FFmpeg

Commit Graph

Author	SHA1	Message	Date
Michael Niedermayer	b625f2b6d4	avcodec/mss4: Check input size against skip bits Fixes: Timeout (17sec -> 20ms) Fixes: 14615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MTS2_fuzzer-5093007763701760 Fixes: 14797/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MTS2_fuzzer-5651696119709696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0fef412dff`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	c5aa4f6c12	avcodec/diracdec: Fix integer overflow in global_mv() Fixes: signed integer overflow: 16384 * 196607 cannot be represented in type 'int' Fixes: 14810/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5091232683917312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a99ffb5bb4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	71d9293663	avcodec/vmnc: Check available space against chunks before reget_buffer() Fixes: Timeout (16sec -> 60ms) Fixes: 14673/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMNC_fuzzer-5640217517621248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `279d9a84af`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	806d1e3253	avcodec/aacdec_template: skip apply_tns() if max_sfb is 0 (from previous header decode failure) Fixes: NULL pointer dereference Fixes: 14723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5654612436058112 Fixes: 14724/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5712607111020544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cf3156e762`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	1a18b09031	avcodec/aacdec_fixed: Handle more extreem cases in noise_scale() Its unclear if these cases have any relevance in real files Fixes: shift exponent -2 is negative Fixes: 14489/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5681941631729664 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3d14663f83`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	2d2c079688	avcodec/aacdec_template: Merge 3 #ifs related to noise handling Fewer #if and fewer lines Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bc33c99d56`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	52410bc41a	avcodec/aacdec_fixed: ssign seems always -1 in noise_scale(), simplify (cherry picked from commit `3d5863d739`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	276e97f055	avformat/mp3enc: Avoid SEEK_END as it is unsupported Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bf3ee6a130`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	deaa56a055	avcodec/truemotion2: Fix several integer overflows in tm2_update_block() Fixes: signed integer overflow: -1877966852 + -469491713 cannot be represented in type 'int' Fixes: 14561/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5167608359288832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8eecf761a6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	9f8f52f35b	avformat/webm_chunk: Specify expected argument length of get_chunk_filename() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1a74b04737`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	d62af7c542	avformat/webm_chunk: Check header filename length Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3b5b977c9f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	58f6d9143c	avcodec/cpia: Check input size also against linesizes and EOL Fixes: Timeout (14sec -> 29ms) Fixes: 14733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5707022445576192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3c0bfa7d1a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Andreas Rheinhardt	85c08cd6dc	libavcodec/libvpxenc: Don't free user-provided AVPacket Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `26b4509690`)	5 years ago
Andreas Rheinhardt	10b280a902	libavcodec/libmp3lame: Don't free user-provided AVPacket Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `7e6941e185`)	5 years ago
Andreas Rheinhardt	c70ecbdef0	avcodec/libopusenc: Don't free user-provided AVPacket Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit `b803993b6d`)	5 years ago
Andreas Rheinhardt	2e0549f06d	avformat/matroskadec: Fix default value of BlockAddID Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `dbc50f8a93`)	6 years ago
James Almer	7df1cb3dce	avcodec/bsf: check that AVBSFInternal was allocated before dereferencing it This can happen when av_bsf_free() is called on av_bsf_alloc() failure. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `d889ae3396`)	6 years ago
Carl Eugen Hoyos	9b236547f4	lavf/rawenc: Only accept the appropriate stream type for raw muxers. This does not affect the rawvideo muxer. Fixes ticket #7979. (cherry picked from commit `aef24efb0c`)	6 years ago
Mark Harris	5fd65ebf28	avutil/mem: Fix invalid use of av_alloc_size The alloc_size attribute is valid only on functions that return a pointer. GCC 9 (not yet released) warns about invalid usage: ./libavutil/mem.h:342:1: warning: 'alloc_size' attribute ignored on a function returning int' [-Wattributes] 342 \| av_alloc_size(2, 3) int av_reallocp_array(void *ptr, size_t nmemb, size_t size); \| ^~~~~~~~~~~~~ Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4361293fcf`)	7 years ago
Michael Niedermayer	ba11e4028c	Changelog: Update Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Kevin Backhouse via RT	273f2755ce	avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for handling braces Fixes: [Semmle Security Reports #19439] Fixes: dos_sscanf2.mkv Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `894995c41e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	7 years ago
Kevin Backhouse via RT	23ccf3cabb	avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for tag scaning Fixes: [Semmle Security Reports #19438] Fixes: dos_sscanf1.mkv Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1f00c97bc3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	7 years ago
Michael Niedermayer	abdbbe8958	avcodec/htmlsubtitles: Be a bit more picky on syntax This reduces the number of strstr() calls per byte This diasalows empty tags like '< >' as well as '<' in tags like '<ab<cd<<ef>' Fixes timeout Fixes: 1817/clusterfuzz-testcase-minimized-5104230530547712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c61715e2c5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 years ago
Michael Niedermayer	3a6bcc059c	Changelog: update Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Adam Richter	280f5c4fcf	libswcale: Fix possible string overflow in test. In libswcale/tests/swcale.c, the function fileTest() calls sscanf in an argument of "%12s" on character srcStr[] and dstStr[], which are only 12 bytes. So, if the input string is 12 characters, a terminating null byte can be written past the end of these arrays. This bug was found by cppcheck. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b8ed493061`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	a649b62b90	avcodec/hq_hqa: Check available space before reading slice offsets Fixes: Timeout (43sec -> 18sec) Fixes: 14556/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5673543024508928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `407e7c34ca`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Andreas Rheinhardt	9fad760f56	lavf/webm_chunk: Respect buffer size The last argument of av_strlcpy is supposed to contain the size of the destination buffer, but it was filled with the size of the source string, effectively negating its very purpose. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `73ef1f47f5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	e38fc0af12	Update for 3.2.14 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	2d64c35764	avcodec/jvdec: Use ff_get_buffer() when the content is not reused Fixes: Timeout (11sec -> 5sec) Fixes: 14473/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JV_fuzzer-5761630857592832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `09edcd3572`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	430850d2f0	avcodec/truemotion2: Fix 2 integer overflows in tm2_update_block() Fixes: signed integer overflow: -2147483648 + -1 cannot be represented in type 'int' Fixes: 14107/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5694078680825856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f4a1b8d409`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	485546eec1	avcodec/jpeg2000: Check stepsize before using it Fixes: value 1.87633e+10 is outside the range of representable values of type 'int' Fixes: Undefined behavior Fixes: 14246/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5758393601490944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `06ef186fa1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	3adb15617d	avcodec/aacdec_fixed: Fix undefined shift in noise_scale() Fixes: 13655/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5120559430500352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8ea211ab79`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	3905acef67	avutil/avstring: Fix bug and undefined behavior in av_strncasecmp() The function in case of n=0 would read more bytes than 0. The end pointer could be beyond the allocated space, which is undefined. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6f0e9a8634`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	d203563494	avformat/mov: Skip stsd adjustment without chunks Fixes: Assertion failure Fixes: clusterfuzz-testcase-minimized-media_pipeline_integration_fuzzer-5683096400822272 Found-by: Clusterfuzz Reported-by: Dan Sanders <sandersd@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `18a567c369`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	b5b12e2189	avformat/aadec: Check for scanf() failure Fixes: use of uninitialized variables Fixes: blank.aa Found-by: Chamal De Silva <chamal.desilva@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ed188f6dcd`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	0dd99b0238	avcodec/ccaption_dec: Add a blank like at the end to avoid rollup reading from outside Fixes: index 20 out of bounds for type 'const char *[4][128]' Fixes: 14367/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CCAPTION_fuzzer-5718819672162304 Reviewed-by: Paul B Mahol <onemda@gmail.com> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f17e8e90bb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	3b2994552a	avcodec/ivi: Move buffer/block end check to caller of ivi_dc_transform() Fixes: assertion failure Fixes: 14078/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5760571284127744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `110dce9633`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	49881ea343	avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation It seems the specification does not limit the value to 32bit Fixes: signed integer overflow: -109611143 * 24 cannot be represented in type 'int' Fixes: 13477/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5648337460527104 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `837820f385`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	5f7ab544b3	avcodec/truemotion2: Fix integer overflow in tm2_decode_blocks() Fixes: signed integer overflow: 255 + 2147483634 cannot be represented in type 'int' Fixes: 13472/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5712444142387200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0ad0533e91`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	544f5fce12	avcodec/rscc: Check that the to be uncompressed input is large enough Fixes: Out of array access Fixes: 13984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RSCC_fuzzer-5734128093233152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3a0ec1511e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	cbfd062d16	avcodec/hevcdec: Avoid only partly skiping duplicate first slices Fixes: NULL pointer dereference and out of array access Fixes: 13871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5746167087890432 Fixes: 13845/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5650370728034304 This also fixes the return code for explode mode Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `54655623a8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Carl Eugen Hoyos	0eeea04a71	lavc/bmp: Avoid a heap buffer overwrite for 1bpp input. Found by Mingi Cho, Seoyoung Kim, and Taekyoung Kwon of the Information Security Lab, Yonsei University. (cherry picked from commit `1e34014010`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	6 years ago
Michael Niedermayer	e20e5b38a6	avcodec/truemotion2: Fix integer overflow in tm2_null_res_block() Fixes: signed integer overflow: 1111638592 - -2122219136 cannot be represented in type 'int' Fixes: 13441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5732769815068672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1223696c72`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	7 years ago
Michael Niedermayer	9e96567e14	avcodec/dfa: Check the chunk header is not truncated Fixes: Timeout (11sec -> 3sec) Fixes: 13218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-5661074316066816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f20760fadb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	7 years ago
Michael Niedermayer	5d28b2dc37	avcodec/dvbsubdec: Check object position Reference: ETSI EN 300 743 V1.2.1 7.2.2 Region composition segment Fixes: Timeout Fixes: 13325/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5143979392237568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a8c5ae4511`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	7 years ago
Michael Niedermayer	bed614b0cc	avcodec/cdgraphics: Use ff_set_dimensions() Fixes: Timeout (17 sec -> 65 milli sec) Fixes: 13264/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5711167941509120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9a9f0e239c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	7 years ago
Michael Niedermayer	5ff9505770	avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes Fixes: Timeout (27 sec -> 39 milli sec) Fixes: 13151/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5717536023248896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b819472995`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	7 years ago
Michael Niedermayer	8c69d65cb4	avcodec/aic: Check remaining bits in aic_decode_coeffs() Fixes: Timeout (78 seconds -> 2 seconds) Fixes: 13186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5639516533030912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `951bb7632f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	7 years ago
Michael Niedermayer	4e5a17e790	avcodec/bethsoftvideo: Check block_type Fixes: Timeout (17 seconds -> 1 second) Fixes: 13184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BETHSOFTVID_fuzzer-5711446296494080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b8ecadec05`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	7 years ago
Michael Niedermayer	6299f85cf2	avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int() Fixes: runtime error: signed integer overflow: 2147483598 + 128 cannot be represented in type 'int' Fixes: 12926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5705100733972480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4801eea0d4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	7 years ago

1 2 3 4 5 ...

83097 Commits (b625f2b6d4e7535eaf9d2a813d55e24609a76c3e) All Branches Search

83097 Commits (b625f2b6d4e7535eaf9d2a813d55e24609a76c3e)

All Branches