[FFmpeg-cvslog] New commits on branch release/2.8
Git System
git at videolan.org
Sun Oct 17 22:56:09 EEST 2021
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7da93fda9be1906fc206336b1a98853143009d0b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 17 21:52:36 2021 +0200
Changelog: Update for 2.8.18
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ede7d9c4fa149f18b132ea9a1cc99f643e471759
Author: Carl Eugen Hoyos <ceffmpeg at gmail.com>
Date: Mon Jul 1 00:37:08 2019 +0200
lavf/rawenc: Only accept the appropriate stream type for raw muxers.
This does not affect the rawvideo muxer.
Fixes ticket #7979.
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=452faa80b431afb9ecfba9ef8e85856221d2a5ca
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 4 01:06:46 2020 +0100
avformat/icodec: Check for zero streams and stream creation failure
Fixes: NULL pointer dereference
Fixes: 26814/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5758487797432320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b33233bd53f74f94f4cd7be0645a99a9549a913e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d5c4d054822601e6bb57b12bfe69686d042dc792
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 31 13:51:47 2020 +0100
avformat/bintext: Check width in idf_read_header()
Fixes: division by 0
Fixes: 26802/clusterfuzz-testcase-minimized-ffmpeg_dem_IDF_fuzzer-5180591554953216.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 442d53f409c8d84c7db120227caac00af54aa884)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=57d6ff94f00cb0359098cacc138c9fb04a1d8af2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 31 13:51:47 2020 +0100
avformat/bintext: Check width
Fixes: division by 0
Fixes: 26780/clusterfuzz-testcase-minimized-ffmpeg_dem_ADF_fuzzer-5117945027756032
Fixes: 26998/clusterfuzz-testcase-minimized-ffmpeg_dem_ADF_fuzzer-5119352359354368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f6dc285fb5f30406b275b968ee438a738da799d1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9903bf3b06ba22cfcf9fdcc7d8e859c0b90108de
Author: Lynne <dev at lynne.ee>
Date: Fri Jan 1 00:00:00 2021 +0100
configure: update copyright year
(cherry picked from commit 63505fc60a8031ebea824a3e78a07b73c6dc049f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b3d9a5e0af89ce75c29b67c0bf39610b3d5a5e3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 4 23:54:46 2021 +0200
avformat/wavdec: Check smv_block_size
Fixes: Timeout
Fixes: 39554/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-4915221701984256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 849138f476f4b08656681bfc3aec5beac47777fb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c295c70c109cc3c5f4100ee73e75705c2b95a272
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Sep 28 00:11:50 2021 +0200
avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830()
Fixes: signed integer overflow: -2145648640 - 3357696 cannot be represented in type 'int'
Fixes: 38899/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5358815017566208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ad517ee6e44f093e28021ffd51c7eb2e1394b1a9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c641782f7af9a187669d43db5f8543f46d1a35ce
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 19 21:51:28 2021 +0200
oavformat/avidec: Check offset in odml
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 255a7b423ed5e07536bdc72e993056daa4efe009)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e926d0082a1b2361e4ebbd3b2a80cd5255ec9181
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Sep 14 20:16:27 2021 +0200
avcodec/mxpegdec: Check for AVDISCARD_ALL
Fixes: Fixes NULL pointer dereference
Fixes: 36610/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6052641783283712
Fixes: 37907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-4725170850365440
Fixes: 37904/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6367889262247936
Fixes: 38085/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5175270823297024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 20afd3a63a75a160f61a98a8dcfe06f527ea19b4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bc621ecfbd904cd625c3339eb5179980d1b2e371
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Sep 14 20:31:39 2021 +0200
avcodec/flicvideo: Check remaining bytes in FLI*COPY
Fixes: Timeout
Fixes: 37795/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-4846536543043584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5f835efbca874ad42cb954e6788588f52a57a7a2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=529ac57be53da4027038aa45a329e60bc7371958
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Aug 31 20:15:09 2021 +0200
avcodec/mpeg12dec: Do not put mpeg_f_code into an invalid state on error return
Fixes: invalid shift
Fixes: 37018/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-5290280902328320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5a95abcce4d93f979e4b53f2220f7a54edd03312)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=100e38029260cfd0dc70212532d603f8b0f9540d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Apr 15 22:44:19 2021 +0200
avformat/rmdec: Use 64bit for intermediate for DEINT_ID_INT4
Fixes: runtime error: signed integer overflow: 65312 * 65535 cannot be represented in type 'int'
Fixes: 32832/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-4817710040088576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e2c2872393f25253aa40861a9707934c4b83a3af)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9f352dc52d93399189b6ed86e09a334515f94553
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 3 22:26:41 2021 +0200
avformat/jacosubdec: Check for min in t overflow in get_shift()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 34651/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5157941012463616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 989febfbd0c986e9e3e0f269a6b22778bf79147b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c8174013f2205acf8367392596c75d76d6405271
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 5 21:24:15 2021 +0200
avformat/mxfdec: check channel number in mxf_get_d10_aes3_packet()
Fixes: Out of array access
Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen at acc.umu.se>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3dd5a8a13510d08a4e25e8f138d718672a0fed4a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ea7b135a1bcc544cba539efd51ad3779ee487b1e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 5 21:00:38 2021 +0200
avcodec/jpeg2000dec: Check that atom header is within bytsetream
Fixes: Infinite loop
Fixes: 36666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5912760671141888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3c659f861856d751fe3aa1358b1cccff3117f948)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bac9a04e57889730b35ff1371bc54fbd77017812
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 4 19:55:28 2021 +0200
avcodec/apedec: Fix 2 integer overflows in filter_3800()
Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int'
Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33feb527fff9bf547c4118147434869875cf0c3d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9fcd839cc0a71cd3db950ccf0eac9d15690507f6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 22 20:47:00 2021 +0200
avcodec/mjpegdec: Check for bits left in mjpeg_decode_scan_progressive_ac()
Fixes: Timeout
Fixes: 36262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4969052454912000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 909faca929cf30dcd439fa33479177e76fb5121d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a5f40432b4deeae9b371e5a2d4395343ffcfa359
Author: maryam ebrahimzadeh <me22bee at outlook.com>
Date: Wed Aug 4 16:15:18 2021 -0400
avformat/adtsenc: return value check for init_get_bits in adts_decode_extradata
As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary.
'buf' is part of 'AVPacket pkt'.
replace init_get_bits with init_get_bits8.
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=04e938dc677b714b906c17f125bacc8a0c21d344
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 25 15:50:54 2021 +0200
avcodec/webp: Check available space in loop in decode_entropy_coded_image()
Fixes: Timeout
Fixes: 35401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5714401821851648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5e00eab61112c52f27a09fe77d50e6fc508f9c53)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6c551b8d10de2ae813849d26266a8bc256136159
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 8 20:46:32 2021 +0200
avcodec/vc1dec: ff_print_debug_info() does not support WMV3 field_mode
Fixes: out of array read
Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c59b5e3d1e0121ea23b5b326529f5bdca44cf982)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9e84c17a43d84f4ba8e282f448dea04882b229cf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Aug 14 09:55:00 2021 +0200
avcodec/frame_thread_encoder: Free AVCodecContext structure on error during init
Fixes: MemLeak
Fixes: 8281
Fixes: PoC_option158.jpg
Fixes: CVE-2020-22037
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7bba0dd6382e30d646cb406034a66199e071d713)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4c34f00ce89d03327cd7c14e6c3e28eab109eb22
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jul 31 21:17:23 2021 +0200
avcodec/faxcompr: Check for end of input in cmode == 1 in decode_group3_2d_line()
Fixes: Infinite loop
Fixes: 35591/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4503764022198272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f803635c4fac761ac68b39a369272d4c26433dc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=36a6e6980e1cf557d7845fd7a041760b25f72f2e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jul 31 00:01:53 2021 +0200
avcodec/vc1dec: Disable error concealment for *IMAGE
The existing error concealment makes no sense for the image formats, they
use transformed source images which is different from keyframe + MC+difference
for which the error concealment is designed.
Of course feel free to re-enable this if you have a case where it works and
improves vissual results
Fixes: Timeout
Fixes: 36234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6300306743885824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 643b2d49bf52d5a3205ce3db732e0c4c396bd457)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=966ade1dab01ad4298cd698261d121b89e389a5f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 30 23:04:08 2021 +0200
avcodec/sbrdsp_fixed: Fix negation overflow in sbr_neg_odd_64_c()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 35593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5182217725804544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8f2856a1daa4e3d5767b6efe7a70ec86926dba47)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b8e546960579d8b77ec8b43f2f459b3454736e4d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 1 20:42:53 2021 +0200
avformat/wtvdec: Check for EOF before seeking back in parse_media_type()
Fixes: Infinite loop
Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 89505d38de989bddd579ce3b841f1c011f1d7bf2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e129464be81567fc72f40dfaf6129b71298be8e1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 27 20:57:02 2021 +0200
avformat/wavdec: Use 64bit in new_pos computation
Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9b57d2f0a967195dc1c72fda8f3a983a0132a243)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fa2982c03442624bb7401acec01facdee537be8b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 27 20:53:32 2021 +0200
avformat/sbgdec: Check for overflow in timestamp preparation
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9dbed908403b0d97ae70881fab68020f148b6b11)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed34fe671aa06dabf3d6d99324b97ac5b7f88c59
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 19:44:08 2021 +0200
avformat/dsicin: Check packet size for overflow
Fixes: signed integer overflow: 24672 + 2147483424 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSICIN_fuzzer-6731325979623424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9d1c47ec033d038e04578eaf0767c8983250d03d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e5a7c4ce50fa77cea808299b52e9de1553702f23
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 19:33:58 2021 +0200
avformat/bfi: check nframes
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6737028768202752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b4e77dfca1c2970446f79277034d8e60c3fe3f4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2ec7e09a0cbedc6fd820cd159220f0020e10dbd7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 19:11:03 2021 +0200
avformat/avidec: fix position overflow in avi_load_index()
Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 527821a2dd6f19d9a4d2abe05833346ae86c66c6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=81aa2e05e4e37cca71b570f10071bd21064930dd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Apr 23 17:28:29 2021 +0200
avformat/aiffdec: Check for size overflow in header parsing
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bae2e1977744f42d56b85193d4910811de829714)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4f822df7b559b34621d71ae7de5e569d59330415
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 11 12:39:34 2021 +0200
avformat/mxfdec: Check size for shrinking
av_shrink_packet() takes int size, so size must fit in int
Fixes: out of array access
Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 65b862ab59c4bfaae98be596b84a072f52444398)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c7b205dedd05a4983ab3ce557fdb06aa886127c9
Author: maryam ebr <me22bee at outlook.com>
Date: Tue Aug 3 01:05:47 2021 -0400
avcodec/dnxhddec: check and propagate function return value
Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
crafted DNxHD data can cause unspecified impact.
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: James Almer <jamrial at gmail.com>
(cherry picked from commit 7150f9575671f898382c370acae35f9087a30ba1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=764de1f6d8ff50d4d22f08fdff62cb0655900f15
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jul 9 15:20:47 2021 +0200
swscale/slice: Fix wrong return on error
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7874d40f10cca922797a8da14189a53ee52f0156)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9d94e32e558c88afc115393e8180f2abbf45667
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jul 7 14:05:26 2021 +0200
swscale/slice: Check slice for allocation failure
Fixes: null pointer dereference
Fixes: alloc_slice.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 997f9cfc1295769be8d3180860ceebbc16f59069)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=97fe9123d107fcb833bac4ebd2936557ccccd8eb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 11 18:40:32 2021 +0200
avformat/matroskadec: Fix handling of huge default durations
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 343d950a4a8a8c32f5f7d9d4ac1fbe317cb9cc80)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8af3700cf1db5d4da0e1973a80acbe72944994a6
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon May 31 15:27:18 2021 +0200
avcodec/lpc: check for zero err in normalization in compute_lpc_coefs()
Fixes: floating point division by 0
Fixes: Ticket8213
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 70874e024a6eae0f95bd8dd4b9b4367ffd937f41)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6977ac932143a16113f5ced44ad2c83cabac9203
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 18 22:38:40 2021 +0200
avformat/ftp: Check for av_strtok() failure
Fixes: CID1396258 Dereference null return value
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9d40782088cf969fbadc881e4a97ec22b8ae0177)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1aa91dc78fe81d69c355df9eefff85fdf8a97353
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 16 20:36:46 2021 +0200
tools/cws2fws: Check read() for failure
Fixes: CID1452579 Argument cannot be negative
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0b3cdd7cc2c63969e144cc3eb39d0c61260509ee)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=26cd140d0c03b08b611907ea23b120af29b3b927
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 21 22:59:04 2021 +0200
avcodec/cpia: Fix missing src_size update
Fixes: out of array read
Fixes: 35210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5669199688105984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cea05864e65db9a2dc8af82b2c63fb8f03c5f876)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=39cf28ffd609b8879a0e2475c0b16647682cb5f5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 26 22:35:37 2021 +0200
avformat/rmdec: Check old_format len for overflow
Maybe such large values could be disallowed earlier and closer to where
they are set.
Fixes: signed integer overflow: 538976288 * 8224 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6704350354341888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 06d174e289eb185f03a34a738965f0042f39c038)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1bab818597d7e78f7ce6e0aa0c5f40ab187e1f18
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 20:45:10 2021 +0200
avformat/realtextdec: Check the pts difference before using it for the duration computation
Fixes: signed integer overflow: 5404200000 - -9223372031709351616 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-6737340551790592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fe12aa689003db9b07a6e1b837031dcc57a71435)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cfd53ab2e9b74afc2ef0bf5148d72040b628e700
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 20:16:38 2021 +0200
avformat/qcp: Avoid negative nb_rates
Fixes: signed integer overflow: 2 * -1725947872 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_QCP_fuzzer-6726807632084992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b865cc703d29cb307e1fa628aa02940d54eb42a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=84b8d62f8f429159b67dfd758aa54566154df02e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 25 20:01:03 2021 +0200
avformat/nutdec: Check tmp_size
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6739990530883584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1ca00b5e44f21840b608e238fa135a1aab6e576b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dbe314da36efc1de7fabe3f039fb17450ce561f8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 24 17:42:19 2021 +0200
avformat/mpc8: Check for position overflow in mpc8_handle_chunk()
Fixes: signed integer overflow: 15 + 9223372036854775796 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6723520756318208
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6739833034768384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8ef25d118246bf443900033fb3588dba628d11b0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aac9aa0130d007d36ae11974689ada75cd50eeb0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Apr 24 13:08:24 2021 +0200
avformat/dxa: Check fps to be within the supported range more precissely
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: assertion failure
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6744985740378112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6ea494befcb5d944ce8275e6f59de1a24c25ffb6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5023d4e66b958c27765bd38caaf36e3029bca3b9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue May 4 18:34:44 2021 +0200
avformat/tta: Check for EOF in index reading loop
Fixes: OOM
Fixes: 33585/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-4564665830080512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b72d657b73b2aa4a2a2f72f613199e6080ad48c0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=55a8cc1c1bcebc1ab834e1fc8f700f7488a80705
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 17 18:37:01 2021 +0200
Update missed irc links
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c067d20177613e9cf74bcbd2a26e729ef7ababdb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a995a24c1df9a74a91c06da64b24a9bb761c1f41
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 10 20:35:43 2021 +0200
avformat/rpl: The associative law doesnt hold for signed integers in C
Add () to avoid undefined behavior
Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long'
Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 480f11bdd713c15e4964093be7ef0adf5b619cc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=38bbe6762b68e6d71fb47429e3ac9d9bf4a18c43
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 9 21:25:58 2021 +0200
avcodec/faxcompr: Check available bits in decode_uncompressed()
Fixes: Timeout
Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Fixes: 34966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4587409334468608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ff56c139e07a4de2803b974b6595f6b71fbf53bd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7d575feadf00ab387a9124ed4f1ef946fde1312e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jun 9 21:20:04 2021 +0200
avcodec/faxcompr: Check if bits are available before reading in cmode == 9 || cmode == 10
Fixes: Timeout
Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7d8421e3d5bc1300687a65384baccbcb3874b7ac)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86c5a34b7a8d0c35b253f14b34a72e554d4e7b61
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jun 8 20:10:56 2021 +0200
avcodec/ttadata: Add sentinel at the end of ff_tta_shift_1
Fixes: out of array access
Fixes: 34933/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5629322560929792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dbbcfbcc4e4f0e91f814f2e13ced7b6d99069518)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=291ebdfc723794d3971a95da769c4944db917b45
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jun 3 22:46:05 2021 +0200
avformat/rpl: Check for EOF and zero framesize
Fixes: Infinite loop
Fixes: 34751/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5439330800762880
Fixes: 34774/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5851571660390400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a0a4a527c3b0819368d9b148542bb7663f39df79)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9abe2d4117330a683e2d1f650b53828c0202b19
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 30 18:09:37 2021 +0200
avcodec/svq1enc: Do not print debug RD value before it has been computed
Avoids floating point division by 0
Fixes: Ticket8191
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c297f7e57a223da9f0d350e30456d60c8c87f902)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f590e7b73822a4a0d125a313f07471c99cabc90e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 17:50:27 2021 +0200
avcodec/aacpsy: Check bandwidth
Fixes: Ticket8011
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 36dead4bc28ca8aab13c61661f28c68bdefa5e9d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bc5dde5ec0ba79860e566a44439ac72ae4a827f1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat May 29 11:17:35 2021 +0200
avfilter/vf_yadif: Fix handing of tiny images
Fixes: out of array access
Fixes: Ticket8240
Fixes: CVE-2020-22021
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7971f62120a55c141ec437aa3f0bacc1c1a3526b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bb08ee0c6fb7bdebd37cbf00aefed206909e8f78)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a69e7a2cbcacd8a9678675ed1e77cd26937b4f1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 22:42:54 2021 +0100
avformat/cinedec: Fix index_entries size check
Fixes: out of array access
Fixes: 29868/clusterfuzz-testcase-minimized-ffmpeg_dem_CINE_fuzzer-5692001957445632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a335ce4de03fe6f3577371e03a22e96567dabdf8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 28 20:31:19 2021 +0200
avcodec/lpc: Avoid floating point division by 0
Fixes: Ticket7996
Fixes: CVE-2020-20445
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 38d18fb57863bb9c54e68ae44aa780c5c282a184)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=287323027e0de523b12dca823c6cd5feef6569f7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri May 28 20:18:25 2021 +0200
avcodec/aacpsy: Avoid floating point division by 0 of norm_fac
Fixes: Ticket7995
Fixes: CVE-2020-20446
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 223b5e8ac9f6461bb13ed365419ec485c5b2b002)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=af725c3b3634f4c814e8d5d07b93f99752d4d248
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Apr 20 20:24:21 2021 +0200
avcodec/exr: x/ymax cannot be INT_MAX
The code uses x/ymax + 1 so the maximum is INT_MAX-1
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 33158/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5545462457303040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 48342aa0750f83006582d1598b5f22297f6dbf83)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b9792b3171ecc627c07f8032af7f48da6daca503
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Apr 28 16:58:50 2021 +0200
avcodec/faxcompr: Check for end of bitstream in decode_group3_1d_line() and decode_group3_2d_line()
Fixes: infinite loop
Fixes: 33674/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4816457818046464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 08d2df41538b583932c1a6772e3c8978a2334107)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=675c3942eaf64124c8cdf4a58d54b3e9f21c533f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Apr 29 21:21:27 2021 +0200
avcodec/utils: treat PAL8 for jpegs similar to other colorspaces
Fixes: out of array access
Fixes: 33713/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5778775641030656
Fixes: 33717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4960397238075392
Fixes: 33718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-5314270096130048.fuzz
Fixes: 33719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5352721864589312
Fixes: 33721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5938892055379968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f0ce023ddb8863d16ab650fcc0731851a55db084)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=738ddf021d1932596fd5b74aa28cc3284a73f6ed
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 2 15:49:55 2021 +0200
avcodec/jpeglsdec: Set alpha plane in PAL8 so image is not 100% transparent
Fixes: tickets/3933/128.jls
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 011006874cb46325b6bc83234f81879ff421c05f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9e58ec834bc1b5188f7dda40d03c9ec22d82bee
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 20:23:44 2021 +0200
avformat/id3v2: Check end for overflow in id3v2_parse()
Fixes: signed integer overflow: 9223372036840103978 + 67637280 cannot be represented in type 'long'
Fixes: 33341/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6408154041679872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit efdb56450418933965dc6e27f0b1625d25e44a8c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e8f5968d4f801e59a0e58045e39e6055a636cdb3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Apr 19 20:23:41 2021 +0200
avformat/wtvdec: Improve size overflow checks in parse_chunks()
Fixes: signed integer overflow: 32 + 2147483647 cannot be represented in type 'int
Fixes: 32967/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5132856218222592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f8ec1da8ac8e3daf2403e744f166ea9557b2d333)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8408f5ca2e8908265c96b95009149a1383a4ea2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Apr 15 20:08:22 2021 +0200
avcodec/faxcompr: Check remaining bits on error in decode_group3_1d_line()
Fixes: Timeout
Fixes: 32886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4779761466474496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b3881f0da6da00cb6b5b123328e2fbfca936c47)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=af78179b4d09cfd11f4392da8f44803b8fd1770c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Apr 11 21:04:12 2021 +0200
avcodec/dpx: Check bits_per_color earlier
Fixes: shift exponent 251 is too large for 32-bit type 'int'
Fixes: 32147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-5519111675314176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c093eb30311b7148a4da1c7555498187c8cdf0db)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0b2d4997bade5a5ccdd640e6b645006c0a4e2e3c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 30 13:22:14 2021 +0200
avcodec/pnm_parser: Check image size addition for overflow
Fixes: assertion failure
Fixes: out of array access
Fixes: 32664/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6533642202513408.fuzz
Fixes: 32669/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6001928875147264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 79ac8d55468adc9cb9a0908e671807a2a789b7d0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dae4efc2821763c08562f0f805750b196da1ace3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 22 15:22:35 2021 +0100
avcodec/mpegvideo: Update chroma_?_shift in ff_mpv_common_frame_size_change()
Fixes: out of array access
Fixes: 31201/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4627865612189696.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 87d87e6587deec1fa8ed5f5c6901535becdb0358)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=718c64f03be0b2039370d4615afa64a358acdeef
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 24 17:03:08 2021 +0100
avformat/mov: Ignore multiple STSC / STCO
Fixes: STSC / STCO inconsistency and assertion failure
Fixes: crbug1184666.mp4
Found-by: Chromium ASAN fuzzer
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2611d20d353026f996cb9aaced8b35db37f490d4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=59ec9f802fa0eb447b2928134a779634c8891aed
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Feb 2 17:29:23 2021 +0100
avformat/utils: Extend overflow check in dts wrap in compute_pkt_fields()
Fixes: signed integer overflow: -9223372032574480351 - 4294967296 cannot be represented in type 'long long'
Fixes: 30022/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5568610275819520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b37ff29e0e093b15585e9fb44bbd82bdf14b5230)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=17811e6d40909f66511a5b32291243997d835f69
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 19 21:43:45 2021 +0100
avfilter/vf_scale: Fix adding 0 to NULL (which is UB) in scale_slice()
Found-by: Jeremy Leconte <jleconte at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1cf96ce269364e3c2b4ec2097f121ad42b336839)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f2291bace2cf10fad166868e3799620596a23164
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 15 09:47:43 2021 +0100
avutil/common: Add FF_PTR_ADD()
Suggested-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 522a5259e9cc17faf1f83c9cfb93c960a2ecf8a2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b7af5a77ddf0f84a4e9ad86fe24c97e902bd88cc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 4 00:30:45 2021 +0100
avformat/wtvdec: Check size in SBE2_STREAM_DESC_EVENT / stream2_guid
Fixes: signed integer overflow: 539033600 - -1910497124 cannot be represented in type 'int'
Fixes: 30928/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5922630966312960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1f74661543c0c336e88846f90608fda7bd12deac)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1b117fb91d4dd16f97b1174006c9034d2f5e5073
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 4 19:21:35 2021 +0100
avformat/cafdec: Do not build an index if all packets are the same
Fixes: Timeout
Fixes: 28214/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6495999421579264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ea12590c8ecc1e3c4c7732e5adced21fb5feffa6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3fb27daa32cf8f0d4792ccb35cd6d0f405a031e2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 10 23:05:17 2021 +0100
avcodec/sonic: Use unsigned temporary in predictor_calc_error()
Fixes: signed integer overflow: -2147471366 - 18638 cannot be represented in type 'int'
Fixes: 30157/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5171199746506752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 075d793ba87635b77f8302d8a454fa681f90d267)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fc191eeafeffe148c8e9dabc5efdc4466a6f3e71
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Feb 11 22:58:53 2021 +0100
avformat/flvdec: Check array entry number
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 30209/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-5724831658147840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b5d8fe1c874947ca67ee8117b18f8052f0e590fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3ca8acfe2dbea2d9aabb03951aef70b5078def88
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 18 18:01:52 2021 +0100
avformat/movenc: Avoid loosing cluster array on failure
Fixes: crash
Fixes: check_pkt.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5c2ff44f915d6ceeea36a2f99e534562764218dd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1414037c8cd207a742a4df6a408781ee24713943
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Mar 18 10:59:19 2021 +0100
avformat/avidec: Check for dv streams before using priv_data in parse ##dc/##wb
Fixes: null pointer dereference
Fixes: 31588/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6165716135968768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f733688d30021587c3f3a1b280d6ece8b04f26ff)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d8893f31bda10cf5c29fa426e84f61cbb415eac7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 5 20:27:50 2021 +0100
avcodec/ffwavesynth: Avoid signed integer overflow in phi_at()
Fixes: signed integer overflow: 2314885530818453536 - -9070214327174160352 cannot be represented in type 'long'
Fixes: 31000/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-6558389742206976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit be08b84f8bb7acc0c45800c7f488399327a22961)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=982d3fc5505118677a3d167f2a7639161b01de1b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Mar 19 16:30:08 2021 +0100
avcodec/mpeg4videoenc: Check extradata malloc()
Fixes: Null pointer dereference
Fixes: any mpeg4 testcase which fails the malloc at that exact spot
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33a1687bf623cdd5c6ffe8f63024d22ed20b4ead)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1fe0b12adc483e9837fa8e9fd095b4de3715e6d1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 2 20:07:13 2021 +0100
avcodec/jpegls: Check A[Q] for overflow in ff_jpegls_update_state_regular()
Fixes: Timeout
Fixes: 30912/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5556235476795392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8a3fea802a3e4274dbe084d372ec8aeab3932b3e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f3a82afec92bb76f14a1a974cdb1756c66adc818
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 1 13:44:12 2021 +0100
avutil/timecode: Avoid fps overflow
Fixes: Integer overflow and division by 0
Fixes: poc-202102-div.mov
Found-by: 1vanChen of NSFOCUS Security Team
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c94875471e3ba3dc396c6919ff3ec9b14539cd71)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c09a3b10cd5439163df4d944c9746458a20609b1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 22 20:20:48 2021 +0100
avformat/mvi: Check audio size for more overflows
Fixes: left shift of negative value -352256000
Fixes: 30837/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5755626262888448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 403b35e16e16a8c4a13e531ccdc23598f685ca20)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cf0317b94f817c934d6ccb7645b247afa171677d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 21:22:11 2021 +0100
avcodec/ffv1dec: Check if trailer is available
Fixes: out of array read
Fixes: 29750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-4808377272238080.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 36ad2f41e30ad9f2a8ead76e0b1526b9712f0925)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fb5c015e7b536b349f359a03c6980d180a9e02ad
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Mar 9 21:39:30 2021 +0100
avcodec/4xm: Check pre_gb in decode_i_block()
Fixes: Timeout
Fixes: 31257/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5150866229297152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b87781649e2862d07fcb8d322289d89b47a530b6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9f720b6471c1d93439b9eb0acd8b3c386241c629
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 26 16:50:10 2021 +0100
avformat/flvdec: Check double before cast in parse_keyframes_index()
Fixes: -2.21166e+304 is outside the range of representable values of type 'long'
Fixes: 29169/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5725452796821504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 09e5e406c7b9d7c1ee97ebae1476a2f68e6a90d1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4f1415bf8b8f98c81f75e365e335a4dc230def70
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 20 00:11:34 2021 +0100
avformat/paf: Check for EOF before allocation in read_header()
Fixes: OOM
Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bcb1e9d3b9b97359e01e5978067c8ee558efa8b4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7c937067b521180227fa70315fe1c43daddbb138
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Mar 3 10:49:04 2021 +0100
avformat/aiffdec: Check that SSND is at least 8 bytes
Fixes: Infinite loop
Fixes: 30874/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5933710488764416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 460d3dc41f57a6dcefbd72db6e2e368fee05340b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f3a01b3543e6f618a65bdf3969764b00790697de
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Mar 1 23:24:37 2021 +0100
avcodec/alsdec: Check bitstream input in read_block()
Fixes: Timeout
Fixes: 28110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5036338973507584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 53d739db4e528388fae89459e887a633ffbce12c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f5ed37fd0b8d17d886312dfba7fac0cfdbda5864
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Dec 13 00:08:46 2020 +0100
avformat/mov: Extend data_size check in mov_read_udta_string()
Fixes: signed integer overflow: -2147483634 - 16 cannot be represented in type 'int'
Fixes: 28322/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5711888402612224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 74c4c539538e36d8df02de2484b045010d292f2c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=897c1c990ae97636ced67f29fe13faaa0f31223c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 11 01:06:46 2020 +0100
avformat/microdvddec: use 64bit for durations
Fixes: signed integer overflow: 7 - -2147483647 cannot be represented in type 'int'
Fixes: 28036/clusterfuzz-testcase-minimized-ffmpeg_dem_MICRODVD_fuzzer-5171698751766528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f569ac4ce0514bf4e0dd768c5ed007c82548d326)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=59652534dda36ee88b4b684fd915318f130db8f4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Feb 19 21:16:25 2021 +0100
avcodec/hapdec: Change compressed_offset to unsigned 32bit
Fixes: out of array access
Fixes: 29345/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5401813482340352
Fixes: 30745/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5762798221131776
Suggested-by: Anton
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 89fe1935b18621af06587c76bcde6adcdc8f2249)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4f1d285001ea39299928cb2a9fb02433321c1bfd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 15 20:52:17 2021 +0100
avformat/rmdec: Check codec_length without overflow
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 30333/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5175286983426048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d558c9f2375fd2136d20422cb1119cfbf872abeb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b58bdcc2a18be9dcbff8aefcd560532111d48779
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 19 00:00:40 2020 +0100
avformat/nutdec: Check timebase count against main header length
Fixes: Timeout (long -> 3ms)
Fixes: 28514/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6078669009321984
Fixes: 30095/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-5074433016463360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c425198558826795d94af45eeb9d94e4436c9a0f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ee2e0040b8cc37ab934950f4ac26849d484f88cf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Feb 11 22:40:21 2021 +0100
avformat/electronicarts: Clear partial_packet on error
Fixes: Infinite loop
Fixes: 30165/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6224642371092480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 59bb9dc2a670cbe5d659585392b6d79f7bb6d40f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=680c8f508bfc0d64798c027a5dc6c79af74ba162
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Feb 10 22:28:20 2021 +0100
avcodec/pnm_parser: Check av_image_get_buffer_size() for failure
Fixes: out of array access
Fixes: 30135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-4997145650397184
Fixes: 30208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5605891665690624.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5314a4996cc76e2a8534c74a66f5181e95ac64fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3067d50620d37fc021f4608bc4337d3f854146ef
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 17:00:38 2021 +0100
avformat/samidec: Sanity check pts
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 29743/clusterfuzz-testcase-minimized-ffmpeg_dem_SAMI_fuzzer-5499256859394048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2014b0135293c41d261757bfa1aaba51653bab8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4518df79378d3429948409cee696f52d13131a3c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:30:59 2021 +0100
avformat/avidec: Use 64bit in get_duration()
Fixes: signed integer overflow: 2147483424 + 8224 cannot be represented in type 'int'
Fixes: 29619/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5191424373030912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a0ceb0cdd41b56241697cd8f83e22cdb4822d2d9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ab5341768c630c7a691027ba80a16a0f2b1da764
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:19:42 2021 +0100
avformat/mvdec: Check for EOF in read_index()
Fixes: Timeout
Fixes: 29550/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5094307193290752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6c64351bb1f4dc148069a37754b746fcd4c784cf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a076f7897de77e910d87d9408374059352d4fd16
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 30 19:37:52 2021 +0100
avcodec/jpeglsdec: Fix k=16 in ls_get_code_regular()
Fixes: Timeout
Fixes: left shift of 33046 by 16 places cannot be represented in type 'int'
Fixes: 29258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-4889231489105920
Fixes: 29515/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-6161940391002112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 980900d991606cbc3747b37d6e83c7aae98cbecc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20522834b0ba9a98977e324d61333355a210ff41
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:14:03 2021 +0100
avformat/id3v2: Check the return from avio_get_str()
Fixes: out of array access
Fixes: 29446/clusterfuzz-testcase-minimized-ffmpeg_dem_AAC_fuzzer-5096222622875648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 25f240fcb398eb499ca4b70c026a8bb9f2a32731)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fa545b37b77755c72baedaf00ba4d37291a77d43
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 14:59:27 2021 +0100
avcodec/hevc_sei: Check payload size in decode_nal_sei_message()
Fixes: out of array access
Fixes: 29392/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4821602850177024.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0791a515d38fd35c1e2a309ec8f4015153687b8c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e15298bb269c7f1da2ed80fb305f2d6e41c54531
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 31 16:22:53 2021 +0100
libavutil/eval: Remove CONFIG_TRAPV special handling
Fixes: division by zero
Fixes: 29555/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVO_fuzzer-5149951447400448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8574fcbfc7784173347418e09035ff8121574571)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=480a9a4b1d9c49dea054311b30a0615618a43a71
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Feb 8 14:29:01 2021 +0100
avformat/wtvdec: Check len in parse_chunks() to avoid overflow
Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int'
Fixes: 30084/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6192261941559296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5552ceaf568915e668679f9581e07eb5507cafc4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1eb919aa6faa603afaf1dfe686aeeeb67ccb3d68
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 20:41:56 2020 +0100
avformat/4xm: Make audio_frame_count 64bit
Fixes: signed integer overflow: 2099257366 * 2 cannot be represented in type 'int'
Fixes: 27486/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-5112179134824448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 842c268c6436c9e90e689402be138c2e539f7059)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b206d775b6942126d82b7d84c69b0b045d045d34
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 22 17:55:12 2020 +0100
avcodec/vp9dsp_template: Fix integer overflows in itxfm_wrapper
Fixes: signed integer overflow: 2147483641 + 32 cannot be represented in type 'int'
Fixes: 27452/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5078752576667648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4dfb7ff528c02afbafba14676c139ecb82164c44)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b61436f9181183f27e2a41b66505719179cd2e4d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 3 00:54:46 2020 +0100
avformat/rmdec: Reorder operations to avoid overflow
Fixes: signed integer overflow: -2147483648 - 14 cannot be represented in type 'int'
Fixes: 27659/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5697250168406016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b12e713b8061cc6a71ec69da946552bc593d5fa7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a2738c68b4d9066ec4eb0acf6a2f878818c2549
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 3 00:31:07 2020 +0100
avcodec/mxpegdec: fix SOF counting
Fixes: Timeout (>10sec -> 15ms)
Fixes: 27652/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5125920868007936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 401495def62638a205569cac0f7861c7faba4d18)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d75428c9b7d181307712d6e33178fc8a5092bb8d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 18 23:13:58 2020 +0100
avformat/rmdec: Fix codecdata_length overflow check
Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 28509/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-6310969680723968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3c41d0bfd6041890b394a3e6eb2f8da92b83416b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=299da66195bd1a85cd71466168f410b7f4e9d816
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 18 00:31:08 2020 +0100
avcodec/simple_idct: Fix undefined integer overflow in idct4row()
Fixes: signed integer overflow: -1498310196 - 902891776 cannot be represented in type 'int'
Fixes: 28445/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5075163389493248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 57f7e5caa324fd760aa9e134ee963e9936083c59)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9df52e5e46fd54a202b9c89d3cdf70920d8a326f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 22:57:28 2021 +0100
avformat/tta: Use 64bit intermediate for index
Fixes: signed integer overflow: 42032 * 51092 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-6679539648430080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fd61b42b4c8709a7888fa5c9cce0c19d754e39fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b5af4e23980d847fb5309168b4bf6e21e7a36b37
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 30 00:46:26 2021 +0100
avcodec/vp3: Check input amount in theora_decode_header()
Fixes: Timeout
Fixes: 29226/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-6195092572471296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 869fe41d1088c4badcd98ee1ca2490451a07b173)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8d7c7fc25387a7520e6e9d61367f470a228e17e5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Jan 29 23:58:04 2021 +0100
avformat/wavdec: Check avio_get_str16le() for failure
Fixes: out of array access
Fixes: 29195/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5037853281222656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d7594ee751e621f6c7ef4d4977c4a3ce169ae0af)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4ccca3992722138cdff6583e7cfee09746a2620d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 12 21:54:31 2021 +0100
avformat/flvdec: Check for EOF in amf_skip_tag()
Fixes: Timeout
Fixes: 29070/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5650106766458880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9725d07a1770fbfafe5f7b3f7d95a2a513308538)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=32d3a76d935806731348269bfeb14e1d0406d4cc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 7 21:11:32 2020 +0100
avformat/tedcaptionsdec: Check for overflow in parse_int()
Fixes: signed integer overflow: 1111111111111111111 * 10 cannot be represented in type 'long'
Fixes: 26892/clusterfuzz-testcase-minimized-ffmpeg_dem_TEDCAPTIONS_fuzzer-5756045055754240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b0f8586ca9853ab3d324ccd3c42bad4375000b0a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=18775fa63c77adde8c91b2bf8a47b9b1388c7192
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Dec 24 20:42:27 2020 +0100
avformat/mpc8: Check size before implicitly converting to int
Fixes: Timeout
Fixes: 28551/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6229183210586112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 78d6d8ddb571ecca54616517defbf894a45ea9c3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2d03bbcd780d2762c7e4f2f686d7bac78190a2cb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 16 22:44:33 2021 +0100
avformat/nutdec: Fix integer overflow in count computation
Note, the value is checked a few lines later already
Fixes: signed integer overflow: -440402016 - 1879048064 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6603876618469376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0014249fd92132515b3ff0ce034dd65e745cb400)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6fa82a09b92c1c7ac69009c859f26bb6ebe9db97
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 16 22:05:53 2021 +0100
avformat/utils: Check dts in update_initial_timestamps() more
Fixes: signed integer overflow: -9223372036853488158 - 90000000 cannot be represented in type 'long long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MPSUB_fuzzer-6696625298866176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 29851cb840c176d514573914799ca6c95f3f4e8e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=790ead23269e8e8dfffbc4242c907c4fba3292e1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 26 17:41:28 2021 +0100
avformat/flvdec: Check for avio_read() failure in amf_get_string()
Suggested-by: Anton Khirnov <anton at khirnov.net>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cb316676112c01e8d66420908b6b3d06b3b498e3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3f58614c4744ab84a7e6b12d1308a3d07bb597b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 23 22:00:40 2021 +0100
avformat/flvdec: Check for nesting depth in amf_skip_tag()
Fixes: out of array access
Fixes: 29440/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5985279812960256.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2ef522c918d48b9f101548b2cadce02003cb3510)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=01cd33e59f45a88b4057d9ffbae63e52c375325f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Jan 23 21:20:57 2021 +0100
avformat/flvdec: Check for nesting depth in amf_parse_object()
Fixes: out of array access
Fixes: 29202/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5112845840809984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 074e204b42acdacc0a055671481e00914524af93)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e4bae4cb70835bd70c7d745a495e4e11e5cd2f44
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jan 20 00:00:27 2021 +0100
avformat/asfdec_o: Check for EOF in asf_read_marker()
Fixes: Timeout
Fixes: 26460/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5710884393189376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9e3d09f435f83f9653056b2fecc4d03ac45f3ffd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9c3db0799c86edb7f1313a6152c95bd0a7833e9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 21:29:01 2021 +0100
avformat/utils: Check dts - (1<<pts_wrap_bits) overflow
Fixes: signed integer overflow: -9223372036842389247 - 2147483648 cannot be represented in type 'long long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-4845007531671552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d82ee907d6caafbc1212c4b63ecac2dcd30f23b0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bafb1c236d9711e87d43e84edb60752a627ef165
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 14 18:41:41 2021 +0100
avformat/bfi: Check chunk_header
Fixes: signed integer overflow: -2147483648 - 3 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6665764123836416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 638a151a877c27a46c15643db26c9ba726feecde)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ce63dc7d2e6d355f9c554c023ae55b989e875b6c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 3 19:21:18 2020 +0100
avcodec/utils: Check for integer overflow in get_audio_frame_duration() for ADPCM_DTK
Fixes: signed integer overflow: 131203586 * 28 cannot be represented in type 'int'
Fixes: 26817/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6296902548848640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2488ba85a0fa5ee4125888258d3d95ce3f03bbb6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=432dbb3126ecb57045377fb645bcd93cb71aa1bf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jan 21 21:41:41 2021 +0100
avformat/mxfdec: Fix integer overflow in next position in mxf_read_local_tags()
Fixes: signed integer overflow: 9223372036854775723 + 8192 cannot be represented in type 'long'
Fixes: 29072/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4812604904177664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d3d9b1fc8e2dfc8b4d66c9916ab7221062ff4660)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b222d99f4d9896c4f0da8b433908c6dd2c9b829e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Nov 9 21:48:31 2020 +0100
avformat/avidec: dv does not support palettes
Fixes: memleak
Fixes: 26937/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5763003338981376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b373b41d940e3058cdfb3d17703e23ed665353c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8691447d5db897e5d03714238a51ba1d115d8938
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Nov 9 19:58:20 2020 +0100
libavformat/utils: consider avio_size() failure in ffio_limit()
Fixes: Timeout (>20sec -> 3ms)
Fixes: 26918/clusterfuzz-testcase-minimized-ffmpeg_dem_THP_fuzzer-5750425191710720
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b1dac2716d713dfd6949b7eb4a3c18c16f1faf6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=98ff6137110ac651a85b1954abbcce7efce4e0a8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Jan 12 21:17:18 2021 +0100
avformat/asfdec_o: Check size vs. offset in detect_unknown_subobject()
Fixes: signed integer overflow: 2314885530818453566 + 7503032301549264928 cannot be represented in type 'long'
Fixes: 26639/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6024222100684800
Alternatively this could be ignored but then the end condition of the loop
would be hard to reach as avio_tell() is int64_t
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0bee216ad454dd7238a03dd9a76428cc6c3233cc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8b8a91221167ee37bbc13bf73e9763c771879404
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Aug 15 22:52:42 2020 +0200
avformat/utils: check for integer overflow in av_get_frame_filename2()
Fixes: signed integer overflow: 317316873 * 10 cannot be represented in type 'int'
Fixes: 24708/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5731180885049344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 03c479ce236955fc329c7f9f4765ee1ec256bb73)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c38ef36736a08911d08ab7bb31ae24b144d5a481
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 28 21:31:16 2020 +0100
avutil/timecode: Avoid undefined behavior with large framenum
Fixes: signed integer overflow: 2147462079 + 2149596 cannot be represented in type 'int'
Fixes: 27565/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5091972813160448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1b1905739638c22b476c99c679b41f29fa00bf07)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ac3b43148311a604f7ed5123b397fe0863ce48be
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jan 17 00:07:29 2021 +0100
avformat/sbgdec: Reduce the amount of floating point in str_to_time()
Fixes: 1e+75 is outside the range of representable values of type 'long'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6626834808700928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ac6c8993f79eaefb76e1fdf0eef5373ab3a46a4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e45d6654feb321c81669f3c2ef5e5fb75e594ca3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 20:22:48 2020 +0200
avformat/mxfdec: Free all types for both Descriptors
Fixes: memleak
Fixes: 26352/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5201158714687488
Suggested-by: Tomas Härdin <tjoppen at acc.umu.se>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 88519be8db66811e203408b413d9039ac9c3fe91)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=93cdec591b98fa39ce7e056f5c868a676e6f7c17
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 4 00:52:47 2020 +0100
avcodec/wmaprodec: Check packet size
Fixes: left shift of negative value -25824
Fixes: 27754/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5760255962906624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 69aeba8a19ac2fa6e1c9bdfb19229b513f314bb1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9dc6c0d8d0265844536aa2674af021be26531e34
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Dec 27 18:47:44 2020 +0100
avformat/mpegts: Fix argument type for av_log
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 654b21ef176a807bf4e8359a4ed52c629d766100)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=451899f9c0d35a9cf2d2e62b70b1ff86dce7ef8e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 19 00:22:04 2020 +0100
avcodec/ffv1dec: Fix off by 1 error with quant tables
Fixes: assertion failure
Fixes: 28447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5369575948550144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5cae71d2b722d0beed4d46f189db42fbb57d877b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b6b10bd6bcc0cc86d226865bc72da9fba9ec1137
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Dec 19 00:22:01 2020 +0100
avformat/mpegts: Increase pcr_incr width to 64bit
Fixes: division by zero
Fixes: 26459/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5666350112178176
Fixes: 28154/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5195728439476224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ef7b117b7be8a81d6b245cadf096cbe4b1a12987)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4fb6c6bcac25a47f72442dd0ff16ca6775744e12
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 25 18:39:45 2020 +0100
avformat/mov: Check if hoov is at the end
Fixes: Timeout, probably infinite loop
Fixes: 26559/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5391165484171264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0afbaabdca2730d3f8d88719d64802d50b92d351)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79b17daba5c4e09a3b32d30b02fbb24d9e96ded9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Dec 18 23:05:22 2020 +0100
avcodec/hevc_ps: check scaling_list_dc_coef
Fixes: signed integer overflow: 2147483640 + 8 cannot be represented in type 'int'
Fixes: 28449/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5686013259284480
Reviewed-by: James Almer <jamrial at gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f1700bd8bb983bb3b56c3a1f8b9078cb62a44f65)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=76e156555e6eb0dd0af6d9e5830a9a11fcf557df
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Dec 7 00:37:25 2020 +0100
avformat/matroskadec: Sanity check codec_id/track type
Fixes: memleak
Fixes: 27766/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5198300814508032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b88dd8f0cb48b46f3178d274a9117a3d2307f4e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=74063774e28f23689d7d3663152c8c6f6b90caa3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Dec 9 00:49:29 2020 +0100
avformat/rpl: Check the number of streams
Fixes: out of memory access
Fixes: 27787/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4743666463408128.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0677bdb1f522d0d25b47bca3d8e09ece83083678)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=852f1ebe9c385fa8f159e203f7e1b3b30828298a
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Nov 5 22:14:21 2020 +0100
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
Fixes: signed integer overflow: -2105540608 - 2105540608 cannot be represented in type 'int'
Fixes: 26870/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5656647567147008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 51dfd6f1bdb03bfc7574b12e921fb3b8639ba5cf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86d0295f38fbfca91107e80ec3cd6d76634f3ebd
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 30 21:50:32 2020 +0100
avformat/mpc8: Check remaining space in mpc8_parse_seektable()
Fixes: Fixes infinite loop
Fixes: 26704/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6327056939614208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f66dd13d08d063e2748d172239df595078ff624)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=54a85a4d4f63aefba13fa89f599d046475fec05e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 7 21:39:21 2020 +0100
avformat/id3v2: Sanity check tlen before alloc and uncompress
Fixes: Timeout (>20sec -> 65ms)
Fixes: 26896/clusterfuzz-testcase-minimized-ffmpeg_dem_DAUD_fuzzer-5691024049176576
Fixes: 27627/clusterfuzz-testcase-minimized-ffmpeg_dem_AEA_fuzzer-4907019324358656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d7f87a4b9ef18a9846439b7787874cc11e5940de)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a6a2c67023e7559d46c5e467776ecb53496c650f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 1 20:20:02 2020 +0100
avformat/vqf: Check len for COMM chunks
Fixes: Infinite loop
Fixes: 26696/clusterfuzz-testcase-minimized-ffmpeg_dem_VQF_fuzzer-5648269168082944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a834af133b1fe8f29b4075808710ffd98abcac40)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ac42b64fecd9595dbfa1f742e1b7cd402e9728aa
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 00:24:01 2020 +0200
avcodec/hevc_cabac: Limit value in coeff_abs_level_remaining_decode() tighter
The max depth is 16bps, the max allowed coefficient depth is depth+6
Fixes: signed integer overflow: 1074266112 + 1073725439 cannot be represented in type 'int'
Fixes: 26493/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657763331702784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7cf852b03c3ae6b61f89614371d2cb308d0b7f86)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ee570d535d8fae96aeda5b427ba2200f6146070e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 23:13:16 2020 +0200
avformat/cafdec: Check the return code from av_add_index_entry()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9dc3301745d8271ae3ba0f1b998d8e6a0aa01bc1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a6fc6c9f960d5e4c773edd1c1a9489f7ea31c140
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 18 00:58:37 2020 +0100
avformat/cafdec: Check for EOF in index read loop
Fixes: OOM
Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-541296033975500
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit eb46939e3ab3e0e4df69486b1a037bffc50493bd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b8fe632a7399b35d5b70330b28eec838259db096
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 23:08:13 2020 +0200
avformat/cafdec: Check that bytes_per_packet and frames_per_packet are non negative
These fields are not signed in the spec (1.0) so they cannot be negative
Changing bytes_per_packet to unsigned would not solve this as it is exported
as block_align which is signed
Fixes: Infinite loop
Fixes: 26492/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5632087614554112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5eed718087f2ba307a3d1d294016d2ebae9230f3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4371d51f1bdc92c4d2b159237b2d9c0a679151bb
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 24 22:21:48 2020 +0200
avcodec/exr: Check ymin vs. h
Fixes: out of array access
Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344
Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3e5959b3457f7f1856d997261e6ac672bba49e8b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2051ed938c8e448cb3c4dd9002770c06f23c7e09
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 25 00:23:10 2020 +0200
avformat/avs: Use 64bit for the avio_tell() output
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 26549/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4844306424397824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1278f117d75ab9238ef181ba29b31c6ea569571b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=98ae46133cc46ef7805d5fd7d141029f884d6b4d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 14 22:13:52 2020 +0100
avformat/wavdec: More complete size check in find_guid()
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 27341/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5442833206738944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a207df2acb92d6366ab2f0f18ba35709066b8eec)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ba06c753dd59916c60947e10ef7a6ca10560d5b1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Nov 14 20:59:01 2020 +0100
avformat/iff: Check size before skip
Fixes: Infinite loop
Fixes: 27292/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5731168991051776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8b50e8bc2975fad85e0713e05940ee9ecb5e8a18)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe0ff3e1d2f1ee0aa010ce67629e2ffe2c00d39d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Nov 13 23:30:47 2020 +0100
avformat/rmdec: Check for EOF in index packet reading
Fixes: Timeout(>10sec -> 1ms)
Fixes: 27284/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6304211110985728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ebf4bc629e6d0dbb4bb6725849bdd06456e4c8af)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f38911529e1dcc79492de83b3ad826de29a3e958
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Nov 10 00:04:50 2020 +0100
avformat/sbgdec: Check that end is not before start
Fixes: signed integer overflow: -9223372036854775808 + -5279949906739200 cannot be represented in type 'long'
Fixes: 26908/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6329610851319808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9ef60a66f1f155605049402415bd901c8baf1a24)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5314a0fbb4f34422572ff7f4cc875209b5a28de3
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Nov 8 00:17:09 2020 +0100
avformat/lvfdec: Check stream_index before use
Fixes: assertion failure
Fixes: 26905/clusterfuzz-testcase-minimized-ffmpeg_dem_LVF_fuzzer-5724267599364096.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b1d99ab14f2fd273e678dcb618dabfb38aab91b6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=faf492237d1f5c907b5d51e745c737f12a9f94ab
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Nov 4 01:06:47 2020 +0100
avformat/mpegts: Limit copied data to space
Fixes: out of array access
Fixes: 26816/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-6282861159907328.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus at passwd.hu>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 79cf7c71910a69b9f22b3e7ee6508a771262abaf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9d6c492479f7e8e8c02f491dac62bd76c5e2a3b7
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 27 21:51:08 2020 +0100
avformat/iff: check size against INT64_MAX
Bigger sizes are misinterpreted as negative numbers by the API
Fixes: infinite loop
Fixes: 26611/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4890614975692800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f291cd681b1235e150464ad83974d60d6879b492)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a0921a75af054d09f9b65c90d070a90a1a651e1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 24 20:30:48 2020 +0200
avformat/paf: Check for EOF in read_table()
Fixes: OOM
Fixes: 26528/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5081929248145408
Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 437b7302b09a04e0fbfcd594114b52c5c6d89d32)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eade28c10a3d988370643026bbc994218498d6a8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 26 21:08:55 2020 +0100
avformat/gxf: Check pkt_len
Fixes: Infinite loop
Fixes: 26576/clusterfuzz-testcase-minimized-ffmpeg_dem_GXF_fuzzer-4823080360476672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit dad9a86ca7bf912289aafb33d96980630e6ec53a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c42d762ee96ebde1fc26b2fbe2a8304cfbde9dd2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 31 23:46:33 2020 +0100
avformat/concatdec: use av_strstart()
Fixes: out array read
Fixes: 26610/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5631838049271808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2610acb49a140901dacbd36c598a5514cf9ade0d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9f31b04f1cd0fc5a5211e4532e6f42dfafd2f215
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 17 23:50:57 2020 +0200
avformat/wavdec: Refuse to read chunks bigger than the filesize in w64_read_header()
Fixes: OOM
Fixes: 26414/clusterfuzz-testcase-minimized-ffmpeg_dem_FWSE_fuzzer-5070632544632832
Fixes: 26475/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5770207722995712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7b2244565ac8cb1eddd085e1a382a893ac03bfb4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d4478ed2446980dad2f66fe6dbbbacc2e01ebe43
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Oct 21 19:37:45 2020 +0200
avformat/xwma: Check for EOF in dpds_table read code
Fixes: Timeout (>30 -> 140ms)
Fixes: 26478/clusterfuzz-testcase-minimized-ffmpeg_dem_XWMA_fuzzer-5918147066200064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 44b18a76b8d4e01c7ce62474aaf196857e75e976)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c0b0cb5d80875c77bc5ae2b98a3d26b58b05c213
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 27 17:21:19 2020 +0100
avcodec/utils: Check sample rate before use for AV_CODEC_ID_BINKAUDIO_DCT in get_audio_frame_duration()
Fixes: shift exponent 95 is too large for 32-bit type 'int'
Fixes: 26590/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-5120609937522688
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ec7e0d42884b40ce93b6b5e94de5f7849310f8a0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5e8bff6c242e4cdf42213a0b0b66d0697b2bd6bf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 23 20:29:50 2020 +0200
avcodec/dirac_parser: do not offset AV_NOPTS_OFFSET
Fixes: signed integer overflow: -9223372036854775807 - 48000 cannot be represented in type 'long long'
Fixes: 26521/clusterfuzz-testcase-minimized-ffmpeg_dem_DIRAC_fuzzer-5635536506847232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev at lynne.ee>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 343c3149ab3d77be76f035d3b18bb2b2da48ce1f)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9ccca254df160d7d80b679428dffa2d71fb23186
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 21:32:59 2020 +0200
avformat/rmdec: Make expected_len 64bit
Fixes: signed integer overflow: 1347551268 * 14 cannot be represented in type 'int'
Fixes: 26458/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5655364324032512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 728330462cadb765307cc132377b6b5d177a225c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a934766d3be63272c32f7c6a63dd52dd25501fc5
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Oct 20 21:55:13 2020 +0200
avformat/lrcdec: Clip timestamps
Fixes: signed integer overflow: 7111111111111531010 - -7335632962598013506 cannot be represented in type 'long'
Fixes: 26463/clusterfuzz-testcase-minimized-ffmpeg_dem_LRC_fuzzer-6015558333759488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 80bc2ac3c06319cf85428c58c471d105d25ae987)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=06c30f86199235b60af7cb0b9e0bd1c8b3b20d79
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Oct 18 22:04:14 2020 +0200
avcodec/vp9dsp_template: Fix some overflows in iadst8_1d()
Fixes: signed integer overflow: 190587 * 11585 cannot be represented in type 'int'
Fixes: 26407/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5086348408782848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bca0735be52e471b1906aed34c60028d90646d90)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cac2a6406eae63bae4c2d90b8e7bd0b593f937b1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:29:01 2020 +0200
avformat/jacosubdec: Use 64bit inside get_shift()
Fixes: signed integer overflow: 111111111 * 30 cannot be represented in type 'int'
Fixes: 26448/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5638440374501376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 715ff75e5dbbbefff7337351db596a9b7a5d4379)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d6d2837e4be508371ccc013bf3cd0732c7ba2584
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:39:30 2020 +0200
avformat/mvi: Check count for overflow
Fixes: left shift of 21378748 by 10 places cannot be represented in type 'int'
Fixes: 26449/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5680463374712832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a413ed98632127342ad04b26e0ba0dc26adb70c9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0257623b2da678648b09b31746dcf88fb3d25a73
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 11:13:19 2020 +0200
avformat/asfdec_f: Check for negative ext_len
Fixes: Infinite loop
Fixes: 26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016
Fixes: 26377/clusterfuzz-testcase-minimized-ffmpeg_dem_TY_fuzzer-4838195726123008
Fixes: 26384/clusterfuzz-testcase-minimized-ffmpeg_dem_G729_fuzzer-5173450337157120
Fixes: 26396/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_S24BE_fuzzer-5071092206796800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 209b9ff5c3f337da4a3d82e59b8815eca2737ffa)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=30e5b1d4101bbafb0fee1b5b857dd79d9f5bd1a8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Oct 17 22:19:58 2020 +0200
avformat/bethsoftvid: Check image dimensions before use
Fixes: signed integer overflow: 55255 * 53207 cannot be represented in type 'int'
Fixes: 26387/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS2_fuzzer-5684222226071552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 50b29f081e9620dc39727adef707c2c323a8c095)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=098c358a2df31099a5f7e5986e76f3c4cc5b1ff0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 22 00:37:25 2020 +0200
avformat/segafilm: Check that there is a stream
Fixes: assertion failure
Fixes: 26472/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5759751591559168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c0d7fd269beed030fc767fee28d9dbe111bc4427)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a9fe284aad40bb3b4eebfe37adbfd13a6b853e1d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 19 17:59:53 2020 +0200
avformat/wtvdec: Check dir_length
Fixes: Infinite loop
Fixes: 26445/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5125558331244544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1868cb731660490beb750389266adb6e68e9123d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b39d33a1a6600f3cd28b4c9ad0b20ea2ab197661
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 18:08:37 2020 +0200
avcodec/exr: Check limits to avoid overflow in delta computation
Fixes: signed integer overflow: 553590816 - -2145378049 cannot be represented in type 'int'
Fixes: 26315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5938755121446912
Fixes: 26340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5644316208529408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6910e0f4e5c40b5b902e4dd87256327d860d53f5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dd427b159ed1b80a8b2f1edb6f5dcb54438668d1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 15 22:04:56 2020 +0200
avformat/asfdec_f: Check name_len for overflow
Fixes: signed integer overflow: -1172299744 * 2 cannot be represented in type 'int'
Fixes: 26258/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5672758488596480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0d088a47ca0243576078f109fff20617d1fac382)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f5316d98a7ba25ef3fea9089f213cfe66660fc20
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 15 21:35:43 2020 +0200
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
Fixes: signed integer overflow: 241173056 + 1953511200 cannot be represented in type 'int'
Fixes: 26086/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5068366420901888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d1983628394e076001cc67d85656f9842b7282a3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=25a5e10bf93f6c5fef06d6537fddc253a254b3a1
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Oct 12 17:11:27 2020 +0200
avcodec/aacdec_fixed: Limit index in vector_pow43()
Fixes: out of array access
Fixes: 26087/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5724825462767616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4f83a536384afda45acb6d7cdd22017c8c314f9e)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=05096df92d7b83c9db0f6eaed79ac943061d2a8c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 16 18:05:34 2020 +0200
avformat/rmdec: sanity check coded_framesize
Fixes: signed integer overflow: -14671840 * 8224 cannot be represented in type 'int'
Fixes: 24793/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5101884323659776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit aee8477c6ba20469ebe531448d31c642717b5f48)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=71a6b3fdd0f5b9a048038190acda99c8128a1add
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Oct 8 20:44:23 2020 +0200
avformat/flvdec: Check for EOF in amf_parse_object()
Fixes: Timeout (too long -> 1ms)
Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 33624f4f2e1feb08f277126e637d4a28016eb07a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=58bd3eabfc0a5c7d6f3eee53fc6ace72144abf06
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 2 10:54:31 2020 +0200
avcodec/smacker: Check remaining bits in SMK_BLK_FULL
Fixes: out of array access
Fixes: 26047/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5083031667474432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 42ded4d1e6fb0086a235dc584118414ae2bf30c9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=25e421ddc32cee2050fe6b97271be7e016ea975f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 27 20:23:10 2020 +0200
avcodec/cook: Check subpacket index against max
Fixes: off by 1 error
Fixes: index 5 out of bounds for type 'COOKSubpacket [5]'
Fixes: 25772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5762459498184704.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5a2a7604da5f7a2fc498d1d5c90bd892edac9ce8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=556141047a98713d465a81ef8b1e48ad09751932
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 13:30:28 2020 +0200
avcodec/hevcpred_template: Fix diagonal chroma availability in 4:2:2 edge case in intra_pred
Fixes: pixel decode issue.ts
Fixes: raw frame.hevc
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3fbf8737923ac49754946a2505367630544b87f1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b71283c68fc7a4c867cd49b1280298bb9f87e58e
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 16 19:05:23 2020 +0200
avformat/icodec: Change order of operations to avoid NULL dereference
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3300f5c133650ba25f94531d40ecc94c79b84457)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=870d5f1846e9cc4ffafd30dd46bb5a06eaf6b19b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 16:40:22 2020 +0200
avcodec/vp9dsp_template: Fix integer overflows in idct16_1d()
Fixes: signed integer overflow: -190760 * 11585 cannot be represented in type 'int'
Fixes: 25471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5743354917421056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 394e8bb385a351091cb1ba0be986f3bbb15039fd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e7fd43e5f98e7fe85436f0c741b35c7c8bb6578
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 16:29:15 2020 +0200
avcodec/hevcdec: Check slice_cb_qp_offset / slice_cr_qp_offset
Fixes: signed integer overflow: 29 + 2147483640 cannot be represented in type 'int'
Fixes: 25413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5697909331591168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 106f11f68af643ad1f372b840d38a0a30c6e9bcf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=88157c9205acaeccc671b3494d8243326f4a0cbe
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 19 17:13:10 2020 +0200
avformat/subviewerdec: fail on AV_NOPTS_VALUE
Such values are not supported by ff_subtitles_queue*
Fixes: signed integer overflow: 10 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 24193/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5714901855895552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit b7f51428b1c73ab5840485ce537ce098a85d0881)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=35374e6239569f0d32a933ba737da4546a3e7a78
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 26 21:54:36 2020 +0200
avcodec/exr: Check xdelta, ydelta
Fixes: assertion failure
Fixes: 25617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5648746061496320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6949df35d0c69ae91bb0f49069e0703deb9bd676)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=98b350405969997db561c4a0db65a0e9585c1385
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Oct 2 14:59:13 2020 +0200
avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420()
Fixes: left shift of negative value -640
Fixes: 26044/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5631057602543616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3291d994b76db4b6e67c8467367ce68f79785e60)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=be04f6dfa31f5462959a873b81aab43469992507
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 12 19:44:35 2020 +0200
avformat/asfdec_f: Change order or operations slightly
Fixes: signed integer overflow: 20 * 5184056935931942919 cannot be represented in type 'long'
Fixes: 25466/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4798660247552000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 686f0151901849de3b2073fa73265472073e0208)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3631f0932660ca530187f660158f32efb861c1a0
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 2 23:13:00 2020 +0200
avformat/dxa: Use av_rescale() for duration computation
Fixes: signed integer overflow: 8224000000 * 1629552639 cannot be represented in type 'long'
Fixes: 24908/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4658478506049536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c313089fbe1df71b5406dd9d7e4d36361051c620)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=322563a61dd59c340df08449f4a870577b991c3f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Sep 2 22:42:05 2020 +0200
avcodec/vc1_block: Fix integer overflow in ac value
Fixes: signed integer overflow: 25488 * 87381 cannot be represented in type 'int'
Fixes: 24765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5108259565076480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3056e19e68122b9464b24870488f8faca4e78ea8)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3294678d1807eaa05384e2e6c035caa683bbd04c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 27 22:20:52 2020 +0200
avformat/iff: Check data_size not overflowing int64
Fixes: Infinite loop
Fixes: 25844/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5660803318153216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 24352ca79207d3311ee544fcba908a64004763ef)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=92a47b7a82ac6c0869e7e072fad1dc9bfd322357
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Fri Sep 25 20:08:37 2020 +0200
avcodec/dxtory: Fix negative shift in dx2_decode_slice_410()
Fixes: left shift of negative value -768
Fixes: 25574/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-6012596027916288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit abebd87764992dc22c82802bdc75d40aac14ab86)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=00440fff9fbf1f7634129c192d2248aeeeb68ccf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Sep 24 22:20:39 2020 +0200
avcodec/sonic: Check channels before deallocating
Fixes: heap-buffer-overflow
Fixes: 25744/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5172961169113088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f249981976b18438cfb646183d4c21fb051e1ad4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bc50487b63c4b615b841957ba2ebb84b238a6152
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 19 20:48:38 2020 +0200
avcodec/ansi: Check nb_args for overflow
Fixes: Integer overflow (no testcase)
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bc0e776c9aaf06f437bf21e05a713fd54dc85400)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f7496f6dc3eab564145c9e4918eb6b79eba886d
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 19 15:20:14 2020 +0200
avformat/wc3movie: Move wc3_read_close() up
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0c635f2ce6c18d448e77605ee83b55bd8250f812)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5b4e2112d35ed252bffb985157c50cd1134ae65c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jul 16 22:58:13 2020 +0200
avutil/fixed_dsp: Fix integer overflows in butterflies_fixed_c()
Fixes: signed integer overflow: 0 - -2147483648 cannot be represented in type 'int'
Fixes: 23646/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5480991098667008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4a02ae49c26395fc3ae2d38c733a2a13bd3080e7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8157c329d1d69df9bf4dac14697b0ddca5cb55b8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Sep 13 21:12:17 2020 +0200
avcodec/wmalosslessdec: Check remaining space before padding and channel residue
Fixes: Timeout (1101sec -> 0.4sec)
Fixes: 24491/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5725337036783616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c467adf3bf9bb4b7fd28956ec698d884e63f145d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4f60da3846d9cd0528f9e7733c58c4aad33002d2
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Jul 19 16:54:28 2020 +0200
avformat/cdg: Fix integer overflow in duration computation
Fixes: signed integer overflow: 8398407 * 300 cannot be represented in type 'int'
Fixes: 23914/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4702539290509312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit aa8935b395162f8438d1f055e671e92685ed1586)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cc7f140e0f2fbf39843e9a57baebff7d96f7235b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun May 10 19:04:23 2020 +0200
avcodec/mpc: Fix multiple numerical overflows in ff_mpc_dequantize_and_synth()
Fixes: -2.4187e+09 is outside the range of representable values of type 'int'
Fixes: signed integer overflow: -14512205 + -2147483648 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Fixes: 23528/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC7_fuzzer-5747263166480384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 2b9f39689ab19c68ff37b5a4ac71e8fb7f58c487)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bc0017335b40c44569a126f50b2ae0e6797e34f9
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Sep 7 00:09:33 2020 +0200
avformat/electronicarts: Check if there are any streams
Fixes: Assertion failure (invalid stream index)
Fixes: 25120/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6565251898933248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 39a98623edbbdcf9d9b76e9d7aff3ce086ebfbfe)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=06d508245623b1d1b62153e544e2e07c860e761b
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Sep 5 17:58:53 2020 +0200
avcodec/ffwavesynth: Fix integer overflow in wavesynth_synth_sample / WS_SINE
Fixes: signed integer overflow: -1429092 * -32596 cannot be represented in type 'int'
Fixes: 24419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5157849974702080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george at nsup.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a0da95df77a528251a326fc8b7e2ff48c60e41d0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=21eed2c10ac437b4af7fd943ed1c68d1ce4d75c8
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 22 00:24:55 2020 +0200
avcodec/vp9dsp_template: Fix integer overflow in iadst8_1d()
Fixes: signed integer overflow: 998938090 + 1169275991 cannot be represented in type 'int'
Fixes: 23411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-4644692330545152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d182d8f10cf69c59ef9c21df4b06e5478df063ef)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=39adb150346f6f27b2ae290977b706f72699e20f
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Mon Jun 22 00:09:05 2020 +0200
avformat/avidec: Fix io_fsize overflow
Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long'
Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cf0c700b0c25f5d9fe50dd27086a06812822f11a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8fbc110d89bf9213db752fae460717a40726cdcc
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Aug 20 01:05:35 2020 +0200
avcodec/tiff: Restrict tag order based on specification
"The entries in an IFD must be sorted in ascending order by Tag. Note that this is
not the order in which the fields are described in this document."
This way various dimensions, sample and bit sizes cannot be changed at
arbitrary times which reduces the potential for bugs.
The tag reading code also on various places assumes that numerically previous
tags have already been parsed, so this needs to be enforced one way or another.
If this commit causes problems with real world files which are not easy to fix
then some other form of checks are needed to ensure the various dependencies
in the tag reading are not violated.
Fixes: out of array access
Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ad29f9e47cb848e11ee1d358d2bae15cd35ef04b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=18f85c4a937ba3526e260e2938333313d5b7f1ac
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Tue Aug 11 14:41:13 2020 +0200
avformat/siff: Reject audio packets without audio stream
Fixes: Assertion failure
Fixes: 24612/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6600899842277376.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 8931c55789a69f717b4a6954c5bb7acf5475a134)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8e729daf086ae592a18774663d1c8a0321448323
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sat Aug 15 01:07:44 2020 +0200
avformat/mpeg: Check avio_read() return value in get_pts()
Found-by: Thierry Foucu <tfoucu at gmail.com>
Fixes: Use-of-uninitialized-value
Reviewed-by: Thierry Foucu <tfoucu at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e8a88a16f78e66c8d7645b5f71dc8390b033fa70)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9aad7acc4e4ccb7507e86b9d422107c4cd19a66c
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Aug 6 21:42:43 2020 +0200
avcodec/tiff: Check bpp/bppcount for 0
Fixes: division by zero
Fixes: 24253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6250318007107584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit be090da25f734460f3105075456877b8a66185c1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d5a63d5da4ec7b80d06930086398dcdef2f624e4
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Aug 6 21:35:06 2020 +0200
avcodec/snowdec: Sanity check hcoeff
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 24011/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5486376610168832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit d51d569cf68f78aaea8464a156c847a0e294726a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=73fe1c16e85b96a845bf0a889e6e8b6e344efe68
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Sun Aug 2 00:51:12 2020 +0200
avformat/mov: Check comp_brand_size
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 24457/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5760093644390400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ffa6072fc727a14680a85449259f6b49b47587e6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e241831a6cf6014159d08c409dad1088bb6655bf
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Thu Jul 23 23:41:27 2020 +0200
avcodec/alac: Check decorr_shift to avoid invalid shift
Later the decorrelate_stereo call is guarded by channels == 2
and non-zero decorr_left_weight. Make sure decorr_shift is in
the expected shift range for that case.
Fixes: shift exponent 128 is too large for 32-bit type 'int'
Fixes: 23860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5751138914402304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Alexander Strasser <eclipse7 at gmx.net>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4333718b357a9ad195031e5d0ea080d37677b795)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eeefeb5681af7da685c945fb37bb901df9dedc72
Author: Michael Niedermayer <michael at niedermayer.cc>
Date: Wed Jul 15 22:47:50 2020 +0200
avcodec/tdsc: Fix tile checks
Fixes: out of array access
Fixes: crash.asf
Found-by: anton listov <greyfarn7 at yandex.ru>
Reviewed-by: anton listov <greyfarn7 at yandex.ru>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 081e3001edb67dcd55fe0f68505df1fce667476d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a719482c8e51afbd490ec28cadf7fe01dc96e1de
Author: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Date: Thu Jul 9 12:07:28 2020 +0200
avformat/mm: Check for existence of audio stream
No audio stream is created unconditionally and if none has been created,
no packet with stream_index 1 may be returned. This fixes an assert in
ff_read_packet() in libavformat/utils reported in ticket #8782.
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
(cherry picked from commit ec59dc73f0cc8930bf5dae389cd76d049d537ca7)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=43035402988335354c51ed1626d8316e05a63866
Author: Zhao Zhili <quinkblack at foxmail.com>
Date: Sun Jul 5 00:51:53 2020 +0800
avformat/mov: Fix unaligned read of uint32_t and endian-dependance in mov_read_default
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 806a4d5187aeb82b97898683242886ed1e84f894)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
More information about the ffmpeg-cvslog
mailing list