 6 21:42:43 2020 +0200
avcodec/tiff: Check bpp/bppcount for 0
Fixes: division by zero
Fixes: 24253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6250318007107584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit be090da25f734460f3105075456877b8a66185c1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2dc9462462ac160ea0345dfe256d85b934de19a3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Aug 6 21:35:06 2020 +0200
avcodec/snowdec: Sanity check hcoeff
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 24011/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5486376610168832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d51d569cf68f78aaea8464a156c847a0e294726a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=301801bfd23c463ba5dd5a989a8fae5813a9ddeb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 2 00:51:12 2020 +0200
avformat/mov: Check comp_brand_size
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 24457/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5760093644390400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ffa6072fc727a14680a85449259f6b49b47587e6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8636ff4bdfd3a6d6a58b73d9bb259e4487a88aaa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jul 23 23:41:27 2020 +0200
avcodec/alac: Check decorr_shift to avoid invalid shift
Later the decorrelate_stereo call is guarded by channels == 2
and non-zero decorr_left_weight. Make sure decorr_shift is in
the expected shift range for that case.
Fixes: shift exponent 128 is too large for 32-bit type 'int'
Fixes: 23860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5751138914402304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Alexander Strasser <eclipse7 at gmx.net>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4333718b357a9ad195031e5d0ea080d37677b795)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bd5e97fd6b64838851769c61c4d64fb8ea6bdc69
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jul 15 22:47:50 2020 +0200
avcodec/tdsc: Fix tile checks
Fixes: out of array access
Fixes: crash.asf
Found-by: anton listov <greyfarn7 at yandex.ru>
Reviewed-by: anton listov <greyfarn7 at yandex.ru>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 081e3001edb67dcd55fe0f68505df1fce667476d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4646f94b9cc83facb651a4540f342014cb75f937
Author: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Date: Thu Jul 9 12:07:28 2020 +0200
avformat/mm: Check for existence of audio stream
No audio stream is created unconditionally and if none has been created,
no packet with stream_index 1 may be returned. This fixes an assert in
ff_read_packet() in libavformat/utils reported in ticket #8782.
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
(cherry picked from commit ec59dc73f0cc8930bf5dae389cd76d049d537ca7)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=14a4be8fb4800fbac9e3e9a884527a7b582591a1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 10 19:37:57 2020 +0200
avcodec/cbs_jpeg: Fix uninitialized end index in cbs_jpeg_split_fragment()
Fixes: Out of array read
Fixes: 24043/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5084566275751936.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4a10bc8f6f5d600c44ecb9b43cd9abf13bf3bfae)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=02fd603a182f589128aa7e951d218ad1dd35dd8b
Author: Zhao Zhili <quinkblack at foxmail.com>
Date: Sun Jul 5 00:51:53 2020 +0800
avformat/mov: Fix unaligned read of uint32_t and endian-dependance in mov_read_default
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 806a4d5187aeb82b97898683242886ed1e84f894)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=41049b0d76decc07dc36f1158c748be9f1c19093
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 30 22:01:22 2020 +0200
avcodec/apedec: Fix undefined integer overflow with 24bit
Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int'
Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9f7b252cdf2d0e0f79d16dc7cd575d1884239863)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bf0b15d76a91b1f885dc17b776246986399a1933
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 30 21:11:25 2020 +0200
avcodec/loco: Fix integer overflow with large values from loco_get_rice()
Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int'
Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3ddc5e1f3cebca25ade54ee68159d305f210bf5f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=32815740f7bc5c6566d8369a849c8a164ed594f4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jul 6 20:18:42 2020 +0200
avformat/smjpegdec: Check the existence of referred streams
Fixes: Assertion failure
Fixes: 23758/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5160954605338624.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 321ea59dac6538f92206bab0a2688fa24a25c4d2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=34f9c735ad5edb9be107dfef55394cc9e6bc6e5a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 3 23:55:50 2020 +0200
avcodec/pnmdec: Fix misaligned reads
Found-by: "Steinar H. Gunderson" <steinar+ffmpeg at gunderson.no>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ea28ce9bc13803ccef97850388ddc9a73998a23e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
More information about the ffmpeg-cvslog
mailing list