87b08ee6d2
avcodec/aacsbr_template: Do not change bs_num_env before its checked
...
Fixes: 1489/clusterfuzz-testcase-minimized-5075102901207040
Fixes: out of array access
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
48f7757749
avcodec/wavpack: Fix runtime error: signed integer overflow: 2147483642 + 512 cannot be represented in type 'int'
...
Fixed: 1453/clusterfuzz-testcase-minimized-5024976874766336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
2171dfae8c
avcodec/scpr: Fix multiple runtime error: index 256 out of bounds for type 'unsigned int [256]'
...
Fixes: 1519/clusterfuzz-testcase-minimized-5286680976162816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
54e1b62ee2
avcodec/h264_cavlc: Fix runtime error: index -1 out of bounds for type 'VLC [15]
...
Fixes: 1513/clusterfuzz-testcase-minimized-6246484833992704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
74dc728a2c
avcodec/mlp: Fix multiple runtime error: left shift of negative value -1
...
Fixes: 1512/clusterfuzz-testcase-minimized-4713846423945216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
ed93ed5ee3
avfilter: don't anonymously typedef structs
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
0fbc7a2169
x86/float_dsp: remove usage of integer instructions
8 years ago
96cbaaa548
avcodec/rangecoder: Fix range coder corner case handling
...
Fixes: 1511/clusterfuzz-testcase-minimized-5906663800307712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
afb4632cc3
avcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be represented in type 'int'
...
Fixes: 1510/clusterfuzz-testcase-minimized-5826231746428928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
934572c5c3
avcodec/rscc: Check pixel_size for overflow
...
Fixes: 1509/clusterfuzz-testcase-minimized-5129419876204544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
0158b405a7
avcodec/fmvc: Check nb_blocks
...
Fixes: out of array read
Fixes: 1508/clusterfuzz-testcase-minimized-5011336327069696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
e664882523
avcodec/hq_hqadsp: Fix runtime error: signed integer overflow: 80359 * 30274 cannot be represented in type 'int'
...
Fixes: 1507/clusterfuzz-testcase-minimized-4955228300378112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
5ac17f187a
avcodec/cavsdec: Fix runtime error: signed integer overflow: 31 + 2147483640 cannot be represented in type 'int'
...
Fixes: 1506/clusterfuzz-testcase-minimized-5401272918212608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
cb243972b1
avcodec/xpmdec: Fix multiple pointer/memory issues
...
Most of these were found through code review in response to
fixing 1466/clusterfuzz-testcase-minimized-5961584419536896
There is thus no testcase for most of this.
The initial issue was Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
73ae60d7df
libavcodec/exr : cosmetics variable name
...
rename tile variable to better follow ffmpeg coding style
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
28f60eeabb
avcodec/avpacket: allow only one element per type in packet side data
...
It was never meant to do otherwise, as av_packet_get_side_data() returns the first
entry it finds of a given type.
Based on code from libavformat's av_stream_add_side_data().
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
8 years ago
3d55e4883c
avfilter/aeval: remove comment that was left from some other file
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
c02921417b
avfilter/aeval: free input frame on error
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
e312ed0504
avfilter/af_astats: add RMS difference too
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
9cd62b2ca4
avfilter/vf_pad: revert part of 57c3670896
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
ccce2248bf
avcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflow: -1366381240 + -1262413604 cannot be represented in type 'int'
...
Fixes: 1440/clusterfuzz-testcase-minimized-5785716111966208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
d5711cb891
avcodec/avcodec: Limit the number of side data elements per packet
...
Fixes: 1293/clusterfuzz-testcase-minimized-6054752074858496
See: [FFmpeg-devel] [PATCH] avcodec/avcodec: Limit the number of side data elements per packet
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
f225003d17
avcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
...
Fixes: 1505/clusterfuzz-testcase-minimized-4561688818876416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
c4c0245686
avcodec/g723_1dec: Fix runtime error: left shift of negative value -1
...
Fixes: 1504/clusterfuzz-testcase-minimized-6249212138225664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
df640dbbc9
avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot be represented in type 'int'
...
Fixes: 1503/clusterfuzz-testcase-minimized-5369271855087616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
eaf644e120
avfilter: add acopy filter
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
6899e6e560
avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610
...
Fixes: 1487/clusterfuzz-testcase-minimized-6288036495097856
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
d05bdba242
avcodec/mss3: Fix runtime error: signed integer overflow: -2146318336 - 2139696256 cannot be represented in type 'int'
...
Fix is similar to rac_get_model_sym()
Fixes: 1483/clusterfuzz-testcase-minimized-6386507814273024
Fixes: 1485/clusterfuzz-testcase-minimized-6639880215986176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
2752410c47
avcodec/golomb: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
...
Fixes: 1481/clusterfuzz-testcase-minimized-5264379509473280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
15e892aad1
avcodec/msmpeg4dec: Check for cbpy VLC errors
...
Fixes: runtime error: left shift of negative value -1
Fixes: 1480/clusterfuzz-testcase-minimized-5188321007370240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
2bfd0a9758
avcodec/cllc: Check num_bits
...
Fixes: runtime error: shift exponent -2 is negative
Fixes: 1479/clusterfuzz-testcase-minimized-6638493360979968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
e717fa1f0a
avcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
602ac48720
doc/libav-merge: mention the skipped AVFrame crop fields usage commits
8 years ago
fc63d5ceb3
Merge commit '1202b712690c14f0efb06e4ad8b06c5b3df6822a'
...
* commit '1202b712690c14f0efb06e4ad8b06c5b3df6822a':
theora: export cropping information instead of handling it internally
h264dec: export cropping information instead of handling it internally
h264dec: be more explicit in handling container cropping
hevcdec: export cropping information instead of handling it internally
This commit is a noop.
This changes the cropping behavior, when it's supposedly only meant to move
it outside of the decoder.
See https://ffmpeg.org/pipermail/ffmpeg-devel/2017-May/211239.html for the
discussion about it.
Merged-by: James Almer <jamrial@gmail.com>
8 years ago
7ac5067146
avcodec/scpr: Check y in first line loop in decompress_i()
...
Fixes: out of array access
Fixes: 1478/clusterfuzz-testcase-minimized-5285486908145664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
8a69f2602f
avcodec/dvbsubdec: Check entry_id
...
Fixes: randomly writing over the array end
Fixes: 1473/clusterfuzz-testcase-minimized-5768907824562176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
3a0ff78168
avcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit type 'int'
...
Fixes: 1471/clusterfuzz-testcase-minimized-6376460543590400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
d9051f8f3e
avcodec/mimic: Fix runtime error: index 96 out of bounds for type 'const int8_t [64]'
...
Fixes: 1468/clusterfuzz-testcase-minimized-5235964056174592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
1795dccde0
lavc/mediacodec_wrapper: fix local reference leaks
...
Reviewed-by: Clément Bœsch <u@pkh.me>
8 years ago
2f43897f65
lavc/ffjni: fix local reference leak
...
Reviewed-by: Clément Bœsch <u@pkh.me>
8 years ago
5d0b8b1ae3
lavc/aarch64/simple_idct: fix iOS build without gas-preprocessor
...
Separates macro arguments with commas and passes .4H/.8H as macro
arguments instead of 4H/8H (the later form being interpreted as an
hexadecimal value).
Fixes ticket #6324 .
Suggested-by: Martin Storsjö <martin@martin.st>
8 years ago
36cf422521
cmdutils_opencl: Fix read of uinitialized cl_mem
...
Fixes CID1396856, CID1396860, CID1396861
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
d712a5cddb
cmdutils_opencl: Fix read of uninitialized pointer
...
Fixes: CID1396856
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
ad2296ab3a
avcodec/aacdec_fixed: Fix various integer overflows
...
Fixes: 1377/clusterfuzz-testcase-minimized-5487049807233024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
8ba1fc2a4a
ffprobe: discard non-selected streams
8 years ago
7355c1dda2
avformat/hlsenc: move old_filename free operation earlier
...
Suggested-by: Aaron Levinson <alevinsn@aracnet.com>
Reviewed-by: Aaron Levinson <alevinsn@aracnet.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
8 years ago
c0ece1f4ad
avcodec/mpeg12dec: Fixes runtime error: division by zero
...
Fixes: 1464/clusterfuzz-testcase-minimized-4925445571084288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
60765cc42e
avcodec/pixlet: Fix runtime error: signed integer overflow: 436207616 * -5160230545260541 cannot be represented in type 'long'
...
Fixes: 1462/clusterfuzz-testcase-minimized-6558894463647744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
6b5d3fb26f
avcodec/webp: Always set pix_fmt
...
Fixes: out of array access
Fixes: 1434/clusterfuzz-testcase-minimized-6314998085189632
Fixes: 1435/clusterfuzz-testcase-minimized-6483783723253760
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
942036e97c
avfilter/vf_uspp: Fix currently unused input frame dimensions
...
Found-by: Nicolas
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
Michael Niedermayer
Paul B Mahol
James Almer
Martin Vignali
Matthieu Bouron
Clément Bœsch
Steven Liu