2c6179aa82
libavcodec/exr : simplify reorder_pixels
...
reorder_pixels is call by rle_uncompress and zip_uncompress
with size == uncompress_size
uncompress_size is a multiple of 2 (because exr store data
in half, float, or uint32)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
a453f5549a
avcodec/pixlet: Fixes: runtime error: signed integer overflow: 9203954323419769657 + 29897660706736950 cannot be represented in type 'long'
...
Fixes: 1569/clusterfuzz-testcase-minimized-6328690508038144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
467677769a
avcodec/mpeg4videodec: Clear sprite wraping on unsupported cases in VOP decode
...
Fixes: Integer overflow
Fixes: 1572/clusterfuzz-testcase-minimized-4578773729017856
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
c55e637072
avcodec/ac3dec: Fix: runtime error: index -1 out of bounds for type 'INTFLOAT [2]'
...
It seems dual mono with a LFE channel is not forbidden
Fixes: 1570/clusterfuzz-testcase-minimized-6455337349545984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
b923213276
avcodec/hqxdsp: Fix runtime error: signed integer overflow: -196264 * 11585 cannot be represented in type 'int'
...
Fixes: 1568/clusterfuzz-testcase-minimized-5944868608147456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
f2c539d350
avcodec/g723_1dec: Fix LCG type
...
Fixes: 1567/clusterfuzz-testcase-minimized-5693653555085312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
69b83f5992
avfilter/af_compand: fix default companding to avoid clipping
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
8630b2cd36
avcodec/ffv1dec: Fix runtime error: signed integer overflow: 1550964438 + 1550964438 cannot be represented in type 'int'
...
Fixes: 1559/clusterfuzz-testcase-minimized-5048096079740928
Fixes: 1560/clusterfuzz-testcase-minimized-6011037813833728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
8c5cd1c9d3
avcodec/webp: Fix signedness in prefix_code check
...
Fixes: out of array read
Fixes: 1557/clusterfuzz-testcase-minimized-6535013757616128
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
86b1b0d33d
avcodec/svq3: Fix runtime error: signed integer overflow: 169 * 12717677 cannot be represented in type 'int'
...
Fixes: 1556/clusterfuzz-testcase-minimized-5027865978470400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
e3e51f8c14
avcodec/mlpdec: Check that there is enough data for headers
...
Fixes: out of array access
Fixes: 1541/clusterfuzz-testcase-minimized-6403410590957568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
9351a156de
avcodec/ac3dec: Keep track of band structure
...
It is needed in some corner cases that seem not to be forbidden
Fixes: out of array index
Fixes: 1538/clusterfuzz-testcase-minimized-4696904925446144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
a3508cc3fe
avcodec/webp: Add missing input padding
...
Fixes: 1536/clusterfuzz-testcase-minimized-5973925404082176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
26227d9186
avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1
...
Fixes: 1535/clusterfuzz-testcase-minimized-5826695535788032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
87b08ee6d2
avcodec/aacsbr_template: Do not change bs_num_env before its checked
...
Fixes: 1489/clusterfuzz-testcase-minimized-5075102901207040
Fixes: out of array access
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
48f7757749
avcodec/wavpack: Fix runtime error: signed integer overflow: 2147483642 + 512 cannot be represented in type 'int'
...
Fixed: 1453/clusterfuzz-testcase-minimized-5024976874766336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
2171dfae8c
avcodec/scpr: Fix multiple runtime error: index 256 out of bounds for type 'unsigned int [256]'
...
Fixes: 1519/clusterfuzz-testcase-minimized-5286680976162816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
54e1b62ee2
avcodec/h264_cavlc: Fix runtime error: index -1 out of bounds for type 'VLC [15]
...
Fixes: 1513/clusterfuzz-testcase-minimized-6246484833992704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
74dc728a2c
avcodec/mlp: Fix multiple runtime error: left shift of negative value -1
...
Fixes: 1512/clusterfuzz-testcase-minimized-4713846423945216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
ed93ed5ee3
avfilter: don't anonymously typedef structs
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
0fbc7a2169
x86/float_dsp: remove usage of integer instructions
8 years ago
96cbaaa548
avcodec/rangecoder: Fix range coder corner case handling
...
Fixes: 1511/clusterfuzz-testcase-minimized-5906663800307712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
afb4632cc3
avcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be represented in type 'int'
...
Fixes: 1510/clusterfuzz-testcase-minimized-5826231746428928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
934572c5c3
avcodec/rscc: Check pixel_size for overflow
...
Fixes: 1509/clusterfuzz-testcase-minimized-5129419876204544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
0158b405a7
avcodec/fmvc: Check nb_blocks
...
Fixes: out of array read
Fixes: 1508/clusterfuzz-testcase-minimized-5011336327069696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
e664882523
avcodec/hq_hqadsp: Fix runtime error: signed integer overflow: 80359 * 30274 cannot be represented in type 'int'
...
Fixes: 1507/clusterfuzz-testcase-minimized-4955228300378112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
5ac17f187a
avcodec/cavsdec: Fix runtime error: signed integer overflow: 31 + 2147483640 cannot be represented in type 'int'
...
Fixes: 1506/clusterfuzz-testcase-minimized-5401272918212608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
cb243972b1
avcodec/xpmdec: Fix multiple pointer/memory issues
...
Most of these were found through code review in response to
fixing 1466/clusterfuzz-testcase-minimized-5961584419536896
There is thus no testcase for most of this.
The initial issue was Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
73ae60d7df
libavcodec/exr : cosmetics variable name
...
rename tile variable to better follow ffmpeg coding style
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
28f60eeabb
avcodec/avpacket: allow only one element per type in packet side data
...
It was never meant to do otherwise, as av_packet_get_side_data() returns the first
entry it finds of a given type.
Based on code from libavformat's av_stream_add_side_data().
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
8 years ago
3d55e4883c
avfilter/aeval: remove comment that was left from some other file
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
c02921417b
avfilter/aeval: free input frame on error
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
e312ed0504
avfilter/af_astats: add RMS difference too
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
9cd62b2ca4
avfilter/vf_pad: revert part of 57c3670896
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
ccce2248bf
avcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflow: -1366381240 + -1262413604 cannot be represented in type 'int'
...
Fixes: 1440/clusterfuzz-testcase-minimized-5785716111966208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
d5711cb891
avcodec/avcodec: Limit the number of side data elements per packet
...
Fixes: 1293/clusterfuzz-testcase-minimized-6054752074858496
See: [FFmpeg-devel] [PATCH] avcodec/avcodec: Limit the number of side data elements per packet
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
f225003d17
avcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
...
Fixes: 1505/clusterfuzz-testcase-minimized-4561688818876416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
c4c0245686
avcodec/g723_1dec: Fix runtime error: left shift of negative value -1
...
Fixes: 1504/clusterfuzz-testcase-minimized-6249212138225664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
df640dbbc9
avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot be represented in type 'int'
...
Fixes: 1503/clusterfuzz-testcase-minimized-5369271855087616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
eaf644e120
avfilter: add acopy filter
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
6899e6e560
avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610
...
Fixes: 1487/clusterfuzz-testcase-minimized-6288036495097856
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
d05bdba242
avcodec/mss3: Fix runtime error: signed integer overflow: -2146318336 - 2139696256 cannot be represented in type 'int'
...
Fix is similar to rac_get_model_sym()
Fixes: 1483/clusterfuzz-testcase-minimized-6386507814273024
Fixes: 1485/clusterfuzz-testcase-minimized-6639880215986176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
2752410c47
avcodec/golomb: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
...
Fixes: 1481/clusterfuzz-testcase-minimized-5264379509473280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
15e892aad1
avcodec/msmpeg4dec: Check for cbpy VLC errors
...
Fixes: runtime error: left shift of negative value -1
Fixes: 1480/clusterfuzz-testcase-minimized-5188321007370240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
2bfd0a9758
avcodec/cllc: Check num_bits
...
Fixes: runtime error: shift exponent -2 is negative
Fixes: 1479/clusterfuzz-testcase-minimized-6638493360979968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
e717fa1f0a
avcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
602ac48720
doc/libav-merge: mention the skipped AVFrame crop fields usage commits
8 years ago
fc63d5ceb3
Merge commit '1202b712690c14f0efb06e4ad8b06c5b3df6822a'
...
* commit '1202b712690c14f0efb06e4ad8b06c5b3df6822a':
theora: export cropping information instead of handling it internally
h264dec: export cropping information instead of handling it internally
h264dec: be more explicit in handling container cropping
hevcdec: export cropping information instead of handling it internally
This commit is a noop.
This changes the cropping behavior, when it's supposedly only meant to move
it outside of the decoder.
See https://ffmpeg.org/pipermail/ffmpeg-devel/2017-May/211239.html for the
discussion about it.
Merged-by: James Almer <jamrial@gmail.com>
8 years ago
7ac5067146
avcodec/scpr: Check y in first line loop in decompress_i()
...
Fixes: out of array access
Fixes: 1478/clusterfuzz-testcase-minimized-5285486908145664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
8a69f2602f
avcodec/dvbsubdec: Check entry_id
...
Fixes: randomly writing over the array end
Fixes: 1473/clusterfuzz-testcase-minimized-5768907824562176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
Martin Vignali
Michael Niedermayer
Paul B Mahol
James Almer