har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
83,942 Commits 2 Branches 401 Tags
Commit Graph

83942 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
2d2c079688 avcodec/aacdec_template: Merge 3 #ifs related to noise handling 
Fewer #if and fewer lines

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc33c99d56791fc26ccafb49512b59e38b99ca12)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-01 12:11:55 +02:00
Michael Niedermayer
52410bc41a avcodec/aacdec_fixed: ssign seems always -1 in noise_scale(), simplify 
(cherry picked from commit 3d5863d73915748013975cac8d2148c5fc3d01c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-01 12:11:55 +02:00
Michael Niedermayer
276e97f055 avformat/mp3enc: Avoid SEEK_END as it is unsupported 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf3ee6a13053d37a0c5022a324624e89f0bce8c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-01 12:11:55 +02:00
Michael Niedermayer
deaa56a055 avcodec/truemotion2: Fix several integer overflows in tm2_update_block() 
Fixes: signed integer overflow: -1877966852 + -469491713 cannot be represented in type 'int'
Fixes: 14561/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5167608359288832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8eecf761a65baf4ce6f25c0a149819cc9414c0f0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-01 12:11:55 +02:00
Michael Niedermayer
9f8f52f35b avformat/webm_chunk: Specify expected argument length of get_chunk_filename() 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1a74b04737f08e2e11a02ada280407889f6cadb1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-01 12:11:55 +02:00
Michael Niedermayer
d62af7c542 avformat/webm_chunk: Check header filename length 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3b5b977c9f96e2c3803317ad75253801bc571791)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-01 12:11:55 +02:00
Michael Niedermayer
58f6d9143c avcodec/cpia: Check input size also against linesizes and EOL 
Fixes: Timeout (14sec -> 29ms)
Fixes: 14733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5707022445576192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3c0bfa7d1a90a22d5fe8daa415cc689c111562f1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-01 12:11:54 +02:00
Andreas Rheinhardt
85c08cd6dc libavcodec/libvpxenc: Don't free user-provided AVPacket 
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 26b45096906097a73ba587bf3b98dada4e795224)
 2020-05-23 20:49:42 +02:00
Andreas Rheinhardt
10b280a902 libavcodec/libmp3lame: Don't free user-provided AVPacket 
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 7e6941e185649409f44fb5aa31207bd7b00d23cd)
 2020-05-23 20:49:41 +02:00
Andreas Rheinhardt
c70ecbdef0 avcodec/libopusenc: Don't free user-provided AVPacket 
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit b803993b6d99423c8c1e01e7e206e3916a98d5d5)
 2020-05-23 20:49:41 +02:00
Andreas Rheinhardt
2e0549f06d avformat/matroskadec: Fix default value of BlockAddID 
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit dbc50f8a935043243232b2e01f3c012ab6d49928)
 2020-04-03 22:25:16 +02:00
James Almer
7df1cb3dce avcodec/bsf: check that AVBSFInternal was allocated before dereferencing it 
This can happen when av_bsf_free() is called on av_bsf_alloc() failure.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d889ae33962e4ad2b24175418fe89d72ce712179)
 2019-09-23 10:08:57 -03:00
Carl Eugen Hoyos
9b236547f4 lavf/rawenc: Only accept the appropriate stream type for raw muxers. 
This does not affect the rawvideo muxer.

Fixes ticket #7979.

(cherry picked from commit aef24efb0c1e65097ab77a4bf9264189bdf3ace3)
 2019-09-06 18:57:57 -03:00
Mark Harris
5fd65ebf28 avutil/mem: Fix invalid use of av_alloc_size 
The alloc_size attribute is valid only on functions that return a
pointer.  GCC 9 (not yet released) warns about invalid usage:

./libavutil/mem.h:342:1: warning: 'alloc_size' attribute ignored on a function returning int' [-Wattributes]
  342 | av_alloc_size(2, 3) int av_reallocp_array(void *ptr, size_t nmemb, size_t size);
      | ^~~~~~~~~~~~~

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4361293fcf59edb56879c36edcd25f0a91e0edf8)
 2019-07-23 01:18:28 -03:00
Michael Niedermayer
ba11e4028c Changelog: Update 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
n3.2.14 		2019-05-14 00:39:42 +02:00
Kevin Backhouse via RT
273f2755ce avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for handling braces 
Fixes: [Semmle Security Reports #19439]
Fixes: dos_sscanf2.mkv

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 894995c41e0795c7a44f81adc4838dedc3932e65)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-14 00:17:31 +02:00
Kevin Backhouse via RT
23ccf3cabb avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for tag scaning 
Fixes: [Semmle Security Reports #19438]
Fixes: dos_sscanf1.mkv

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f00c97bc3475c477f3c468cf2d924d5761d0982)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-14 00:17:30 +02:00
Michael Niedermayer
abdbbe8958 avcodec/htmlsubtitles: Be a bit more picky on syntax 
This reduces the number of strstr() calls per byte
This diasalows empty tags like '< >' as well as '<' in tags like '<ab<cd<<ef>'

Fixes timeout
Fixes: 1817/clusterfuzz-testcase-minimized-5104230530547712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c61715e2c505c15a5cfc9eab18b4311a6504055a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-14 00:17:29 +02:00
Michael Niedermayer
3a6bcc059c Changelog: update 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-13 14:10:33 +02:00
Adam Richter
280f5c4fcf libswcale: Fix possible string overflow in test. 
In libswcale/tests/swcale.c, the function fileTest() calls sscanf in
an argument of "%12s" on character srcStr[] and dstStr[], which are
only 12 bytes.  So, if the input string is 12 characters, a
terminating null byte can be written past the end of these arrays.

This bug was found by cppcheck.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b8ed4930618b170de57a9086e1e9892216454684)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-13 14:09:27 +02:00
Michael Niedermayer
a649b62b90 avcodec/hq_hqa: Check available space before reading slice offsets 
Fixes: Timeout (43sec -> 18sec)
Fixes: 14556/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5673543024508928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 407e7c34ca8a3047e4f1b14287053638b4add68d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-12 16:35:30 +02:00
Andreas Rheinhardt
9fad760f56 lavf/webm_chunk: Respect buffer size 
The last argument of av_strlcpy is supposed to contain the size of the
destination buffer, but it was filled with the size of the source
string, effectively negating its very purpose.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 73ef1f47f59333328264a968c8fbbcfb0bf0643f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-11 19:04:05 +02:00
Michael Niedermayer
e38fc0af12 Update for 3.2.14 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-10 23:54:43 +02:00
Michael Niedermayer
2d64c35764 avcodec/jvdec: Use ff_get_buffer() when the content is not reused 
Fixes: Timeout (11sec -> 5sec)
Fixes: 14473/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JV_fuzzer-5761630857592832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 09edcd35726c9ebea8a175b54dfe05483f7154f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-09 11:50:03 +02:00
Michael Niedermayer
430850d2f0 avcodec/truemotion2: Fix 2 integer overflows in tm2_update_block() 
Fixes: signed integer overflow: -2147483648 + -1 cannot be represented in type 'int'
Fixes: 14107/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5694078680825856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4a1b8d409639b2394589efe20ad55410cce391c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-09 11:27:34 +02:00
Michael Niedermayer
485546eec1 avcodec/jpeg2000: Check stepsize before using it 
Fixes: value 1.87633e+10 is outside the range of representable values of type 'int'
Fixes: Undefined behavior
Fixes: 14246/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5758393601490944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06ef186fa1b7329c6fe6723372a72464c998059b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-09 11:23:13 +02:00
Michael Niedermayer
3adb15617d avcodec/aacdec_fixed: Fix undefined shift in noise_scale() 
Fixes: 13655/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5120559430500352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8ea211ab79d646f6d0af0945971ee55f36bfcbc9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-09 11:22:35 +02:00
Michael Niedermayer
3905acef67 avutil/avstring: Fix bug and undefined behavior in av_strncasecmp() 
The function in case of n=0 would read more bytes than 0.
The end pointer could be beyond the allocated space, which
is undefined.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f0e9a863466bfcbd75ee15d4d8a6aad2a5126a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-09 11:21:57 +02:00
Michael Niedermayer
d203563494 avformat/mov: Skip stsd adjustment without chunks 
Fixes: Assertion failure
Fixes: clusterfuzz-testcase-minimized-media_pipeline_integration_fuzzer-5683096400822272

Found-by: Clusterfuzz
Reported-by: Dan Sanders <sandersd@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 18a567c369d74af5ef651b07c4c5615f5598616b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-09 11:21:25 +02:00
Michael Niedermayer
b5b12e2189 avformat/aadec: Check for scanf() failure 
Fixes: use of uninitialized variables
Fixes: blank.aa

Found-by: Chamal De Silva <chamal.desilva@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed188f6dcdf0935c939ed813cf8745d50742014b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-05-09 11:18:13 +02:00
Michael Niedermayer
0dd99b0238 avcodec/ccaption_dec: Add a blank like at the end to avoid rollup reading from outside 
Fixes: index 20 out of bounds for type 'const char *[4][128]'
Fixes: 14367/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CCAPTION_fuzzer-5718819672162304

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f17e8e90bb1fe5e4db18cc6dde9522417108c7bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-04-22 01:06:35 +02:00
Michael Niedermayer
3b2994552a avcodec/ivi: Move buffer/block end check to caller of ivi_dc_transform() 
Fixes: assertion failure
Fixes: 14078/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5760571284127744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 110dce96331529a13cc815d3c852aed9d37f83d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-04-22 00:59:10 +02:00
Michael Niedermayer
49881ea343 avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation 
It seems the specification does not limit the value to 32bit

Fixes: signed integer overflow: -109611143 * 24 cannot be represented in type 'int'
Fixes: 13477/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5648337460527104

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 837820f385af699f9bee5e2ba3169dda15e5894d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-04-22 00:54:06 +02:00
Michael Niedermayer
5f7ab544b3 avcodec/truemotion2: Fix integer overflow in tm2_decode_blocks() 
Fixes: signed integer overflow: 255 + 2147483634 cannot be represented in type 'int'
Fixes: 13472/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5712444142387200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ad0533e914a2618aea1dc77748037bd8459f61d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-04-22 00:52:53 +02:00
Michael Niedermayer
544f5fce12 avcodec/rscc: Check that the to be uncompressed input is large enough 
Fixes: Out of array access
Fixes: 13984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RSCC_fuzzer-5734128093233152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a0ec1511e7040845a0d1ce99fe2f30a0972b6d2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-04-01 10:32:10 +02:00
Michael Niedermayer
cbfd062d16 avcodec/hevcdec: Avoid only partly skiping duplicate first slices 
Fixes: NULL pointer dereference and out of array access
Fixes: 13871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5746167087890432
Fixes: 13845/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5650370728034304

This also fixes the return code for explode mode

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 54655623a82632e7624714d7b2a3e039dc5faa7e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-27 08:50:03 +01:00
Carl Eugen Hoyos
0eeea04a71 lavc/bmp: Avoid a heap buffer overwrite for 1bpp input. 
Found by Mingi Cho, Seoyoung Kim, and Taekyoung Kwon
of the Information Security Lab, Yonsei University.

(cherry picked from commit 1e34014010dba9325fc5430934b51a61a5007c63)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-27 08:47:32 +01:00
Michael Niedermayer
e20e5b38a6 avcodec/truemotion2: Fix integer overflow in tm2_null_res_block() 
Fixes: signed integer overflow: 1111638592 - -2122219136 cannot be represented in type 'int'
Fixes: 13441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5732769815068672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1223696c725a8ea7e80498e6ccfab37eea179b76)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-25 15:32:08 +01:00
Michael Niedermayer
9e96567e14 avcodec/dfa: Check the chunk header is not truncated 
Fixes: Timeout (11sec -> 3sec)
Fixes: 13218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-5661074316066816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f20760fadbc77483b9ff4b400b53ebb38ee33793)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-24 10:39:03 +01:00
Michael Niedermayer
5d28b2dc37 avcodec/dvbsubdec: Check object position 
Reference: ETSI EN 300 743 V1.2.1  7.2.2 Region composition segment

Fixes: Timeout
Fixes: 13325/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5143979392237568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8c5ae451184e879fc8ff1333c6f26f9542c8ebf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-24 10:39:03 +01:00
Michael Niedermayer
bed614b0cc avcodec/cdgraphics: Use ff_set_dimensions() 
Fixes: Timeout (17 sec -> 65 milli sec)
Fixes: 13264/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5711167941509120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9a9f0e239c1c6f5c96cc90ba673087f86ca1eabc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-24 10:39:03 +01:00
Michael Niedermayer
5ff9505770 avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes 
Fixes: Timeout (27 sec -> 39 milli sec)
Fixes: 13151/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5717536023248896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b819472995f55e827d6bb70dcdd86d963f65ae31)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-24 10:39:03 +01:00
Michael Niedermayer
8c69d65cb4 avcodec/aic: Check remaining bits in aic_decode_coeffs() 
Fixes: Timeout (78 seconds -> 2 seconds)
Fixes: 13186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5639516533030912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 951bb7632fe6e3bb1a9c3b47610705871e471f34)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-24 10:39:03 +01:00
Michael Niedermayer
4e5a17e790 avcodec/bethsoftvideo: Check block_type 
Fixes: Timeout (17 seconds -> 1 second)
Fixes: 13184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BETHSOFTVID_fuzzer-5711446296494080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b8ecadec0582a1521b5d0d253376966138e6ca78)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-24 10:39:03 +01:00
Michael Niedermayer
6299f85cf2 avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int() 
Fixes: runtime error: signed integer overflow: 2147483598 + 128 cannot be represented in type 'int'
Fixes: 12926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5705100733972480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4801eea0d465cd54670e7c19322705544e3e7524)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-24 10:39:03 +01:00
Michael Niedermayer
8a598030e2 avcodec/error_resilience: Use a symmetric check for skipping MV estimation 
This speeds up the testcase by a factor of 4

Fixes: Timeout
Fixes: 13100/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5767533905313792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e4289cb253e29e4d62dc46759eb1a45d8f6d82df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-24 10:39:03 +01:00
Michael Niedermayer
e9dbc7b309 avcodec/mlpdec: Insuffient typo 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fc32e08941ea2795a3096e7a4013843e9ebf5fe3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-24 10:39:03 +01:00
Michael Niedermayer
715b526d82 avcodec/zmbv: obtain frame later 
The frame is not needed that early so obtaining it later avoids
the costly operation in case other checks fail.

Fixes: Timeout (14sec -> 4sec)
Fixes: 13140/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZMBV_fuzzer-5738330308739072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 177b40890c6de8c6896e0a1d4a631ea1ca89c044)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-24 10:39:03 +01:00
Michael Niedermayer
fdf19ce6c6 avcodec/jvdec: Check available input space before decode8x8() 
Fixes: Timeout (78 sec -> 15 millisec)
Fixes: 13147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JV_fuzzer-5727107827630080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 61523683c5a9bda9aaa7ae24764a3df0401a9877)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-24 10:39:03 +01:00
Michael Niedermayer
5773985902 avcodec/h264_direct: Fix overflow in POC comparission 
Fixes: runtime error: signed integer overflow: 2147421862 - -33624063 cannot be represented in type 'int'
Fixes: 12885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5733516975800320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5ccf296e74725bc8bdfbfe500d0482daa200b6f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-03-24 10:39:03 +01:00