[FFmpeg-cvslog] New commits on branch release/3.4
Git System
git at videolan.org
Mon Jun 18 04:03:58 EEST 2018
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=41315d5c7d48d939e218e4f62fe7acb36d33a958
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 14 16:41:49 2018 +0200
avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
Fixes: signed integer overflow: 1195517 * 2048 cannot be represented in type 'int'
Fixes: 8636/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4695836326887424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8bd514d9343746566b123275f8b6d0e9c11ec2b0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d946e7b805e21e62a69e1e290d98a494db863e69
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 14 16:37:32 2018 +0200
avcodec/dirac_dwt_template: Fix undefined behavior in interleave()
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8697/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5197148130902016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 575d8ca0260fabac29e5b3541154633569ce2b5d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=84d473a9cfc61c4b4f1557f41462d02088b94614
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 14 15:41:33 2018 +0200
avutil/common: Fix undefined behavior in av_clip_uintp2_c()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 8521/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5639024952737792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit aa41d322be71106ce147445f2b42bb763f1eff86)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f35fb0c82692165df5ffe1cd086a1a89a856c8d5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 1 22:44:07 2018 +0200
fftools/ffmpeg: Fallback to duration if sample rate is unavailable
Regression since: af1761f7
Fixes: Division by 0
Fixes: ffmpeg_crash_1
Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 16d8b13b3b26c19d7f8856e039fe6662d96b4ff3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=532ba2e4ae8c6cc07a85df0719c5adb9cd57f27c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 16 23:35:58 2018 +0200
avformat/mov: Only set pkt->duration to non negative values
Reviewed-by: Sasi Inguva <isasi at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8176799f31b23849382623f0f9001acc5edf7c76)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=78fe6f7c32ddca273587529ab3c517c39f6dc0d6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 8 19:07:22 2018 +0200
avcodec/h264_slice: Fix overflow in recovery_frame computation
Fixes: signed integer overflow: 15 + 2147483646 cannot be represented in type 'int'
Fixes: 8381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6225533137321984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8c20ea8ee0f3f0b27aca0204c6dfaa4ac137e34e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3be0549029b0bc770107058cad496f0ee78268ee
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 10 17:02:47 2018 +0200
avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in h264_sei
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b796c5ae9299c795cba0d16ce1d8eef05488953b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=28f044965975dc39bd51322b9887f01bc4eedc3a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 8 18:25:14 2018 +0200
avcodec/h264_mc_template: Only prefetch motion if the list is used.
Fixes: index 59 out of bounds for type 'H264Ref [48]'
Fixes: 8232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5703295145345024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8b55591757244d8244a2be369c2b54c9ae79b02a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5d6d0d20fe3fdd5115c689a8028f995147469ffa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 8 00:42:31 2018 +0200
avcodec/xwddec: Use ff_set_dimensions()
Fixes: OOM
Fixes: 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c2852e4e00de4073ff7de82d41cb3368702686e8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b60a750af75878b6f4b9c2ca1a8211ddefcb49b0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jun 8 00:07:04 2018 +0200
avcodec/wavpack: Fix overflow in adding tail
Fixes: signed integer overflow: 2146907204 + 26846088 cannot be represented in type 'int'
Fixes: 8105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-6233036682166272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d13379fb79708f550460dd6d698023bf26f968d5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5d61400740842ad0b90528a0bce54e577d21e0d7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 13:19:35 2018 +0200
avcodec/shorten: Fix multiple integer overflows
Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int'
Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f2abd36b3863188894fd21964c662b6c17268bfb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62e1c5db4acc208c09bba83ba6a964a20be04bd2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 13:15:34 2018 +0200
avcodec/shorten: Fix undefined shift in fix_bitshift()
Fixes: left shift of negative value -9
Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 606c7148231404544005c0827b83c165dd6b39a8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8b6c773fe80deaf3a00a55e85317d42ca6ccf15f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 13:12:54 2018 +0200
avcodec/shorten: Fix a negative left shift in shorten_decode_frame()
Fixes: left shift of negative value -9057
Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a711efe922b2bf1d363bdf7f8357656c3e35021e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3f5bc91be324a555133e0509f73c4f46983dfed8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 13:03:48 2018 +0200
avcodec/shorten: Sanity check nmeans
Fixes: OOM
Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232
The reference software appears to use longs for 32bits and it uses int for nmeans
hinting that the intended maximum size was not 32bit.
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d91a0b503d7a886587281bc1ee42476aa5e89f85)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7598b161f4ee88219be41caff09c219c83282b8d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 02:33:43 2018 +0200
avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 424a81df107b63a166894a4aee3d27702ae3f459)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aa30aa8c136425a488eb9a059c6b8ca005f7bf48
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 02:17:24 2018 +0200
avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int'
Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 936f4a2c2e14ec753e8835f2e820b4cd9aec9a56)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c4c56eb839c02be120bef7a90d01e29d3bdd8f0b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 5 02:09:59 2018 +0200
avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
Fixes: signed integer overflow: 1077952576 + 1077952576 cannot be represented in type 'int'
Fixes: 7712/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5056281753681920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 79c6047c3668c639f717b3a7001a34dddba0ede2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=df7d70272e90d4d5cbc08ecb4803eaf68da32300
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 3 01:33:54 2018 +0200
avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
Fixes: runtime error: signed integer overflow: -1440457022 - 785819492 cannot be represented in type 'int'
Fixes: 7700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OPUS_fuzzer-6595838684954624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e7dda51150b73e5fbdccf4c2d3a72e356980fba3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f0c60a91ae864d34a178025eec3c57fcc38a74bf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jun 3 00:48:06 2018 +0200
avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
This restructures the code slightly toward D_UTIL_dec_synthesis()
Fixes: 7420/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMRWB_fuzzer-6577305112543232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dce80a4b47efaba97707bda781a9ee57f5a26974)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=adea365be9e0723f797d25bbca7c32e9068e2d60
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 21 03:16:58 2018 +0200
avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
Fixes: #7165
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fe84f70819d6f5aab3c4823290e0d32b99d6de78)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ce7be9cdc5d53242e1b326f40289c2ceec63a2d1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 15 17:06:59 2018 +0200
avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
Without this some operations might overflow (undefined behavior)
even though the index adding loop would never execute
No testcase known
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 56e76bd0579cc7f7b28860885d9e569a39daf41b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=26667dc5baaf922ce24933bb1509515b1eb05e9b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 5 23:42:36 2018 +0200
avcodec/fic: Avoid some magic numbers related to cursors
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c6a11714c4b1227be62cbc36651ccfc415e8e623)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=12f0cfede607c2ae0ea2a139890884d0903990b8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed May 16 22:50:19 2018 +0200
avcodec/g2meet: ask for sample with overflowing RGB
Suggested-by: Tomas Härdin <tjoppen at acc.umu.se>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ab834b8f36c8157b7015e849405cbf6ae21e672f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ada22c1c0f552056f9ac7dbfc3c5417b9ca94b98
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 25 22:06:48 2018 +0200
avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
Fixes: signed integer overflow: -2141499320 + -14469590 cannot be represented in type 'int'
Fixes: 7351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-6351214791884800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 90475db97e2e5931d295df6ab86519fa2e14d259)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b7b178fd0fa1f648ac53ec80d851c3a3a0ddf39d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 25 22:02:20 2018 +0200
oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behavior
Fixes: signed integer overflow: 1073741842 + 1784008138 cannot be represented in type 'int'
Fixes: 6792/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5677589835284480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 62cb6fadf33de6db386deac92853d4b95c930015)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c91f199f5d19a4924edb18fe39a21c5e69bca3d3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 25 21:56:04 2018 +0200
avcodec/g723_1dec: Clip bits2 in both directions
Fixes: shift exponent 33 is too large for 32-bit type 'int'
Fixes: 6743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5823772687859712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 53f241218d9eac368e2e1c58bcca9bbdf10fd0e1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bd1fd3ff4b0437153a6c4717f59ce31a7bba8ca0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 21 23:08:05 2018 +0200
avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
Fixes truncation
Fixes Assertion n <= 31 && value < (1U << n) failed at libavcodec/put_bits.h:169
Fixes: ffmpeg_crash_2.avi
Found-by: Thuan Pham <thuanpv at comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e1182fac1afba92a4975917823a5f644bee7e6e8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4cbd92baa3f4e571e1bce0e27c2df8c178158967
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 17 13:58:46 2018 +0200
avcodec/mlpdec: Only change noise_type if the related fields are valid
Fixes: inconsistency
Fixes:runtime error: index 8 out of bounds for type 'int32_t [8]'
Fixes: 6686/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5191383498358784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 63c4a4b0d692bc86142790276358ba35129f2290)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9d3ae9051622cb5eb07a19efb83c9579539da17d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 17 13:40:38 2018 +0200
indeo4: Decode all or nothing of a band header.
This avoids inconsistent value combinations.
Alternatively it would be possible to add more checks and careful use of
temporary variables, but my try of this quickly seemed to become
a rather large change.
The disadvantage of this, is that the struct is copied back and forth.
Fixes: index 6 out of bounds for type 'const uint16_t [5][16]'
Fixes: 6557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-4787296550256640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 10c8521265da86118597336c5589e26de377a374)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3712d4da1e2cc6683579cc2e4fde449cd5b0cf67
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 15 17:07:00 2018 +0200
avformat/mov: Only fail for STCO/STSC contradictions if both exist
Fixes regression with playback of GF9720Repeal20the20Eighth20with20Helen20Linehan.m4a
See: crbug 822666
Found-by: "Mattias Wadman <mattias.wadman at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2c2d689c56646cce64d02a3b75f61c12c5589260)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=22b3e924dfd6de52310bbb578d1462eb7ce4166a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 14 00:10:33 2018 +0200
avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int');
Fixes: 6500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-4523620274536448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cb944fc7f1327443a0cf449afbce5a3e8712f90f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=14cea440183fe72eaabbf1b964c31f31f4f1cb2a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 5 22:00:01 2018 +0200
avcodec/fic: Check available input space for cursor
Fixes: out of array read
Fixes: 6546/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-6317064647081984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cb2f7ea96b4f6e03ebf0c0563677745fc65f148e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b802baadfda46cd5735c1b7f8dd2d8d649cf2787
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 27 20:16:13 2018 +0200
avcodec/g2meet: Check RGB upper limit
Fixes: runtime error: left shift of 1876744317 by 16 places cannot be represented in type 'int'
Fixes: 6799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5115274731716608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4dd2c8b9ea46b4e008a8bfc2077834428cd5a17c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=022c8c07f82d4309efe2baf0683c4a2a497ed068
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 4 19:18:25 2018 +0200
avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
Fixes: shift exponent 47 is too large for 32-bit type 'int'
Fixes: 7955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6016721977606144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 652ba72ed3124f201f98eea9bafb2232b535f549)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f4d90a36c5d39e04ff048b945d0ec48fa9a890b3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 4 19:11:36 2018 +0200
avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
Fixes: assertion failure
Fixes: 7949/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-4819602782552064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a96c131eb53b00de154f4773d96a3b323ea3daed)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2cb3dff0f938ff27cc9b3c79bd9446d42a797746
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 4 18:16:08 2018 +0200
avcodec/g2meet: Change order of operations to avoid undefined behavior
Fixes: signed integer overflow: 65280 * 196032 cannot be represented in type 'int'
Fixes: 7279/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5977332473921536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0a4745145840d97619c424961c1b5c625dbf516c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5d1c783bf02796ce50bfdcf6d1ad52c31c2f585a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 30 22:20:28 2018 +0200
avcodec/flac_parser: Fix infinite loop
Fixes: crbug/827204
Reported-by: Frank Liberato <liberato at google.com>
Reviewed-by: Frank Liberato <liberato at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 15a2e35e9e74bba5a27e39c26da5be2361f27945)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=909c1aa0ec27f4a69353b6b79ac7eb8ba3c79de5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 27 21:44:07 2018 +0200
avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
Fixes: runtime error: signed integer overflow: 2147483637 + 128 cannot be represented in type 'int'
Fixes: 6701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5358324934508544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6e95d80e6fae978f8a44afc24b0c5097a062719f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c437510d5cf696d2267493b977669dee16f98f9a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 27 21:44:06 2018 +0200
avcodec/wavpack: Fix integer overflow in wv_unpack_stereo()
Fixes: runtime error: signed integer overflow: 2147483531 + 16384 cannot be represented in type 'int'
Fixes: 6615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5165715515506688
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit da038c07f02dfc10380001c11b3d047eca7cb8c9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=30ec2357c98a1eb0c18e1990af04266cf77fac19
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 22 21:46:05 2018 +0200
avcodec/error_resilience: Fix integer overflow in filter181()
Fixes: runtime error: signed integer overflow: 197710 * 10923 cannot be represented in type 'int'
Fixes: 7010/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5667127596941312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1c97035e3b1677d6f0c5b6161ebfeffcf7bb638d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b23dd4b91afa378344cc3f4cdc7dea2b88a9fe7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 22 21:07:45 2018 +0200
avcodec/h263dec: Check slice_ret in mspeg4 slice loop
Fixes infinite loop
Fixes: 6858/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_MSMPEG4V3_fuzzer-4681563766784000
Fixes: 6890/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_WMV1_fuzzer-4756103142309888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit de841fbea7655b74a9663001e01008a86c88779a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=24947b3f7dd26a73696f428b3311731995bc45ef
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 25 01:54:17 2018 +0200
avcodec/elsdec: Fix memleaks
Fixes: 6798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5135899701542912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0bd0401336df4e4ca7f3da6a7e226904fd7d5add)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f31ead3f76dab89586bbfdbbe70e055b50f6f040
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 23 02:08:10 2018 +0200
avcodec/vc1_block: simplify ac_val computation
also fixes: runtime error: index 1456 out of bounds for type 'int16_t [16]'
Found-by: durandal_1707
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d06b01fc2d4f5e031d45f9460d1eea610d23d6c5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=be9c4cc0e60a2e7cecd25d9c78d4f11aba274620
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 21 22:19:31 2018 +0200
avcodec/ffv1enc: Check that the crc + version combination is supported
The crc flag is only stored since version 3 thus before this crcs do not
work. We increase the version as needed same as we do with pix_fmts
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d9706f79c17a33bf97e51a7d6ab211ce83a463ee)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1d5694ba1101e6d26f15909eee0d10c6a4fe55c3
Author: Stephan Holljes <klaxa1337 at googlemail.com>
Date: Fri Jan 12 19:16:29 2018 +0100
lavf/http.c: Free allocated client URLContext in case of error.
Signed-off-by: Stephan Holljes <klaxa1337 at googlemail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b6b8c92652d6683d97515352e4a9a4147b7da7c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f93d7a0c0a233fc5992092b5764d83f3f96077d0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 16 22:29:09 2018 +0200
avcodec/dsicinvideo: Fail if there is only a small fraction of the data available that comprises a full frame
Fixes: Timeout
Fixes: 6306/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSICINVIDEO_fuzzer-5079253549842432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5549488bbf3a23c0fb9833cefc6354f97055dd96)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=81d8bd6f421b6f48447198d7ed4d4f2f9a4ae2d5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 16 22:28:23 2018 +0200
avcodec/dsicinvideo: Propagate errors from cin_decode_rle()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 942217b153a9bff2d17463957abd772fcd72b400)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86c7035646d581a3cf20d7ce8662fae1ea3f3c5c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 16 22:04:53 2018 +0200
avcodec/dfa: Check dimension against maximum
The headers from where the dimensions are read in actual files
are limited to 16bit per component.
Fixes: Timeout
Fixes: 6305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-4824270749302784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9d5a4fcfbb51edc871bdb1c67a88223cbfb1c0e4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a6db663a31cea5e358b3c38cd3a40f22166b1c43
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 17 02:13:43 2018 +0200
avcodec/cinepak: Skip empty frames
Speeds up decoding from 3 to 0.1 seconds for 6302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5626371985375232
Fixes: Timeout
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9033920bec9ccf17de205fc17c2b330906b200f5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=205e93fa0d2b66e6e84576542e17bfba36e309a9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 17 02:13:42 2018 +0200
avcodec/cinepak: move some checks prior to frame allocation
Speeds up decoding from 8 to 3 seconds for 6302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5626371985375232
Fixes: Timeout
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2324ef1ff32e5effd6f295bca80580ae4816be0b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=47c3d2459e953856d7089bbf3d5baa269080bcc0
Author: Rahul Chaudhry <rahulchaudhry at chromium.org>
Date: Wed Apr 18 16:29:39 2018 -0700
swresample/arm: remove unintentional relocation.
Branch to global symbol results in reference to PLT, and when compiling
for THUMB-2 - in a R_ARM_THM_JUMP19 relocation. Some linkers don't
support this relocation (ld.gold), while others can end up truncating
the relocation to fit (ld.bfd).
Convert this branch through PLT into a direct branch that the assembler
can resolve locally.
See https://github.com/android-ndk/ndk/issues/337 for background.
The current workaround is to disable neon during gstreamer build,
which is not optimal and can be reverted after this patch:
https://github.com/freedesktop/gstreamer-cerbero/commit/41556c415739fbc3a72c7eaee7e70a565b719b2f
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b22db4f465c9adb2cf1489e04f7b65ef6bb55b8b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86a6e700e1162a52012d175e71498a82389dae5f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 16 18:23:12 2018 +0200
doc/APIchanges: Fix typos in hashes
Thanks-to: Moritz Barsnick <barsnick at gmx.net> for finding the correct ones
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ec8a5262b03f85158d722dbc8b8f30cb6bd67e0f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0b5a2c9a52eb4b1e68d01163eada80e6af5ef33e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 13 11:38:48 2018 +0200
avformat/utils: Check cur_dts in update_initial_timestamps() more
Fixes: runtime error: signed integer overflow: 18133149658382192 - -9223090561878065151 cannot be represented in type 'long long'
Fixes: crbug 831552
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 37d46dc21d708192b12aa13617ebe6a117b07363)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=22a4b599f05e7405bd25d828f967df8740ec63fa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 11 19:50:52 2018 +0200
avcodec/utils: Enforce minimum width also for VP5/6
Fixes: out of array access
Fixes: poc_0411
Found-by: GwanYeong Kim <gy741.kim at gmail.com>
Tested-by: GwanYeong Kim <gy741.kim at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 544324827e0131e43af1a54fb790a48a25fd7ba4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8d05a802dd2f47bf73dc024ae45fb5e27f5709e1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 10 22:24:03 2018 +0200
avcodec/truemotion2: Propagate out of bounds error from GET_TOK()
Fixes: Timeout
Fixes: 6389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5695918121680896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f6304af2341d0cee51c2116766622e3ac567b7a0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca119e9456a22c3205794beb425bdc6ac24d97e8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 11 18:55:57 2018 +0200
avformat/utils: Fix integer overflow in end time calculation in update_stream_timings()
Fixes: crbug 829153
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c48ceff786bdc96fdc64417118c457d03bd19871)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=78c8e77c8635d02b63cbd858a975823ace310a32
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 10 16:12:15 2018 +0200
avcodec/mjpegdec: Check input buffer size.
Fixes: Timeout
Fixes: 6381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5665032743419904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8d381b57fd9d17fb5c3a851ca46c738b3afc33a2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fffc77b472800a75eed147f8510ab52b87631256
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 7 00:34:25 2018 +0200
avcodec/h264_slice: Fix integer overflow with last_poc
Fixes: signed integer overflow: 2147483646 - -2816 cannot be represented in type 'int'
Fixes: crbug 823145
Reported-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8c02cd8ca097871dcd00cf8e08ce51660873f405)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f868badcfdb40711e1158b863bfc66d97b028b8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 6 23:56:57 2018 +0200
avformat/mov: Fix extradata memleak
Fixes: crbug 822705
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0a8133119ca5d087c7c7140d100406ff84c477ee)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ae136f8d6425c318a6c92f7b593582305143e346
Author: Matt Wolenetz <wolenetz at google.com>
Date: Tue Apr 10 13:59:25 2018 -0700
lavc/libopusdec: Allow avcodec_open2 to call .close
If there is a decoder initialization failure detected in avcodec_open2
after .init is called, allow graceful decoder .close to prevent leaking
libopus decoder allocations.
BUG=828526
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e43e97f0e0f0596b56ceb2f887fe7414f202f081)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c44244424ff2a50e50661c8fe86b252ee563d6d2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 8 03:29:44 2018 +0200
avcodec/movtextdec: Check style_start/end
Limits based on 3GPP TS 26.245 V14.0.0
Fixes: Timeout
Fixes: 6377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5175929115508736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Philip Langdale <philipl at overt.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 249aca8f98ff7fb09c12ea68e23c862c62203b95)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=053b9766b4a969802313f9cad63559db4a14d70c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 7 21:55:06 2018 +0200
avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble()
Fixes: runtime error: signed integer overflow: 2052929346 + 204817098 cannot be represented in type 'int'
This was missed in b1bef755f617af9685b592d866b3eb7f3c4b02b1
Fixes: 5275/clusterfuzz-testcase-minimized-5367635958038528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c837918f50a7bbd6150afd340857ea43fe4717c7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c8f700975ea0f287d297d07d6dedff6df33130f5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 2 20:01:07 2018 +0200
libavcodec/rv34: error out earlier on missing references
Fixes visual corruption on seeking
Fixes: downloadTest_clip_24M.rmvb
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6cd81d68c5e4b0ff00288970c4151ff4031c0ea9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e6adf0842b6a4042dcd1f1ff04fcfafb1010815
Author: Hendrik Schreiber <hs at tagtraum.com>
Date: Thu Apr 5 13:58:37 2018 +0200
swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering.
Removed +len1 in call to s->mix_2_1_f() as I found no logical explanation for it. After removal, problem was gone.
Signed-off-by: Hendrik Schreiber <hs at tagtraum.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 647fd4b8292e3bfae30b1086aa842a5ee47ee868)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=46db1182da23d955939bdd34088c969584ce96f5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 31 21:19:19 2018 +0200
avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed()
I was not able to reproduce this, this fix is based on just the fuzzer log.
Fixes: 4959/clusterfuzz-testcase-minimized-6035350934781952
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 197a4e8feed45b2e5868760240e83636818f32a9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f4e01b87f2bcb0a97d80214730a7e8a509982fe2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 12 00:05:04 2018 +0100
avcodec/cscd: Error out when LZ* decompression fails
Fixes: Timeout
Fixes: 6304/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-5754772461191168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d52be5d4e91871a22dac70af3e0ab429e95a2d10)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c2ab8556263fd58e27913eac4c9d858797d39a8
Author: heimdallr <heimdallr at ngs.ru>
Date: Sat Mar 31 19:37:23 2018 +0700
avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list()
example:
AVPixelFormat pixFmts[] = { AV_PIX_FMT_RGB24, AV_PIX_FMT_RGBA };
int loss = 0;
AVPixelFormat best = avcodec_find_best_pix_fmt_of_list(pixFmts, AV_PIX_FMT_BGRA, 1, &loss);
best is AV_PIX_FMT_RGB24. But AV_PIX_FMT_RGBA is better.
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 354b26a3945eadd4ed8fcd801dfefad2566241de)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=43916494f8cac6ed294309e70de346e309d51058
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 30 02:16:31 2018 +0200
avfilter/vf_signature: use av_strlcpy()
Fixes: out of array access
Found-by: Kira <kira_cxy at foxmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 35eeff30caf34df835206f1c12bcf4b7c2bd6758)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=51035698bde9c13da7eedc1f6eb47d190bbc949d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 31 03:10:43 2018 +0200
avcodec/utvideodec: Set pro flag based on fourcc
This avoids mixing 8bit variants with pro and 10bit with non pro mode.
Fixes: out of array read
Fixes: poc_03_30.avi
Found-by: GwanYeong Kim <gy741.kim at gmail.com>
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 47b7c68ae54560e2308bdb6be4fb076c73b93081)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fdf56c5654c81c138947666a3879c4e10124ca30
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Mar 25 01:51:28 2018 +0100
avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
Fixes: 2018_03_23_poc.wav
Found-by: GwanYeong Kim <gy741.kim at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ea15915b2dc5aaa80c91879fbd183475a7e66e54)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2be397e234a03acaaecf2bb1b325e460068624b2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 29 01:07:24 2018 +0200
avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables
Found-by: James Almer <jamrial at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5c75438b893539dd17998c489fb4c540fc5a6e48)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9b2ce61155db08c27c8d68d2229888c66533a29c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Feb 3 21:36:22 2018 +0100
avformat/mov: Move +1 in check to avoid hypothetical overflow in add_ctts_entry()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit eb60b9d3aaaa42265fb1960be6fff6383cfdbf37)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=26fcff1eb40db93809f20c60dab9c1541a4a1bbd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 24 01:38:53 2018 +0100
avcodec/get_bits: Make sure the input bitstream with padding can be addressed
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e529fe7633762cb26a665fb6dee3be29b15285cc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e26ae6e6cec85423851172d3a19d8df6ab8c03de
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 16 19:53:36 2018 +0100
avformat/mov: Check STSC and remove invalid entries
Fixes assertion failure
Fixes: crbug 822547, crbug 822666 and crbug 823009
Affects: aark15sd_9A62E2FA.mp4
Found-by: ClusterFuzz
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9e67447a4ffacf28af8bace33faf3ea432ddc43e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=46ed4d52825379fcb43d830ac16da9827738ea61
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 27 15:17:12 2018 +0100
avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
Fixes: Timeout
Fixes: 6297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-4882404863901696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 939440ad1aa820bed51f54d273b4fa6c5016d9f9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=031206032960dbfe399f0925e8ddc8c73bd89df1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 27 15:17:12 2018 +0100
avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
Fixes: Timeout
Fixes: 6297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-4882404863901696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8ee3265dbe2e85537affe3b3055b00ba8646aa70)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8ba8e0a1c7739bb0d9f044fe7a93eec65ce1091b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Mar 11 00:13:57 2018 +0100
avcodec/wmalosslessdec: Reset num_saved_bits on error path
Fixes: NULL pointer dereference
Fixes: poc-201803.wav
Found-by: GwanYeong Kim <gy741.kim at gmail.com>
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 64c9ce0abc0fd8774b523afda3ddb17c86caa86a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=828044878484d211b171262f90d1b2e5169ce634
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 9 16:43:29 2018 +0100
avformat/mov: Fix integer overflows related to sample_duration
Fixes: runtime error: signed integer overflow: -9166684017437101870 + -2495066639299164439 cannot be represented in type
Fixes: Chromium bug 791349
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2f37082827a405430c40408ee2db19ea2866ce64)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3fa6e594a0f2575ddb6b2183961fde42ab5ab37b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 10 01:40:36 2018 +0100
avformat/img2dec: fix infinite loop
Fixes: kira-poc
Found-by: Kira <kira_cxy at foxmail.com>
Change suggested by Kira
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a6cba062051f345e8ebfdff34aba071ed73d923f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=24c627a90099c74db713cd0682f7c11c6e27c50c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 8 17:28:36 2018 +0100
avformat/oggparsedaala: Do not adjust AV_NOPTS_VALUE
Fixes: potential signed integer overflow
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f655ddfb47e8484b205b14c7f871c643ad24d701)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0cdc3e05cbc800c1777a9b9bdb9d3b9f4303c93d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 9 01:05:20 2018 +0100
avformat/oggparseogm: Check lb against psize
No testcase, this was found during code review
Found-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3e7c847aaf5a298b62afae12b4ecfb8e12385998)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a376fcaa39d0b75146637f799999736c5f98cc58
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 8 23:14:04 2018 +0100
avformat/oggparseogm: Fix undefined shift in ogm_packet()
Fixes: shift exponent 48 is too large for 32-bit type 'int'
Fixes: Chromium bug 786793
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 010b7b30b721b90993e05e9ee6338e88bb8debb3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79efbd547ea3a023c241453ea6f6ea07fa57092d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 8 22:40:50 2018 +0100
avformat/avidec: Fix integer overflow in cum_len check
Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long'
Fixes: Chromium bug 791237
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 06e092e7819b9437da32925200e7c369f93d82e7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=60f6767126002f8fe8a8926e43e5aa44c466a312
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 8 17:28:36 2018 +0100
avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
Fixes: Chromium bug 795653
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 02ecda4aba69670ca744ccc640391b7621f01fb0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fea47f6941a58fce2c22d522c7d338208c4571d0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 7 00:10:11 2018 +0100
avformat/utils: Fix integer overflow of fps_first/last_dts
Fixes: runtime error: signed integer overflow: 7738135736989908991 - -7898362169240453118 cannot be represented in type 'long'
Fixes: Chromium bug 796778
Reported-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b1362e408cd6acb63fef126b814b0d16562aa8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cd7a2954ae74ff30ad84932a81f57f2e06ba51ae
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 6 18:14:12 2018 +0100
avformat/oggdec: Fix metadata memleak on multiple headers
Fixes: Chromium bug 800123
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit da069e9c68ec1a54e618940dcb9ebae9bf179a32)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a05d5770682d64cd09cb119bdd8346c0aa21a192
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 6 18:14:12 2018 +0100
libavformat/oggparsevorbis: Fix memleak on multiple headers
Fixes: Chromium bug 800123
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3934aa495d786845d9f541c84ee405c096938f76)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7a713cea22f477be3dfc4ab740f805e5b8ed02c0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 5 23:12:57 2018 +0100
avformat/mov: Fix integer overflow in mov_get_stsc_samples()
Fixes: runtime error: signed integer overflow: 5 * -2147483647 cannot be represented in type 'int'
Fixes: Chromium bug 817338
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Reported-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 367929bed9def1ccdd9a0f4ac5b7b98d1993782d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8456bba36297cf743d388debb610e0ee864e18b8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Feb 22 03:04:40 2018 +0100
avcodec/truemotion2rt: Check input buffer size
Fixes: Timeout
Fixes: 6250/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2RT_fuzzer-5479814011027456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8b5c29b6c2ab00f8fb545475238a99f575b5d81d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9cc83b94a1f8df0ee68c24545ca307f526e29a7f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Feb 22 02:34:05 2018 +0100
avcodec/g2meet: Check tile dimensions with av_image_check_size2()
Fixes: OOM
Fixes: 6216/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-4983807968018432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3981fb8d2a03cdb3399590da8621a7bcc22e2964)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=60bd8316db4643cf0faf3f0d4c38796c215ec92d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 21 04:29:44 2018 +0100
avcodec/exr: fix invalid shift in unpack_14()
Fixes: 6154/clusterfuzz-testcase-minimized-5762231061970944
Fixes: runtime error: shift exponent 63 is too large for 32-bit type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 49062a90174b6e4104876c0257dc673a0da854ca)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ee33e79b25b878b520277fe7b38a1979e813ed61
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 26 21:17:08 2018 +0100
avcodec/bintext: sanity check dimensions
Fixes: Timeout
Fixes: 6277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XBIN_fuzzer-6047202288861184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 090c0abff9c8b27304614f15d9464dbf4ea59833)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ae49cc73f265a155e5c4b1715570aab3d9741b4d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 26 03:02:48 2018 +0100
avcodec/utvideodec: Check subsample factors
Fixes: Out of array read
Fixes: heap_poc
Found-by: GwanYeong Kim <gy741.kim at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7414d0bda7763f9bd69c26c068e482ab297c1c96)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=30a718c38b62250ef191c8ce040c6c6666ae928c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 23 03:40:02 2018 +0100
avcodec/smc: Check input packet size
Fixes: Timeout
Fixes: 6261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-5811309653262336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0293663483ab5dbfff23602a62800d84e021b33c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=411310659591107409d1211e00a005c2cef2d08a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 20 23:11:01 2018 +0100
avcodec/cavsdec: Check alpha/beta offset
Fixes: Integer overflow
Fixes: 6183/clusterfuzz-testcase-minimized-6269224436629504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ae2eb04648839bfc6c61c32cb0f124e91bb7ff8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b5c0fdaaca56408ab394b093d8e766f976d79a7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Feb 18 21:51:38 2018 +0100
avcodec/diracdec: Fix integer overflow in mv computation
Fixes: signed integer overflow: -2072 + -2147483646 cannot be represented in type 'int'
Fixes: 6097/clusterfuzz-testcase-minimized-5034145253163008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 47e65ad63b3d067445c4de41a7718b83fc07767c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bc194927e4aec708851b540c29b973ac5c3d5bec
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Feb 18 17:12:28 2018 +0100
avcodec/h264_parse: Clear invalid chroma weights in ff_h264_pred_weight_table()
Fixes: 6037/clusterfuzz-testcase-minimized-5030249784934400
Fixes: signed integer overflow: 256 * 16992036 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 85c85fffff3f9c75301db3eba1bd5f2fb1e6285d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=28398a70a975813f8a110bf83172e3bbc825adde
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Feb 18 16:55:52 2018 +0100
avcodec/aacdec_templat: Fix integer overflow in apply_ltp()
Fixes: signed integer overflow: -1625276744 + -1041893960 cannot be represented in type 'int'
Fixes: 5948/clusterfuzz-testcase-minimized-5791479856365568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33fe17bdc88d51a8e0c87aa1e8011aaaf38a7a90)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c8f54bf87cde21b20ba6d01ff61fdede6156a2fc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Feb 18 00:11:33 2018 +0100
avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
Fixes: 5918/clusterfuzz-testcase-minimized-5120505435652096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 793347a54579ee954b58d336b82eed4a1786de21)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c2e61f1f527142db5238e7c9c345eebe3724ec3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Feb 17 23:54:44 2018 +0100
avcodec/diracdec: Use int64 in global mv to prevent overflow
Fixes: runtime error: signed integer overflow: 361 * -6295541 cannot be represented in type 'int'
Fixes: 5911/clusterfuzz-testcase-minimized-6450382197751808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cbcbefdc3b4cbc917d2f8b2dd216fb12121a838b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3fc7e88bfd8f9f57bea9dbdc5f8b1a5d6cca6d82
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Feb 17 21:27:16 2018 +0100
avcodec/dxtory: Remove code that corrupts dimensions
Fixes: Timeout
Fixes: 5796/clusterfuzz-testcase-minimized-5206729085157376
Does someone have a valid sample that triggers this path ?
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3748746a4d6988484d34516f7a3c6febf7bdf488)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ad3ef9e89609a1d277cfaf80f4b231637b98149d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Feb 17 21:47:09 2018 +0100
avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i()
Fixes: 5894/clusterfuzz-testcase-minimized-5315325420634112
Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 647fa49495c39a48b7ccb92acd8fb975b1575456)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4597b51e8a43c40fabf834904a9f0d376427c8ff
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Feb 17 21:42:34 2018 +0100
avcodec/hevcdec: Check luma/chroma_log2_weight_denom
Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int'
Fixes: 5888/clusterfuzz-testcase-minimized-5634701067812864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f82dd4c09b2decb033f1e339d4be81efd38554f1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fcc6932e098445f081530f2251ccd3dc81ffc630
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Feb 17 04:20:53 2018 +0100
avcodec/jpeg2000dec: Use av_image_check_size2()
Fixes: OOM
Fixes: 5733/clusterfuzz-testcase-minimized-4906757966004224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 01370b31aced784593f2bc0836f4ba6fd8e7f6b3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3f6f1c24ebeeb9af552d8ec889c3a699402150b4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Feb 17 04:20:52 2018 +0100
avcodec/vp8: Check for bitstream end before vp7_fade_frame()
Fixes: Timeout
Fixes: 5653/clusterfuzz-testcase-5497680018014208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit de675648cef7e451ca82fabaee0d8ec1fe653311)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe435d11fb595b997f297986efce3f32ca56ed0c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 14 13:01:46 2018 +0100
avcodec/exr: Check remaining bits in last get code loop
Fixes: runtime error: shift exponent -7 is negative
Fixes: 3902/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6081926122176512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dd8351b1184b8054925c28ecc5fcb6dbbc177fad)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3c001b18cea759fa8b727aae33c31f9d55d59999
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 14 03:54:13 2018 +0100
avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c()
Fixes: 5567/clusterfuzz-testcase-minimized-5769966247739392
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ab6f571ef71967da7c7c1cfba483d3597c7357d5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1a8265487b89790920b8eae85ad36cdd3f73feff
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Feb 15 13:48:52 2018 +0100
avdevice/decklink_dec: Fix ;;
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 75027066d8e85ccf42b83f6cf1c3085221148f42)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a1e983111ee3a39b245f9c04e62b95f051b47944
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 14 00:32:30 2018 +0100
avcodec/h264_cabac: Tighten allowed coeff_abs range
Fixes: integer overflows
Reported-by: "Xiaohan Wang (王消寒)" <xhwang at chromium.org>
Based on limits in "8.5 Transform coefficient decoding process and picture
construction process prior to deblocking filter process"
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f26a63c4ee1bdbe21d7ab462cd66f8ba20b14244)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=988e7a8feaf355e8f008e1065e6903bd06d69df2
Author: Xiaohan Wang <xhwang at chromium.org>
Date: Sat Feb 3 01:43:35 2018 -0800
avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc()
When ff_h264_decode_mb_cavlc() failed due to wrong sl->qscale values,
e.g. dquant out of range, set the qscale to be a valid value before
returning -1 and exiting the function. The qscale value can be used
later e.g. in loop filter.
BUG=806122
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 71f39de2a57efc8db1d607b09c162c3b806cd45d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
More information about the ffmpeg-cvslog
mailing list