c93a07070a
MAINTAINERS: Add ffmpeg-security alias members
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
c9e3952b82
avcodec/rv34: Forward error from rv34_decode_mv()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
6179dc8aa7
avcodec/mpeg4video: Fix runtime error: left shift of negative value
Fixes: 644/clusterfuzz-testcase-4726434209726464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
92188c8f57
avcodec/dcadsp: Fix runtime error: signed integer overflow: 394625024 * 8 cannot be represented in type 'int'
Fixes: 643/clusterfuzz-testcase-5209078743695360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
24f6559bd2
avcodec/rv34: Fix runtime error: signed integer overflow: -2 + -2147483648 cannot be represented in type 'int'
Fixes: 642/clusterfuzz-testcase-558358808074649
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
1ad60e4e70
avformat/matroskaenc: don't write DisplayUnit with value Unknown on WebM files
Value 4 (Unknown) is for the time being part of the Matroska spec but not
supported by WebM
Addresses ticket #6176
8 years ago
d04e0a6bcf
avcodec/qdrw: don't overwrite bpp when checking its value
Finishes fixing ticket #6171
8 years ago
dde1bf074c
aacdec: When ignoring a PCE restore the previous config
This is related to, but doesn't solve ticker 6152.
8 years ago
2ac381088d
lavd/opengl_enc: Support BGR48.
8 years ago
770ac75ae9
avcodec/qdrw: add support for 2bpp and 4bpp packed pallette format
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
4e6b44559a
avcodec/qdrw: fix writing past end of row
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
631f748491
avcodec/ituh263dec: Fix runtime error: left shift of negative value -22
Fixes: 639/clusterfuzz-testcase-5143866241974272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
a59505ca76
avcodec/gsmdec_template: Fix runtime error: signed integer overflow: -22527 * 99113 cannot be represented in type 'int'
Fixes: 636/clusterfuzz-testcase-6520876646268928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
0c42d0add3
avcodec/bmp: Fix runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
There is code checking height and width later, leaving an invalid value invalid
is thus fine.
Fixes: 635/clusterfuzz-testcase-6225161437052928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
4ec07e9431
avformat/sierravmd: Support for Shivers 2 stereo tracks
Signed-off-by: Nicolas Roy-Renaud <nicolas.roy-renaud.1@ens.etsmtl.ca>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
42959044ac
lavfi/buffersrc: fix directly setting channel layout
When setting the channel layout directly using AVBufferSrcParameters
the channel layout was correctly set however the init function still
expected the old string format to set the number of channels (when it
hadn't already been specified).
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
8 years ago
0c0aef1caf
avformat/hlsenc: fix cid 1401346 Dereferencing pointer error
check if proto is null before av_strcasecmp
CID: 1401346
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
8 years ago
cbd622be99
avcodec/h264_ps: Check delta scale for validity
Fixes: signed integer overflow: 5 + 2147483646 cannot be represented in type 'int'
Fixes: 634/clusterfuzz-testcase-5285420445204480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
28dc6e7291
avcodec/simple_idct: Fix runtime error: left shift of negative value -6395
Fixes: 633/clusterfuzz-testcase-4553133554401280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
956472a323
avcodec/rv40: Fix runtime error: left shift of negative value
Fixes: 630/clusterfuzz-testcase-6608718928019456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
f4777d1b89
avcodec/qdrw: add support for decoding rgb555
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
74267333a1
avformat/mpl2dec: skip BOM when probing
Fixes #5442 .
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
a5c1c7a8b3
lavf/mpeg: Initialize a stack variable used by memcmp().
Silence a valgrind warning.
Fixes ticket #6160 .
8 years ago
e8a3498f24
avcodec/dca_xll: Fix runtime error: signed integer overflow: -1073741824 * 32768 cannot be represented in type 'int'
Fixes: 629/clusterfuzz-testcase-6697457381539840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
0a65dae9d0
avcodec/flacdec: reduce limit for golomb so that the max value does not overflow
Fixes: runtime error: left shift of 32 by 26 places cannot be represented in type 'int'
Fixes: 628/clusterfuzz-testcase-6187747641393152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
e04108dfa6
avcodec/dca_xll: signed integer overflow: 255251 * 32768 cannot be represented in type 'int'
Fixes: 627/clusterfuzz-testcase-5020897033322496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
4614bf2caf
Factorize CHECK/SUINT code
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
e3c14eaa54
speedhq: fix decoding artifacts
The quantization table is stored in the natural order, but when we
access it, we use an index that's in zigzag order, causing us to read
the wrong value. This causes artifacts, especially in areas with
horizontal or vertical edges. The artifacts look a lot like the
DCT ringing artifacts you'd expect to see from a low-bitrate file,
but when comparing to NewTek's own decoder, it's obvious they're not
supposed to be there.
Fix by simply storing the scaled quantization table in zigzag order.
Performance is unchanged.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
ed69cb83f8
fate/source: Check for cases that could use av_clip_uintp2() and av_clip_intp2()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
f747e1533a
avcodec/nvenc: allow forcing keyframes by default
8 years ago
7e538c9475
lavf/mov.c: Correct keyframe search in edit list to return the very first keyframe/frame with matching timestamp. Fixes ticket#5904
Signed-off-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
15ccaa344c
avcodec/mpegaudiodec: Eliminate many undefined operations
Fixes: 625/clusterfuzz-testcase-4574924406521856
Fixes: 626/clusterfuzz-testcase-4738718621499392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
01d196a67d
avcodec/pictordec: Do not read more than nb_planes
Fixes undefined behavior
Fixes: 622/clusterfuzz-testcase-5745722022428672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
947fdad92d
avfilter/af_atempo: fix drift calculation, ticket #6157
ticket #6157
Reported-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Pavel Koshevoy <pkoshevoy@gmail.com>
8 years ago
b7d9b4a1f1
avcodec/ituh263dec: Check cbpy in ff_h263_decode_mb()
Fixes: 618/clusterfuzz-testcase-6594990333493248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
c11d3634b0
avcodec/srtdec: Fix signed integer overflow: 1811992524 * 384 cannot be represented in type 'int'
Fixes: 617/clusterfuzz-testcase-6413875723370496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
59e5b05ef6
avcodec/h264_ps: Fix runtime error: signed integer overflow: -1094995528 * 2 cannot be represented in type 'int'
Fixes: 615/clusterfuzz-testcase-5488002644049920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
258763ad0e
avcodec/h264_cabac: runtime error: signed integer overflow: 2147483647 + 14 cannot be represented in type 'int'
Fixes: 614/clusterfuzz-testcase-4931860079575040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
aa2b75263e
avcodec/mpeg4videodec: Fix runtime error: shift exponent -2 is negative
Fixes: 612/clusterfuzz-testcase-4707817137111040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
c91bdd4524
avcodec/mjpegdec: Fix runtime error: left shift of negative value -507
Fixes: 611/clusterfuzz-testcase-5613455820193792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
067485b673
avcodec/eac3dec: Fix runtime error: left shift of negative value
Fixes: 610/clusterfuzz-testcase-4831030085156864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
67fa02ed79
opus_pvq: fix PVQ search for K < 5 and low Ns
If the PVQ search picked a place to increment/decrement on the y[]
vector which had no pulse then it would cause a desync since it would
change the sum in the wrong direction. Fix this by not considering
places without pulses as viable.
This makes the PVQ search slightly worse at K < 5 which isn't all that
common. Still, this is a workaround to prevent making broken files until
I can think of a better way of fixing it.
Also add an assertion, which can be removed or moved to assert1/2 once
the PVQ search is stable.
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
8 years ago
4279613a26
avcodec/pngdec: Check bit depth for validity
Fixes: runtime error: shift exponent 132 is too large for 32-bit type 'int'
Fixes: 609/clusterfuzz-testcase-4825202619842560
See 11.2.2 IHDR Image header
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
706757d26d
avcodec/mpeg12dec: Fix runtime error: left shift of negative value
Fixes: 608/clusterfuzz-testcase-603978286392934
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
a9f3e4b138
avfilter/f_setcmd: fix null pointer dereference on using dash as interval
Fixes Coverity CID 1396259.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
8 years ago
4556dad2b7
avdevice/iec61883: free packet on buffer allocation error
Fixes Coverity CID 1396416.
Signed-off-by: Marton Balint <cus@passwd.hu>
8 years ago
8985e4af2b
avformat/fifo: assert on disallowed message type and state combinations
Fixes Coverity CID 1396277.
Signed-off-by: Marton Balint <cus@passwd.hu>
8 years ago
b921b3b42b
avcodec/huffyuvencdsp: use an actual unsigned long constant
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
8 years ago
21d25da180
avcodec/huffyuvdsp: use an actual unsigned long constant
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
8 years ago
12eebb845a
avcodec/wavpacl: Fix runtime error: left shift of negative value -1
Fixes: 607/clusterfuzz-testcase-5108792465293312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
Michael Niedermayer
James Almer
Alex Converse
Carl Eugen Hoyos
Paul B Mahol
Nicolas Roy-Renaud
Rostislav Pehlivanov
Steven Liu
Steinar H. Gunderson
Timo Rothenpieler
Sasi Inguva
Pavel Koshevoy
Marton Balint