[FFmpeg-cvslog] New commits on branch release/3.2
Git System
git at videolan.org
Sun Oct 10 00:36:16 EEST 2021
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c4b50a8c81a431570dd107c94165c4c01f41254b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 9 22:01:38 2021 +0200
update for 3.2.16
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=af682e4d2eeb26f46a745a71c72c507b1d5db378
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 4 23:54:46 2021 +0200
avformat/wavdec: Check smv_block_size
Fixes: Timeout
Fixes: 39554/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-4915221701984256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 849138f476f4b08656681bfc3aec5beac47777fb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d7f466d72344592cc8d3b429c081b11a8b250e1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 29 20:49:27 2021 +0200
avformat/rmdec: Check for multiple audio_stream_info
Fixes: memleak
Fixes: 39166/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5153276690038784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8fe3566b8fdf4bcf5eed419c1aab6eb848287ff3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5a514d8e9b9ce8e6df929793124196b60897c698
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 29 20:53:53 2021 +0200
avcodec/apedec: Use 64bit to avoid overflow
Fixes: runtime error: signed integer overflow: 727298502 * 3 cannot be represented in type 'int'
Fixes: 39172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-638602483033702
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f059b56195da9c0e2c11a5f7f357a3d6101e6bf0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a904d147530113d7021d022739b255ec0a976dc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Sep 28 00:11:50 2021 +0200
avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830()
Fixes: signed integer overflow: -2145648640 - 3357696 cannot be represented in type 'int'
Fixes: 38899/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5358815017566208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ad517ee6e44f093e28021ffd51c7eb2e1394b1a9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c2eee9a95ef5ffc1d0b589c7813d9517134645b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 19 21:51:28 2021 +0200
oavformat/avidec: Check offset in odml
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 255a7b423ed5e07536bdc72e993056daa4efe009)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=784f511ff833f208bcf2a19efab1e616919cbb09
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Sep 16 23:12:42 2021 +0200
avformat/mpegts: use actually read packet size in mpegts_resync special case
Fixes: infinite loop
Fixes: 37986/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5292311517462528 -
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 83b2e4c8f15a00f037040131e26e20de83f0d842)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eb5f9b321acac3c9662881c902c0337947d8759e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Sep 30 19:00:56 2021 +0200
swscale/alphablend: Fix slice handling
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 06d67265881249566f385309e2fb5a9449720b6e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=608bed85d06fe4784882a08179b16aa485b1ebcb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Sep 14 20:16:27 2021 +0200
avcodec/mxpegdec: Check for AVDISCARD_ALL
Fixes: Fixes NULL pointer dereference
Fixes: 36610/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6052641783283712
Fixes: 37907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-4725170850365440
Fixes: 37904/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6367889262247936
Fixes: 38085/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5175270823297024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 20afd3a63a75a160f61a98a8dcfe06f527ea19b4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aee47eb6e2e3d35b7506988a97a2b7e3ae2b507e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Sep 14 20:31:39 2021 +0200
avcodec/flicvideo: Check remaining bytes in FLI*COPY
Fixes: Timeout
Fixes: 37795/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-4846536543043584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5f835efbca874ad42cb954e6788588f52a57a7a2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2d766961b078e574a35497b2ed987f0d227b45f1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Aug 31 20:15:09 2021 +0200
avcodec/mpeg12dec: Do not put mpeg_f_code into an invalid state on error return
Fixes: invalid shift
Fixes: 37018/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-5290280902328320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5a95abcce4d93f979e4b53f2220f7a54edd03312)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4c6e3e4cf75eb5fe41aeb13c84a7c4c9e929c4ba
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 15 22:00:47 2021 +0200
avcodec/apedec: Fix integer overflow in intermediate
Fixes: signed integer overflow: 559334865 * 4 cannot be represented in type 'int'
Fixes: 37929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6751932295806976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 90da43557f7257d72e95504f63ae6504406d6eab)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e9f4bf74f4bd93b747dd7cea536f9a4e773cf9b4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 15 22:00:46 2021 +0200
avformat/mvdec: Do not set invalid sample rate
Fixes: signed integer overflow: -682581959642593728 * 16 cannot be represented in type 'long'
Fixes: 37883/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5311691517198336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 737e6bf2162b89d396f4d477bfe8c99f1dd885de)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b1172139b1369a35911e5f785f0bd421ab33b421
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Apr 15 22:44:19 2021 +0200
avformat/rmdec: Use 64bit for intermediate for DEINT_ID_INT4
Fixes: runtime error: signed integer overflow: 65312 * 65535 cannot be represented in type 'int'
Fixes: 32832/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-4817710040088576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e2c2872393f25253aa40861a9707934c4b83a3af)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=58dcbde8d9d86ce9e48b34833a48d0a73f5c9582
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 3 22:26:41 2021 +0200
avformat/jacosubdec: Check for min in t overflow in get_shift()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 34651/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5157941012463616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 989febfbd0c986e9e3e0f269a6b22778bf79147b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cc3641c669a6258e8e1b3161e55887b11d34249d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 5 21:24:15 2021 +0200
avformat/mxfdec: check channel number in mxf_get_d10_aes3_packet()
Fixes: Out of array access
Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen at acc.umu.se>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3dd5a8a13510d08a4e25e8f138d718672a0fed4a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=94551f3197a8570b13830f636c68f3507cd0bb7b
Author: James Almer <jamrial at gmail.com>
Date: Wed Jul 21 01:02:44 2021 -0300
avcodec/utils: don't return negative values in av_get_audio_frame_duration()
In some extrme cases, like with adpcm_ms samples with an extremely high channel
count, get_audio_frame_duration() may return a negative frame duration value.
Don't propagate it, and instead return 0, signaling that a duration could not
be determined.
Fixes ticket #9312
Signed-off-by: James Almer <jamrial at gmail.com>
(cherry picked from commit e01d306c647b5827102260b885faa223b646d2d1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=891bf1f8ad066f44ab5b9b276710ba24fdf5373e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 5 21:00:38 2021 +0200
avcodec/jpeg2000dec: Check that atom header is within bytsetream
Fixes: Infinite loop
Fixes: 36666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5912760671141888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3c659f861856d751fe3aa1358b1cccff3117f948)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e6565c33a136bba907c53e4031f6b29b94a9e807
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 4 19:55:28 2021 +0200
avcodec/apedec: Fix 2 integer overflows in filter_3800()
Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int'
Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33feb527fff9bf547c4118147434869875cf0c3d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20d93dd9e8d17e29c9d16f3da11110e767539efe
Author: Martin Storsjö <martin at martin.st>
Date: Wed Dec 11 14:18:43 2019 +0200
network: Define ENOTCONN as WSAENOTCONN if not defined
This fixes compilation with old mingw.org toolchains, which has got
much fewer errno.h entries.
Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit 6569e9505c781468092c15fa84d034c9e37d26ca)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a52654555467d20a04a32f47232a8c009b38face
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 22 20:47:00 2021 +0200
avcodec/mjpegdec: Check for bits left in mjpeg_decode_scan_progressive_ac()
Fixes: Timeout
Fixes: 36262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4969052454912000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 909faca929cf30dcd439fa33479177e76fb5121d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8028e18988445e13102d6f65b6f19b6805735698
Author: maryam ebrahimzadeh <me22bee at outlook.com>
Date: Wed Aug 4 16:15:18 2021 -0400
avformat/adtsenc: return value check for init_get_bits in adts_decode_extradata
As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary.
'buf' is part of 'AVPacket pkt'.
replace init_get_bits with init_get_bits8.
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=41d43bf61032ca747c8aa226e62c2635eab9ab86
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 25 15:50:54 2021 +0200
avcodec/webp: Check available space in loop in decode_entropy_coded_image()
Fixes: Timeout
Fixes: 35401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5714401821851648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5e00eab61112c52f27a09fe77d50e6fc508f9c53)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b8f82d437801c4b8252bbcf053b59f4719e12cd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 8 20:46:32 2021 +0200
avcodec/vc1dec: ff_print_debug_info() does not support WMV3 field_mode
Fixes: out of array read
Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c59b5e3d1e0121ea23b5b326529f5bdca44cf982)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=492318cb65967ff220ad84d2034f78c24fbdda54
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Aug 14 09:55:00 2021 +0200
avcodec/frame_thread_encoder: Free AVCodecContext structure on error during init
Fixes: MemLeak
Fixes: 8281
Fixes: PoC_option158.jpg
Fixes: CVE-2020-22037
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7bba0dd6382e30d646cb406034a66199e071d713)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=161750d194fb4997e067f90412c4430d77f98515
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jul 31 21:17:23 2021 +0200
avcodec/faxcompr: Check for end of input in cmode == 1 in decode_group3_2d_line()
Fixes: Infinite loop
Fixes: 35591/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4503764022198272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f803635c4fac761ac68b39a369272d4c26433dc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5b2d8401a51a145ca70d694c78238a8f0d2c6bba
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jul 31 00:01:53 2021 +0200
avcodec/vc1dec: Disable error concealment for *IMAGE
The existing error concealment makes no sense for the image formats, they
use transformed source images which is different from keyframe + MC+difference
for which the error concealment is designed.
Of course feel free to re-enable this if you have a case where it works and
improves vissual results
Fixes: Timeout
Fixes: 36234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6300306743885824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 643b2d49bf52d5a3205ce3db732e0c4c396bd457)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bd071f6ee077333270f63f5992eb94a556a622bd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 30 23:04:08 2021 +0200
avcodec/sbrdsp_fixed: Fix negation overflow in sbr_neg_odd_64_c()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 35593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5182217725804544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8f2856a1daa4e3d5767b6efe7a70ec86926dba47)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f110f02276e2d5c83cc2e20a18cb51801aecc17
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 1 20:42:53 2021 +0200
avformat/wtvdec: Check for EOF before seeking back in parse_media_type()
Fixes: Infinite loop
Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 89505d38de989bddd579ce3b841f1c011f1d7bf2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca1c3e2adb1a82cbbfe03cdcfa618e2bd368d440
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 27 20:57:02 2021 +0200
avformat/wavdec: Use 64bit in new_pos computation
Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9b57d2f0a967195dc1c72fda8f3a983a0132a243)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f3fc9e0fe4af29d84592a3ea0265b3b2a39bb348
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 27 20:53:32 2021 +0200
avformat/sbgdec: Check for overflow in timestamp preparation
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9dbed908403b0d97ae70881fab68020f148b6b11)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d1dc6b0858009044b34fde30c26180399dbe7e64
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 19:44:08 2021 +0200
avformat/dsicin: Check packet size for overflow
Fixes: signed integer overflow: 24672 + 2147483424 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSICIN_fuzzer-6731325979623424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9d1c47ec033d038e04578eaf0767c8983250d03d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2793fdfb24808c808fd572432341e7c3212262b2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 19:33:58 2021 +0200
avformat/bfi: check nframes
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6737028768202752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b4e77dfca1c2970446f79277034d8e60c3fe3f4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=09ffdfbd68e58791c233f4aa523d55670e65dfbf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 19:11:03 2021 +0200
avformat/avidec: fix position overflow in avi_load_index()
Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 527821a2dd6f19d9a4d2abe05833346ae86c66c6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d678a0e492f09fd158a4f42a0ce24cadb1546ad4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 17:35:20 2021 +0200
avformat/asfdec_f: Check sizeX against padding
Fixes: signed integer overflow: 2147483607 + 64 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6753897878257664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f034c2e36acb7d0c11dc1849ddf8a67bde44eff4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=15c03a7d3461a2f959885a8030eba661a535aadf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 17:28:29 2021 +0200
avformat/aiffdec: Check for size overflow in header parsing
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bae2e1977744f42d56b85193d4910811de829714)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=957d98934ddca97d5b55335760cf555942c81b91
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 31 21:00:32 2021 +0200
avcodec/aaccoder: Add minimal bias in search_for_ms()
Fixes: floating point division by 0
Fixes: Ticket8218
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 75a099fc734a4ee2b1347d0a3d8c53d883b95174)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=935e455ce4c0d28e23d52f8a5a7d471ac5f68e71
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 5 20:04:45 2021 +0200
avfilter/vf_mestimate: Check b_count
Fixes: left shift of negative value -1
Fixes: Ticket8270
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 06af6e101bbd04e8ecc5337bc3b6894a5e058e14)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3d628cae56170f27ac28f410e674dc554e33ea06
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 11 14:27:22 2021 +0200
avformat/mov: do not ignore errors in mov_metadata_hmmt()
Fixes: Timeout
Fixes: 35637/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6311060272447488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c52c99a18f6e40973e52d99d4bb29e34a66c695a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=97d06e6d60e04b8659a5a878928b611ceecc3e6d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 11 12:39:34 2021 +0200
avformat/mxfdec: Check size for shrinking
av_shrink_packet() takes int size, so size must fit in int
Fixes: out of array access
Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 65b862ab59c4bfaae98be596b84a072f52444398)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eeda5a1bd42320d227e52d8b05b37986d143cce3
Author: maryam ebr <me22bee at outlook.com>
Date: Tue Aug 3 01:05:47 2021 -0400
avcodec/dnxhddec: check and propagate function return value
Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
crafted DNxHD data can cause unspecified impact.
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: James Almer <jamrial at gmail.com>
(cherry picked from commit 7150f9575671f898382c370acae35f9087a30ba1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f5706ceea8c993f9a7a3e057dd60950516d336eb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 9 15:20:47 2021 +0200
swscale/slice: Fix wrong return on error
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7874d40f10cca922797a8da14189a53ee52f0156)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f596962a33626a9da0ea4400178fb2a1c9445b35
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jul 7 14:05:26 2021 +0200
swscale/slice: Check slice for allocation failure
Fixes: null pointer dereference
Fixes: alloc_slice.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 997f9cfc1295769be8d3180860ceebbc16f59069)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4428bd5366988d4ea9f79e145d11144a0a4a0f7c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 11 18:40:32 2021 +0200
avformat/matroskadec: Fix handling of huge default durations
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 343d950a4a8a8c32f5f7d9d4ac1fbe317cb9cc80)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a44e327a89e8dab14a628b818c20df810eb5796a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 31 15:27:18 2021 +0200
avcodec/lpc: check for zero err in normalization in compute_lpc_coefs()
Fixes: floating point division by 0
Fixes: Ticket8213
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 70874e024a6eae0f95bd8dd4b9b4367ffd937f41)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=78ece38bc034840a2ccdc4730722df3e6407cb80
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 18 22:38:40 2021 +0200
avformat/ftp: Check for av_strtok() failure
Fixes: CID1396258 Dereference null return value
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9d40782088cf969fbadc881e4a97ec22b8ae0177)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2d14096d63d1db532195f49ea1c860fb11888c69
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 16 20:36:46 2021 +0200
tools/cws2fws: Check read() for failure
Fixes: CID1452579 Argument cannot be negative
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0b3cdd7cc2c63969e144cc3eb39d0c61260509ee)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3fc0ffdf4f18542f375f0fc52be533dfec551186
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 21 22:59:04 2021 +0200
avcodec/cpia: Fix missing src_size update
Fixes: out of array read
Fixes: 35210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5669199688105984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cea05864e65db9a2dc8af82b2c63fb8f03c5f876)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff1bb8ce6bbfade1193716b64e7ec7051db4727f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 24 20:00:05 2021 +0200
avcodec/utils: Use 64bit for intermediate in AV_CODEC_ID_ADPCM_THP* duration calculation
Fixes: signed integer overflow: 486539264 * 14 cannot be represented in type 'int'
Fixes: 35281/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6068262742917120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 00ae9b77ef757f82660b4b3d2f490374a4f209fd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b7ece0fcc06f5d59a5a0feed72495a3274b690d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 26 22:35:37 2021 +0200
avformat/rmdec: Check old_format len for overflow
Maybe such large values could be disallowed earlier and closer to where
they are set.
Fixes: signed integer overflow: 538976288 * 8224 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6704350354341888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 06d174e289eb185f03a34a738965f0042f39c038)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0233d6c82965c4d95a08436cb2bbd45b7f8f6b1b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 20:45:10 2021 +0200
avformat/realtextdec: Check the pts difference before using it for the duration computation
Fixes: signed integer overflow: 5404200000 - -9223372031709351616 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-6737340551790592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fe12aa689003db9b07a6e1b837031dcc57a71435)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=115621acb26e58f953e24bda5cc15edff87d0d87
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 20:16:38 2021 +0200
avformat/qcp: Avoid negative nb_rates
Fixes: signed integer overflow: 2 * -1725947872 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_QCP_fuzzer-6726807632084992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b865cc703d29cb307e1fa628aa02940d54eb42a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=59971fee9c0d44cbcd9883bd9c1a5bf29f27a124
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 20:01:03 2021 +0200
avformat/nutdec: Check tmp_size
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6739990530883584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1ca00b5e44f21840b608e238fa135a1aab6e576b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a971e35df12ffcd916308ad8c82d7707b93656c7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 19:54:19 2021 +0200
avformat/msf: Check that channels doesnt overflow during extradata construction
Fixes: signed integer overflow: 2048 * 1122336 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6726959600107520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a1a277926b49dad60d9e78c6c7a8c6b5d0d6d7c9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4748d46ab3ca1bec2c9fb14a4cc4904456bb55e9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 24 17:42:19 2021 +0200
avformat/mpc8: Check for position overflow in mpc8_handle_chunk()
Fixes: signed integer overflow: 15 + 9223372036854775796 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6723520756318208
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6739833034768384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8ef25d118246bf443900033fb3588dba628d11b0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d8b0f5a2c038dbc466a13bd653edfa3e7bb0e497
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 24 15:41:16 2021 +0200
avformat/iff: Use 64bit in duration computation
Fixes: signed integer overflow: 588 * 16719904 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6748331936186368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 93d964689c3b2bae26e6e3f502c1ffc4c2e46989)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=035ff41b7138ddf317baea9d657b982399528b91
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 24 13:08:24 2021 +0200
avformat/dxa: Check fps to be within the supported range more precissely
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: assertion failure
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6744985740378112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6ea494befcb5d944ce8275e6f59de1a24c25ffb6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=41035de57e698e996c46b5693e19f8ef6ab44e0e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 4 22:52:41 2021 +0200
avcodec/iff: Only write palette to plane 1 if its PAL8
Fixes: null pointer passed as argument 1, which is declared to never be null
Fixes: 33791/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5107575256383488.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 216eb60b853e9a230c1238ab7d1c63d3fa892d34)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e992d0668d3db2996c5ad73e78dc855b91e9da3f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 4 18:34:44 2021 +0200
avformat/tta: Check for EOF in index reading loop
Fixes: OOM
Fixes: 33585/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-4564665830080512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b72d657b73b2aa4a2a2f72f613199e6080ad48c0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bfa18954722695fb38cc1a01f776a1ebb225d58a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 17 18:37:01 2021 +0200
Update missed irc links
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c067d20177613e9cf74bcbd2a26e729ef7ababdb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=33dabdc8a76778933e8f998d148c241e56c4c364
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 10 20:35:43 2021 +0200
avformat/rpl: The associative law doesnt hold for signed integers in C
Add () to avoid undefined behavior
Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long'
Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 480f11bdd713c15e4964093be7ef0adf5b619cc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=219839f311b9a9903b09fc976864ad26179add73
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 9 21:25:58 2021 +0200
avcodec/faxcompr: Check available bits in decode_uncompressed()
Fixes: Timeout
Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Fixes: 34966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4587409334468608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ff56c139e07a4de2803b974b6595f6b71fbf53bd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1eaabed791b9587993b4360334d6ee0e34d4abd1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 9 21:20:04 2021 +0200
avcodec/faxcompr: Check if bits are available before reading in cmode == 9 || cmode == 10
Fixes: Timeout
Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7d8421e3d5bc1300687a65384baccbcb3874b7ac)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=222fc50dbb3acda7f7451e7774172377663b46b3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 28 16:50:13 2021 +0200
avcodec/utils: do "calc from frame_bytes, channels, and block_align" in 64bit
Fixes: signed integer overflow: 104962766 * 32 cannot be represented in type 'int'
Fixes: 33614/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6252129036664832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3447979d08d701581a65f7275425cb1a59302319)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a393000d6db65eefc2e20bc32f81afbbd3253fde
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 8 20:10:56 2021 +0200
avcodec/ttadata: Add sentinel at the end of ff_tta_shift_1
Fixes: out of array access
Fixes: 34933/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5629322560929792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dbbcfbcc4e4f0e91f814f2e13ced7b6d99069518)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e8eeabea9984657baad4e8d16f2675e356892dff
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 5 20:00:38 2021 +0200
avfilter/vf_dctdnoiz: Check threads
Fixes: floating point division by 0
Fixes: Ticket 8269
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4a3917c02c428b11128ac3d4a01b780ea44aa53c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=366e80698e7976ab0d2974d64bfc2d8d4ff47c87
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jun 5 19:54:45 2021 +0200
avfilter/vf_ciescope: Fix undefined behavior in rgb_to_xy() with black
Fixes: floating point division by 0
Fixes: undefined behavior in handling NaN
Fixes: Ticket 8268
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3d500e62f6206ad11308b18976246366aed8c1a5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=300a9ab2ebf5575f1a99c00afa3ea45efada9924
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 3 22:46:05 2021 +0200
avformat/rpl: Check for EOF and zero framesize
Fixes: Infinite loop
Fixes: 34751/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5439330800762880
Fixes: 34774/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5851571660390400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a0a4a527c3b0819368d9b148542bb7663f39df79)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6bb993761e56666efe2976f059a0e028ac36c6c8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 31 21:40:17 2021 +0200
avcodec/vc2enc: Check for non negative slice bounds
Fixes: invalid shifts
Fixes: Ticket 8221
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f7862e82686b347eb6a9e64fa7ccdf25d5a76b4b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a9919e7f1faa12acc6a589ce1928e9f98fde5d5e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 26 22:43:51 2021 +0200
avformat/rpl: Use 64bit in bitrate computation and check it
Fixes: signed integer overflow: 777777776 * 4 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6726188921913344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 29b244ffc15abe2c24d2145f63048e8b3bdaa303)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0a0fc56d142f9c5799f5373ee66a668aeb11bb98
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 30 18:09:37 2021 +0200
avcodec/svq1enc: Do not print debug RD value before it has been computed
Avoids floating point division by 0
Fixes: Ticket8191
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c297f7e57a223da9f0d350e30456d60c8c87f902)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=799c7b73d8ebf20dcbaccf1222e8e832e7eb342f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 17:50:27 2021 +0200
avcodec/aacpsy: Check bandwidth
Fixes: Ticket8011
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 36dead4bc28ca8aab13c61661f28c68bdefa5e9d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=00a14cfeb2bb047234160e34516f19ca788852ee
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 17:49:22 2021 +0200
avcodec/aacenc: Do not divide by lambda_count if it is 0
Avoids Floating point division by 0
Fixes: Ticket8011
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c520b986915a3fdf3a20f6ce0ad5833eccfb7a91)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=162f4df07b49da05fbee93305298b5293569c53f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 1 10:07:05 2021 +0200
avcodec/aacenc: Use FLT_EPSILON for lambda minimum
(cherry picked from commit 4b89cf7aa49191c7f8a5ae6e9cf6cfc79ff4ee5e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a7c3cfd8ea15bee839da7fb21e41f58b8fb0db9f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 11:17:35 2021 +0200
avfilter/vf_yadif: Fix handing of tiny images
Fixes: out of array access
Fixes: Ticket8240
Fixes: CVE-2020-22021
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7971f62120a55c141ec437aa3f0bacc1c1a3526b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bb08ee0c6fb7bdebd37cbf00aefed206909e8f78)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=64602be17d29bbcd5be61e766a8ae5a60e08bd12
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 22:42:54 2021 +0100
avformat/cinedec: Fix index_entries size check
Fixes: out of array access
Fixes: 29868/clusterfuzz-testcase-minimized-ffmpeg_dem_CINE_fuzzer-5692001957445632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef75363a438b1212abeb8b3cf8d4ec451dfb199b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 09:22:27 2021 +0200
avformat/movenc: Check pal_size before use
Fixes: assertion failure
Fixes: out of array read
Fixes: Ticket8190
Fixes: CVE-2020-22015
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4c1afa292520329eecd1cc7631bc59a8cca95c46)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a6dc7ba0eced603f3e436bbb6c135b4d41e9d762
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 28 20:31:19 2021 +0200
avcodec/lpc: Avoid floating point division by 0
Fixes: Ticket7996
Fixes: CVE-2020-20445
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 38d18fb57863bb9c54e68ae44aa780c5c282a184)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f5d0848098c7877905a841b796c4e0a0de28620c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 28 20:18:25 2021 +0200
avcodec/aacpsy: Avoid floating point division by 0 of norm_fac
Fixes: Ticket7995
Fixes: CVE-2020-20446
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 223b5e8ac9f6461bb13ed365419ec485c5b2b002)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d6737266a9690975d0e1589295419c6781a4e7ac
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 28 21:37:26 2021 +0200
avcodec/aacenc: Avoid 0 lambda
Fixes: Ticket8003
Fixes: CVE-2020-20453
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=68d77a55801ac16247120765cd7532a9e173c451
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 20 20:24:21 2021 +0200
avcodec/exr: x/ymax cannot be INT_MAX
The code uses x/ymax + 1 so the maximum is INT_MAX-1
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 33158/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5545462457303040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 48342aa0750f83006582d1598b5f22297f6dbf83)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4588d46c378303445f86973beff00e555f69ecca
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu May 20 21:16:52 2021 +0200
avformat/avio: Check av_opt_copy() for failure
Fixes: CID1477416 Unchecked return value
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f8611ae1efc47fbe1aff140c89bee4fd1d62d3e1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9c858980560dbab441b12c91287798d40a8e3bae
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 15:50:43 2021 +0200
avcodec/vc1: Check remaining bits in ff_vc1_parse_frame_header()
Fixes: Timeout
Fixes: 33156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-6259655027326976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 38c47615880357314ba30727a85bf7b00989706a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=75b816f2c4f6482fb02425535ba97e34e94f4ccb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 13:30:17 2021 +0200
avformat/mov: Limit nb_chapter_tracks to input size
Fixes: Timeout (15k loop iterations instead of 400m)
Fixes: 31368/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6601583174483968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 299a56c9006b2eb8807c3e3efefb91a78fe6b3b2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=29052446dc86194e9e1cf2c6057145c1384890ea
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 28 16:44:13 2021 +0200
avformat/mvdec: Check sample rate in parse_audio_var()
Fixes: signed integer overflow: -635424002382840000 * 16 cannot be represented in type 'long'
Fixes: 33612/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5704741108711424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0ff60249a57cba00ab679ca6190a802cc0c7b9c7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6838715c82f314c56076b573fcddbf03c6ce326b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 28 16:58:50 2021 +0200
avcodec/faxcompr: Check for end of bitstream in decode_group3_1d_line() and decode_group3_2d_line()
Fixes: infinite loop
Fixes: 33674/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4816457818046464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 08d2df41538b583932c1a6772e3c8978a2334107)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8fd09b2f3410732f794504d04e179ba6af95e174
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Apr 29 21:21:27 2021 +0200
avcodec/utils: treat PAL8 for jpegs similar to other colorspaces
Fixes: out of array access
Fixes: 33713/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5778775641030656
Fixes: 33717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4960397238075392
Fixes: 33718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-5314270096130048.fuzz
Fixes: 33719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5352721864589312
Fixes: 33721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5938892055379968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f0ce023ddb8863d16ab650fcc0731851a55db084)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=241b505b0c71f64edd13b137d0b8b4b1c4fd61fb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 2 15:49:55 2021 +0200
avcodec/jpeglsdec: Set alpha plane in PAL8 so image is not 100% transparent
Fixes: tickets/3933/128.jls
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 011006874cb46325b6bc83234f81879ff421c05f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bb46e9cc84675cb0bb342c246596435ebc56083e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 20:23:44 2021 +0200
avformat/id3v2: Check end for overflow in id3v2_parse()
Fixes: signed integer overflow: 9223372036840103978 + 67637280 cannot be represented in type 'long'
Fixes: 33341/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6408154041679872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit efdb56450418933965dc6e27f0b1625d25e44a8c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=17836637dbe0f2ab8430dfd6f8b8778bd7e60053
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 20:23:41 2021 +0200
avformat/wtvdec: Improve size overflow checks in parse_chunks()
Fixes: signed integer overflow: 32 + 2147483647 cannot be represented in type 'int
Fixes: 32967/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5132856218222592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f8ec1da8ac8e3daf2403e744f166ea9557b2d333)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ccbac1ee80465dbe0193fec454b75acdfa748cb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Apr 15 20:08:22 2021 +0200
avcodec/faxcompr: Check remaining bits on error in decode_group3_1d_line()
Fixes: Timeout
Fixes: 32886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4779761466474496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b3881f0da6da00cb6b5b123328e2fbfca936c47)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=facc1ef12b48defb7ab2f130f4f1ec7736309cdd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 10 20:32:55 2021 +0200
avcodec/utils: Check ima wav duration for overflow
Fixes: signed integer overflow: 44331634 * 65 cannot be represented in type 'int'
Fixes: 32120/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-5760221223583744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f40e9b13554d88cbdd6cd2b4a3da2cbea9590f5d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e3e8daeceb95756fe660795186d493bf45171f9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 9 22:46:13 2021 +0200
avformat/cafdec: Check channels
Fixes: signed integer overflow: -1184429040541376544 * 32 cannot be represented in type 'long'
Fixes: 31788/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6236746338664448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 641c1db22bb27752b925293ad93f68843baa43bf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3f69b4640f2285ab51bc85b068e78fffac1cd5c7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 11 21:04:12 2021 +0200
avcodec/dpx: Check bits_per_color earlier
Fixes: shift exponent 251 is too large for 32-bit type 'int'
Fixes: 32147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-5519111675314176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c093eb30311b7148a4da1c7555498187c8cdf0db)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=57685d44eeee3b11f9915de396d1da4766f46186
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 30 13:22:14 2021 +0200
avcodec/pnm_parser: Check image size addition for overflow
Fixes: assertion failure
Fixes: out of array access
Fixes: 32664/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6533642202513408.fuzz
Fixes: 32669/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6001928875147264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 79ac8d55468adc9cb9a0908e671807a2a789b7d0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1ac69695172dd844352ed7f54cc05cd8bea32492
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 30 11:03:56 2021 +0200
avformat/rmdec: use larger intermediate type for audio_framesize * sub_packet_h check
Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
Fixes: 31406/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5024692843970560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cf2fd9204b3c707d9e414583b043ee88b8e8c52e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eca0a942ea3f535e8252da663c711b429df2d83f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 20 14:36:28 2021 +0100
avcodec/h264_slice: Check input SPS in ff_h264_update_thread_context()
Fixes: crash
Fixes: check_pkt.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ceae92cb291c2536a93482cdf3c1ae3f7330b924)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c5a26f45119845bf87cd2c178a4b2bd70329f5cb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 22 15:22:35 2021 +0100
avcodec/mpegvideo: Update chroma_?_shift in ff_mpv_common_frame_size_change()
Fixes: out of array access
Fixes: 31201/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4627865612189696.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 87d87e6587deec1fa8ed5f5c6901535becdb0358)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=752fa02287065c757b9b0e75708c6a52c2ea62a2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 24 17:03:08 2021 +0100
avformat/mov: Ignore multiple STSC / STCO
Fixes: STSC / STCO inconsistency and assertion failure
Fixes: crbug1184666.mp4
Found-by: Chromium ASAN fuzzer
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2611d20d353026f996cb9aaced8b35db37f490d4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63f7a6310b231abdc126e058e99e0b3fba1d3228
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 2 17:29:23 2021 +0100
avformat/utils: Extend overflow check in dts wrap in compute_pkt_fields()
Fixes: signed integer overflow: -9223372032574480351 - 4294967296 cannot be represented in type 'long long'
Fixes: 30022/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5568610275819520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b37ff29e0e093b15585e9fb44bbd82bdf14b5230)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8e1d95861065e42cb288a84f928fe3032dbcc3bd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 19 21:43:45 2021 +0100
avfilter/vf_scale: Fix adding 0 to NULL (which is UB) in scale_slice()
Found-by: Jeremy Leconte <jleconte at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1cf96ce269364e3c2b4ec2097f121ad42b336839)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fcd8bfa3b916ac78ada7ae5dd68a07a939e84a6e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 15 09:47:43 2021 +0100
avutil/common: Add FF_PTR_ADD()
Suggested-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 522a5259e9cc17faf1f83c9cfb93c960a2ecf8a2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bda74d0f2053d13b05f8612b1a82cab0e985c0b4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 4 00:30:45 2021 +0100
avformat/wtvdec: Check size in SBE2_STREAM_DESC_EVENT / stream2_guid
Fixes: signed integer overflow: 539033600 - -1910497124 cannot be represented in type 'int'
Fixes: 30928/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5922630966312960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1f74661543c0c336e88846f90608fda7bd12deac)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=88627638d564904481161e365d6e39508aff6ebf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 4 19:21:35 2021 +0100
avformat/cafdec: Do not build an index if all packets are the same
Fixes: Timeout
Fixes: 28214/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6495999421579264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ea12590c8ecc1e3c4c7732e5adced21fb5feffa6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5079967d37bd3a1edb6f124a907c90f3a8aca5b5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 10 23:05:17 2021 +0100
avcodec/sonic: Use unsigned temporary in predictor_calc_error()
Fixes: signed integer overflow: -2147471366 - 18638 cannot be represented in type 'int'
Fixes: 30157/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5171199746506752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 075d793ba87635b77f8302d8a454fa681f90d267)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a2b7f4a1015be993d6bcbe9d08239076aee7de8b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Feb 11 22:58:53 2021 +0100
avformat/flvdec: Check array entry number
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 30209/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-5724831658147840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b5d8fe1c874947ca67ee8117b18f8052f0e590fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=698d23aebf4efa7bd6b4b78ffe453012a1b42268
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Mar 20 17:02:36 2021 +0100
avcodec/h264_slice: Check sps in h264_slice_header_init()
Fixes: null pointer dereference
Fixes: h264_slice_header_init.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Tested-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 80472438996ed1928b30f6ac4e0d17a492de2cdf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bf8e7c2b17d1d142627aa78f0b51fa1abcb2bef2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 18 18:01:52 2021 +0100
avformat/movenc: Avoid loosing cluster array on failure
Fixes: crash
Fixes: check_pkt.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5c2ff44f915d6ceeea36a2f99e534562764218dd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=92049dc2054e99fad8b041c53ba7bdfd2b3dceab
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 18 10:59:19 2021 +0100
avformat/avidec: Check for dv streams before using priv_data in parse ##dc/##wb
Fixes: null pointer dereference
Fixes: 31588/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6165716135968768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f733688d30021587c3f3a1b280d6ece8b04f26ff)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=134e261b990a9ac166fa243cf9903f3226d2c4ae
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 17 23:39:04 2021 +0100
avformat/mov: Check sample size for overflow in mov_parse_stsd_audio()
Fixes: signed integer overflow: 2 * 1914708000 cannot be represented in type 'int'
Fixes: 31639/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6303428239294464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d35677736a59ec6579b4da63d9b1444986ba339e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9a261e56817541de53f7e7d99e8c2db577133ad3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 5 20:27:50 2021 +0100
avcodec/ffwavesynth: Avoid signed integer overflow in phi_at()
Fixes: signed integer overflow: 2314885530818453536 - -9070214327174160352 cannot be represented in type 'long'
Fixes: 31000/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-6558389742206976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit be08b84f8bb7acc0c45800c7f488399327a22961)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=77cab29a285e66fae3adbbe2c1f55aa6325c825d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 19 16:30:08 2021 +0100
avcodec/mpeg4videoenc: Check extradata malloc()
Fixes: Null pointer dereference
Fixes: any mpeg4 testcase which fails the malloc at that exact spot
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33a1687bf623cdd5c6ffe8f63024d22ed20b4ead)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b2d4f33fd42d177c38ff0b32683c9a1e6bd2c67e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jan 29 21:18:36 2021 +0100
avformat/matroskadec: Check for EOF in resync loop
Fixes: Timeout (too long -> instantly)
Fixes: 29136/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4586141227548672
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5282147d0c92ac821e85b93e2db6704f4720e0c1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=81e27dc15b36de2442eef584b8a03dcc070491d8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 1 19:55:03 2021 +0100
avcodec/utils: Use more bits for intermediate for AV_CODEC_ID_ADPCM_MS
Fixes: signed integer overflow: 1172577312 * 2 cannot be represented in type 'int'
Fixes: 29924/clusterfuzz-testcase-minimized-ffmpeg_dem_BOA_fuzzer-4882912874594304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0f441b9063281d8ef5d4c30b10379d08aad8924f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c13d2e47decbe4a656f0ee556a68bce53fc737fa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 2 20:07:13 2021 +0100
avcodec/jpegls: Check A[Q] for overflow in ff_jpegls_update_state_regular()
Fixes: Timeout
Fixes: 30912/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5556235476795392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8a3fea802a3e4274dbe084d372ec8aeab3932b3e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=88974483a4044f81fb288a50b680abf3337f0ff2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 1 13:44:12 2021 +0100
avutil/timecode: Avoid fps overflow
Fixes: Integer overflow and division by 0
Fixes: poc-202102-div.mov
Found-by: 1vanChen of NSFOCUS Security Team
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c94875471e3ba3dc396c6919ff3ec9b14539cd71)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2d0320b7af3322af868dc728be1995a21da9dc49
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 22 20:20:48 2021 +0100
avformat/mvi: Check audio size for more overflows
Fixes: left shift of negative value -352256000
Fixes: 30837/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5755626262888448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 403b35e16e16a8c4a13e531ccdc23598f685ca20)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d446934d39f33617d9c8bffa2606f3043ba5d46b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 21:22:11 2021 +0100
avcodec/ffv1dec: Check if trailer is available
Fixes: out of array read
Fixes: 29750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-4808377272238080.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 36ad2f41e30ad9f2a8ead76e0b1526b9712f0925)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6f7af297c6a71d90894587610df1aa94bca76571
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 9 21:39:30 2021 +0100
avcodec/4xm: Check pre_gb in decode_i_block()
Fixes: Timeout
Fixes: 31257/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5150866229297152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b87781649e2862d07fcb8d322289d89b47a530b6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fcab70315ccfdad7e7dafffaf1185a107726b128
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 30 19:09:36 2021 +0100
avcodec/dcadsp: Fix integer overflow in dmix_add_c()
Fixes: signed integer overflow: 1515225320 + 759416059 cannot be represented in type 'int'
Fixes: 29256/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DCA_fuzzer-5719088561258496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b4ebf483bcbf2e5db6bd29607142741f62598b4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=693dbc30a5504d8bef537176af0c4228c1dd4247
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 26 16:50:10 2021 +0100
avformat/flvdec: Check double before cast in parse_keyframes_index()
Fixes: -2.21166e+304 is outside the range of representable values of type 'long'
Fixes: 29169/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5725452796821504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 09e5e406c7b9d7c1ee97ebae1476a2f68e6a90d1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3374ed3d42a4faf709cc14f494cdfdfa251c1d75
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 20 00:11:34 2021 +0100
avformat/paf: Check for EOF before allocation in read_header()
Fixes: OOM
Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bcb1e9d3b9b97359e01e5978067c8ee558efa8b4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cf8a7b7b4e78df0c020d17281a1af8e11490aaad
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 20 23:56:43 2021 +0100
avcodec/aacdec_template: Avoid undefined negation in imdct_and_windowing_eld()
Fixes: negation of -2147483648 cannot be represented in type 'INTFLOAT' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 29057/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5642758933053440
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 633924539aae73714facf31aa7001d01e8be48a1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=737803535f881568d71908ca86fa11b421f32161
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 22:08:25 2021 +0100
avformat/lxfdec: Fix multiple integer overflows related to track_size
Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_LXF_fuzzer-6634030636335104
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7819412f4468514a2bab924291d79806a569388c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5310bf2493fe15b25748711d63df906cf2e4ba7b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 3 10:49:04 2021 +0100
avformat/aiffdec: Check that SSND is at least 8 bytes
Fixes: Infinite loop
Fixes: 30874/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5933710488764416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 460d3dc41f57a6dcefbd72db6e2e368fee05340b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=be7d80bc43cccdf941894623542075445c3960bb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 3 10:49:03 2021 +0100
avformat/dcstr: Check sample rate
Fixes: signed integer overflow: -1300248894420254720 * 16 cannot be represented in type 'long'
Fixes: 30879/clusterfuzz-testcase-minimized-ffmpeg_dem_DCSTR_fuzzer-5094464215449600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fdcb966f4a3c6f872891b8dd554e3652b9e02d4f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c97f77e4077da73c12e5adc498ebce4b2fae63f2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 1 23:24:37 2021 +0100
avcodec/alsdec: Check bitstream input in read_block()
Fixes: Timeout
Fixes: 28110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5036338973507584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 53d739db4e528388fae89459e887a633ffbce12c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ea95ff0a087e0dfbcd27b399adba33595bd2b066
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Dec 13 00:08:46 2020 +0100
avformat/mov: Extend data_size check in mov_read_udta_string()
Fixes: signed integer overflow: -2147483634 - 16 cannot be represented in type 'int'
Fixes: 28322/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5711888402612224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 74c4c539538e36d8df02de2484b045010d292f2c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=70bb5c2a25ebcbe2c7c207ff330d815206428500
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 12 01:24:42 2020 +0100
avformat/voc_packet: Add a basic check on max_size
Fixes: signed integer overflow: -2147483648 - 4 cannot be represented in type 'int'
Fixes: 28127/clusterfuzz-testcase-minimized-ffmpeg_dem_VOC_fuzzer-4880586455646208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 52f75181bfada2b4b127e744674591c7753c4b7d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=52022eec69ddf30a500172fe7b3be9f0faa6ada0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 11 01:06:46 2020 +0100
avformat/microdvddec: use 64bit for durations
Fixes: signed integer overflow: 7 - -2147483647 cannot be represented in type 'int'
Fixes: 28036/clusterfuzz-testcase-minimized-ffmpeg_dem_MICRODVD_fuzzer-5171698751766528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f569ac4ce0514bf4e0dd768c5ed007c82548d326)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6173ca00f7c4d2a9124f05cb29ac77733a1ed543
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 19 21:16:25 2021 +0100
avcodec/hapdec: Change compressed_offset to unsigned 32bit
Fixes: out of array access
Fixes: 29345/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5401813482340352
Fixes: 30745/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5762798221131776
Suggested-by: Anton
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 89fe1935b18621af06587c76bcde6adcdc8f2249)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86e3f06eec40686346488305851d376b32a3bbb6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 15 20:52:17 2021 +0100
avformat/rmdec: Check codec_length without overflow
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 30333/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5175286983426048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d558c9f2375fd2136d20422cb1119cfbf872abeb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7efc9ebf086f139fa250e76d35a1944352f56011
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 15 20:41:31 2021 +0100
avformat/mov: Check element count in mov_metadata_hmmt()
Fixes: Timeout
Fixes: 30325/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6048395703746560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1d277b92fa4c149d589e6828d4e18ad578406f1f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9243ed1fd3595dd629ddb98a3ac55c64ffbb35c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 19 00:00:40 2020 +0100
avformat/nutdec: Check timebase count against main header length
Fixes: Timeout (long -> 3ms)
Fixes: 28514/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6078669009321984
Fixes: 30095/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-5074433016463360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c425198558826795d94af45eeb9d94e4436c9a0f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9ab9bfe4ee0ee33945dc001e1ff83a93789a381
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Feb 11 22:40:21 2021 +0100
avformat/electronicarts: Clear partial_packet on error
Fixes: Infinite loop
Fixes: 30165/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6224642371092480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 59bb9dc2a670cbe5d659585392b6d79f7bb6d40f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e5dac881848ac1004942e5cd7ed82135d84ac604
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 10 23:21:53 2021 +0100
avformat/r3d: Check samples before computing duration
Fixes: signed integer overflow: -4611686024827895807 + -4611686016279904256 cannot be represented in type 'long'
Fixes: 30161/clusterfuzz-testcase-minimized-ffmpeg_dem_R3D_fuzzer-5694406713802752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7a2aa5dc2af6c4fc66aaedd341b0886fbc746f0d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b3a9f2dfbf2876231870bdbfc7c55c9b92fdd91a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 24 00:22:39 2020 +0100
avformat/wavdec: Consider AV_INPUT_BUFFER_PADDING_SIZE in set_spdif()
The buffer is read by using the bit reader
Fixes: out of array read
Fixes: 27539/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5650565572591616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0a7c648e2d85a59975cc88079975cf9f3306ed0a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0146375f9a118245ed8f01a22bd5137e462181d0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 10 22:28:20 2021 +0100
avcodec/pnm_parser: Check av_image_get_buffer_size() for failure
Fixes: out of array access
Fixes: 30135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-4997145650397184
Fixes: 30208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5605891665690624.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5314a4996cc76e2a8534c74a66f5181e95ac64fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=de6e245fcecfbd9748b2db689b2f5d962c517e63
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 30 22:04:37 2020 +0100
avformat/rmdec: Check remaining space in debug av_log() loop
Fixes: Timeout (long -> 2 ms)
Fixes: 26709/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5665833403285504
Fixes: 27522/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-6321071221112832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a8fe78decd700afec461f06df4ce0d36f3e9cc4b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=67c197abaf26a61ba4e4ff03c02b6cd35588970a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Nov 23 21:42:23 2020 +0100
avformat/flvdec: Treat high ts byte as unsigned
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 27516/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5152854660349952
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f514113cfa9fc44d80086bb2a2b783e8026dc3a9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ac3fadfa7f1e99ba92af7623fd3525bbba69f1f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 17:00:38 2021 +0100
avformat/samidec: Sanity check pts
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 29743/clusterfuzz-testcase-minimized-ffmpeg_dem_SAMI_fuzzer-5499256859394048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2014b0135293c41d261757bfa1aaba51653bab8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=752575d95329d08edb85ab6a5e069e498febaa53
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:30:59 2021 +0100
avformat/avidec: Use 64bit in get_duration()
Fixes: signed integer overflow: 2147483424 + 8224 cannot be represented in type 'int'
Fixes: 29619/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5191424373030912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a0ceb0cdd41b56241697cd8f83e22cdb4822d2d9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=44919d079c346539885569f285d8ea12c041aec3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:19:42 2021 +0100
avformat/mvdec: Check for EOF in read_index()
Fixes: Timeout
Fixes: 29550/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5094307193290752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6c64351bb1f4dc148069a37754b746fcd4c784cf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ecf7cb4579662b63e8bdf8b7068d7bda331c6d6c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 30 19:37:52 2021 +0100
avcodec/jpeglsdec: Fix k=16 in ls_get_code_regular()
Fixes: Timeout
Fixes: left shift of 33046 by 16 places cannot be represented in type 'int'
Fixes: 29258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-4889231489105920
Fixes: 29515/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-6161940391002112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 980900d991606cbc3747b37d6e83c7aae98cbecc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d474fa3e3c24ee6cc07f51f8c9af85e12d080164
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:14:03 2021 +0100
avformat/id3v2: Check the return from avio_get_str()
Fixes: out of array access
Fixes: 29446/clusterfuzz-testcase-minimized-ffmpeg_dem_AAC_fuzzer-5096222622875648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 25f240fcb398eb499ca4b70c026a8bb9f2a32731)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d472de012ab87e2d608681195c494f113130d013
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 14:59:27 2021 +0100
avcodec/hevc_sei: Check payload size in decode_nal_sei_message()
Fixes: out of array access
Fixes: 29392/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4821602850177024.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0791a515d38fd35c1e2a309ec8f4015153687b8c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4fd805a2ae03dfed4bbec14bffa645779b874758
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:22:53 2021 +0100
libavutil/eval: Remove CONFIG_TRAPV special handling
Fixes: division by zero
Fixes: 29555/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVO_fuzzer-5149951447400448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8574fcbfc7784173347418e09035ff8121574571)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=439d8ae6848ae0f81f5bccd7908c0bfe8de1e71f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 8 14:29:01 2021 +0100
avformat/wtvdec: Check len in parse_chunks() to avoid overflow
Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int'
Fixes: 30084/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6192261941559296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5552ceaf568915e668679f9581e07eb5507cafc4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1be3f57841f4b40d7fd607f3cfac198b2807b493
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Feb 7 21:50:03 2021 +0100
avformat/asfdec_f: Add an additional check for the extradata size
Fixes: OOM
Fixes: 30066/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6182309126602752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2c8cd4490a6ab2742e6ad1ce059b4f4957b39500)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=099130c0cd559a247cf3892ea5222e670268748b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 8 14:29:02 2021 +0100
avformat/3dostr: Check sample_rate
Fixes: signed integer overflow: -1268324762623155200 * 8 cannot be represented in type 'long'
Fixes: 30123/clusterfuzz-testcase-minimized-ffmpeg_dem_THREEDOSTR_fuzzer-6710765123928064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7e5034f97e41d3f8112c1f8da3b5274ab99ef6f8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d38f2e23e51a632a3392ab132e5a1b656b729f17
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 20:41:56 2020 +0100
avformat/4xm: Make audio_frame_count 64bit
Fixes: signed integer overflow: 2099257366 * 2 cannot be represented in type 'int'
Fixes: 27486/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-5112179134824448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 842c268c6436c9e90e689402be138c2e539f7059)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c72722ffc2136124dd29245613521921b171296
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 19:13:01 2020 +0100
avformat/mov: Use av_mul_q() to avoid integer overflows
Fixes: signed integer overflow: 538976288 * 538976288 cannot be represented in type 'int'
Fixes: 27473/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5758978289827840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f70e1ec0cfa8ae24b224faf522c1d6ca95a42f6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e2bd33c8de5c189ab0e9f3e278c81ab7325907fb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 17:55:12 2020 +0100
avcodec/vp9dsp_template: Fix integer overflows in itxfm_wrapper
Fixes: signed integer overflow: 2147483641 + 32 cannot be represented in type 'int'
Fixes: 27452/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5078752576667648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4dfb7ff528c02afbafba14676c139ecb82164c44)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8b0386154a171823e1fd42b7e3c5af4010f0d629
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 3 00:54:46 2020 +0100
avformat/rmdec: Reorder operations to avoid overflow
Fixes: signed integer overflow: -2147483648 - 14 cannot be represented in type 'int'
Fixes: 27659/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5697250168406016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b12e713b8061cc6a71ec69da946552bc593d5fa7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4fdb414590750d54519d1817331fa1df2ac8e69c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 3 00:31:07 2020 +0100
avcodec/mxpegdec: fix SOF counting
Fixes: Timeout (>10sec -> 15ms)
Fixes: 27652/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5125920868007936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 401495def62638a205569cac0f7861c7faba4d18)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5ef9f6e6e3d491b82da2acb56a0d0cd7e65d73d0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 00:31:47 2020 +0100
avcodec/rscc: Check inflated_buf size whan it is used
Fixes: out of array access
Fixes: 27434/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RSCC_fuzzer-5196757675540480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
(cherry picked from commit a5ed6da9bdbe32408aabe1c75e4b55fcaeec1e9b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=00cc2e7df2a60f9166eae13766ba1ab729232d3e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 2 20:47:10 2021 +0100
avformat/mvdec: Sanity check SAMPLE_WIDTH
Fixes: signed integer overflow: 999999999 * 8 cannot be represented in type 'int'
Fixes: 30048/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5864289917337600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ab82c105787fa81d1e35b9209f3d53e98be936a4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6180a967b7f5473a5b4b816c000a2a1fae09724f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 18 23:13:58 2020 +0100
avformat/rmdec: Fix codecdata_length overflow check
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 28509/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-6310969680723968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3c41d0bfd6041890b394a3e6eb2f8da92b83416b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=68b034625c80870283c42226d466dbfeedbf7ffd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 18 00:31:08 2020 +0100
avcodec/simple_idct: Fix undefined integer overflow in idct4row()
Fixes: signed integer overflow: -1498310196 - 902891776 cannot be represented in type 'int'
Fixes: 28445/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5075163389493248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 57f7e5caa324fd760aa9e134ee963e9936083c59)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ec328d53ce65cdc3d35f27a2ebb4b3e3c277e09
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 22:57:28 2021 +0100
avformat/tta: Use 64bit intermediate for index
Fixes: signed integer overflow: 42032 * 51092 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-6679539648430080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fd61b42b4c8709a7888fa5c9cce0c19d754e39fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a4fc719fc53f822d7e0a9067477ced08d279f5c8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 22:52:59 2021 +0100
avformat/soxdec: Check channels to be positive
Fixes: signed integer overflow: 32 * -1795162112 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SOX_fuzzer-6724151473340416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b0588b73daeb0e6a0741f39b33943c67eac71619)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=05efd2ec5c0ae8c6d41da2f8404fb3f7b9203c31
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 30 00:46:26 2021 +0100
avcodec/vp3: Check input amount in theora_decode_header()
Fixes: Timeout
Fixes: 29226/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-6195092572471296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 869fe41d1088c4badcd98ee1ca2490451a07b173)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e59cb0f33a83b7a65f92d508c41108d6ca4432c5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jan 29 23:58:04 2021 +0100
avformat/wavdec: Check avio_get_str16le() for failure
Fixes: out of array access
Fixes: 29195/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5037853281222656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d7594ee751e621f6c7ef4d4977c4a3ce169ae0af)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2ed03339c3660168dbf06c0ad9b6584b48828995
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 12 21:54:31 2021 +0100
avformat/flvdec: Check for EOF in amf_skip_tag()
Fixes: Timeout
Fixes: 29070/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5650106766458880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9725d07a1770fbfafe5f7b3f7d95a2a513308538)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e537ef1a0d92a2e9d53a4790ae6f56fbb8e438c6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 10 23:01:12 2020 +0100
avformat/aiffdec: Check size before subtraction in get_aiff_header()
Fixes: Infinite loop
Fixes: 27235/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5761398380167168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8af299acde9601e64740b75430960503615873b4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a2c10d3b2a6ecb720050dac5bfe0f09245b373c0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 12 22:18:59 2021 +0100
avformat/electronicarts: More chunk_size checks
Fixes: Timeout
Fixes: 26909/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6489496553783296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d03f0ec9a1ce9903ae533059d30758bede238e40)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a09824a0a71a7cb457e05c6850d857373aa7bba8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 7 21:11:32 2020 +0100
avformat/tedcaptionsdec: Check for overflow in parse_int()
Fixes: signed integer overflow: 1111111111111111111 * 10 cannot be represented in type 'long'
Fixes: 26892/clusterfuzz-testcase-minimized-ffmpeg_dem_TEDCAPTIONS_fuzzer-5756045055754240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b0f8586ca9853ab3d324ccd3c42bad4375000b0a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=456fccdad6d1428549e0af5e883434d028533b94
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 24 20:42:27 2020 +0100
avformat/mpc8: Check size before implicitly converting to int
Fixes: Timeout
Fixes: 28551/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6229183210586112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 78d6d8ddb571ecca54616517defbf894a45ea9c3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=56004939a18721a20b3c6a3d2a2b8e9e35e1e365
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 16 22:44:33 2021 +0100
avformat/nutdec: Fix integer overflow in count computation
Note, the value is checked a few lines later already
Fixes: signed integer overflow: -440402016 - 1879048064 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6603876618469376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0014249fd92132515b3ff0ce034dd65e745cb400)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f8a147dfde092f97dbc5d1f6fc5b0052dd602f7d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 16 22:20:37 2021 +0100
avformat/mvi: Use 64bit for testing dimensions
Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-6649291124899840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 48fb752767086a48e599f9e86d87096f66cc7590)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=af35cb648a365f54f49531ffec44bc98d57ecb9b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 16 22:05:53 2021 +0100
avformat/utils: Check dts in update_initial_timestamps() more
Fixes: signed integer overflow: -9223372036853488158 - 90000000 cannot be represented in type 'long long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MPSUB_fuzzer-6696625298866176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 29851cb840c176d514573914799ca6c95f3f4e8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=279b58906dc88026a83068ef489a422bbe19778c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 26 17:41:28 2021 +0100
avformat/flvdec: Check for avio_read() failure in amf_get_string()
Suggested-by: Anton Khirnov <anton at khirnov.net>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cb316676112c01e8d66420908b6b3d06b3b498e3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6791fd5c1332ad99f9b9330ae3225633cff7b9fa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 23 22:00:40 2021 +0100
avformat/flvdec: Check for nesting depth in amf_skip_tag()
Fixes: out of array access
Fixes: 29440/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5985279812960256.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2ef522c918d48b9f101548b2cadce02003cb3510)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=96d4eaf592bd9d71395339ca424bb4fd1a53ef35
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 23 21:20:57 2021 +0100
avformat/flvdec: Check for nesting depth in amf_parse_object()
Fixes: out of array access
Fixes: 29202/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5112845840809984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 074e204b42acdacc0a055671481e00914524af93)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=14046c7ba69339ced152c2a4c7bdcae589f4eda1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 20 00:00:27 2021 +0100
avformat/asfdec_o: Check for EOF in asf_read_marker()
Fixes: Timeout
Fixes: 26460/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5710884393189376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9e3d09f435f83f9653056b2fecc4d03ac45f3ffd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=463cbe50679c2bca18185304047802453654b0c7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 21:29:01 2021 +0100
avformat/utils: Check dts - (1<<pts_wrap_bits) overflow
Fixes: signed integer overflow: -9223372036842389247 - 2147483648 cannot be represented in type 'long long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-4845007531671552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d82ee907d6caafbc1212c4b63ecac2dcd30f23b0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e44c44cd45fbb45afc6e5e8ff3626900ed52ed7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 18:41:41 2021 +0100
avformat/bfi: Check chunk_header
Fixes: signed integer overflow: -2147483648 - 3 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6665764123836416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 638a151a877c27a46c15643db26c9ba726feecde)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=55658df3d1b0a314f5a64fcb4e3b1e5c846c5d62
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 18:38:16 2021 +0100
avformat/ads: Check size
Fixes: signed integer overflow: -2147483616 - 64 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_ADS_fuzzer-6617769344892928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c78b2b138ce222de2f4cecac8fd4361f05ee9428)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=349a1d01c51361c5b823245fc8e06b66a8efbf67
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 2 00:58:42 2021 +0100
avformat/iff: Check block align also for ID_MAUD
Fixes: Timeout & OOM
Fixes: 28701/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5185094964871168
Fixes: 29116/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4874284795297792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b17ffe8f8f30ba03901bcf7caa6c523e874e8fde)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e37c5f6d6add1ce4e3e69de0f99375c97c40da82
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 3 19:21:18 2020 +0100
avcodec/utils: Check for integer overflow in get_audio_frame_duration() for ADPCM_DTK
Fixes: signed integer overflow: 131203586 * 28 cannot be represented in type 'int'
Fixes: 26817/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6296902548848640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2488ba85a0fa5ee4125888258d3d95ce3f03bbb6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=95671d383f52908f4bcfcd8c7b4dc1c76ed3f8dc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 21 21:41:41 2021 +0100
avformat/mxfdec: Fix integer overflow in next position in mxf_read_local_tags()
Fixes: signed integer overflow: 9223372036854775723 + 8192 cannot be represented in type 'long'
Fixes: 29072/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4812604904177664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d3d9b1fc8e2dfc8b4d66c9916ab7221062ff4660)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d558c0cae0ee861e6d86eedca0f27a70b7c929c4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Nov 9 21:48:31 2020 +0100
avformat/avidec: dv does not support palettes
Fixes: memleak
Fixes: 26937/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5763003338981376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b373b41d940e3058cdfb3d17703e23ed665353c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b5a1384287054f442334845039265f964b9daa8e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Nov 9 19:58:20 2020 +0100
libavformat/utils: consider avio_size() failure in ffio_limit()
Fixes: Timeout (>20sec -> 3ms)
Fixes: 26918/clusterfuzz-testcase-minimized-ffmpeg_dem_THP_fuzzer-5750425191710720
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b1dac2716d713dfd6949b7eb4a3c18c16f1faf6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=65dd97ac32d9fe608dafa0ce735ad37a5f52e09d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 12 21:17:18 2021 +0100
avformat/asfdec_o: Check size vs. offset in detect_unknown_subobject()
Fixes: signed integer overflow: 2314885530818453566 + 7503032301549264928 cannot be represented in type 'long'
Fixes: 26639/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6024222100684800
Alternatively this could be ignored but then the end condition of the loop
would be hard to reach as avio_tell() is int64_t
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0bee216ad454dd7238a03dd9a76428cc6c3233cc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ac301bcf8ea0e4d13dbbd7c345686763a732a9c0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Aug 15 22:52:42 2020 +0200
avformat/utils: check for integer overflow in av_get_frame_filename2()
Fixes: signed integer overflow: 317316873 * 10 cannot be represented in type 'int'
Fixes: 24708/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5731180885049344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 03c479ce236955fc329c7f9f4765ee1ec256bb73)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=090893695e4347b871f2efd3285804a4e8a99ef4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 28 21:31:16 2020 +0100
avutil/timecode: Avoid undefined behavior with large framenum
Fixes: signed integer overflow: 2147462079 + 2149596 cannot be represented in type 'int'
Fixes: 27565/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5091972813160448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b1905739638c22b476c99c679b41f29fa00bf07)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fa3dc72efcdf4da93cf816adebe497a321d535a5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 00:07:29 2021 +0100
avformat/sbgdec: Reduce the amount of floating point in str_to_time()
Fixes: 1e+75 is outside the range of representable values of type 'long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6626834808700928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ac6c8993f79eaefb76e1fdf0eef5373ab3a46a4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bdfb379795aef50054da968577f3b56cab6c9be5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 20:22:48 2020 +0200
avformat/mxfdec: Free all types for both Descriptors
Fixes: memleak
Fixes: 26352/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5201158714687488
Suggested-by: Tomas Härdin <tjoppen at acc.umu.se>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 88519be8db66811e203408b413d9039ac9c3fe91)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8715db6e6d210b7e90b3551b3a1f7783b2ef7dfb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 18:01:11 2020 +0200
uavformat/rsd: check for EOF in extradata
Fixes: OOM
Fixes: 26503/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6530816735444992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7186ec88b98bc589f1403985ab10cc7f77461ec8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9138413c992dac508436707c59922afbf54e100
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 4 00:52:47 2020 +0100
avcodec/wmaprodec: Check packet size
Fixes: left shift of negative value -25824
Fixes: 27754/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5760255962906624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 69aeba8a19ac2fa6e1c9bdfb19229b513f314bb1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=981624face9c9ac8fc7920ac976d56e475ba7ce2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Dec 27 18:47:44 2020 +0100
avformat/mpegts: Fix argument type for av_log
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 654b21ef176a807bf4e8359a4ed52c629d766100)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d53d36e93d49af6847a7725f3179bb81ee755a0a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 18 00:48:26 2020 +0100
avformat/cafdec: clip sample rate
Fixes: 1.21126e+111 is outside the range of representable values of type 'int'
Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5412960339755008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 684aec6a6872c9e3bb0afee1979f1cd3edd1f8ce)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6cdbedbfb7e9e596c4f989b56f870ce7233c2ce5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 19 00:22:04 2020 +0100
avcodec/ffv1dec: Fix off by 1 error with quant tables
Fixes: assertion failure
Fixes: 28447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5369575948550144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5cae71d2b722d0beed4d46f189db42fbb57d877b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=10b493af689b3aab8342daf248cbd89a39b2f587
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 19 00:22:01 2020 +0100
avformat/mpegts: Increase pcr_incr width to 64bit
Fixes: division by zero
Fixes: 26459/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5666350112178176
Fixes: 28154/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5195728439476224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ef7b117b7be8a81d6b245cadf096cbe4b1a12987)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=150c66f77551804d3fc2d44d0af16fc0927a3dec
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 25 18:39:45 2020 +0100
avformat/mov: Check if hoov is at the end
Fixes: Timeout, probably infinite loop
Fixes: 26559/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5391165484171264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0afbaabdca2730d3f8d88719d64802d50b92d351)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e46b067199d74bcb8476a159916011c130e3ddbc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 18 23:05:22 2020 +0100
avcodec/hevc_ps: check scaling_list_dc_coef
Fixes: signed integer overflow: 2147483640 + 8 cannot be represented in type 'int'
Fixes: 28449/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5686013259284480
Reviewed-by: James Almer <jamrial at gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f1700bd8bb983bb3b56c3a1f8b9078cb62a44f65)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a9fe6abe0a1c86717c1b80df00af458d2d6e97d4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 11 00:49:23 2020 +0100
avformat/iff: Check data_size
Fixes: infinite loop
Fixes: 27834/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5694930919620608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 001bc594d82f3df67a6e96c6ea022f4e39002385)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe15426edda12b6d8345460f8f7d4be447e84387
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Dec 7 00:37:25 2020 +0100
avformat/matroskadec: Sanity check codec_id/track type
Fixes: memleak
Fixes: 27766/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5198300814508032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b88dd8f0cb48b46f3178d274a9117a3d2307f4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a4be820f99e2c47c0b44ddd2f6e0dabe85f67c0a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Dec 9 00:49:29 2020 +0100
avformat/rpl: Check the number of streams
Fixes: out of memory access
Fixes: 27787/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4743666463408128.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0677bdb1f522d0d25b47bca3d8e09ece83083678)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=896720925a014c891d2e6a9e3e33a5fa6b0fc40c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Nov 5 22:14:21 2020 +0100
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
Fixes: signed integer overflow: -2105540608 - 2105540608 cannot be represented in type 'int'
Fixes: 26870/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5656647567147008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 51dfd6f1bdb03bfc7574b12e921fb3b8639ba5cf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=05ca3ac92143a50c143341d9a87364561ec48c62
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Nov 5 21:22:13 2020 +0100
avformat/dsfdec: Check block_align more completely
Fixes: infinite loop
Fixes: 26865/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-5649473830912000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 65b8974d54455adc7a462f0f7385b76e1d08101c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62ccd6b820c5a64b727608ab062a6c3a06ab49e8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 30 21:50:32 2020 +0100
avformat/mpc8: Check remaining space in mpc8_parse_seektable()
Fixes: Fixes infinite loop
Fixes: 26704/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6327056939614208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f66dd13d08d063e2748d172239df595078ff624)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=59293038977f109b9c276035c86613a0c159b4ca
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 7 21:39:21 2020 +0100
avformat/id3v2: Sanity check tlen before alloc and uncompress
Fixes: Timeout (>20sec -> 65ms)
Fixes: 26896/clusterfuzz-testcase-minimized-ffmpeg_dem_DAUD_fuzzer-5691024049176576
Fixes: 27627/clusterfuzz-testcase-minimized-ffmpeg_dem_AEA_fuzzer-4907019324358656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d7f87a4b9ef18a9846439b7787874cc11e5940de)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20a2a36571751d4fe74cd17b60224567dc1de471
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 1 20:20:02 2020 +0100
avformat/vqf: Check len for COMM chunks
Fixes: Infinite loop
Fixes: 26696/clusterfuzz-testcase-minimized-ffmpeg_dem_VQF_fuzzer-5648269168082944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a834af133b1fe8f29b4075808710ffd98abcac40)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4314f97f65088a9cfdfb5560155c0412aa9ad534
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 00:24:01 2020 +0200
avcodec/hevc_cabac: Limit value in coeff_abs_level_remaining_decode() tighter
The max depth is 16bps, the max allowed coefficient depth is depth+6
Fixes: signed integer overflow: 1074266112 + 1073725439 cannot be represented in type 'int'
Fixes: 26493/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657763331702784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7cf852b03c3ae6b61f89614371d2cb308d0b7f86)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4622b9359a4009f32878d1247cac2249ff2b0d3c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 23:13:16 2020 +0200
avformat/cafdec: Check the return code from av_add_index_entry()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9dc3301745d8271ae3ba0f1b998d8e6a0aa01bc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b25aae7253cea8ce25f73e37a765a3a74c9a3dd7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 18 00:58:37 2020 +0100
avformat/cafdec: Check for EOF in index read loop
Fixes: OOM
Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-541296033975500
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit eb46939e3ab3e0e4df69486b1a037bffc50493bd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=631e300654528fad433931d4ed9d9ac0be741687
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 23:08:13 2020 +0200
avformat/cafdec: Check that bytes_per_packet and frames_per_packet are non negative
These fields are not signed in the spec (1.0) so they cannot be negative
Changing bytes_per_packet to unsigned would not solve this as it is exported
as block_align which is signed
Fixes: Infinite loop
Fixes: 26492/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5632087614554112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5eed718087f2ba307a3d1d294016d2ebae9230f3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9eb3dc48644b6aae0ab4ea4d1e0dbd7cf794057
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 30 21:50:32 2020 +0100
avformat/mpc8: correct integer overflow in mpc8_parse_seektable()
Fixes: signed integer overflow: -4683718486770919638 * 2 cannot be represented in type 'long'
Fixes: 26704/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6327056939614208
Fixes: 27550/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6259212652642304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0897402ac8a2045691395380a9fd2ea88c0d3798)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe309530aea7f57a91feb103fe6df1a61b521cdb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 3 01:14:26 2020 +0100
avformat/mpc8: correct 32bit timestamp truncation
Fixes: left shift of 65536 by 15 places cannot be represented in type 'int'
Fixes: 26801/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-5164313092030464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ad3e495657eaa24cba9251c2379797c208998201)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=30102ee94e7d37d0feb11351ee8b70c3f714af66
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 24 22:21:48 2020 +0200
avcodec/exr: Check ymin vs. h
Fixes: out of array access
Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344
Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3e5959b3457f7f1856d997261e6ac672bba49e8b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=25ed23848012cf7ecf23f122118cabb62d3c2636
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 25 00:23:10 2020 +0200
avformat/avs: Use 64bit for the avio_tell() output
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 26549/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4844306424397824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1278f117d75ab9238ef181ba29b31c6ea569571b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ce79b95d9c42eb25998050e75e1e9f83645d0b8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 14 22:13:52 2020 +0100
avformat/wavdec: More complete size check in find_guid()
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 27341/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5442833206738944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a207df2acb92d6366ab2f0f18ba35709066b8eec)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=608bb9814c914f59c9392941867facf846073491
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 14 20:59:01 2020 +0100
avformat/iff: Check size before skip
Fixes: Infinite loop
Fixes: 27292/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5731168991051776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8b50e8bc2975fad85e0713e05940ee9ecb5e8a18)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=83e5a77c1d978386cc21db929f4f602678b4a811
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Nov 13 23:30:47 2020 +0100
avformat/rmdec: Check for EOF in index packet reading
Fixes: Timeout(>10sec -> 1ms)
Fixes: 27284/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6304211110985728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ebf4bc629e6d0dbb4bb6725849bdd06456e4c8af)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=33a82227adaad93c89ea69615d6e468f324e071e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 4 01:06:46 2020 +0100
avformat/icodec: Check for zero streams and stream creation failure
Fixes: NULL pointer dereference
Fixes: 26814/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5758487797432320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b33233bd53f74f94f4cd7be0645a99a9549a913e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=de7f2908f1b759f0b2641391e3aa0ff972c61475
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 4 01:06:45 2020 +0100
avformat/icodec: Factor failure code out in read_header()
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 27ee67c00f4402030af3b7477dd5088464d31d80)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=89e148cb81cfd94235be9da8ffd778a3f829646d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 31 13:51:47 2020 +0100
avformat/bintext: Check width
Fixes: division by 0
Fixes: 26780/clusterfuzz-testcase-minimized-ffmpeg_dem_ADF_fuzzer-5117945027756032
Fixes: 26998/clusterfuzz-testcase-minimized-ffmpeg_dem_ADF_fuzzer-5119352359354368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f6dc285fb5f30406b275b968ee438a738da799d1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=64ed3aff3753e4709b738c3fbd0601d9b2c70eb5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 10 00:04:50 2020 +0100
avformat/sbgdec: Check that end is not before start
Fixes: signed integer overflow: -9223372036854775808 + -5279949906739200 cannot be represented in type 'long'
Fixes: 26908/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6329610851319808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9ef60a66f1f155605049402415bd901c8baf1a24)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ecd4013d80388a56c42ea7a2587fa9a64d1bb49b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 8 00:17:09 2020 +0100
avformat/lvfdec: Check stream_index before use
Fixes: assertion failure
Fixes: 26905/clusterfuzz-testcase-minimized-ffmpeg_dem_LVF_fuzzer-5724267599364096.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b1d99ab14f2fd273e678dcb618dabfb38aab91b6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e298bc59802646ad783944c793e9b343ca56fb35
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Nov 5 20:23:54 2020 +0100
avformat/au: cleanup on EOF return in au_read_annotation()
Fixes: memleak
Fixes: 26841/clusterfuzz-testcase-minimized-ffmpeg_dem_AU_fuzzer-5174166309044224
Regression since: e680d50eb4feddafb2d8575b21fc5fc8764f4801
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d16974c3dd3a05900aa080ea0729284aea358d10)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7a395606a726be32fa54a0a9584c5b27d7aecaee
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 4 01:06:47 2020 +0100
avformat/mpegts: Limit copied data to space
Fixes: out of array access
Fixes: 26816/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-6282861159907328.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 79cf7c71910a69b9f22b3e7ee6508a771262abaf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=978bc27c616b056743647d0e18ba264728940779
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 31 13:51:47 2020 +0100
avformat/bintext: Check width in idf_read_header()
Fixes: division by 0
Fixes: 26802/clusterfuzz-testcase-minimized-ffmpeg_dem_IDF_fuzzer-5180591554953216.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 442d53f409c8d84c7db120227caac00af54aa884)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c45037a256c1f53ef46985819ab37215835605d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 27 21:51:08 2020 +0100
avformat/iff: check size against INT64_MAX
Bigger sizes are misinterpreted as negative numbers by the API
Fixes: infinite loop
Fixes: 26611/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4890614975692800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f291cd681b1235e150464ad83974d60d6879b492)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7769ab9393e1a8918836da0344a9624ed2eaacb9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 24 20:30:48 2020 +0200
avformat/paf: Check for EOF in read_table()
Fixes: OOM
Fixes: 26528/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5081929248145408
Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 437b7302b09a04e0fbfcd594114b52c5c6d89d32)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9c4b480c655987df893b104d09cac7bd2de13d4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 26 21:08:55 2020 +0100
avformat/gxf: Check pkt_len
Fixes: Infinite loop
Fixes: 26576/clusterfuzz-testcase-minimized-ffmpeg_dem_GXF_fuzzer-4823080360476672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dad9a86ca7bf912289aafb33d96980630e6ec53a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=10cfdf25afd21bca6b001856e5c1381bafdcd232
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 26 20:55:31 2020 +0100
avformat/aiffdec: Check packet size
Fixes: Fixes infinite loop
Fixes: 26575/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5727522236661760
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0ba71a72d3a617b255b71988a000d5093222f779)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f1f6d6c861241b35a9fd1b7fea5526d807571c70
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 31 23:46:33 2020 +0100
avformat/concatdec: use av_strstart()
Fixes: out array read
Fixes: 26610/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5631838049271808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2610acb49a140901dacbd36c598a5514cf9ade0d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=021e2b9cf141e229cb36fcb8e6b5a2c6259a9f0f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 17 23:50:57 2020 +0200
avformat/wavdec: Refuse to read chunks bigger than the filesize in w64_read_header()
Fixes: OOM
Fixes: 26414/clusterfuzz-testcase-minimized-ffmpeg_dem_FWSE_fuzzer-5070632544632832
Fixes: 26475/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5770207722995712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b2244565ac8cb1eddd085e1a382a893ac03bfb4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=51cdea6e4fa8e10452ba1f1f9169d4d2f593b2f1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Oct 21 22:56:17 2020 +0200
avformat/iff: More completely check body_size
Fixes: infinite loop
Fixes: 26485/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5126561373880320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3588e2e6b05ba92f0907e9ffe263c2e65d53e346)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cf572adb925794fda38dd3b568da3a0c81e4f41f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Oct 21 19:37:45 2020 +0200
avformat/xwma: Check for EOF in dpds_table read code
Fixes: Timeout (>30 -> 140ms)
Fixes: 26478/clusterfuzz-testcase-minimized-ffmpeg_dem_XWMA_fuzzer-5918147066200064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 44b18a76b8d4e01c7ce62474aaf196857e75e976)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4ecce5f2562a4be683b9321f385b6ac57f48f5a8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 27 17:21:19 2020 +0100
avcodec/utils: Check sample rate before use for AV_CODEC_ID_BINKAUDIO_DCT in get_audio_frame_duration()
Fixes: shift exponent 95 is too large for 32-bit type 'int'
Fixes: 26590/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-5120609937522688
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ec7e0d42884b40ce93b6b5e94de5f7849310f8a0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8206115257cba5af70357a44527b65377e22ccb7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 20:29:50 2020 +0200
avcodec/dirac_parser: do not offset AV_NOPTS_OFFSET
Fixes: signed integer overflow: -9223372036854775807 - 48000 cannot be represented in type 'long long'
Fixes: 26521/clusterfuzz-testcase-minimized-ffmpeg_dem_DIRAC_fuzzer-5635536506847232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev at lynne.ee>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 343c3149ab3d77be76f035d3b18bb2b2da48ce1f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=39d8fb2f6733af50f9c7cf0a93d9f11acb07085d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 21:32:59 2020 +0200
avformat/rmdec: Make expected_len 64bit
Fixes: signed integer overflow: 1347551268 * 14 cannot be represented in type 'int'
Fixes: 26458/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5655364324032512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 728330462cadb765307cc132377b6b5d177a225c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5a1cc01fdf4b6f9d5cf2cd7cffa62d9dae5d0c72
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 21:55:13 2020 +0200
avformat/lrcdec: Clip timestamps
Fixes: signed integer overflow: 7111111111111531010 - -7335632962598013506 cannot be represented in type 'long'
Fixes: 26463/clusterfuzz-testcase-minimized-ffmpeg_dem_LRC_fuzzer-6015558333759488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 80bc2ac3c06319cf85428c58c471d105d25ae987)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c6b8fadfc039814ba9f71402d1f3b0026cd3c63
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 24 19:24:30 2020 +0200
avformat/electronicarts: Check for EOF in each iteration of the loop in ea_read_packet()
Fixes: timeout(>20sec -> 1ms)
Fixes: 26526/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-5672328069120000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 857aba7c45faf0335ad91ecabc0bce8b94320758)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c4b7fbc9810eadf846dcd022a1a9952a35c2527d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 18 22:04:14 2020 +0200
avcodec/vp9dsp_template: Fix some overflows in iadst8_1d()
Fixes: signed integer overflow: 190587 * 11585 cannot be represented in type 'int'
Fixes: 26407/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5086348408782848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bca0735be52e471b1906aed34c60028d90646d90)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0abb64d8f33d18243e6e745eaca24455de3dd5fd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:29:01 2020 +0200
avformat/jacosubdec: Use 64bit inside get_shift()
Fixes: signed integer overflow: 111111111 * 30 cannot be represented in type 'int'
Fixes: 26448/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5638440374501376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 715ff75e5dbbbefff7337351db596a9b7a5d4379)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b71b8cba2e2794e558554e5e7a5d915a58d54a22
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:05:01 2020 +0200
avformat/genh: Check block_align
Fixes: infinite loop
Fixes: 26440/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5632134020333568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 37396e9ba85d8969a3b5e3314ab99ff604845628)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1639916eefcb97d6ad06e2c821143711bcfd68af
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:39:30 2020 +0200
avformat/mvi: Check count for overflow
Fixes: left shift of 21378748 by 10 places cannot be represented in type 'int'
Fixes: 26449/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5680463374712832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a413ed98632127342ad04b26e0ba0dc26adb70c9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c607d895dbc4d1b44c9a0ee89196e1044498db5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 20:39:33 2020 +0200
avcodec/magicyuv: Check slice size before reading flags and pred
Fixes: heap-buffer-overflow
Fixes: 26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0dc42147b6843b133d4fa46bf1c2568a837b4bec)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e16c81b7420e1a42285856aa4ca0698e7110105a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 11:13:19 2020 +0200
avformat/asfdec_f: Check for negative ext_len
Fixes: Infinite loop
Fixes: 26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016
Fixes: 26377/clusterfuzz-testcase-minimized-ffmpeg_dem_TY_fuzzer-4838195726123008
Fixes: 26384/clusterfuzz-testcase-minimized-ffmpeg_dem_G729_fuzzer-5173450337157120
Fixes: 26396/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_S24BE_fuzzer-5071092206796800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 209b9ff5c3f337da4a3d82e59b8815eca2737ffa)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86ec1f4707162259e1cc71cd6f98f7d565dcc9e9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 17 22:19:58 2020 +0200
avformat/bethsoftvid: Check image dimensions before use
Fixes: signed integer overflow: 55255 * 53207 cannot be represented in type 'int'
Fixes: 26387/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS2_fuzzer-5684222226071552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 50b29f081e9620dc39727adef707c2c323a8c095)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6455233ff5b96175f0c3ed07ba1c2579b525ac9f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 17 23:40:57 2020 +0200
avformat/genh: Check block_align for how it will be used in SDX2_DPCM
Fixes: signed integer overflow: 19922944 * 1024 cannot be represented in type 'int'
Fixes: 26402/clusterfuzz-testcase-minimized-ffmpeg_dem_VMD_fuzzer-5745470053548032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c95b47e18fdb43a4c667ae22a5d3a5ee6cf7782d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ad6ab4167307359efea092e29eee45779d03a6f1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 15 22:19:32 2020 +0200
avformat/au: Check for EOF in au_read_annotation()
Fixes: Timeout (too looong -> 1 ms)
Fixes: 26366/clusterfuzz-testcase-minimized-ffmpeg_dem_SDX_fuzzer-5655584843759616
Fixes: 26391/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-5484026133217280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e680d50eb4feddafb2d8575b21fc5fc8764f4801)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1b4c3b54a61b4dd2fb4a50c72a0c1a79ba4e1939
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 18:18:43 2020 +0200
avformat/segafilm: Do not assume AV_CODEC_ID_NONE is 0
Suggested-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d34e4904cd6d965693b285713660f4e84200d60b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=35c09f6c0131ab2adc119ccc905d5012be66f218
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 00:37:25 2020 +0200
avformat/segafilm: Check that there is a stream
Fixes: assertion failure
Fixes: 26472/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5759751591559168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c0d7fd269beed030fc767fee28d9dbe111bc4427)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86e36161ab166e90a80e585741f6b05fb34b4aeb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:59:53 2020 +0200
avformat/wtvdec: Check dir_length
Fixes: Infinite loop
Fixes: 26445/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5125558331244544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1868cb731660490beb750389266adb6e68e9123d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40edc35fcfcaf1be53aa46e06b342bd165031d73
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 18:08:37 2020 +0200
avcodec/exr: Check limits to avoid overflow in delta computation
Fixes: signed integer overflow: 553590816 - -2145378049 cannot be represented in type 'int'
Fixes: 26315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5938755121446912
Fixes: 26340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5644316208529408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6910e0f4e5c40b5b902e4dd87256327d860d53f5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=64264c377243aa223c6af1396a3104742fe91933
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 15 22:04:56 2020 +0200
avformat/asfdec_f: Check name_len for overflow
Fixes: signed integer overflow: -1172299744 * 2 cannot be represented in type 'int'
Fixes: 26258/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5672758488596480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0d088a47ca0243576078f109fff20617d1fac382)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cfce46eb2e0fa950c6b1cc8cb46bbd475334660d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 15 21:35:43 2020 +0200
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
Fixes: signed integer overflow: 241173056 + 1953511200 cannot be represented in type 'int'
Fixes: 26086/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5068366420901888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d1983628394e076001cc67d85656f9842b7282a3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2f0b704093773d00872f05c5ac3efb3a9c159494
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 12 17:11:27 2020 +0200
avcodec/aacdec_fixed: Limit index in vector_pow43()
Fixes: out of array access
Fixes: 26087/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5724825462767616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f83a536384afda45acb6d7cdd22017c8c314f9e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c2dd6a3cd98a4253862f687b37b072d47a947671
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 16 18:05:34 2020 +0200
avformat/rmdec: sanity check coded_framesize
Fixes: signed integer overflow: -14671840 * 8224 cannot be represented in type 'int'
Fixes: 24793/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5101884323659776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit aee8477c6ba20469ebe531448d31c642717b5f48)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4e5117017eb443d7f013ed98fd916837a8f9dd1f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 8 20:44:23 2020 +0200
avformat/flvdec: Check for EOF in amf_parse_object()
Fixes: Timeout (too long -> 1ms)
Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33624f4f2e1feb08f277126e637d4a28016eb07a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=217764d01eecb4962159b2f285aec5995baf553c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 2 10:54:31 2020 +0200
avcodec/smacker: Check remaining bits in SMK_BLK_FULL
Fixes: out of array access
Fixes: 26047/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5083031667474432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 42ded4d1e6fb0086a235dc584118414ae2bf30c9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef74efacd54bec79376715272b2e311d03b1ce27
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 27 20:23:10 2020 +0200
avcodec/cook: Check subpacket index against max
Fixes: off by 1 error
Fixes: index 5 out of bounds for type 'COOKSubpacket [5]'
Fixes: 25772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5762459498184704.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5a2a7604da5f7a2fc498d1d5c90bd892edac9ce8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fdc7c4d553f57a84a5aa8a114ba8e57b6e07e3a4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 13:30:28 2020 +0200
avcodec/hevcpred_template: Fix diagonal chroma availability in 4:2:2 edge case in intra_pred
Fixes: pixel decode issue.ts
Fixes: raw frame.hevc
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3fbf8737923ac49754946a2505367630544b87f1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=04b4479da8a2a730c3cb75d0704c4e0f3ed7916a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 19:05:23 2020 +0200
avformat/icodec: Change order of operations to avoid NULL dereference
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3300f5c133650ba25f94531d40ecc94c79b84457)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f4953bfde524619d312ffa94df940723f21361f2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 26 21:58:37 2020 +0200
avcodec/exr: Fix overflow with many blocks
Fixes: signed integer overflow: 1073741827 * 8 cannot be represented in type 'int'
Fixes: 25621/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6304841641754624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7265b7d904f86ec1c681222310c739f92ba55e5e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=247115c0461260a611da820820cebcf4557c98e9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 16:40:22 2020 +0200
avcodec/vp9dsp_template: Fix integer overflows in idct16_1d()
Fixes: signed integer overflow: -190760 * 11585 cannot be represented in type 'int'
Fixes: 25471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5743354917421056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 394e8bb385a351091cb1ba0be986f3bbb15039fd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=76109b1ac349bdb59c379aa6a6bdc6df8dba36ee
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 16:29:15 2020 +0200
avcodec/hevcdec: Check slice_cb_qp_offset / slice_cr_qp_offset
Fixes: signed integer overflow: 29 + 2147483640 cannot be represented in type 'int'
Fixes: 25413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5697909331591168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 106f11f68af643ad1f372b840d38a0a30c6e9bcf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3f13007d5c1befab7182a0db50ac180f4d231036
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 19 17:13:10 2020 +0200
avformat/subviewerdec: fail on AV_NOPTS_VALUE
Such values are not supported by ff_subtitles_queue*
Fixes: signed integer overflow: 10 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 24193/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5714901855895552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b7f51428b1c73ab5840485ce537ce098a85d0881)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d7d8a8ccfb4295f91e03f211fcef2537aadeaea1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 26 22:04:16 2020 +0200
avcodec/exr: Check line size for overflow
Fixes: signed integer overflow: 570425356 * 6 cannot be represented in type 'int
Fixes: 25929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5099197739827200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9b72cea4463dd2fabcd9ba1454a0855e521d0148)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bd5d981c9d46948926adad073d007fd9142cf75d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 26 21:54:36 2020 +0200
avcodec/exr: Check xdelta, ydelta
Fixes: assertion failure
Fixes: 25617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5648746061496320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6949df35d0c69ae91bb0f49069e0703deb9bd676)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=acd9ec8436999d4e0e00de98bb5fc6e9d9ae4be6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Sep 24 21:59:04 2020 +0200
avcodec/takdsp: Fix negative shift in decorrelate_sf()
Fixes: left shift of negative value -4
Fixes: 25723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6250580752990208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f54f530039db149808478796e8389c14eb73095)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7a5f705d2f7cf215e7e5a38ccd968f92f05be475
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 2 14:59:13 2020 +0200
avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420()
Fixes: left shift of negative value -640
Fixes: 26044/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5631057602543616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3291d994b76db4b6e67c8467367ce68f79785e60)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dacd01c948d58995435ef69429e0b10322da09c6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 12 19:44:35 2020 +0200
avformat/asfdec_f: Change order or operations slightly
Fixes: signed integer overflow: 20 * 5184056935931942919 cannot be represented in type 'long'
Fixes: 25466/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4798660247552000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 686f0151901849de3b2073fa73265472073e0208)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=83c2bd1a4a371ab6e02783d39cc1014bd837f739
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 2 23:13:00 2020 +0200
avformat/dxa: Use av_rescale() for duration computation
Fixes: signed integer overflow: 8224000000 * 1629552639 cannot be represented in type 'long'
Fixes: 24908/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4658478506049536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c313089fbe1df71b5406dd9d7e4d36361051c620)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=640964687f1d927729cfc8691ca51eb3eb8a863e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 2 22:42:05 2020 +0200
avcodec/vc1_block: Fix integer overflow in ac value
Fixes: signed integer overflow: 25488 * 87381 cannot be represented in type 'int'
Fixes: 24765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5108259565076480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3056e19e68122b9464b24870488f8faca4e78ea8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b365cbe9892c492a3ba394f1bd9e41af517e7b3e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 27 22:20:52 2020 +0200
avformat/iff: Check data_size not overflowing int64
Fixes: Infinite loop
Fixes: 25844/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5660803318153216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 24352ca79207d3311ee544fcba908a64004763ef)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=490b2b8b4236f56da454115fb512dafb0e01b6ca
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Sep 25 20:08:37 2020 +0200
avcodec/dxtory: Fix negative shift in dx2_decode_slice_410()
Fixes: left shift of negative value -768
Fixes: 25574/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-6012596027916288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit abebd87764992dc22c82802bdc75d40aac14ab86)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7abc2f9fea4ac741bdd685c9f6c20a8353ad5153
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Sep 24 22:20:39 2020 +0200
avcodec/sonic: Check channels before deallocating
Fixes: heap-buffer-overflow
Fixes: 25744/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5172961169113088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f249981976b18438cfb646183d4c21fb051e1ad4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d23e7ce02a0474ac6025e2b30e9a898f8a66eaec
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 20:48:38 2020 +0200
avcodec/ansi: Check nb_args for overflow
Fixes: Integer overflow (no testcase)
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bc0e776c9aaf06f437bf21e05a713fd54dc85400)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9b01de9145694f8a8f906bfb16da3567c1be8174
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 19 15:20:14 2020 +0200
avformat/wc3movie: Move wc3_read_close() up
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0c635f2ce6c18d448e77605ee83b55bd8250f812)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe15e22e6132b43987fdbc5e2cbaed4c4f11f3c8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jul 18 14:30:19 2020 +0200
avcodec/diracdsp: Fix integer anomaly in dequant_subband_*
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 23760/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-604209011412172
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ca3c6c981aa5b0af8a5576020b79fdd3cdf9ae9e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bdfd833cd717516e4592113341d7849b16b0ac47
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jul 16 22:58:13 2020 +0200
avutil/fixed_dsp: Fix integer overflows in butterflies_fixed_c()
Fixes: signed integer overflow: 0 - -2147483648 cannot be represented in type 'int'
Fixes: 23646/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5480991098667008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4a02ae49c26395fc3ae2d38c733a2a13bd3080e7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bc28f09bf855380173fe1c17c2416516b59b8164
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 13 21:12:17 2020 +0200
avcodec/wmalosslessdec: Check remaining space before padding and channel residue
Fixes: Timeout (1101sec -> 0.4sec)
Fixes: 24491/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5725337036783616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c467adf3bf9bb4b7fd28956ec698d884e63f145d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4c927ebe8b252f0fe21ac4bf89e2929d435b8ff4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 19 16:54:28 2020 +0200
avformat/cdg: Fix integer overflow in duration computation
Fixes: signed integer overflow: 8398407 * 300 cannot be represented in type 'int'
Fixes: 23914/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4702539290509312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit aa8935b395162f8438d1f055e671e92685ed1586)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9dea79afde218703378cde7086b1fb33334d2295
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 10 19:04:23 2020 +0200
avcodec/mpc: Fix multiple numerical overflows in ff_mpc_dequantize_and_synth()
Fixes: -2.4187e+09 is outside the range of representable values of type 'int'
Fixes: signed integer overflow: -14512205 + -2147483648 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Fixes: 23528/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2b9f39689ab19c68ff37b5a4ac71e8fb7f58c487)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=033936fc4acfb75535f065722c1cccf1d7d7ed25
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Sep 7 00:09:33 2020 +0200
avformat/electronicarts: Check if there are any streams
Fixes: Assertion failure (invalid stream index)
Fixes: 25120/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6565251898933248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 39a98623edbbdcf9d9b76e9d7aff3ce086ebfbfe)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a681e5f131ff3091bdd5b161a7082dbe33a6ed28
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 5 17:58:53 2020 +0200
avcodec/ffwavesynth: Fix integer overflow in wavesynth_synth_sample / WS_SINE
Fixes: signed integer overflow: -1429092 * -32596 cannot be represented in type 'int'
Fixes: 24419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5157849974702080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a0da95df77a528251a326fc8b7e2ff48c60e41d0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=53796ad5ab78a03b387ccebc405e154570ba21d3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 22 00:24:55 2020 +0200
avcodec/vp9dsp_template: Fix integer overflow in iadst8_1d()
Fixes: signed integer overflow: 998938090 + 1169275991 cannot be represented in type 'int'
Fixes: 23411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-4644692330545152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d182d8f10cf69c59ef9c21df4b06e5478df063ef)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a16460918d9bff3479bbbb83b8946fe55accb253
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 22 00:09:05 2020 +0200
avformat/avidec: Fix io_fsize overflow
Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long'
Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cf0c700b0c25f5d9fe50dd27086a06812822f11a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bbc3425f60b2915b41c9a7d0f70d46c142739627
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Aug 28 00:17:41 2020 +0200
avcodec/cfhd: Check transform type
Fixes: out of array access
Fixes: 24823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4855119863349248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 659658d08bb2e7219001795c78efd24f381446e2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e4b4cf4ba7ba9f66ffcc224fff40e4db6939fc8d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Aug 20 01:05:35 2020 +0200
avcodec/tiff: Restrict tag order based on specification
"The entries in an IFD must be sorted in ascending order by Tag. Note that this is
not the order in which the fields are described in this document."
This way various dimensions, sample and bit sizes cannot be changed at
arbitrary times which reduces the potential for bugs.
The tag reading code also on various places assumes that numerically previous
tags have already been parsed, so this needs to be enforced one way or another.
If this commit causes problems with real world files which are not easy to fix
then some other form of checks are needed to ensure the various dependencies
in the tag reading are not violated.
Fixes: out of array access
Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ad29f9e47cb848e11ee1d358d2bae15cd35ef04b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=735255edb0c308b9e4e5a34c8332ee5d9719782d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Aug 11 14:41:13 2020 +0200
avformat/siff: Reject audio packets without audio stream
Fixes: Assertion failure
Fixes: 24612/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6600899842277376.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8931c55789a69f717b4a6954c5bb7acf5475a134)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=df401e11ed76d8fa60e77d4c8a6984f1b181b859
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Aug 15 01:07:44 2020 +0200
avformat/mpeg: Check avio_read() return value in get_pts()
Found-by: Thierry Foucu <tfoucu at gmail.com>
Fixes: Use-of-uninitialized-value
Reviewed-by: Thierry Foucu <tfoucu at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e8a88a16f78e66c8d7645b5f71dc8390b033fa70)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a590a733fa97a95aecb060231f34fafcb63e553c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Aug 6 21:42:43 2020 +0200
avcodec/tiff: Check bpp/bppcount for 0
Fixes: division by zero
Fixes: 24253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6250318007107584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit be090da25f734460f3105075456877b8a66185c1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ab4e05cfed569c9c3677486c65ddea91c4df365d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Aug 6 21:35:06 2020 +0200
avcodec/snowdec: Sanity check hcoeff
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 24011/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5486376610168832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d51d569cf68f78aaea8464a156c847a0e294726a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=28eecaca560e6671055321c761985b4a3d886b9b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 2 00:51:12 2020 +0200
avformat/mov: Check comp_brand_size
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 24457/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5760093644390400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ffa6072fc727a14680a85449259f6b49b47587e6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e5fa192bb7ade36972cd76ea3d1fc013edcb9cae
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jul 23 23:41:27 2020 +0200
avcodec/alac: Check decorr_shift to avoid invalid shift
Later the decorrelate_stereo call is guarded by channels == 2
and non-zero decorr_left_weight. Make sure decorr_shift is in
the expected shift range for that case.
Fixes: shift exponent 128 is too large for 32-bit type 'int'
Fixes: 23860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5751138914402304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Alexander Strasser <eclipse7 at gmx.net>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4333718b357a9ad195031e5d0ea080d37677b795)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=944d7e72255dd4e60f7a100bb930db4d1cddb961
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jul 15 22:47:50 2020 +0200
avcodec/tdsc: Fix tile checks
Fixes: out of array access
Fixes: crash.asf
Found-by: anton listov <greyfarn7 at yandex.ru>
Reviewed-by: anton listov <greyfarn7 at yandex.ru>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 081e3001edb67dcd55fe0f68505df1fce667476d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eeb4dd786605487dc880fb2f2e9480ac0eafb06f
Author: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Date: Thu Jul 9 12:07:28 2020 +0200
avformat/mm: Check for existence of audio stream
No audio stream is created unconditionally and if none has been created,
no packet with stream_index 1 may be returned. This fixes an assert in
ff_read_packet() in libavformat/utils reported in ticket #8782.
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
(cherry picked from commit ec59dc73f0cc8930bf5dae389cd76d049d537ca7)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=177fb0566012b671a49afa015065dd9481adc003
Author: Zhao Zhili <quinkblack at foxmail.com>
Date: Sun Jul 5 00:51:53 2020 +0800
avformat/mov: Fix unaligned read of uint32_t and endian-dependance in mov_read_default
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 806a4d5187aeb82b97898683242886ed1e84f894)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9704e1ac08ab09b587b8a5f7512eab43d9ba0c3e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 30 22:01:22 2020 +0200
avcodec/apedec: Fix undefined integer overflow with 24bit
Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int'
Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9f7b252cdf2d0e0f79d16dc7cd575d1884239863)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0b8425dc76c00dbc5d47a13e274e11e9308c6806
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 30 21:11:25 2020 +0200
avcodec/loco: Fix integer overflow with large values from loco_get_rice()
Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int'
Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3ddc5e1f3cebca25ade54ee68159d305f210bf5f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f96fc8c1376bbaf388ff07ecebe16aebda92157
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jul 6 20:18:42 2020 +0200
avformat/smjpegdec: Check the existence of referred streams
Fixes: Assertion failure
Fixes: 23758/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5160954605338624.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 321ea59dac6538f92206bab0a2688fa24a25c4d2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5bb8dab66a6ba9344d445f446c6e99e89d4f3d61
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 3 23:55:50 2020 +0200
avcodec/pnmdec: Fix misaligned reads
Found-by: "Steinar H. Gunderson" <steinar+ffmpeg at gunderson.no>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ea28ce9bc13803ccef97850388ddc9a73998a23e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
More information about the ffmpeg-cvslog
mailing list