Fixes: signed integer overflow: 1106434976 + 1041773512 cannot be represented in type 'int'
Fixes: 15421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5669209314426880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -1027919784 + -1120041624 cannot be represented in type 'int'
Fixes: 15406/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5700646528876544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: simple_idct_template.c:184:30: runtime error: signed integer overflow: -1065517056 - 1392182838 cannot be represented in type 'int'
Fixes: simple_idct_template.c:269:21: runtime error: signed integer overflow: 16384 * 259254 cannot be represented in type 'int'
Fixes: simple_idct_template.c:164:17: runtime error: signed integer overflow: 21407 * 210162 cannot be represented in type 'int'
Fixes: simple_idct_template.c:167:17: runtime error: signed integer overflow: 21407 * 210162 cannot be represented in type 'int'
Fixes: simple_idct_template.c:169:19: runtime error: signed integer overflow: 22725 * 259190 cannot be represented in type 'int'
Fixes: simple_idct_template.c:171:19: runtime error: signed integer overflow: 19265 * 259190 cannot be represented in type 'int'
Fixes: simple_idct_template.c:173:19: runtime error: signed integer overflow: 12873 * 259190 cannot be represented in type 'int'
Fixes: simple_idct_template.c:183:28: runtime error: signed integer overflow: 1860878336 + 585177665 cannot be represented in type 'int'
Fixes: simple_idct_template.c:159:17: runtime error: signed integer overflow: 16384 * 189520 cannot be represented in type 'int'
Fixes: simple_idct_template.c:170:22: runtime error: signed integer overflow: 19265 * 130147 cannot be represented in type 'int'
Fixes: simple_idct_template.c:174:23: runtime error: signed integer overflow: -22725 * 130147 cannot be represented in type 'int'
Fixes: simple_idct_template.c:183:20: runtime error: signed integer overflow: 16384 * -175206 cannot be represented in type 'int'
Fixes: simple_idct_template.c:184:22: runtime error: signed integer overflow: -16384 * -175206 cannot be represented in type 'int'
Fixes: simple_idct_template.c:185:22: runtime error: signed integer overflow: -16384 * -175206 cannot be represented in type 'int'
Fixes: simple_idct_template.c:186:20: runtime error: signed integer overflow: 16384 * -175206 cannot be represented in type 'int'
Fixes: simple_idct_template.c:195:26: runtime error: signed integer overflow: 19265 * 150747 cannot be represented in type 'int'
Fixes: simple_idct_template.c:198:27: runtime error: signed integer overflow: -22725 * 150747 cannot be represented in type 'int'
Fixes: simple_idct_template.c:184:37: runtime error: signed integer overflow: 21407 * -171941 cannot be represented in type 'int'
Fixes: simple_idct_template.c:185:37: runtime error: signed integer overflow: 21407 * -171941 cannot be represented in type 'int'
Fixes: simple_idct_template.c:192:27: runtime error: signed integer overflow: -12873 * 206341 cannot be represented in type 'int'
Fixes: simple_idct_template.c:185:30: runtime error: signed integer overflow: 1196441600 + 1703756981 cannot be represented in type 'int'
Fixes: simple_idct_template.c:176:23: runtime error: signed integer overflow: -12873 * 168461 cannot be represented in type 'int'
Fixes: simple_idct_template.c:191:27: runtime error: signed integer overflow: -22725 * -140062 cannot be represented in type 'int'
Fixes: simple_idct_template.c:197:26: runtime error: signed integer overflow: 19265 * -140062 cannot be represented in type 'int'
Fixes: simple_idct_template.c:183:34: runtime error: signed integer overflow: 8867 * -243046 cannot be represented in type 'int'
Fixes: simple_idct_template.c:186:34: runtime error: signed integer overflow: 8867 * -243046 cannot be represented in type 'int'
Fixes: simple_idct_template.c:186:28: runtime error: signed integer overflow: -816234496 - 2139878414 cannot be represented in type 'int'
Fixes: simple_idct_template.c:188:26: runtime error: signed integer overflow: 12873 * -239872 cannot be represented in type 'int'
Fixes: simple_idct_template.c:165:16: runtime error: signed integer overflow: 8867 * -260084 cannot be represented in type 'int'
Fixes: simple_idct_template.c:166:16: runtime error: signed integer overflow: 8867 * -260084 cannot be represented in type 'int'
Fixes: 9135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6324422955761664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Benchmarks with START_TIMER indicate that the code is faster with unsigned, (that is
with the patch), there was quite some fluctuation in the numbers so this may be just
random
Fixes: 811/clusterfuzz-testcase-6465493076541440
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The original code left-shifts negative values, which is undefined
in the C99 specification (the one used during normal Libav compilation).
This change multiplies by (1 << shift), which is functionally equivalent,
but has defined behavior.
With this change, fate-idct8x8 compiled with --fsanitize=undefined works.
Bug-Id: 686
omse goes from 0.03060703 (which fails for dct-test) to 0.01663750.
This also actually improve the error of decoding the sample generated
by fate-vsynth3-dnxhd1080i-10bit using simple_idct10 to FAANI, which
goes (when resampled to yuv422p) from:
stddev: 0.06 PSNR: 72.28 MAXDIFF: 1
to identical.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The original code left-shifts negative values, which is undefined
in the C99 specification (the one used during normal FFmpeg compilation).
This change multiplies by (1 << shift), which is functionally equivalent,
but has defined behavior.
With this change, fate-idct8x8 compiled with --fsanitize=undefined works.
Bug-Id: 686
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The assembly generated by gcc is unchanged by this commit
no changes in either standard deviation or PSNR is seen in any of the changed fate
cases
MSE changes from 0.05012422 to 0.04890000
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Results of IDCT can by far outreach the range of ff_cropTbl[], leading
to overreads and potentially crashes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
"Copyright (c) 2001 Michael Niedermayer" and "part of Libav" is not likely
not only am i not a libav developer there also was no libav in 2001
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Paul B Mahol
Michael Niedermayer
Kieran Kunhya
Diego Biurrun
Vittorio Giovara
Katerina Barone-Adesi
Christophe Gisquet
Michael Niedermayer
Ronald S. Bultje
Mans Rullgard