[FFmpeg-cvslog] New commits on branch release/3.4
Git System
git at videolan.org
Sun Sep 12 22:42:18 EEST 2021
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1b44a20a19bdefc20b6841f735240e0902b5b2d8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 12 21:40:20 2021 +0200
Update for 3.4.9
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a4a3fd814aac900175ec4a2811cb5bf98c1ddad3
Author: James Almer <jamrial at gmail.com>
Date: Wed Jul 21 01:02:44 2021 -0300
avcodec/utils: don't return negative values in av_get_audio_frame_duration()
In some extrme cases, like with adpcm_ms samples with an extremely high channel
count, get_audio_frame_duration() may return a negative frame duration value.
Don't propagate it, and instead return 0, signaling that a duration could not
be determined.
Fixes ticket #9312
Signed-off-by: James Almer <jamrial at gmail.com>
(cherry picked from commit e01d306c647b5827102260b885faa223b646d2d1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0fe497d79581ff9e3c3eb18dc9d0265686933bb0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 5 21:00:38 2021 +0200
avcodec/jpeg2000dec: Check that atom header is within bytsetream
Fixes: Infinite loop
Fixes: 36666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5912760671141888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3c659f861856d751fe3aa1358b1cccff3117f948)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d11d5f7da46ef51d91d4f2bfecb813feda533d63
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 4 19:55:28 2021 +0200
avcodec/apedec: Fix 2 integer overflows in filter_3800()
Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int'
Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33feb527fff9bf547c4118147434869875cf0c3d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=980224770abf0d59453bca239bde5288d0c257f8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Sep 3 18:54:08 2021 +0200
avcodec/xpmdec: Move allocations down after more error checks
Fixes: Timeout
Fixes: 37035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5142718576721920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e58692837c20c8484a23cd9beb63ac422f82458a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fc76c6037acaaef2017fb541213fe151a8d0b999
Author: Martin Storsjö <martin at martin.st>
Date: Wed Dec 11 14:18:43 2019 +0200
network: Define ENOTCONN as WSAENOTCONN if not defined
This fixes compilation with old mingw.org toolchains, which has got
much fewer errno.h entries.
Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit 6569e9505c781468092c15fa84d034c9e37d26ca)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=36f962f3c209f2f402b1ef9091ebbb7a8d11c020
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 11 18:54:53 2021 +0200
avformat/avidec: Use 64bit for frame number in odml index parsing
Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int'
Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a4c98c507ed3c729fc92d641b974385f8aa37b33)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=43a4d78e3bf1758d05434f8315115bab2619d75d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 22 20:47:00 2021 +0200
avcodec/mjpegdec: Check for bits left in mjpeg_decode_scan_progressive_ac()
Fixes: Timeout
Fixes: 36262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4969052454912000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 909faca929cf30dcd439fa33479177e76fb5121d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bc9e0b6cd2839acbac8da3232d715eb66857e453
Author: maryam ebrahimzadeh <me22bee at outlook.com>
Date: Wed Aug 4 16:15:18 2021 -0400
avformat/adtsenc: return value check for init_get_bits in adts_decode_extradata
As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary.
'buf' is part of 'AVPacket pkt'.
replace init_get_bits with init_get_bits8.
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e198bd926dc07993dc032e1ebebcbed5ac4feea
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 25 15:50:54 2021 +0200
avcodec/webp: Check available space in loop in decode_entropy_coded_image()
Fixes: Timeout
Fixes: 35401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5714401821851648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5e00eab61112c52f27a09fe77d50e6fc508f9c53)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f4700142dcc09b6d477e8bccd22aaf4752acaf32
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 8 20:46:32 2021 +0200
avcodec/vc1dec: ff_print_debug_info() does not support WMV3 field_mode
Fixes: out of array read
Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c59b5e3d1e0121ea23b5b326529f5bdca44cf982)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=071ecaddb9ce7a514f4fe8b0ab4bc363d4bb0a38
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Aug 14 09:55:00 2021 +0200
avcodec/frame_thread_encoder: Free AVCodecContext structure on error during init
Fixes: MemLeak
Fixes: 8281
Fixes: PoC_option158.jpg
Fixes: CVE-2020-22037
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7bba0dd6382e30d646cb406034a66199e071d713)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f71c7a358e3ae9ceae681d722e6f350f3eab7976
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jul 31 21:17:23 2021 +0200
avcodec/faxcompr: Check for end of input in cmode == 1 in decode_group3_2d_line()
Fixes: Infinite loop
Fixes: 35591/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4503764022198272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f803635c4fac761ac68b39a369272d4c26433dc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b4e4af6dcf4da83cd6c78404c535c7dd9a77b0d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jul 31 00:01:53 2021 +0200
avcodec/vc1dec: Disable error concealment for *IMAGE
The existing error concealment makes no sense for the image formats, they
use transformed source images which is different from keyframe + MC+difference
for which the error concealment is designed.
Of course feel free to re-enable this if you have a case where it works and
improves vissual results
Fixes: Timeout
Fixes: 36234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6300306743885824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 643b2d49bf52d5a3205ce3db732e0c4c396bd457)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0b98a1d5e55322b80e652c53e4882f9c964ff1ae
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 30 23:04:08 2021 +0200
avcodec/sbrdsp_fixed: Fix negation overflow in sbr_neg_odd_64_c()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 35593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5182217725804544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8f2856a1daa4e3d5767b6efe7a70ec86926dba47)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d64fddb9a8ef0aa47535083b4b00b385278f6580
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 1 20:42:53 2021 +0200
avformat/wtvdec: Check for EOF before seeking back in parse_media_type()
Fixes: Infinite loop
Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 89505d38de989bddd579ce3b841f1c011f1d7bf2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a415c253b42210b33fc57da7aa05dcfb028aec04
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 27 20:57:02 2021 +0200
avformat/wavdec: Use 64bit in new_pos computation
Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9b57d2f0a967195dc1c72fda8f3a983a0132a243)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5ebce16fdec1cff22aae0fa30e55ac3ef42d9c53
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 27 20:53:32 2021 +0200
avformat/sbgdec: Check for overflow in timestamp preparation
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9dbed908403b0d97ae70881fab68020f148b6b11)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a4b9ac104e9016a08f75544ee0d8a43b2ea20324
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 19:44:08 2021 +0200
avformat/dsicin: Check packet size for overflow
Fixes: signed integer overflow: 24672 + 2147483424 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSICIN_fuzzer-6731325979623424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9d1c47ec033d038e04578eaf0767c8983250d03d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0b5c5645806e321c52f928cc9a8a12ce3f1b25a0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 19:33:58 2021 +0200
avformat/bfi: check nframes
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6737028768202752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b4e77dfca1c2970446f79277034d8e60c3fe3f4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=89fd36adfe82e0a3a42461ed8a252c637c170da2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 19:11:03 2021 +0200
avformat/avidec: fix position overflow in avi_load_index()
Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 527821a2dd6f19d9a4d2abe05833346ae86c66c6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d15d67e6ccc2fe3b5ff0afb1addceb9c6b222781
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 17:35:20 2021 +0200
avformat/asfdec_f: Check sizeX against padding
Fixes: signed integer overflow: 2147483607 + 64 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6753897878257664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f034c2e36acb7d0c11dc1849ddf8a67bde44eff4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f95a80bbd7cbe335fc8e271084571029d5ee26d9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 17:28:29 2021 +0200
avformat/aiffdec: Check for size overflow in header parsing
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bae2e1977744f42d56b85193d4910811de829714)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c593517453bce7f034417850cbe5dc03c54de466
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 31 21:00:32 2021 +0200
avcodec/aaccoder: Add minimal bias in search_for_ms()
Fixes: floating point division by 0
Fixes: Ticket8218
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 75a099fc734a4ee2b1347d0a3d8c53d883b95174)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7590dbf9be5e70432699cc70e5d96f9a6eb30dfc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 5 20:04:45 2021 +0200
avfilter/vf_mestimate: Check b_count
Fixes: left shift of negative value -1
Fixes: Ticket8270
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 06af6e101bbd04e8ecc5337bc3b6894a5e058e14)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bbec731fca035c854ac738b0e8ddb2234edf984a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 11 14:27:22 2021 +0200
avformat/mov: do not ignore errors in mov_metadata_hmmt()
Fixes: Timeout
Fixes: 35637/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6311060272447488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c52c99a18f6e40973e52d99d4bb29e34a66c695a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=00ecb2216730635498532d8b4c316898e00936e5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 11 12:39:34 2021 +0200
avformat/mxfdec: Check size for shrinking
av_shrink_packet() takes int size, so size must fit in int
Fixes: out of array access
Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 65b862ab59c4bfaae98be596b84a072f52444398)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e61b25e2557394e640a5aae901473785a4b23db5
Author: maryam ebr <me22bee at outlook.com>
Date: Tue Aug 3 01:05:47 2021 -0400
avcodec/dnxhddec: check and propagate function return value
Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
crafted DNxHD data can cause unspecified impact.
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: James Almer <jamrial at gmail.com>
(cherry picked from commit 7150f9575671f898382c370acae35f9087a30ba1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e4f7328d51505b55834eeecc8fbefb9147247a75
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 9 15:20:47 2021 +0200
swscale/slice: Fix wrong return on error
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7874d40f10cca922797a8da14189a53ee52f0156)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a6f5191f2ecbfd25f4ffbb6ad14136e34d97cacd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jul 7 14:05:26 2021 +0200
swscale/slice: Check slice for allocation failure
Fixes: null pointer dereference
Fixes: alloc_slice.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 997f9cfc1295769be8d3180860ceebbc16f59069)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9cfd59b5fa52a2da6ac59dc15d5959401ac6b6fe
Author: Luca Barbato <lu_zero at gentoo.org>
Date: Thu Oct 12 19:20:28 2017 -0300
configure: Fix sem_timedwait probe
(cherry-picked from libav commit 41262498ff89ef48e5ce4823b2fc2dc514a3eb0c)
Signed-off-by: James Almer <jamrial at gmail.com>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e1e677c6df4f3f2b976aaceef1b0e5252f7cee6
Author: James Almer <jamrial at gmail.com>
Date: Sun Apr 29 15:04:10 2018 -0300
configure: add missing pthreads dependency to v4l2_m2m
Signed-off-by: James Almer <jamrial at gmail.com>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=94bb92e5bbe81e1ed2abf0b4fe3b0c8791ecdedf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 11 18:40:32 2021 +0200
avformat/matroskadec: Fix handling of huge default durations
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 343d950a4a8a8c32f5f7d9d4ac1fbe317cb9cc80)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=73e81965b7d3a93b58bcdc6825fb38c24248493d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 31 15:27:18 2021 +0200
avcodec/lpc: check for zero err in normalization in compute_lpc_coefs()
Fixes: floating point division by 0
Fixes: Ticket8213
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 70874e024a6eae0f95bd8dd4b9b4367ffd937f41)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=afb3519570f1035e3da1e86ac8612f6212a32d72
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 18 22:38:40 2021 +0200
avformat/ftp: Check for av_strtok() failure
Fixes: CID1396258 Dereference null return value
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9d40782088cf969fbadc881e4a97ec22b8ae0177)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=375aa8f5f85c6b905e556a197e38a5edb2f59f71
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 16 20:36:46 2021 +0200
tools/cws2fws: Check read() for failure
Fixes: CID1452579 Argument cannot be negative
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0b3cdd7cc2c63969e144cc3eb39d0c61260509ee)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3ecb97e45bff369ac604a4025a3f53cee484c0a8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 21 22:59:04 2021 +0200
avcodec/cpia: Fix missing src_size update
Fixes: out of array read
Fixes: 35210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5669199688105984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cea05864e65db9a2dc8af82b2c63fb8f03c5f876)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2eb23b82c850c7558f74abb880c01d6989bc5788
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 24 20:00:05 2021 +0200
avcodec/utils: Use 64bit for intermediate in AV_CODEC_ID_ADPCM_THP* duration calculation
Fixes: signed integer overflow: 486539264 * 14 cannot be represented in type 'int'
Fixes: 35281/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6068262742917120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 00ae9b77ef757f82660b4b3d2f490374a4f209fd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=153833e42cfd0b6e0423288b0ffb8522c9dfb7e3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 26 22:35:37 2021 +0200
avformat/rmdec: Check old_format len for overflow
Maybe such large values could be disallowed earlier and closer to where
they are set.
Fixes: signed integer overflow: 538976288 * 8224 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6704350354341888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 06d174e289eb185f03a34a738965f0042f39c038)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=090e2d16809e3b52fbc7d1e4a2d1c568f4d1c263
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 20:45:10 2021 +0200
avformat/realtextdec: Check the pts difference before using it for the duration computation
Fixes: signed integer overflow: 5404200000 - -9223372031709351616 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-6737340551790592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fe12aa689003db9b07a6e1b837031dcc57a71435)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0602cf0ce3d9d3629bd9dca9756c9f8ca5d8c8b4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 20:16:38 2021 +0200
avformat/qcp: Avoid negative nb_rates
Fixes: signed integer overflow: 2 * -1725947872 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_QCP_fuzzer-6726807632084992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b865cc703d29cb307e1fa628aa02940d54eb42a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5ae0f402debdb3e3d9e0e1e01d93bff0b877ca98
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 20:01:03 2021 +0200
avformat/nutdec: Check tmp_size
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6739990530883584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1ca00b5e44f21840b608e238fa135a1aab6e576b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=159ec5a6abcd6dc39683e1a9f540e4e40f2d4f8f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 19:54:19 2021 +0200
avformat/msf: Check that channels doesnt overflow during extradata construction
Fixes: signed integer overflow: 2048 * 1122336 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6726959600107520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a1a277926b49dad60d9e78c6c7a8c6b5d0d6d7c9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c65e5a1933427e35df0f58d0829f75de0cb2f037
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 24 17:42:19 2021 +0200
avformat/mpc8: Check for position overflow in mpc8_handle_chunk()
Fixes: signed integer overflow: 15 + 9223372036854775796 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6723520756318208
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6739833034768384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8ef25d118246bf443900033fb3588dba628d11b0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7a62ddb3cdfd63bd59f5d80a39b8f3a034ad7728
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 24 15:41:16 2021 +0200
avformat/iff: Use 64bit in duration computation
Fixes: signed integer overflow: 588 * 16719904 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6748331936186368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 93d964689c3b2bae26e6e3f502c1ffc4c2e46989)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d4755459b3b929f547ec7c9af4f5f5fcb15aeb5c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 24 13:08:24 2021 +0200
avformat/dxa: Check fps to be within the supported range more precissely
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: assertion failure
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6744985740378112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6ea494befcb5d944ce8275e6f59de1a24c25ffb6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e618928e40a345b4e6cbda08a6452d07483c5895
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 4 22:52:41 2021 +0200
avcodec/iff: Only write palette to plane 1 if its PAL8
Fixes: null pointer passed as argument 1, which is declared to never be null
Fixes: 33791/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5107575256383488.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 216eb60b853e9a230c1238ab7d1c63d3fa892d34)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ba0f5aa4cb72d956b90b2d521d40bcd3f30aefdc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 4 18:34:44 2021 +0200
avformat/tta: Check for EOF in index reading loop
Fixes: OOM
Fixes: 33585/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-4564665830080512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b72d657b73b2aa4a2a2f72f613199e6080ad48c0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aee1476099b08992f12b75c6fe1e52c72e1b5b95
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 17 18:37:01 2021 +0200
Update missed irc links
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c067d20177613e9cf74bcbd2a26e729ef7ababdb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9274418fe8bb1e936f6c3227a99326286dd723a9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 10 20:35:43 2021 +0200
avformat/rpl: The associative law doesnt hold for signed integers in C
Add () to avoid undefined behavior
Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long'
Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 480f11bdd713c15e4964093be7ef0adf5b619cc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f28e32486eed2802a4290a964a52863abc2d32d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 9 21:25:58 2021 +0200
avcodec/faxcompr: Check available bits in decode_uncompressed()
Fixes: Timeout
Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Fixes: 34966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4587409334468608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ff56c139e07a4de2803b974b6595f6b71fbf53bd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40053dc0bc992f430c22dd80d37b7602cc878934
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 9 21:20:04 2021 +0200
avcodec/faxcompr: Check if bits are available before reading in cmode == 9 || cmode == 10
Fixes: Timeout
Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7d8421e3d5bc1300687a65384baccbcb3874b7ac)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6bbacb011a4c784edbfd4b7c6026fb222e57d003
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 28 16:50:13 2021 +0200
avcodec/utils: do "calc from frame_bytes, channels, and block_align" in 64bit
Fixes: signed integer overflow: 104962766 * 32 cannot be represented in type 'int'
Fixes: 33614/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6252129036664832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3447979d08d701581a65f7275425cb1a59302319)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=628a1682e9438c3bd119c915d2e7ae986c639239
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 8 20:10:56 2021 +0200
avcodec/ttadata: Add sentinel at the end of ff_tta_shift_1
Fixes: out of array access
Fixes: 34933/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5629322560929792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dbbcfbcc4e4f0e91f814f2e13ced7b6d99069518)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=58bbb40b720682d12d3ea94cf3f43bf29bec5c55
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 5 20:00:38 2021 +0200
avfilter/vf_dctdnoiz: Check threads
Fixes: floating point division by 0
Fixes: Ticket 8269
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4a3917c02c428b11128ac3d4a01b780ea44aa53c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a2d45c6b9a8fb713a48c282075105f99c9f27f3b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 5 19:54:45 2021 +0200
avfilter/vf_ciescope: Fix undefined behavior in rgb_to_xy() with black
Fixes: floating point division by 0
Fixes: undefined behavior in handling NaN
Fixes: Ticket 8268
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3d500e62f6206ad11308b18976246366aed8c1a5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=226d608e952f65b0ffd11708a9ed8e8cd1fcf831
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 3 22:46:05 2021 +0200
avformat/rpl: Check for EOF and zero framesize
Fixes: Infinite loop
Fixes: 34751/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5439330800762880
Fixes: 34774/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5851571660390400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a0a4a527c3b0819368d9b148542bb7663f39df79)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e36b0d55a9d2fc6e117972372e9e5d3382c3dd7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 31 21:40:17 2021 +0200
avcodec/vc2enc: Check for non negative slice bounds
Fixes: invalid shifts
Fixes: Ticket 8221
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f7862e82686b347eb6a9e64fa7ccdf25d5a76b4b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5f44a99a603bf3d95d56cd574ea7aee99d43485b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 26 22:43:51 2021 +0200
avformat/rpl: Use 64bit in bitrate computation and check it
Fixes: signed integer overflow: 777777776 * 4 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6726188921913344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 29b244ffc15abe2c24d2145f63048e8b3bdaa303)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3f8ddabde93acc67e6fcb5a0d35cb7a515d7272
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 30 18:09:37 2021 +0200
avcodec/svq1enc: Do not print debug RD value before it has been computed
Avoids floating point division by 0
Fixes: Ticket8191
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c297f7e57a223da9f0d350e30456d60c8c87f902)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=92f83a21472f4b954aa3e96fa948b15591ea2dd6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 17:50:27 2021 +0200
avcodec/aacpsy: Check bandwidth
Fixes: Ticket8011
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 36dead4bc28ca8aab13c61661f28c68bdefa5e9d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bcab3700dfaf765e2df068fc0f7c3679bc1aec42
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 17:49:22 2021 +0200
avcodec/aacenc: Do not divide by lambda_count if it is 0
Avoids Floating point division by 0
Fixes: Ticket8011
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c520b986915a3fdf3a20f6ce0ad5833eccfb7a91)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0c71bd5ebf113f14e80af856b34d81a4e46dda81
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 1 10:07:05 2021 +0200
avcodec/aacenc: Use FLT_EPSILON for lambda minimum
(cherry picked from commit 4b89cf7aa49191c7f8a5ae6e9cf6cfc79ff4ee5e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed9f251a5dd3a1ae4c65c44e4f1878c8ff815907
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 22:42:54 2021 +0100
avformat/cinedec: Fix index_entries size check
Fixes: out of array access
Fixes: 29868/clusterfuzz-testcase-minimized-ffmpeg_dem_CINE_fuzzer-5692001957445632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1c5391ce1c34824d29794ee827aa6d5e984a14b6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 11:17:35 2021 +0200
avfilter/vf_yadif: Fix handing of tiny images
Fixes: out of array access
Fixes: Ticket8240
Fixes: CVE-2020-22021
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7971f62120a55c141ec437aa3f0bacc1c1a3526b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bb08ee0c6fb7bdebd37cbf00aefed206909e8f78)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c2ae30188823e6c25183283607495c3bc1584a8e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 09:58:31 2021 +0200
avfilter/vf_vmafmotion: Check dimensions
Fixes: out of array access
Fixes: Ticket8241
Fixes: Ticket8246
Fixes: CVE-2020-22019
Fixes: CVE-2020-22033
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 82ad1b76751bcfad5005440db48c46a4de5d6f02)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a4a70c156850dfbf1362736e5bc5ac07162a7129
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 09:22:27 2021 +0200
avformat/movenc: Check pal_size before use
Fixes: assertion failure
Fixes: out of array read
Fixes: Ticket8190
Fixes: CVE-2020-22015
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4c1afa292520329eecd1cc7631bc59a8cca95c46)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3d97ab7dad9f3fa84ec2e1a0ac2f5697971ddd0e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 28 20:31:19 2021 +0200
avcodec/lpc: Avoid floating point division by 0
Fixes: Ticket7996
Fixes: CVE-2020-20445
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 38d18fb57863bb9c54e68ae44aa780c5c282a184)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f07177cb7165cba55abbf6426345524bf97c5ced
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 28 20:18:25 2021 +0200
avcodec/aacpsy: Avoid floating point division by 0 of norm_fac
Fixes: Ticket7995
Fixes: CVE-2020-20446
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 223b5e8ac9f6461bb13ed365419ec485c5b2b002)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=00446f74ad5d8b89202f5f5234b1720ed3b901a4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 28 21:37:26 2021 +0200
avcodec/aacenc: Avoid 0 lambda
Fixes: Ticket8003
Fixes: CVE-2020-20453
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=95cacdbbca75e18cfad508d2c95beb01abe4502b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 20 20:24:21 2021 +0200
avcodec/exr: x/ymax cannot be INT_MAX
The code uses x/ymax + 1 so the maximum is INT_MAX-1
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 33158/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5545462457303040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 48342aa0750f83006582d1598b5f22297f6dbf83)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fcff15dc06d79f52bdc61b5fb7bf69f76520be57
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 20 21:16:52 2021 +0200
avformat/avio: Check av_opt_copy() for failure
Fixes: CID1477416 Unchecked return value
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f8611ae1efc47fbe1aff140c89bee4fd1d62d3e1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c46b016b1d455266c71a4349142de3d5ee1e8a70
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 15:50:43 2021 +0200
avcodec/vc1: Check remaining bits in ff_vc1_parse_frame_header()
Fixes: Timeout
Fixes: 33156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-6259655027326976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 38c47615880357314ba30727a85bf7b00989706a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ba104475ac5dca2f1e2bbe4802e33e911920510
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 13:37:26 2021 +0200
avformat/mov: Ignore duplicate CoLL
Fixes: memleak
Fixes: 32146/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5377612845285376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9548dc74d8db2bc002e1195dbd076f621f5c3ea1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=34880e35418b5fed42281adf1c8bb6e92ad2dce3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 13:30:17 2021 +0200
avformat/mov: Limit nb_chapter_tracks to input size
Fixes: Timeout (15k loop iterations instead of 400m)
Fixes: 31368/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6601583174483968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 299a56c9006b2eb8807c3e3efefb91a78fe6b3b2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=78f4185041523dced28fcee73f7934d76c442d61
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 12 22:33:06 2021 +0200
avformat/utils: Use 64bit earlier in r_frame_rate check
Fixes: signed integer overflow: 1406796319 * 2 cannot be represented in type 'int'
Fixes: 32777/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5632576913014784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 578633fc1ac8c02a36a706bd71f775550412d1e1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1c48b56a0ea8aea8ff061735ef176bc2a88ab8e5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 28 16:44:13 2021 +0200
avformat/mvdec: Check sample rate in parse_audio_var()
Fixes: signed integer overflow: -635424002382840000 * 16 cannot be represented in type 'long'
Fixes: 33612/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5704741108711424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0ff60249a57cba00ab679ca6190a802cc0c7b9c7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4da6a183950b17c985896a40ab1caca163bf5513
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 28 16:58:50 2021 +0200
avcodec/faxcompr: Check for end of bitstream in decode_group3_1d_line() and decode_group3_2d_line()
Fixes: infinite loop
Fixes: 33674/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4816457818046464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 08d2df41538b583932c1a6772e3c8978a2334107)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=78da48bb741cdcd1adfa3ea99ba96bd5e2add3d4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Apr 29 21:21:27 2021 +0200
avcodec/utils: treat PAL8 for jpegs similar to other colorspaces
Fixes: out of array access
Fixes: 33713/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5778775641030656
Fixes: 33717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4960397238075392
Fixes: 33718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-5314270096130048.fuzz
Fixes: 33719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5352721864589312
Fixes: 33721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5938892055379968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f0ce023ddb8863d16ab650fcc0731851a55db084)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2a5d44e3cb461a172e4bbb86de1fd9ee9ad42a32
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 2 15:49:55 2021 +0200
avcodec/jpeglsdec: Set alpha plane in PAL8 so image is not 100% transparent
Fixes: tickets/3933/128.jls
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 011006874cb46325b6bc83234f81879ff421c05f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0a123f3b676733e9b9dba5b6cb27bd8590fb3824
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 17:16:20 2021 +0200
avformat/asfdec_o: Use ff_get_extradata()
Fixes: OOM
Fixes: 27240/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5937469859823616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 098314e1e5142aa2b53dc5371a9d01eb09ddd30f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=13a3dc95b913fc35229f909e75b687acf183e6dc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 20:23:44 2021 +0200
avformat/id3v2: Check end for overflow in id3v2_parse()
Fixes: signed integer overflow: 9223372036840103978 + 67637280 cannot be represented in type 'long'
Fixes: 33341/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6408154041679872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit efdb56450418933965dc6e27f0b1625d25e44a8c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=069ea22b51dda3b346842039d0357a6f84c99124
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 20:23:41 2021 +0200
avformat/wtvdec: Improve size overflow checks in parse_chunks()
Fixes: signed integer overflow: 32 + 2147483647 cannot be represented in type 'int
Fixes: 32967/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5132856218222592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f8ec1da8ac8e3daf2403e744f166ea9557b2d333)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7cd4ac4b2d29c4875f79a281dbbe145bdf2d1c4a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Apr 15 20:08:22 2021 +0200
avcodec/faxcompr: Check remaining bits on error in decode_group3_1d_line()
Fixes: Timeout
Fixes: 32886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4779761466474496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b3881f0da6da00cb6b5b123328e2fbfca936c47)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=175c3a090471dc198aaa0f3cd36f593fd4f2e690
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 10 20:32:55 2021 +0200
avcodec/utils: Check ima wav duration for overflow
Fixes: signed integer overflow: 44331634 * 65 cannot be represented in type 'int'
Fixes: 32120/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-5760221223583744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f40e9b13554d88cbdd6cd2b4a3da2cbea9590f5d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b4eeac2a1bb3b061783bfcb203c968413d1ccb70
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 9 22:46:13 2021 +0200
avformat/cafdec: Check channels
Fixes: signed integer overflow: -1184429040541376544 * 32 cannot be represented in type 'long'
Fixes: 31788/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6236746338664448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 641c1db22bb27752b925293ad93f68843baa43bf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6128c6f3384052696d97ffacfc79d5d374eb3991
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 11 21:04:12 2021 +0200
avcodec/dpx: Check bits_per_color earlier
Fixes: shift exponent 251 is too large for 32-bit type 'int'
Fixes: 32147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-5519111675314176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c093eb30311b7148a4da1c7555498187c8cdf0db)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f4916e5c97d89ece33e96e7fe850f84d89559a76
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 30 13:22:14 2021 +0200
avcodec/pnm_parser: Check image size addition for overflow
Fixes: assertion failure
Fixes: out of array access
Fixes: 32664/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6533642202513408.fuzz
Fixes: 32669/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6001928875147264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 79ac8d55468adc9cb9a0908e671807a2a789b7d0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3264d9f546ae6025f4892a4da1d0ad222bca1bc1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 30 11:03:56 2021 +0200
avformat/rmdec: use larger intermediate type for audio_framesize * sub_packet_h check
Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
Fixes: 31406/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5024692843970560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cf2fd9204b3c707d9e414583b043ee88b8e8c52e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5911f7bbf1df4c44e4cca660c9b34b669778c641
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 20 14:36:28 2021 +0100
avcodec/h264_slice: Check input SPS in ff_h264_update_thread_context()
Fixes: crash
Fixes: check_pkt.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ceae92cb291c2536a93482cdf3c1ae3f7330b924)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9689bc0c5c5c527e628ddb4de13d6708c2815f36
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 22 15:22:35 2021 +0100
avcodec/mpegvideo: Update chroma_?_shift in ff_mpv_common_frame_size_change()
Fixes: out of array access
Fixes: 31201/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4627865612189696.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 87d87e6587deec1fa8ed5f5c6901535becdb0358)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e6d3ace07ea8b0fc1a2a0a7d7fa7ac66b5c9e98f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 24 17:03:08 2021 +0100
avformat/mov: Ignore multiple STSC / STCO
Fixes: STSC / STCO inconsistency and assertion failure
Fixes: crbug1184666.mp4
Found-by: Chromium ASAN fuzzer
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2611d20d353026f996cb9aaced8b35db37f490d4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c9eaff60c12628c697f178e9b2474980d276e84
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 2 17:29:23 2021 +0100
avformat/utils: Extend overflow check in dts wrap in compute_pkt_fields()
Fixes: signed integer overflow: -9223372032574480351 - 4294967296 cannot be represented in type 'long long'
Fixes: 30022/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5568610275819520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b37ff29e0e093b15585e9fb44bbd82bdf14b5230)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5ca2ee38e805b9242360020241ed8f01be89c05b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 19 21:43:45 2021 +0100
avfilter/vf_scale: Fix adding 0 to NULL (which is UB) in scale_slice()
Found-by: Jeremy Leconte <jleconte at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1cf96ce269364e3c2b4ec2097f121ad42b336839)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8adb20d3de90411c8cba39e058ca83547788f25f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 15 09:47:43 2021 +0100
avutil/common: Add FF_PTR_ADD()
Suggested-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 522a5259e9cc17faf1f83c9cfb93c960a2ecf8a2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bc4a1f63fb3d30c8974a6fdcd821108f95d8a36b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 4 00:30:45 2021 +0100
avformat/wtvdec: Check size in SBE2_STREAM_DESC_EVENT / stream2_guid
Fixes: signed integer overflow: 539033600 - -1910497124 cannot be represented in type 'int'
Fixes: 30928/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5922630966312960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1f74661543c0c336e88846f90608fda7bd12deac)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=578b4ce853b86ca19a9c4f5f2ca5fe9e26c95976
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 4 19:21:35 2021 +0100
avformat/cafdec: Do not build an index if all packets are the same
Fixes: Timeout
Fixes: 28214/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6495999421579264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ea12590c8ecc1e3c4c7732e5adced21fb5feffa6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=843437a14a1b9518738d551aeeaec48e7eea2591
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 10 23:05:17 2021 +0100
avcodec/sonic: Use unsigned temporary in predictor_calc_error()
Fixes: signed integer overflow: -2147471366 - 18638 cannot be represented in type 'int'
Fixes: 30157/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5171199746506752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 075d793ba87635b77f8302d8a454fa681f90d267)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f5e2d548f13d211759f5fc45a7f17520dc2686cb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Feb 11 22:58:53 2021 +0100
avformat/flvdec: Check array entry number
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 30209/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-5724831658147840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b5d8fe1c874947ca67ee8117b18f8052f0e590fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=564a4331fdb511820eda8eb40fa72cfd607a2ba2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 20 17:02:36 2021 +0100
avcodec/h264_slice: Check sps in h264_slice_header_init()
Fixes: null pointer dereference
Fixes: h264_slice_header_init.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Tested-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 80472438996ed1928b30f6ac4e0d17a492de2cdf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c932b82cc9bb57071d8eda9dd5151383963a9559
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 18 18:01:52 2021 +0100
avformat/movenc: Avoid loosing cluster array on failure
Fixes: crash
Fixes: check_pkt.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5c2ff44f915d6ceeea36a2f99e534562764218dd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=225d542c34e668982c712b0f628f455803f14a55
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 18 10:59:19 2021 +0100
avformat/avidec: Check for dv streams before using priv_data in parse ##dc/##wb
Fixes: null pointer dereference
Fixes: 31588/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6165716135968768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f733688d30021587c3f3a1b280d6ece8b04f26ff)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cf88ca01da0e98992f1dddcf9ce3cfc35353d5a0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 17 23:39:04 2021 +0100
avformat/mov: Check sample size for overflow in mov_parse_stsd_audio()
Fixes: signed integer overflow: 2 * 1914708000 cannot be represented in type 'int'
Fixes: 31639/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6303428239294464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d35677736a59ec6579b4da63d9b1444986ba339e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6114ba9ee17951ebeebf52422faecaee54255521
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 5 20:27:50 2021 +0100
avcodec/ffwavesynth: Avoid signed integer overflow in phi_at()
Fixes: signed integer overflow: 2314885530818453536 - -9070214327174160352 cannot be represented in type 'long'
Fixes: 31000/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-6558389742206976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit be08b84f8bb7acc0c45800c7f488399327a22961)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c3e6406244201ba3886cf2d0df99b84a3411cd4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 19 16:30:08 2021 +0100
avcodec/mpeg4videoenc: Check extradata malloc()
Fixes: Null pointer dereference
Fixes: any mpeg4 testcase which fails the malloc at that exact spot
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33a1687bf623cdd5c6ffe8f63024d22ed20b4ead)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=36ee2ff37aa6c856e9f6d26136e4d00836076aa1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 17 13:14:39 2021 +0100
avcodec/speedhq: Width < 8 is not supported
Fixes: out of array access
Fixes: 31733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4704307963363328
Fixes: 31736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-6190960292790272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 462b8261aa3c4f9844b2e050c74b9a2018e3649d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f7e195bdd31820fa5eed0aa935798658956f214c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jan 29 21:18:36 2021 +0100
avformat/matroskadec: Check for EOF in resync loop
Fixes: Timeout (too long -> instantly)
Fixes: 29136/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4586141227548672
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5282147d0c92ac821e85b93e2db6704f4720e0c1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e9871b10a9f0f38d227147fa90e2b95fbcbe4bab
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 1 19:55:03 2021 +0100
avcodec/utils: Use more bits for intermediate for AV_CODEC_ID_ADPCM_MS
Fixes: signed integer overflow: 1172577312 * 2 cannot be represented in type 'int'
Fixes: 29924/clusterfuzz-testcase-minimized-ffmpeg_dem_BOA_fuzzer-4882912874594304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0f441b9063281d8ef5d4c30b10379d08aad8924f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5e01c257411364511a5259d51a21fec0ffbe7575
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 2 20:07:13 2021 +0100
avcodec/jpegls: Check A[Q] for overflow in ff_jpegls_update_state_regular()
Fixes: Timeout
Fixes: 30912/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5556235476795392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8a3fea802a3e4274dbe084d372ec8aeab3932b3e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fcc7bc3cd5df67cc30aa5685c3b9424001690fd9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 2 20:47:06 2021 +0100
avformat/voc_packet: prevent remaining size from becoming negative in ff_voc_get_packet()
Fixes: memleak
Fixes: 30909/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4886284057313280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 337984c13327bc67e1e9e3e9bfd743cfbfbc42f8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=862b1ca108f03d372b5353ad639fcb821831a3dc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 1 13:44:12 2021 +0100
avutil/timecode: Avoid fps overflow
Fixes: Integer overflow and division by 0
Fixes: poc-202102-div.mov
Found-by: 1vanChen of NSFOCUS Security Team
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c94875471e3ba3dc396c6919ff3ec9b14539cd71)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=87a22936cb55b04702403a98d64079d37d886171
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 22 20:20:48 2021 +0100
avformat/mvi: Check audio size for more overflows
Fixes: left shift of negative value -352256000
Fixes: 30837/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5755626262888448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 403b35e16e16a8c4a13e531ccdc23598f685ca20)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=44ab20a67853069738d93888701b70761138a02c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 9 00:55:38 2021 +0100
avcodec/flacdec: Avoid undefined shift in error case
Fixes: flac_1040988
Reported-by: Thomas Guilbert <tguilbert at google.com>
Reviewed-by: Thomas Guilbert <tguilbert at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bd525e2876bef428e896b8da5e5b5507451f4ed5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a477cc0379a439e51dc15922fdd9bd53c0b7c38d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 21:22:11 2021 +0100
avcodec/ffv1dec: Check if trailer is available
Fixes: out of array read
Fixes: 29750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-4808377272238080.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 36ad2f41e30ad9f2a8ead76e0b1526b9712f0925)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec0531808ec322fc18fc79a77edef9009ad2eeb9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 9 21:39:30 2021 +0100
avcodec/4xm: Check pre_gb in decode_i_block()
Fixes: Timeout
Fixes: 31257/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5150866229297152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b87781649e2862d07fcb8d322289d89b47a530b6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e7da859daab2a9948e59f96e00b30bc0e969a71f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 30 19:09:36 2021 +0100
avcodec/dcadsp: Fix integer overflow in dmix_add_c()
Fixes: signed integer overflow: 1515225320 + 759416059 cannot be represented in type 'int'
Fixes: 29256/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DCA_fuzzer-5719088561258496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b4ebf483bcbf2e5db6bd29607142741f62598b4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=89e3962271d0f703f226de8d827f62e79def32e0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 26 16:50:10 2021 +0100
avformat/flvdec: Check double before cast in parse_keyframes_index()
Fixes: -2.21166e+304 is outside the range of representable values of type 'long'
Fixes: 29169/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5725452796821504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 09e5e406c7b9d7c1ee97ebae1476a2f68e6a90d1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3d5698106a16c6ba84949d3f1d2557c78e1c1e9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 20 00:11:34 2021 +0100
avformat/paf: Check for EOF before allocation in read_header()
Fixes: OOM
Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bcb1e9d3b9b97359e01e5978067c8ee558efa8b4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=15321c10b6e5772e7e874ac4e1b8a4feec90a872
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 20 23:56:43 2021 +0100
avcodec/aacdec_template: Avoid undefined negation in imdct_and_windowing_eld()
Fixes: negation of -2147483648 cannot be represented in type 'INTFLOAT' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 29057/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5642758933053440
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 633924539aae73714facf31aa7001d01e8be48a1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e4f149a26f8f47274a7cfccef892cf09d4a7b6d8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 22:08:25 2021 +0100
avformat/lxfdec: Fix multiple integer overflows related to track_size
Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_LXF_fuzzer-6634030636335104
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7819412f4468514a2bab924291d79806a569388c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=af1a0cedb22c287cdc79f230082d9fec87a9823a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 25 00:23:12 2020 +0200
avcodec/exr: skip bottom clearing loop when its outside the image
Fixes: signed integer overflow: 1633771809 * 32960 cannot be represented in type 'int'
Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ae9919bb6c0b45973aba012f86ba42486a7e25bb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 3 10:49:04 2021 +0100
avformat/aiffdec: Check that SSND is at least 8 bytes
Fixes: Infinite loop
Fixes: 30874/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5933710488764416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 460d3dc41f57a6dcefbd72db6e2e368fee05340b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a072c4a1789941b5968e264f33099b6f8a1d18cb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 3 10:49:03 2021 +0100
avformat/dcstr: Check sample rate
Fixes: signed integer overflow: -1300248894420254720 * 16 cannot be represented in type 'long'
Fixes: 30879/clusterfuzz-testcase-minimized-ffmpeg_dem_DCSTR_fuzzer-5094464215449600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fdcb966f4a3c6f872891b8dd554e3652b9e02d4f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3cac14fb92075cb9385c35bcd5b2a619ac968d1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 1 23:24:37 2021 +0100
avcodec/alsdec: Check bitstream input in read_block()
Fixes: Timeout
Fixes: 28110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5036338973507584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 53d739db4e528388fae89459e887a633ffbce12c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=07b08082f023c7e373e8324617d515dd08339795
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Dec 13 00:08:46 2020 +0100
avformat/mov: Extend data_size check in mov_read_udta_string()
Fixes: signed integer overflow: -2147483634 - 16 cannot be represented in type 'int'
Fixes: 28322/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5711888402612224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 74c4c539538e36d8df02de2484b045010d292f2c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=da70d471ad830c0b6acfb4f31163dbeddcfd3322
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 12 01:24:42 2020 +0100
avformat/voc_packet: Add a basic check on max_size
Fixes: signed integer overflow: -2147483648 - 4 cannot be represented in type 'int'
Fixes: 28127/clusterfuzz-testcase-minimized-ffmpeg_dem_VOC_fuzzer-4880586455646208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 52f75181bfada2b4b127e744674591c7753c4b7d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f59e526e09c0f4888045566c9bf315efd047b6ca
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 11 01:06:46 2020 +0100
avformat/microdvddec: use 64bit for durations
Fixes: signed integer overflow: 7 - -2147483647 cannot be represented in type 'int'
Fixes: 28036/clusterfuzz-testcase-minimized-ffmpeg_dem_MICRODVD_fuzzer-5171698751766528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f569ac4ce0514bf4e0dd768c5ed007c82548d326)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5422b33281f75aff1f449e3d78e740f224f07900
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 19 21:16:25 2021 +0100
avcodec/hapdec: Change compressed_offset to unsigned 32bit
Fixes: out of array access
Fixes: 29345/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5401813482340352
Fixes: 30745/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5762798221131776
Suggested-by: Anton
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 89fe1935b18621af06587c76bcde6adcdc8f2249)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=93bb05f77f7185a17ee11ce40fed1f2300be31b6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 15 20:52:17 2021 +0100
avformat/rmdec: Check codec_length without overflow
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 30333/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5175286983426048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d558c9f2375fd2136d20422cb1119cfbf872abeb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=947ce7cca0468620055495c99d1578a8d360c792
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 15 20:41:31 2021 +0100
avformat/mov: Check element count in mov_metadata_hmmt()
Fixes: Timeout
Fixes: 30325/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6048395703746560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1d277b92fa4c149d589e6828d4e18ad578406f1f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7fd5a96f7faf8225395357e4c96758a438898188
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 2 19:28:15 2021 +0100
avcodec/fits: Check gcount and pcount being non negative
Fixes: signed integer overflow: 9223372036854775807 - -30069403896 cannot be represented in type 'long'
Fixes: 30046/clusterfuzz-testcase-minimized-ffmpeg_dem_FITS_fuzzer-5807144773484544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c000a9128815e7cee4316dc45605259bbaa138ff)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7901a7ed2047c128bd2fad1d71b6302255c36b91
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 19 00:00:40 2020 +0100
avformat/nutdec: Check timebase count against main header length
Fixes: Timeout (long -> 3ms)
Fixes: 28514/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6078669009321984
Fixes: 30095/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-5074433016463360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c425198558826795d94af45eeb9d94e4436c9a0f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b36248fe61953512b36b8b4e58f784e3b163f0c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Feb 11 22:40:21 2021 +0100
avformat/electronicarts: Clear partial_packet on error
Fixes: Infinite loop
Fixes: 30165/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6224642371092480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 59bb9dc2a670cbe5d659585392b6d79f7bb6d40f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7fed68e63ba2a438690a96e53585efd7976d2a34
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 10 23:21:53 2021 +0100
avformat/r3d: Check samples before computing duration
Fixes: signed integer overflow: -4611686024827895807 + -4611686016279904256 cannot be represented in type 'long'
Fixes: 30161/clusterfuzz-testcase-minimized-ffmpeg_dem_R3D_fuzzer-5694406713802752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7a2aa5dc2af6c4fc66aaedd341b0886fbc746f0d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7d1d375245dfe96abd712f722281faf639c97033
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 10 22:28:20 2021 +0100
avcodec/pnm_parser: Check av_image_get_buffer_size() for failure
Fixes: out of array access
Fixes: 30135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-4997145650397184
Fixes: 30208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5605891665690624.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5314a4996cc76e2a8534c74a66f5181e95ac64fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5bd10bb5f6abab4872ef648d409f5a28609fa671
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 24 00:22:39 2020 +0100
avformat/wavdec: Consider AV_INPUT_BUFFER_PADDING_SIZE in set_spdif()
The buffer is read by using the bit reader
Fixes: out of array read
Fixes: 27539/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5650565572591616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0a7c648e2d85a59975cc88079975cf9f3306ed0a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=73c963692e78a7f15bfa09f19cf2f86860fb36fc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 30 22:04:37 2020 +0100
avformat/rmdec: Check remaining space in debug av_log() loop
Fixes: Timeout (long -> 2 ms)
Fixes: 26709/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5665833403285504
Fixes: 27522/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-6321071221112832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a8fe78decd700afec461f06df4ce0d36f3e9cc4b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bbdd7670535d66f65c2ad22c72316b1f59053881
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Nov 23 21:42:23 2020 +0100
avformat/flvdec: Treat high ts byte as unsigned
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 27516/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5152854660349952
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f514113cfa9fc44d80086bb2a2b783e8026dc3a9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=27a9a8187542cc66d1ff502b2aefcc34586163a0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 17:00:38 2021 +0100
avformat/samidec: Sanity check pts
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 29743/clusterfuzz-testcase-minimized-ffmpeg_dem_SAMI_fuzzer-5499256859394048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2014b0135293c41d261757bfa1aaba51653bab8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=69ffdd28c430a8375a2b19a34987df944832c632
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:30:59 2021 +0100
avformat/avidec: Use 64bit in get_duration()
Fixes: signed integer overflow: 2147483424 + 8224 cannot be represented in type 'int'
Fixes: 29619/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5191424373030912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a0ceb0cdd41b56241697cd8f83e22cdb4822d2d9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=58b0d89f959ef4016000ba8582212e638b667756
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:28:08 2021 +0100
avformat/mov: Check for duplicate st3d
Fixes: memleak
Fixes: 29585/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6594188688490496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 658f0606cba0f866714cbe09af30ec40c4168930)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=69fc4a7cae8da3734185ccede0a17ab2f4371195
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:19:42 2021 +0100
avformat/mvdec: Check for EOF in read_index()
Fixes: Timeout
Fixes: 29550/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5094307193290752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6c64351bb1f4dc148069a37754b746fcd4c784cf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2813037bd0f057e110e321eced019d549e5d8b40
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 30 19:37:52 2021 +0100
avcodec/jpeglsdec: Fix k=16 in ls_get_code_regular()
Fixes: Timeout
Fixes: left shift of 33046 by 16 places cannot be represented in type 'int'
Fixes: 29258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-4889231489105920
Fixes: 29515/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-6161940391002112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 980900d991606cbc3747b37d6e83c7aae98cbecc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cc919e40ac00978b01233c3bf301cf763f117485
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:14:03 2021 +0100
avformat/id3v2: Check the return from avio_get_str()
Fixes: out of array access
Fixes: 29446/clusterfuzz-testcase-minimized-ffmpeg_dem_AAC_fuzzer-5096222622875648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 25f240fcb398eb499ca4b70c026a8bb9f2a32731)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4db28ef7c24a4cea4e2eaa807c47a476fded40b9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 14:59:27 2021 +0100
avcodec/hevc_sei: Check payload size in decode_nal_sei_message()
Fixes: out of array access
Fixes: 29392/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4821602850177024.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0791a515d38fd35c1e2a309ec8f4015153687b8c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c58d3ebcf498139e849c0b9b4d923e015e992dcd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:22:53 2021 +0100
libavutil/eval: Remove CONFIG_TRAPV special handling
Fixes: division by zero
Fixes: 29555/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVO_fuzzer-5149951447400448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8574fcbfc7784173347418e09035ff8121574571)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6ada27fe955b1a223cb8993443aef097762b1cbb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 8 14:29:01 2021 +0100
avformat/wtvdec: Check len in parse_chunks() to avoid overflow
Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int'
Fixes: 30084/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6192261941559296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5552ceaf568915e668679f9581e07eb5507cafc4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=201eb0c99495e91e1e30108a27bec41c2c82e648
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Feb 7 21:50:03 2021 +0100
avformat/asfdec_f: Add an additional check for the extradata size
Fixes: OOM
Fixes: 30066/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6182309126602752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2c8cd4490a6ab2742e6ad1ce059b4f4957b39500)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e41c1dde7268e4ea796f63e9bba4bd43dc2ea1cb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 8 14:29:02 2021 +0100
avformat/3dostr: Check sample_rate
Fixes: signed integer overflow: -1268324762623155200 * 8 cannot be represented in type 'long'
Fixes: 30123/clusterfuzz-testcase-minimized-ffmpeg_dem_THREEDOSTR_fuzzer-6710765123928064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7e5034f97e41d3f8112c1f8da3b5274ab99ef6f8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2aa07c6b8e7adb8cb6162d1f44b90549c163321c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 20:41:56 2020 +0100
avformat/4xm: Make audio_frame_count 64bit
Fixes: signed integer overflow: 2099257366 * 2 cannot be represented in type 'int'
Fixes: 27486/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-5112179134824448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 842c268c6436c9e90e689402be138c2e539f7059)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b26360b7f928faeefda36f260eac46d722ceffed
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 19:13:01 2020 +0100
avformat/mov: Use av_mul_q() to avoid integer overflows
Fixes: signed integer overflow: 538976288 * 538976288 cannot be represented in type 'int'
Fixes: 27473/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5758978289827840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f70e1ec0cfa8ae24b224faf522c1d6ca95a42f6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d6258650954e1da6eef77dfd45f5ea7808c7f8ae
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 17:55:12 2020 +0100
avcodec/vp9dsp_template: Fix integer overflows in itxfm_wrapper
Fixes: signed integer overflow: 2147483641 + 32 cannot be represented in type 'int'
Fixes: 27452/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5078752576667648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4dfb7ff528c02afbafba14676c139ecb82164c44)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=270b1a9514ca9a31c72a71ecd52a4e42a893b1c9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 3 00:54:46 2020 +0100
avformat/rmdec: Reorder operations to avoid overflow
Fixes: signed integer overflow: -2147483648 - 14 cannot be represented in type 'int'
Fixes: 27659/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5697250168406016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b12e713b8061cc6a71ec69da946552bc593d5fa7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=64be5589067ba08ecac464299e7887a035e2575a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 3 00:31:07 2020 +0100
avcodec/mxpegdec: fix SOF counting
Fixes: Timeout (>10sec -> 15ms)
Fixes: 27652/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5125920868007936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 401495def62638a205569cac0f7861c7faba4d18)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c6f65b8711f19fc5f8c18961e8e73ffe4a6dce98
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 00:31:47 2020 +0100
avcodec/rscc: Check inflated_buf size whan it is used
Fixes: out of array access
Fixes: 27434/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RSCC_fuzzer-5196757675540480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
(cherry picked from commit a5ed6da9bdbe32408aabe1c75e4b55fcaeec1e9b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=90a723f134385e75f5c0d3f97e05cc5833c7850b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 2 20:47:10 2021 +0100
avformat/mvdec: Sanity check SAMPLE_WIDTH
Fixes: signed integer overflow: 999999999 * 8 cannot be represented in type 'int'
Fixes: 30048/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5864289917337600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ab82c105787fa81d1e35b9209f3d53e98be936a4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=599b9b89d1bccf2e72a75bc6e546b6ac0a898fa0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 18 23:13:58 2020 +0100
avformat/rmdec: Fix codecdata_length overflow check
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 28509/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-6310969680723968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3c41d0bfd6041890b394a3e6eb2f8da92b83416b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=15e4a29785bc8c04a52540a9b64c6da41fd27c64
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 18 00:31:08 2020 +0100
avcodec/simple_idct: Fix undefined integer overflow in idct4row()
Fixes: signed integer overflow: -1498310196 - 902891776 cannot be represented in type 'int'
Fixes: 28445/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5075163389493248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 57f7e5caa324fd760aa9e134ee963e9936083c59)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f8f71737da44f31ec24dfc63b6095ab45dd305f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 22:57:28 2021 +0100
avformat/tta: Use 64bit intermediate for index
Fixes: signed integer overflow: 42032 * 51092 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-6679539648430080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fd61b42b4c8709a7888fa5c9cce0c19d754e39fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d40aefc2dc6221956d2ca2428aff421a88e1ae63
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 22:52:59 2021 +0100
avformat/soxdec: Check channels to be positive
Fixes: signed integer overflow: 32 * -1795162112 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SOX_fuzzer-6724151473340416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b0588b73daeb0e6a0741f39b33943c67eac71619)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cd6449508401b5f44d3e5f4dbf72be883d984682
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 30 00:46:26 2021 +0100
avcodec/vp3: Check input amount in theora_decode_header()
Fixes: Timeout
Fixes: 29226/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-6195092572471296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 869fe41d1088c4badcd98ee1ca2490451a07b173)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9b43c8d34ad561b9e906e24143b5cacf7019ba5d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jan 29 23:58:04 2021 +0100
avformat/wavdec: Check avio_get_str16le() for failure
Fixes: out of array access
Fixes: 29195/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5037853281222656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d7594ee751e621f6c7ef4d4977c4a3ce169ae0af)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec6eb51ae8fdcd4823500b47160b5e1ae90c4917
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 12 21:54:31 2021 +0100
avformat/flvdec: Check for EOF in amf_skip_tag()
Fixes: Timeout
Fixes: 29070/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5650106766458880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9725d07a1770fbfafe5f7b3f7d95a2a513308538)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=35d9e182b9b711631c91d84bfe20ec23862a8147
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 10 23:01:12 2020 +0100
avformat/aiffdec: Check size before subtraction in get_aiff_header()
Fixes: Infinite loop
Fixes: 27235/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5761398380167168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8af299acde9601e64740b75430960503615873b4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3bdf23b9feaa354d59e4f631dab0d25665231a5b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 12 22:18:59 2021 +0100
avformat/electronicarts: More chunk_size checks
Fixes: Timeout
Fixes: 26909/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6489496553783296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d03f0ec9a1ce9903ae533059d30758bede238e40)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c44aadea591f55598da0c97377598a05aeb6571e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 7 21:11:32 2020 +0100
avformat/tedcaptionsdec: Check for overflow in parse_int()
Fixes: signed integer overflow: 1111111111111111111 * 10 cannot be represented in type 'long'
Fixes: 26892/clusterfuzz-testcase-minimized-ffmpeg_dem_TEDCAPTIONS_fuzzer-5756045055754240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b0f8586ca9853ab3d324ccd3c42bad4375000b0a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=71f0cfd327d6cf13c96ec424fc20dd58eca67cf3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 6 23:42:39 2021 +0100
avformat/nuv: Check channels
Fixes: signed integer overflow: -3468545475927866368 * 4 cannot be represented in type 'long'
Fixes: 28879/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-6303367307591680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fc45d924d7ff6be80e90870540ba35efc290e428)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d96e983f15c496c7df6953f891d588e9254a421
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 24 20:42:27 2020 +0100
avformat/mpc8: Check size before implicitly converting to int
Fixes: Timeout
Fixes: 28551/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6229183210586112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 78d6d8ddb571ecca54616517defbf894a45ea9c3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=38f634ac7f6e9802c6a53680ba85341b714b9edd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 16 22:44:33 2021 +0100
avformat/nutdec: Fix integer overflow in count computation
Note, the value is checked a few lines later already
Fixes: signed integer overflow: -440402016 - 1879048064 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6603876618469376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0014249fd92132515b3ff0ce034dd65e745cb400)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a34dd1d5018578f3cca2573bb672178ac034c39a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 16 22:20:37 2021 +0100
avformat/mvi: Use 64bit for testing dimensions
Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-6649291124899840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 48fb752767086a48e599f9e86d87096f66cc7590)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c3cd65720fcd71b4dcd2450fa997e5d8f88147fb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 16 22:05:53 2021 +0100
avformat/utils: Check dts in update_initial_timestamps() more
Fixes: signed integer overflow: -9223372036853488158 - 90000000 cannot be represented in type 'long long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MPSUB_fuzzer-6696625298866176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 29851cb840c176d514573914799ca6c95f3f4e8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f551bcd6d68e4c4e4ce2acb60a002023c23d3b03
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 26 17:41:28 2021 +0100
avformat/flvdec: Check for avio_read() failure in amf_get_string()
Suggested-by: Anton Khirnov <anton at khirnov.net>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cb316676112c01e8d66420908b6b3d06b3b498e3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=abb8a37bf8f68dc021a6c8bb098cfe6275a15ae7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 23 22:00:40 2021 +0100
avformat/flvdec: Check for nesting depth in amf_skip_tag()
Fixes: out of array access
Fixes: 29440/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5985279812960256.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2ef522c918d48b9f101548b2cadce02003cb3510)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d99234eec2ed3c6445f4673533c3fec9f9f81a07
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 23 21:20:57 2021 +0100
avformat/flvdec: Check for nesting depth in amf_parse_object()
Fixes: out of array access
Fixes: 29202/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5112845840809984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 074e204b42acdacc0a055671481e00914524af93)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f4651936468a40242ca3080e6123be903a0a9a62
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 20 00:00:27 2021 +0100
avformat/asfdec_o: Check for EOF in asf_read_marker()
Fixes: Timeout
Fixes: 26460/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5710884393189376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9e3d09f435f83f9653056b2fecc4d03ac45f3ffd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2d104fd260410ff80ea4a97d83256be1cb396a1b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 21:29:01 2021 +0100
avformat/utils: Check dts - (1<<pts_wrap_bits) overflow
Fixes: signed integer overflow: -9223372036842389247 - 2147483648 cannot be represented in type 'long long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-4845007531671552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d82ee907d6caafbc1212c4b63ecac2dcd30f23b0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=74b28ca1ab554fe96698fc6282086b20bd31f48c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 18:41:41 2021 +0100
avformat/bfi: Check chunk_header
Fixes: signed integer overflow: -2147483648 - 3 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6665764123836416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 638a151a877c27a46c15643db26c9ba726feecde)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec0eb88a3905eaa7e610c869fa71675ddc83146f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 18:38:16 2021 +0100
avformat/ads: Check size
Fixes: signed integer overflow: -2147483616 - 64 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_ADS_fuzzer-6617769344892928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c78b2b138ce222de2f4cecac8fd4361f05ee9428)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fd7d3d60439fb8cf16e0bdc1a82151399fa596d9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 2 00:58:42 2021 +0100
avformat/iff: Check block align also for ID_MAUD
Fixes: Timeout & OOM
Fixes: 28701/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5185094964871168
Fixes: 29116/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4874284795297792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b17ffe8f8f30ba03901bcf7caa6c523e874e8fde)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=03cc7590a91f395c0aa5f67a65bc20491003dd23
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 3 19:21:18 2020 +0100
avcodec/utils: Check for integer overflow in get_audio_frame_duration() for ADPCM_DTK
Fixes: signed integer overflow: 131203586 * 28 cannot be represented in type 'int'
Fixes: 26817/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6296902548848640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2488ba85a0fa5ee4125888258d3d95ce3f03bbb6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f897515f5f3e25edae61e060a4a63d806e52d68e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 3 23:41:36 2020 +0100
avformat/fitsdec: Better size checks
Fixes: out of array access
Fixes: 26819/clusterfuzz-testcase-minimized-ffmpeg_dem_FITS_fuzzer-5634559355650048
Fixes: 26820/clusterfuzz-testcase-minimized-ffmpeg_dem_FITS_fuzzer-5760774955597824
Fixes: 27379/clusterfuzz-testcase-minimized-ffmpeg_dem_FITS_fuzzer-5129775942991872.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 14bbb6bb30a6053e82f865c2d69d1a4dd2297fc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5a2d06862738729e5f17d3efa77e4942eb1040fc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 21 21:41:41 2021 +0100
avformat/mxfdec: Fix integer overflow in next position in mxf_read_local_tags()
Fixes: signed integer overflow: 9223372036854775723 + 8192 cannot be represented in type 'long'
Fixes: 29072/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4812604904177664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d3d9b1fc8e2dfc8b4d66c9916ab7221062ff4660)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d28761462010e2239761524793bbaa9deb3c28d0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Nov 9 21:48:31 2020 +0100
avformat/avidec: dv does not support palettes
Fixes: memleak
Fixes: 26937/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5763003338981376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b373b41d940e3058cdfb3d17703e23ed665353c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=41d3d169b4031e977ea3dfaf76c7353784cc7cb3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Nov 9 19:58:20 2020 +0100
libavformat/utils: consider avio_size() failure in ffio_limit()
Fixes: Timeout (>20sec -> 3ms)
Fixes: 26918/clusterfuzz-testcase-minimized-ffmpeg_dem_THP_fuzzer-5750425191710720
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b1dac2716d713dfd6949b7eb4a3c18c16f1faf6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1f29e97714052553b29d2e60b90b04f137543bde
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 00:07:26 2021 +0100
avformat/nistspheredec: Check bits_per_coded_sample and channels
Fixes: signed integer overflow: 80 * 92233009 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NISTSPHERE_fuzzer-6669100654919680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 60770a50fba0d47203d417b048b37d314918085d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=21b22a76d672f97e214ac5f2f39ac7fe8e47fa71
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 12 21:17:18 2021 +0100
avformat/asfdec_o: Check size vs. offset in detect_unknown_subobject()
Fixes: signed integer overflow: 2314885530818453566 + 7503032301549264928 cannot be represented in type 'long'
Fixes: 26639/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6024222100684800
Alternatively this could be ignored but then the end condition of the loop
would be hard to reach as avio_tell() is int64_t
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0bee216ad454dd7238a03dd9a76428cc6c3233cc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=13c058d51cea4d82acbc0ad9761a7cb853daea17
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Aug 15 22:52:42 2020 +0200
avformat/utils: check for integer overflow in av_get_frame_filename2()
Fixes: signed integer overflow: 317316873 * 10 cannot be represented in type 'int'
Fixes: 24708/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5731180885049344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 03c479ce236955fc329c7f9f4765ee1ec256bb73)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3cd7db6c4f99071df4d06aa8ee862fef5bc32e4b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 28 21:31:16 2020 +0100
avutil/timecode: Avoid undefined behavior with large framenum
Fixes: signed integer overflow: 2147462079 + 2149596 cannot be represented in type 'int'
Fixes: 27565/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5091972813160448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b1905739638c22b476c99c679b41f29fa00bf07)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e239cbcb8620b9983bbd187f0df7c39b88812ba
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 00:07:29 2021 +0100
avformat/sbgdec: Reduce the amount of floating point in str_to_time()
Fixes: 1e+75 is outside the range of representable values of type 'long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6626834808700928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ac6c8993f79eaefb76e1fdf0eef5373ab3a46a4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4f4d738dea0ca8491a78631454d89da09d8f295e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 20:22:48 2020 +0200
avformat/mxfdec: Free all types for both Descriptors
Fixes: memleak
Fixes: 26352/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5201158714687488
Suggested-by: Tomas Härdin <tjoppen at acc.umu.se>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 88519be8db66811e203408b413d9039ac9c3fe91)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=26c82e3038cdb817cafddface5cab6d261e70f88
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 18:01:11 2020 +0200
uavformat/rsd: check for EOF in extradata
Fixes: OOM
Fixes: 26503/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6530816735444992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7186ec88b98bc589f1403985ab10cc7f77461ec8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63ea2114e3f7c9ba28e254960e2cb7ecd605f396
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 4 00:52:47 2020 +0100
avcodec/wmaprodec: Check packet size
Fixes: left shift of negative value -25824
Fixes: 27754/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5760255962906624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 69aeba8a19ac2fa6e1c9bdfb19229b513f314bb1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=226aa33f06230bfbcd759da6227bb645de79d5e5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 26 18:55:08 2020 +0100
avcodec/alsdec: Fix integer overflow with quant_cof
Fixes: signed integer overflow: -210824 * 16384 cannot be represented in type 'int'
Fixes: 28670/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5682310846480384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7ce40dde03ea56684f2cb6b40991a90bc38c3ad9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9b74bbec2e86ba5855d64a5de8619c22b6a79a5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Dec 27 18:47:44 2020 +0100
avformat/mpegts: Fix argument type for av_log
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 654b21ef176a807bf4e8359a4ed52c629d766100)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=607098b74a917a335cc300e471c9318d156db54e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 18 00:48:26 2020 +0100
avformat/cafdec: clip sample rate
Fixes: 1.21126e+111 is outside the range of representable values of type 'int'
Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5412960339755008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 684aec6a6872c9e3bb0afee1979f1cd3edd1f8ce)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6e093adcccfaae663805c74e3c404fcb403d0378
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 19 00:22:04 2020 +0100
avcodec/ffv1dec: Fix off by 1 error with quant tables
Fixes: assertion failure
Fixes: 28447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5369575948550144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5cae71d2b722d0beed4d46f189db42fbb57d877b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3049331a493ed9f7e4f7ca92dbd6fd6c464779f2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 19 00:22:01 2020 +0100
avformat/mpegts: Increase pcr_incr width to 64bit
Fixes: division by zero
Fixes: 26459/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5666350112178176
Fixes: 28154/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5195728439476224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ef7b117b7be8a81d6b245cadf096cbe4b1a12987)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6c179e59338e0ae364468b0ee7444ec7cc1bc588
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 25 19:19:54 2020 +0100
avcodec/utils: Check bitrate for overflow in get_bit_rate()
Fixes: signed integer overflow: 617890810133996544 * 16 cannot be represented in type 'long'
Fixes: 26565/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5092054700654592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8aadae670f28b88e94770262cd1136562bdb2f45)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3b513aa76f774f07ec29c48eba7a8904c41f20
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 25 18:39:45 2020 +0100
avformat/mov: Check if hoov is at the end
Fixes: Timeout, probably infinite loop
Fixes: 26559/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5391165484171264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0afbaabdca2730d3f8d88719d64802d50b92d351)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=339f357bbc5b194db40aa1e365a061c5af546ec1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 18 23:05:22 2020 +0100
avcodec/hevc_ps: check scaling_list_dc_coef
Fixes: signed integer overflow: 2147483640 + 8 cannot be represented in type 'int'
Fixes: 28449/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5686013259284480
Reviewed-by: James Almer <jamrial at gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f1700bd8bb983bb3b56c3a1f8b9078cb62a44f65)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eeb387c9a54c376c4d79b3504a3d3ba19e6b36dc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 11 00:49:23 2020 +0100
avformat/iff: Check data_size
Fixes: infinite loop
Fixes: 27834/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5694930919620608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 001bc594d82f3df67a6e96c6ea022f4e39002385)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=38e6692a31a8cdc9b0ccca3253eb2465123d7d17
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Dec 7 00:37:25 2020 +0100
avformat/matroskadec: Sanity check codec_id/track type
Fixes: memleak
Fixes: 27766/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5198300814508032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b88dd8f0cb48b46f3178d274a9117a3d2307f4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f817e1396ed77405a99310a0f6f7978786a7b2d9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Dec 9 00:49:29 2020 +0100
avformat/rpl: Check the number of streams
Fixes: out of memory access
Fixes: 27787/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4743666463408128.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0677bdb1f522d0d25b47bca3d8e09ece83083678)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d4eaf3346f89490597e280ef9c20c83bf435e96f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Nov 5 22:14:21 2020 +0100
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
Fixes: signed integer overflow: -2105540608 - 2105540608 cannot be represented in type 'int'
Fixes: 26870/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5656647567147008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 51dfd6f1bdb03bfc7574b12e921fb3b8639ba5cf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6996bf684e665887f4e25964a7955a62ac6b5b33
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Nov 5 21:22:13 2020 +0100
avformat/dsfdec: Check block_align more completely
Fixes: infinite loop
Fixes: 26865/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-5649473830912000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 65b8974d54455adc7a462f0f7385b76e1d08101c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8584c6cbf5250b1f324ac55534c8a2e850c61cd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 30 21:50:32 2020 +0100
avformat/mpc8: Check remaining space in mpc8_parse_seektable()
Fixes: Fixes infinite loop
Fixes: 26704/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6327056939614208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f66dd13d08d063e2748d172239df595078ff624)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7dcf0f1ebbfefede61d89ffccf932584fedde034
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 7 21:39:21 2020 +0100
avformat/id3v2: Sanity check tlen before alloc and uncompress
Fixes: Timeout (>20sec -> 65ms)
Fixes: 26896/clusterfuzz-testcase-minimized-ffmpeg_dem_DAUD_fuzzer-5691024049176576
Fixes: 27627/clusterfuzz-testcase-minimized-ffmpeg_dem_AEA_fuzzer-4907019324358656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d7f87a4b9ef18a9846439b7787874cc11e5940de)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8d4d02c13a1e68f8de7647af16f20178d5a1e792
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 1 20:20:02 2020 +0100
avformat/vqf: Check len for COMM chunks
Fixes: Infinite loop
Fixes: 26696/clusterfuzz-testcase-minimized-ffmpeg_dem_VQF_fuzzer-5648269168082944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a834af133b1fe8f29b4075808710ffd98abcac40)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9a523ef89f0538cb0b6d8c694188dfa043264872
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 00:24:01 2020 +0200
avcodec/hevc_cabac: Limit value in coeff_abs_level_remaining_decode() tighter
The max depth is 16bps, the max allowed coefficient depth is depth+6
Fixes: signed integer overflow: 1074266112 + 1073725439 cannot be represented in type 'int'
Fixes: 26493/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657763331702784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7cf852b03c3ae6b61f89614371d2cb308d0b7f86)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9b82853d3ccad8ec2d50b14fb4630b86b74997f7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 23:13:16 2020 +0200
avformat/cafdec: Check the return code from av_add_index_entry()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9dc3301745d8271ae3ba0f1b998d8e6a0aa01bc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a0f3a049e62d3c57ef0f82f0733f465bdc0737ca
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 18 00:58:37 2020 +0100
avformat/cafdec: Check for EOF in index read loop
Fixes: OOM
Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-541296033975500
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit eb46939e3ab3e0e4df69486b1a037bffc50493bd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f7fe3969ef943bb375ac1b16e4fd5915e4096cf3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 23:08:13 2020 +0200
avformat/cafdec: Check that bytes_per_packet and frames_per_packet are non negative
These fields are not signed in the spec (1.0) so they cannot be negative
Changing bytes_per_packet to unsigned would not solve this as it is exported
as block_align which is signed
Fixes: Infinite loop
Fixes: 26492/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5632087614554112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5eed718087f2ba307a3d1d294016d2ebae9230f3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3293cf065ec926fcd00c705b96e6f9537b3f3425
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 30 21:50:32 2020 +0100
avformat/mpc8: correct integer overflow in mpc8_parse_seektable()
Fixes: signed integer overflow: -4683718486770919638 * 2 cannot be represented in type 'long'
Fixes: 26704/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6327056939614208
Fixes: 27550/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6259212652642304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0897402ac8a2045691395380a9fd2ea88c0d3798)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9162b1a60dbd427a3c3a0e2353efae21e9fb9a25
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 3 01:14:26 2020 +0100
avformat/mpc8: correct 32bit timestamp truncation
Fixes: left shift of 65536 by 15 places cannot be represented in type 'int'
Fixes: 26801/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-5164313092030464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ad3e495657eaa24cba9251c2379797c208998201)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=00115573e3030eff57847e1045ec18f0da5adb5c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 24 22:21:48 2020 +0200
avcodec/exr: Check ymin vs. h
Fixes: out of array access
Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344
Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3e5959b3457f7f1856d997261e6ac672bba49e8b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=caefd7a3ba9fd48f1204d9b16a4e619fb85c4aa6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 25 00:23:10 2020 +0200
avformat/avs: Use 64bit for the avio_tell() output
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 26549/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4844306424397824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1278f117d75ab9238ef181ba29b31c6ea569571b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9ca75063eae7a2d755391fcd8c7f5c10255245d0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 14 22:13:52 2020 +0100
avformat/wavdec: More complete size check in find_guid()
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 27341/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5442833206738944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a207df2acb92d6366ab2f0f18ba35709066b8eec)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b9df29a39326f965405324b1cd3034a4366a1bc1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 14 20:59:01 2020 +0100
avformat/iff: Check size before skip
Fixes: Infinite loop
Fixes: 27292/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5731168991051776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8b50e8bc2975fad85e0713e05940ee9ecb5e8a18)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5515c34baf20d9db0d81c611037f7911c86e955c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Nov 13 23:30:47 2020 +0100
avformat/rmdec: Check for EOF in index packet reading
Fixes: Timeout(>10sec -> 1ms)
Fixes: 27284/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6304211110985728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ebf4bc629e6d0dbb4bb6725849bdd06456e4c8af)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ea83351a49ef9e9d39266f5672dd5a0103cc7c9f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 4 01:06:46 2020 +0100
avformat/icodec: Check for zero streams and stream creation failure
Fixes: NULL pointer dereference
Fixes: 26814/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5758487797432320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b33233bd53f74f94f4cd7be0645a99a9549a913e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ee7cdaaa3fb009ff6681a9238a7efa80c7e68bd4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 4 01:06:45 2020 +0100
avformat/icodec: Factor failure code out in read_header()
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 27ee67c00f4402030af3b7477dd5088464d31d80)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1703863faa7dca619d761c0145e1b226a5e89a00
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 31 13:51:47 2020 +0100
avformat/bintext: Check width
Fixes: division by 0
Fixes: 26780/clusterfuzz-testcase-minimized-ffmpeg_dem_ADF_fuzzer-5117945027756032
Fixes: 26998/clusterfuzz-testcase-minimized-ffmpeg_dem_ADF_fuzzer-5119352359354368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f6dc285fb5f30406b275b968ee438a738da799d1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3dc3b959103bac2965fb5ca036bb6b7485558697
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 10 00:04:50 2020 +0100
avformat/sbgdec: Check that end is not before start
Fixes: signed integer overflow: -9223372036854775808 + -5279949906739200 cannot be represented in type 'long'
Fixes: 26908/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6329610851319808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9ef60a66f1f155605049402415bd901c8baf1a24)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3454254eb44b0b40e54eccb97e8e057ac345d2fe
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 8 00:17:09 2020 +0100
avformat/lvfdec: Check stream_index before use
Fixes: assertion failure
Fixes: 26905/clusterfuzz-testcase-minimized-ffmpeg_dem_LVF_fuzzer-5724267599364096.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b1d99ab14f2fd273e678dcb618dabfb38aab91b6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=78f990e9bddfa7ba6d70cb2939b88c36920c733b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Nov 5 20:23:54 2020 +0100
avformat/au: cleanup on EOF return in au_read_annotation()
Fixes: memleak
Fixes: 26841/clusterfuzz-testcase-minimized-ffmpeg_dem_AU_fuzzer-5174166309044224
Regression since: e680d50eb4feddafb2d8575b21fc5fc8764f4801
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d16974c3dd3a05900aa080ea0729284aea358d10)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bec84159901eec2a83e0aace09ce5a8f460ca6d4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 4 01:06:47 2020 +0100
avformat/mpegts: Limit copied data to space
Fixes: out of array access
Fixes: 26816/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-6282861159907328.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 79cf7c71910a69b9f22b3e7ee6508a771262abaf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e51ff9d5fdc096f104213decefcca1eb3432de3d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 31 13:51:47 2020 +0100
avformat/bintext: Check width in idf_read_header()
Fixes: division by 0
Fixes: 26802/clusterfuzz-testcase-minimized-ffmpeg_dem_IDF_fuzzer-5180591554953216.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 442d53f409c8d84c7db120227caac00af54aa884)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=992fd3262d02dc7be51085f9c8acc549870b6adb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 27 21:51:08 2020 +0100
avformat/iff: check size against INT64_MAX
Bigger sizes are misinterpreted as negative numbers by the API
Fixes: infinite loop
Fixes: 26611/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4890614975692800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f291cd681b1235e150464ad83974d60d6879b492)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=774b06e252f04321f7814a7d93523fcace5157e9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 24 20:30:48 2020 +0200
avformat/paf: Check for EOF in read_table()
Fixes: OOM
Fixes: 26528/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5081929248145408
Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 437b7302b09a04e0fbfcd594114b52c5c6d89d32)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=570884a6c4e5c8ddd6f9e993c556e25d4ae1cf06
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 26 21:08:55 2020 +0100
avformat/gxf: Check pkt_len
Fixes: Infinite loop
Fixes: 26576/clusterfuzz-testcase-minimized-ffmpeg_dem_GXF_fuzzer-4823080360476672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dad9a86ca7bf912289aafb33d96980630e6ec53a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=025be7dfca9a9a37dbd4ad7c4d13ba7252db6379
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 26 20:55:31 2020 +0100
avformat/aiffdec: Check packet size
Fixes: Fixes infinite loop
Fixes: 26575/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5727522236661760
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0ba71a72d3a617b255b71988a000d5093222f779)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7186ab2b7dea989210027ae0bf0cd94d3678a856
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 31 23:46:33 2020 +0100
avformat/concatdec: use av_strstart()
Fixes: out array read
Fixes: 26610/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5631838049271808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2610acb49a140901dacbd36c598a5514cf9ade0d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=633f4568be8ac67da7252dd33e304f3a239c20c2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 17 23:50:57 2020 +0200
avformat/wavdec: Refuse to read chunks bigger than the filesize in w64_read_header()
Fixes: OOM
Fixes: 26414/clusterfuzz-testcase-minimized-ffmpeg_dem_FWSE_fuzzer-5070632544632832
Fixes: 26475/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5770207722995712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b2244565ac8cb1eddd085e1a382a893ac03bfb4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=92aece7e5a56c1cc6f2c2cffcd5845e3bfe5ff67
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Oct 21 18:15:53 2020 +0200
avformat/rsd: Check size and start before computing duration
Fixes: signed integer overflow: 100794754 * 28 cannot be represented in type 'int'
Fixes: 26474/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-5181797606096896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c79d8a685182a8d8735887399bf0f3742b020597)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e03a2c7106412f1eea113827901237f800b79809
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Oct 21 22:56:17 2020 +0200
avformat/iff: More completely check body_size
Fixes: infinite loop
Fixes: 26485/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5126561373880320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3588e2e6b05ba92f0907e9ffe263c2e65d53e346)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=48fbee3b44481d18b208fe893e4c2da9999567ca
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Oct 21 19:37:45 2020 +0200
avformat/xwma: Check for EOF in dpds_table read code
Fixes: Timeout (>30 -> 140ms)
Fixes: 26478/clusterfuzz-testcase-minimized-ffmpeg_dem_XWMA_fuzzer-5918147066200064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 44b18a76b8d4e01c7ce62474aaf196857e75e976)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b42f802a3855be7124c6d644e6479214bfca9c8b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 27 17:21:19 2020 +0100
avcodec/utils: Check sample rate before use for AV_CODEC_ID_BINKAUDIO_DCT in get_audio_frame_duration()
Fixes: shift exponent 95 is too large for 32-bit type 'int'
Fixes: 26590/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-5120609937522688
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ec7e0d42884b40ce93b6b5e94de5f7849310f8a0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec94d7545e9a8635721a1ee7ce33f6b156b4347e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 20:29:50 2020 +0200
avcodec/dirac_parser: do not offset AV_NOPTS_OFFSET
Fixes: signed integer overflow: -9223372036854775807 - 48000 cannot be represented in type 'long long'
Fixes: 26521/clusterfuzz-testcase-minimized-ffmpeg_dem_DIRAC_fuzzer-5635536506847232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev at lynne.ee>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 343c3149ab3d77be76f035d3b18bb2b2da48ce1f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e9e5344edf7387b0e2fe42de6064e91e0263d97
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 21:32:59 2020 +0200
avformat/rmdec: Make expected_len 64bit
Fixes: signed integer overflow: 1347551268 * 14 cannot be represented in type 'int'
Fixes: 26458/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5655364324032512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 728330462cadb765307cc132377b6b5d177a225c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=29745dda10f1bcf64bbf59b1184cd8d92db74de3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 21:55:13 2020 +0200
avformat/lrcdec: Clip timestamps
Fixes: signed integer overflow: 7111111111111531010 - -7335632962598013506 cannot be represented in type 'long'
Fixes: 26463/clusterfuzz-testcase-minimized-ffmpeg_dem_LRC_fuzzer-6015558333759488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 80bc2ac3c06319cf85428c58c471d105d25ae987)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=42604d3676c2f6aa64e0f2d7b090c4108c16a1c1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 24 19:24:30 2020 +0200
avformat/electronicarts: Check for EOF in each iteration of the loop in ea_read_packet()
Fixes: timeout(>20sec -> 1ms)
Fixes: 26526/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-5672328069120000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 857aba7c45faf0335ad91ecabc0bce8b94320758)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b1117dd702f0c5b3412907f0d3f452d6e27de304
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 18 22:04:14 2020 +0200
avcodec/vp9dsp_template: Fix some overflows in iadst8_1d()
Fixes: signed integer overflow: 190587 * 11585 cannot be represented in type 'int'
Fixes: 26407/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5086348408782848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bca0735be52e471b1906aed34c60028d90646d90)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6557a72a0bc690139c117728aef36e80996309b2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 18 21:54:14 2020 +0200
avcodec/fits: Check bscale
Fixes: division by 0
Fixes: 26208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-6270472117026816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c2ccd76fd000f69e355280b487213fb63821c8aa)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bcad7fceb1f03fa0c4c127206678aadc9e407938
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 10:53:31 2020 +0200
avformat/nistspheredec: Check bps
Fixes: left shift of 1111111190 by 3 places cannot be represented in type 'int'
Fixes: 26437/clusterfuzz-testcase-minimized-ffmpeg_dem_NISTSPHERE_fuzzer-4886896091856896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7c144b363e67bef7651108c88687b38155172c1f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bed66afc0be72db7d819f9f325d23f0e73dbc5d3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:29:01 2020 +0200
avformat/jacosubdec: Use 64bit inside get_shift()
Fixes: signed integer overflow: 111111111 * 30 cannot be represented in type 'int'
Fixes: 26448/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5638440374501376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 715ff75e5dbbbefff7337351db596a9b7a5d4379)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=80983b7bb3d20b423d3915a1249cb16e672dc6cc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:05:01 2020 +0200
avformat/genh: Check block_align
Fixes: infinite loop
Fixes: 26440/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5632134020333568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 37396e9ba85d8969a3b5e3314ab99ff604845628)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3c9806077a8b0b1bb6d85d382e649a8fc9205531
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:39:30 2020 +0200
avformat/mvi: Check count for overflow
Fixes: left shift of 21378748 by 10 places cannot be represented in type 'int'
Fixes: 26449/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5680463374712832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a413ed98632127342ad04b26e0ba0dc26adb70c9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9c00ffb073100e5ac5d080af0070c6ed2fb4abdf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 20:39:33 2020 +0200
avcodec/magicyuv: Check slice size before reading flags and pred
Fixes: heap-buffer-overflow
Fixes: 26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0dc42147b6843b133d4fa46bf1c2568a837b4bec)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=31e76094917ba50fe3f260464d7877f1138ccfb1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 11:13:19 2020 +0200
avformat/asfdec_f: Check for negative ext_len
Fixes: Infinite loop
Fixes: 26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016
Fixes: 26377/clusterfuzz-testcase-minimized-ffmpeg_dem_TY_fuzzer-4838195726123008
Fixes: 26384/clusterfuzz-testcase-minimized-ffmpeg_dem_G729_fuzzer-5173450337157120
Fixes: 26396/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_S24BE_fuzzer-5071092206796800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 209b9ff5c3f337da4a3d82e59b8815eca2737ffa)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c43e2980c77729da67c6c54b3701384544a2c0b1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 17 22:19:58 2020 +0200
avformat/bethsoftvid: Check image dimensions before use
Fixes: signed integer overflow: 55255 * 53207 cannot be represented in type 'int'
Fixes: 26387/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS2_fuzzer-5684222226071552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 50b29f081e9620dc39727adef707c2c323a8c095)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cd158183e27774315ae2b17632380e9f12e7943d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 17 23:40:57 2020 +0200
avformat/genh: Check block_align for how it will be used in SDX2_DPCM
Fixes: signed integer overflow: 19922944 * 1024 cannot be represented in type 'int'
Fixes: 26402/clusterfuzz-testcase-minimized-ffmpeg_dem_VMD_fuzzer-5745470053548032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c95b47e18fdb43a4c667ae22a5d3a5ee6cf7782d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0303836e313c775ed64a0ed17b639634f408e98f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 15 22:19:32 2020 +0200
avformat/au: Check for EOF in au_read_annotation()
Fixes: Timeout (too looong -> 1 ms)
Fixes: 26366/clusterfuzz-testcase-minimized-ffmpeg_dem_SDX_fuzzer-5655584843759616
Fixes: 26391/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-5484026133217280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e680d50eb4feddafb2d8575b21fc5fc8764f4801)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dcb461aef5aba54dc7f0670fc2659163826d7495
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 18:18:43 2020 +0200
avformat/segafilm: Do not assume AV_CODEC_ID_NONE is 0
Suggested-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d34e4904cd6d965693b285713660f4e84200d60b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7d539878ca105155d0183642c609e01087110f18
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 00:37:25 2020 +0200
avformat/segafilm: Check that there is a stream
Fixes: assertion failure
Fixes: 26472/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5759751591559168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c0d7fd269beed030fc767fee28d9dbe111bc4427)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a9b5ec1e8010c0e8cc7b53bebed5a6a7c359ec6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:59:53 2020 +0200
avformat/wtvdec: Check dir_length
Fixes: Infinite loop
Fixes: 26445/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5125558331244544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1868cb731660490beb750389266adb6e68e9123d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bb7ad5c1285596b0176e0eeafc8519dade3fbff7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 18:08:37 2020 +0200
avcodec/exr: Check limits to avoid overflow in delta computation
Fixes: signed integer overflow: 553590816 - -2145378049 cannot be represented in type 'int'
Fixes: 26315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5938755121446912
Fixes: 26340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5644316208529408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6910e0f4e5c40b5b902e4dd87256327d860d53f5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=907cfa45bb7e0c1458ae64b1802f962226ede080
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 19:09:37 2020 +0200
avformat/boadec: Check that channels and block_align are set
Fixes: Infinite loop
Fixes: 26381/clusterfuzz-testcase-minimized-ffmpeg_dem_BOA_fuzzer-5745789089087488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 44ff5a1bff424b1576dff366ccd246805b4e5567)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2912ec590920c5febaa18e53b269559ad66e096f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 15 22:04:56 2020 +0200
avformat/asfdec_f: Check name_len for overflow
Fixes: signed integer overflow: -1172299744 * 2 cannot be represented in type 'int'
Fixes: 26258/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5672758488596480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0d088a47ca0243576078f109fff20617d1fac382)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d69eaa0a64676aaa9599bb09576ac1e42a2e7ef
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 15 21:35:43 2020 +0200
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
Fixes: signed integer overflow: 241173056 + 1953511200 cannot be represented in type 'int'
Fixes: 26086/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5068366420901888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d1983628394e076001cc67d85656f9842b7282a3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=517b62a5a9737cc15c7daf079f84893cb7e09128
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 12 17:11:27 2020 +0200
avcodec/aacdec_fixed: Limit index in vector_pow43()
Fixes: out of array access
Fixes: 26087/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5724825462767616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f83a536384afda45acb6d7cdd22017c8c314f9e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=be635d2bfb31261ee251e917b71bbd7e00247564
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 16 18:05:34 2020 +0200
avformat/rmdec: sanity check coded_framesize
Fixes: signed integer overflow: -14671840 * 8224 cannot be represented in type 'int'
Fixes: 24793/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5101884323659776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit aee8477c6ba20469ebe531448d31c642717b5f48)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=26bda210ee34b0e0f79ea9b92e8a56827bfc3e4a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 8 20:44:23 2020 +0200
avformat/flvdec: Check for EOF in amf_parse_object()
Fixes: Timeout (too long -> 1ms)
Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33624f4f2e1feb08f277126e637d4a28016eb07a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a73090f2e1ff02d9f72e19882d50813cef120e5d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 2 10:54:31 2020 +0200
avcodec/smacker: Check remaining bits in SMK_BLK_FULL
Fixes: out of array access
Fixes: 26047/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5083031667474432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 42ded4d1e6fb0086a235dc584118414ae2bf30c9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9190bd717be41126b1b752db526872d3453af84c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 27 20:23:10 2020 +0200
avcodec/cook: Check subpacket index against max
Fixes: off by 1 error
Fixes: index 5 out of bounds for type 'COOKSubpacket [5]'
Fixes: 25772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5762459498184704.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5a2a7604da5f7a2fc498d1d5c90bd892edac9ce8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=49492d6ce9d52157d5213870d874e9e9cf47783b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 13:30:28 2020 +0200
avcodec/hevcpred_template: Fix diagonal chroma availability in 4:2:2 edge case in intra_pred
Fixes: pixel decode issue.ts
Fixes: raw frame.hevc
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3fbf8737923ac49754946a2505367630544b87f1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=99f6a8ed8a5745e4cb20c8e1a34757600efc49b6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 19:05:23 2020 +0200
avformat/icodec: Change order of operations to avoid NULL dereference
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3300f5c133650ba25f94531d40ecc94c79b84457)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=feab2fb911c3379e0638089a31c8ab9bfe3b9c0e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 26 21:58:37 2020 +0200
avcodec/exr: Fix overflow with many blocks
Fixes: signed integer overflow: 1073741827 * 8 cannot be represented in type 'int'
Fixes: 25621/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6304841641754624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7265b7d904f86ec1c681222310c739f92ba55e5e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a6d3375c3c3c57348eecfb0d4b275dc33655637
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 16:40:22 2020 +0200
avcodec/vp9dsp_template: Fix integer overflows in idct16_1d()
Fixes: signed integer overflow: -190760 * 11585 cannot be represented in type 'int'
Fixes: 25471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5743354917421056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 394e8bb385a351091cb1ba0be986f3bbb15039fd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e2e1d13191068fb07466bfbd3c25959819663413
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 21:17:32 2020 +0200
avcodec/ansi: Check initial dimensions
Fixes: Timeout (minutes to less than 1sec)
Fixes: 25682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ANSI_fuzzer-6320712032452608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 949f0a6be974e4083f8e130c2d6870ef26f0eece)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=df983bd5e68be06e667b186e296f5771eae999c8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 16:29:15 2020 +0200
avcodec/hevcdec: Check slice_cb_qp_offset / slice_cr_qp_offset
Fixes: signed integer overflow: 29 + 2147483640 cannot be represented in type 'int'
Fixes: 25413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5697909331591168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 106f11f68af643ad1f372b840d38a0a30c6e9bcf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d09bc9fe7ffa6b15c7ffb24ee8eaf6e107ad8a6b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 11:29:01 2020 +0200
avcodec/sonic: Check for overread
Fixes: Timeout (too long -> 1.3 sec)
Fixes: 24358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5107284099989504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit eeabdef1bf96cdecf80aeb8d0478d008457b048c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2659b0f1804dd0ea1cfbb5b9d84e4402333b759e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 19 17:13:10 2020 +0200
avformat/subviewerdec: fail on AV_NOPTS_VALUE
Such values are not supported by ff_subtitles_queue*
Fixes: signed integer overflow: 10 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 24193/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5714901855895552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b7f51428b1c73ab5840485ce537ce098a85d0881)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff531c345c9d626957d7e09f718ceb47362ddb50
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 26 22:04:16 2020 +0200
avcodec/exr: Check line size for overflow
Fixes: signed integer overflow: 570425356 * 6 cannot be represented in type 'int
Fixes: 25929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5099197739827200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9b72cea4463dd2fabcd9ba1454a0855e521d0148)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c4c59c19c2e609defb6e56961a0fd3143821b0c5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 26 21:54:36 2020 +0200
avcodec/exr: Check xdelta, ydelta
Fixes: assertion failure
Fixes: 25617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5648746061496320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6949df35d0c69ae91bb0f49069e0703deb9bd676)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=18967c97843e31398977d0e347ef6c78628a4e03
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 23 23:31:59 2020 +0200
avcodec/celp_filters: Avoid invalid negation in ff_celp_lp_synthesis_filter()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 25675/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-4786580731199488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 11a6347f9e544a1b9fba059ae02c30c0e512c195)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d9a3bb1df9cab4423d0608815475c1063326347
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Sep 24 21:59:04 2020 +0200
avcodec/takdsp: Fix negative shift in decorrelate_sf()
Fixes: left shift of negative value -4
Fixes: 25723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6250580752990208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f54f530039db149808478796e8389c14eb73095)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d9b610ee717216bc6e044856139056eb1a166161
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 2 14:59:13 2020 +0200
avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420()
Fixes: left shift of negative value -640
Fixes: 26044/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5631057602543616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3291d994b76db4b6e67c8467367ce68f79785e60)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef3fee893d0ea7093c86a6ac62cb985b4f493c41
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 12 19:44:35 2020 +0200
avformat/asfdec_f: Change order or operations slightly
Fixes: signed integer overflow: 20 * 5184056935931942919 cannot be represented in type 'long'
Fixes: 25466/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4798660247552000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 686f0151901849de3b2073fa73265472073e0208)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=67c5f747d16bdb8147e7e092108509233c018e9c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 2 23:13:00 2020 +0200
avformat/dxa: Use av_rescale() for duration computation
Fixes: signed integer overflow: 8224000000 * 1629552639 cannot be represented in type 'long'
Fixes: 24908/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4658478506049536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c313089fbe1df71b5406dd9d7e4d36361051c620)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=13c542795e24c943114dd802258de1d5595cd124
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 2 22:42:05 2020 +0200
avcodec/vc1_block: Fix integer overflow in ac value
Fixes: signed integer overflow: 25488 * 87381 cannot be represented in type 'int'
Fixes: 24765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5108259565076480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3056e19e68122b9464b24870488f8faca4e78ea8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6c8dd6697762820b46460efb28ff5cea57e57d82
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 27 22:20:52 2020 +0200
avformat/iff: Check data_size not overflowing int64
Fixes: Infinite loop
Fixes: 25844/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5660803318153216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 24352ca79207d3311ee544fcba908a64004763ef)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b2a793369bc50fa011c043b20cedc5b06fcb8569
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Sep 25 20:08:37 2020 +0200
avcodec/dxtory: Fix negative shift in dx2_decode_slice_410()
Fixes: left shift of negative value -768
Fixes: 25574/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-6012596027916288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit abebd87764992dc22c82802bdc75d40aac14ab86)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dcf59c522c7e58bc2f5e1b590ba4d2682386c347
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Sep 24 22:20:39 2020 +0200
avcodec/sonic: Check channels before deallocating
Fixes: heap-buffer-overflow
Fixes: 25744/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5172961169113088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f249981976b18438cfb646183d4c21fb051e1ad4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6c9f2d9ef43beed512e0dbc81dbd3ff37d51d127
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 20:48:38 2020 +0200
avcodec/ansi: Check nb_args for overflow
Fixes: Integer overflow (no testcase)
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bc0e776c9aaf06f437bf21e05a713fd54dc85400)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f280bb03883161f93685881048ed8e63784c22f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jul 18 14:30:19 2020 +0200
avcodec/diracdsp: Fix integer anomaly in dequant_subband_*
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 23760/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-604209011412172
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ca3c6c981aa5b0af8a5576020b79fdd3cdf9ae9e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fb2f9fd67de1592cb6f05fac19971f061dc80d11
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jul 16 22:58:13 2020 +0200
avutil/fixed_dsp: Fix integer overflows in butterflies_fixed_c()
Fixes: signed integer overflow: 0 - -2147483648 cannot be represented in type 'int'
Fixes: 23646/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5480991098667008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4a02ae49c26395fc3ae2d38c733a2a13bd3080e7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0d0a60070f0cf85f89f76671676717f7740c8844
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 13 21:12:17 2020 +0200
avcodec/wmalosslessdec: Check remaining space before padding and channel residue
Fixes: Timeout (1101sec -> 0.4sec)
Fixes: 24491/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5725337036783616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c467adf3bf9bb4b7fd28956ec698d884e63f145d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=98c1938fa97fb241c6fb3e00af6220dceac20e00
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 19 16:54:28 2020 +0200
avformat/cdg: Fix integer overflow in duration computation
Fixes: signed integer overflow: 8398407 * 300 cannot be represented in type 'int'
Fixes: 23914/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4702539290509312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit aa8935b395162f8438d1f055e671e92685ed1586)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c232e5e3755847a41d7cf8e27680f4165232e9b8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 10 19:04:23 2020 +0200
avcodec/mpc: Fix multiple numerical overflows in ff_mpc_dequantize_and_synth()
Fixes: -2.4187e+09 is outside the range of representable values of type 'int'
Fixes: signed integer overflow: -14512205 + -2147483648 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Fixes: 23528/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2b9f39689ab19c68ff37b5a4ac71e8fb7f58c487)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5dad9581f6568e4766ed5536730a72ab16f7e6b3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Sep 7 00:09:33 2020 +0200
avformat/electronicarts: Check if there are any streams
Fixes: Assertion failure (invalid stream index)
Fixes: 25120/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6565251898933248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 39a98623edbbdcf9d9b76e9d7aff3ce086ebfbfe)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7a6863501bacb4188d19177d3e71de94a9805908
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 5 17:58:53 2020 +0200
avcodec/ffwavesynth: Fix integer overflow in wavesynth_synth_sample / WS_SINE
Fixes: signed integer overflow: -1429092 * -32596 cannot be represented in type 'int'
Fixes: 24419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5157849974702080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a0da95df77a528251a326fc8b7e2ff48c60e41d0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9904e30c80b40a3a82956bc6d748885a1b0b16f8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 22 00:24:55 2020 +0200
avcodec/vp9dsp_template: Fix integer overflow in iadst8_1d()
Fixes: signed integer overflow: 998938090 + 1169275991 cannot be represented in type 'int'
Fixes: 23411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-4644692330545152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d182d8f10cf69c59ef9c21df4b06e5478df063ef)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=59c25dd671d8bdd2009b7699988bf8704a5b2f8d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 22 00:09:05 2020 +0200
avformat/avidec: Fix io_fsize overflow
Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long'
Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cf0c700b0c25f5d9fe50dd27086a06812822f11a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=de5349f0cf5fea59ad4dc10ae15a565b334de5e6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Aug 28 00:17:41 2020 +0200
avcodec/cfhd: Check transform type
Fixes: out of array access
Fixes: 24823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4855119863349248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 659658d08bb2e7219001795c78efd24f381446e2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ea43ce9aa99616415eab789510166b12c81db085
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Aug 20 01:05:35 2020 +0200
avcodec/tiff: Restrict tag order based on specification
"The entries in an IFD must be sorted in ascending order by Tag. Note that this is
not the order in which the fields are described in this document."
This way various dimensions, sample and bit sizes cannot be changed at
arbitrary times which reduces the potential for bugs.
The tag reading code also on various places assumes that numerically previous
tags have already been parsed, so this needs to be enforced one way or another.
If this commit causes problems with real world files which are not easy to fix
then some other form of checks are needed to ensure the various dependencies
in the tag reading are not violated.
Fixes: out of array access
Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ad29f9e47cb848e11ee1d358d2bae15cd35ef04b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ea12dd67ee244db59ebb176b71a042865a03777d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Aug 11 14:41:13 2020 +0200
avformat/siff: Reject audio packets without audio stream
Fixes: Assertion failure
Fixes: 24612/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6600899842277376.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8931c55789a69f717b4a6954c5bb7acf5475a134)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40528776124d6c3761f2d68e3affda797311d8f5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Aug 15 01:07:44 2020 +0200
avformat/mpeg: Check avio_read() return value in get_pts()
Found-by: Thierry Foucu <tfoucu at gmail.com>
Fixes: Use-of-uninitialized-value
Reviewed-by: Thierry Foucu <tfoucu at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e8a88a16f78e66c8d7645b5f71dc8390b033fa70)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=190c2f40cf1c416bbd3e048b9905a37576305c6d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Aug 6 21:42:43 2020 +0200
avcodec/tiff: Check bpp/bppcount for 0
Fixes: division by zero
Fixes: 24253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6250318007107584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit be090da25f734460f3105075456877b8a66185c1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4155510f7486d24c21c5d78cba331fee9b2687a4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Aug 6 21:35:06 2020 +0200
avcodec/snowdec: Sanity check hcoeff
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 24011/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5486376610168832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d51d569cf68f78aaea8464a156c847a0e294726a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=475cfa1218e6d161422c3d53a6a229f69e562e9e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 2 00:51:12 2020 +0200
avformat/mov: Check comp_brand_size
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 24457/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5760093644390400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ffa6072fc727a14680a85449259f6b49b47587e6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e9edf11076032ace848ad720f9fea3a5485ced20
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jul 23 23:41:27 2020 +0200
avcodec/alac: Check decorr_shift to avoid invalid shift
Later the decorrelate_stereo call is guarded by channels == 2
and non-zero decorr_left_weight. Make sure decorr_shift is in
the expected shift range for that case.
Fixes: shift exponent 128 is too large for 32-bit type 'int'
Fixes: 23860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5751138914402304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Alexander Strasser <eclipse7 at gmx.net>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4333718b357a9ad195031e5d0ea080d37677b795)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=baeec0cba97a82e7c47752fb76d885769217ac80
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jul 15 22:47:50 2020 +0200
avcodec/tdsc: Fix tile checks
Fixes: out of array access
Fixes: crash.asf
Found-by: anton listov <greyfarn7 at yandex.ru>
Reviewed-by: anton listov <greyfarn7 at yandex.ru>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 081e3001edb67dcd55fe0f68505df1fce667476d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d46b698478f11ab85135b3cf0a7944c4dd62e37c
Author: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Date: Thu Jul 9 12:07:28 2020 +0200
avformat/mm: Check for existence of audio stream
No audio stream is created unconditionally and if none has been created,
no packet with stream_index 1 may be returned. This fixes an assert in
ff_read_packet() in libavformat/utils reported in ticket #8782.
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
(cherry picked from commit ec59dc73f0cc8930bf5dae389cd76d049d537ca7)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a79700555fb2de8f18dbb0bd0c72a77aa59613f1
Author: Zhao Zhili <quinkblack at foxmail.com>
Date: Sun Jul 5 00:51:53 2020 +0800
avformat/mov: Fix unaligned read of uint32_t and endian-dependance in mov_read_default
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 806a4d5187aeb82b97898683242886ed1e84f894)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2a34d7476d78a5b970ed332f4e6c910c383128e1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 30 22:01:22 2020 +0200
avcodec/apedec: Fix undefined integer overflow with 24bit
Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int'
Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9f7b252cdf2d0e0f79d16dc7cd575d1884239863)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bd2c09a5c52647ec61096f101f3d6df528e77fc6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 30 21:11:25 2020 +0200
avcodec/loco: Fix integer overflow with large values from loco_get_rice()
Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int'
Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3ddc5e1f3cebca25ade54ee68159d305f210bf5f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a86e6a6a987bc4e4274e753d92ae3364117a938c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jul 6 20:18:42 2020 +0200
avformat/smjpegdec: Check the existence of referred streams
Fixes: Assertion failure
Fixes: 23758/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5160954605338624.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 321ea59dac6538f92206bab0a2688fa24a25c4d2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fa3702fbaf39513a6563313eb79efce6e165dcfb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 3 23:55:50 2020 +0200
avcodec/pnmdec: Fix misaligned reads
Found-by: "Steinar H. Gunderson" <steinar+ffmpeg at gunderson.no>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ea28ce9bc13803ccef97850388ddc9a73998a23e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
More information about the ffmpeg-cvslog
mailing list