projects / ffmpeg.git / log
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
ffmpeg.git
13 months agoavformat/rpl: Fix check for negative values release/2.8
commit | commitdiff | tree
Michael Niedermayer [Mon, 18 Nov 2024 03:09:11 +0000 (04:09 +0100)]
avformat/rpl: Fix check for negative values

Fixes: signed integer overflow: 10 * -1923267925333400000 cannot be represented in type 'int64_t' (aka 'long')
Fixes: 378891963/clusterfuzz-testcase-minimized-fuzzer_loadfile_direct-5714338935013376
Found-by: ossfuzz
Reported-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eab65379bf89c55d8ec4bc6f00e04f15b37d3d85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
13 months agoavformat/mlvdec: Check avio_read()
commit | commitdiff | tree
Michael Niedermayer [Wed, 25 Dec 2024 04:13:02 +0000 (05:13 +0100)]
avformat/mlvdec: Check avio_read()

Fixes: use-of-uninitialized-value
Fixes: 383170476/clusterfuzz-testcase-minimized-ffmpeg_dem_MLV_fuzzer-4696002884337664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bb85423142103d694d97bad1967bd3dc55440e71)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
13 months agoavformat/matroskadec: Check pre_ns for overflow
commit | commitdiff | tree
Michael Niedermayer [Wed, 11 Dec 2024 20:36:11 +0000 (21:36 +0100)]
avformat/matroskadec: Check pre_ns for overflow

Fixes: signed integer overflow: -3483479120376300096 - 7442323944145700864 cannot be represented in type 'long'
Fixes: 383187489/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4561470580391936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 361d24e6d920e4f7e4e5fa1fd6fbb6922bff35f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/webp: Check ref_x/y
commit | commitdiff | tree
Michael Niedermayer [Fri, 16 Aug 2024 14:00:01 +0000 (16:00 +0200)]
avcodec/webp: Check ref_x/y

Fixes: 70991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5544067620995072
Fixes: use of uninintailized value

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7c1e732ad2e240af5afe9ffea443c91bb233aa65)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoswscale/slice: clear allocated memory in alloc_lines()
commit | commitdiff | tree
Michael Niedermayer [Fri, 18 Oct 2024 22:08:03 +0000 (00:08 +0200)]
swscale/slice: clear allocated memory in alloc_lines()

Fixes: use of uninitialized memory in hScale16To15_c()
Fixes: 373924007/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5841199968092160

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aeec39f3c1be82863efe64ce95242de58e075e8f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavformat/icodec: fix integer overflow with nb_pal
commit | commitdiff | tree
Michael Niedermayer [Sun, 3 Nov 2024 10:07:27 +0000 (11:07 +0100)]
avformat/icodec: fix integer overflow with nb_pal

Fixes: runtime error: signed integer overflow
Fixes: 42536949/clusterfuzz-testcase-minimized-fuzzer_loadfile-6199846684393472
Found-by: ossfuzz
Reported-by: Kacper Michajlow
Tested-by: Kacper Michajlow
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 84569b6c22cb4eda9c682aabeb5f658112126780)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agodoc/developer: Document relationship between git accounts and MAINTAINERS
commit | commitdiff | tree
Michael Niedermayer [Sat, 16 Nov 2024 20:32:53 +0000 (21:32 +0100)]
doc/developer: Document relationship between git accounts and MAINTAINERS

This should have been documented long ago and i thought it was

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7051825b0171bd5d566c5a5cc78852c5f3aa3072)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavformat/ilbc: Check avio_read() for failure
commit | commitdiff | tree
Michael Niedermayer [Sun, 3 Nov 2024 19:47:07 +0000 (20:47 +0100)]
avformat/ilbc: Check avio_read() for failure

Fixes: use of uninitialized value
Fixes: 42537627/clusterfuzz-testcase-minimized-fuzzer_protocol_memory-6656646223298560-cut

Found-by: ossfuzz
Reported-by: Kacper Michajlow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e30d957a9bacf7f7307c640aa0bd1e70cb3bbe7e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoINSTALL: explain the circular dependency issue and solution
commit | commitdiff | tree
Michael Niedermayer [Sat, 2 Nov 2024 17:23:50 +0000 (18:23 +0100)]
INSTALL: explain the circular dependency issue and solution

Sponsored-by: Sovereign Tech Fund
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit df00705e0010cc2c53d17d51944f847c2c852189)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavformat/mpegts: Initialize predefined_SLConfigDescriptor_seen
commit | commitdiff | tree
Michael Niedermayer [Wed, 9 Oct 2024 21:44:00 +0000 (23:44 +0200)]
avformat/mpegts: Initialize predefined_SLConfigDescriptor_seen

Fixes: use of uninitialized variable
Fixes: 368729566/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTS_fuzzer-6044501804646400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db7b4fc89fb18d5ff0a1426bd433c234555a3fff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/rangecoder: only perform renorm check/loop for callers that need it
commit | commitdiff | tree
Michael Niedermayer [Wed, 16 Oct 2024 12:39:20 +0000 (14:39 +0200)]
avcodec/rangecoder: only perform renorm check/loop for callers that need it

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d147b3d7ecba2bd40cb45284f920238da97a95ee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/ffv1dec: Fix end computation with ec=2
commit | commitdiff | tree
Michael Niedermayer [Thu, 10 Oct 2024 18:39:23 +0000 (20:39 +0200)]
avcodec/ffv1dec: Fix end computation with ec=2

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 10e5af15bf220d9da128ca12d2d474ff6ab0076e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavformat/matroskadec: Check desc_bytes so bits fit in 64bit
commit | commitdiff | tree
Michael Niedermayer [Sun, 28 Jul 2024 20:08:23 +0000 (22:08 +0200)]
avformat/matroskadec: Check desc_bytes so bits fit in 64bit

Likely a tighter check can be done

Fixes: signed integer overflow: 3305606804154370442 * 8 cannot be represented in type 'long'
Fixes: 70449/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4771166007918592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4122406f6d2726aea833480a2a8e345833dd881)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/ffv1enc: Correct error message about unsupported version
commit | commitdiff | tree
Michael Niedermayer [Tue, 1 Oct 2024 20:04:58 +0000 (22:04 +0200)]
avcodec/ffv1enc: Correct error message about unsupported version

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 556c767786e9e3c072f7666d60a68a31a3400438)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/ffv1enc: Slice combination is unsupported
commit | commitdiff | tree
Michael Niedermayer [Fri, 6 Oct 2023 20:23:33 +0000 (22:23 +0200)]
avcodec/ffv1enc: Slice combination is unsupported

We always write minimal slices, the size calculation is wrong in some
corner cases but as its always 1x1 (minus1) we can for now just hard-code it

This helps with ticket 5548

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7d514655bfa47c6e5cc1b81fbba8e750e368036e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/xan: Add basic input size check
commit | commitdiff | tree
Michael Niedermayer [Sun, 22 Sep 2024 21:15:35 +0000 (23:15 +0200)]
avcodec/xan: Add basic input size check

Fixes: Timeout
Fixes: 71739/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_WC3_fuzzer-6170301405134848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 56bef2fd58d0ed30dbe940083c30ada2b0404491)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/jfdctint_template: use unsigned z* in row_fdct()
commit | commitdiff | tree
Michael Niedermayer [Thu, 19 Sep 2024 19:57:09 +0000 (21:57 +0200)]
avcodec/jfdctint_template: use unsigned z* in row_fdct()

Fixes: signed integer overflow: 856827136 + 2123580416 cannot be represented in type 'int'
Fixes: 70772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_KS_fuzzer-5180569961431040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f27c8b04d3059fa538db8f2db6503cbb586eb3ad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavformat/mxfdec: More offset_temp checks
commit | commitdiff | tree
Michael Niedermayer [Thu, 12 Sep 2024 20:29:04 +0000 (22:29 +0200)]
avformat/mxfdec: More offset_temp checks

Fixes: signed integer overflow: 9223372036854775807 - -1927491430256034080 cannot be represented in type 'long'
Fixes: 70607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5282235077951488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a96aa435af0d66bdec52ee115cf4dd971855fcd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoswscale/swscale: Use unsigned operation to avoid undefined behavior
commit | commitdiff | tree
Michael Niedermayer [Thu, 12 Sep 2024 18:08:42 +0000 (20:08 +0200)]
swscale/swscale: Use unsigned operation to avoid undefined behavior

I have not checked that the constant is correct, this just fixes the undefined behavior

Fixes: signed integer overflow: -646656 * 3517 cannot be represented in type 'int
Fixes: 70559/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5209368631508992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 44c5641ae82387fcfce94820f5b53ce8e9dcd27f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/wmavoice: Do not use uninitialized pitch[0]
commit | commitdiff | tree
Michael Niedermayer [Wed, 14 Aug 2024 22:37:04 +0000 (00:37 +0200)]
avcodec/wmavoice: Do not use uninitialized pitch[0]

Fixes: use of uninitialized value
Fixes: 70850/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-4806127362048000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 53387079301690f1bd38b97fdf31d63194201d17)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavformat/apetag: Check APETAGEX
commit | commitdiff | tree
Michael Niedermayer [Mon, 19 Aug 2024 15:02:12 +0000 (17:02 +0200)]
avformat/apetag: Check APETAGEX

Fixes: Use of uninitialized value
Fixes: 71074/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5697034877730816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 796ff2d599449ed798b69ab798ebcbcc0a5853f5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/avcodec: Warn about data returned from get_buffer*()
commit | commitdiff | tree
Michael Niedermayer [Fri, 16 Aug 2024 23:11:50 +0000 (01:11 +0200)]
avcodec/avcodec: Warn about data returned from get_buffer*()

Text based on suggestion by: epirat07@gmail.com
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93444c46fce195e378c4ebb1a20ea662e7f0123b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/aic: Clear slice_data
commit | commitdiff | tree
Michael Niedermayer [Sun, 4 Aug 2024 20:30:03 +0000 (22:30 +0200)]
avcodec/aic: Clear slice_data

Fixes: use-of-uninitialized-value
Fixes: 70865/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-4874102695854080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit de3f6c8888bcf3df4ca6cb265a83507b95c884cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavformat/mpeg: Check an avio_read() for failure
commit | commitdiff | tree
Michael Niedermayer [Sun, 4 Aug 2024 19:27:44 +0000 (21:27 +0200)]
avformat/mpeg: Check an avio_read() for failure

Fixes: use-of-uninitialized-value
Fixes: 70849/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGPS_fuzzer-4684401009557504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66ee75d76ce56a3553a99d67e74b8a9970c18f5b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavformat/segafilm: Set keyframe
commit | commitdiff | tree
Michael Niedermayer [Tue, 6 Aug 2024 16:02:58 +0000 (18:02 +0200)]
avformat/segafilm: Set keyframe

Fixes: use of uninitialized value
Fixes: 70871/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5883617752973312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4dc7dfe65aaa21801a907c66592b92b05da921dc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/dxva2: initialize hr in ff_dxva2_common_end_frame()
commit | commitdiff | tree
Michael Niedermayer [Sun, 26 May 2024 20:33:11 +0000 (22:33 +0200)]
avcodec/dxva2: initialize hr in ff_dxva2_common_end_frame()

Related: CID1591924 Uninitialized scalar variable
Related: CID1591938 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1d6a2aebae202652feb5964a2d62bdba4e5cc6e4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/dxva2: Initialize dxva_size and check it
commit | commitdiff | tree
Michael Niedermayer [Sun, 26 May 2024 20:13:28 +0000 (22:13 +0200)]
avcodec/dxva2: Initialize dxva_size and check it

Related: CID1591878 Uninitialized scalar variable
Related: CID1591928 Uninitialized pointer read

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8c59e99295f9ef572b5d6f0fd9075bb2b79acbd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavformat/lmlm4: Eliminate some AVERROR(EIO)
commit | commitdiff | tree
Michael Niedermayer [Sat, 13 Jul 2024 07:16:48 +0000 (09:16 +0200)]
avformat/lmlm4: Eliminate some AVERROR(EIO)

Found by code review related to CID732224 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 191a685010319cb0d248771574c7c61d76e4eb95)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavformat/wtvdec: Check length of read mpeg2_descriptor
commit | commitdiff | tree
Michael Niedermayer [Tue, 6 Aug 2024 22:18:53 +0000 (00:18 +0200)]
avformat/wtvdec: Check length of read mpeg2_descriptor

Fixes: Use of uninitialized value
Fixes: 70900/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6286909377150976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c390234da2e3c7a8884f5592f0b9b4928c482b3e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavformat/wtvdec: clear sectors
commit | commitdiff | tree
Michael Niedermayer [Tue, 6 Aug 2024 22:18:51 +0000 (00:18 +0200)]
avformat/wtvdec: clear sectors

The code can leave uninitialized holes in the array.
Fixes: use of uninitialized values
Fixes: 70883/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6698694567591936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c95ea0310468e0a0906fa7d590ff7406c39d6991)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/parser: ensure input padding is zeroed
commit | commitdiff | tree
Kacper Michajłow [Thu, 27 Jun 2024 00:40:35 +0000 (02:40 +0200)]
avcodec/parser: ensure input padding is zeroed

Fixes use of uninitialized value, reported by MSAN.

Found by OSS-Fuzz.

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5179190066872320
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5dfc0cc84129758b4eab2acdc3e186c3116deacd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavformat/img2dec: Clear padding data after EOF
commit | commitdiff | tree
Michael Niedermayer [Sun, 4 Aug 2024 20:00:35 +0000 (22:00 +0200)]
avformat/img2dec: Clear padding data after EOF

Fixes: use-of-uninitialized-value
Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5179190066872320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3978e81809a3daf278199849f7bbeacbffb9fa09)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavformat/wavdec: Check if there are 16 bytes before testing them
commit | commitdiff | tree
Michael Niedermayer [Sat, 3 Aug 2024 17:45:15 +0000 (19:45 +0200)]
avformat/wavdec: Check if there are 16 bytes before testing them

Fixes: use-of-uninitialized-value
Fixes: 70839/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5212907590189056

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79a1cf30d1289f90da682263ba160f6e4a5a7bf1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/snow: Fix off by 1 error in run_buffer
commit | commitdiff | tree
Michael Niedermayer [Wed, 31 Jul 2024 19:43:39 +0000 (21:43 +0200)]
avcodec/snow: Fix off by 1 error in run_buffer

Fixes: out of array access
Fixes: 70741/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5703668010647552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06f5ed40f8fceb2542add052c57608121eda2f41)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/utils: apply the same alignment to YUV410 as we do to YUV420 for snow
commit | commitdiff | tree
Michael Niedermayer [Mon, 17 Jun 2024 11:31:02 +0000 (13:31 +0200)]
avcodec/utils: apply the same alignment to YUV410 as we do to YUV420 for snow

The snow encoder uses block based motion estimation which can read out of array if
insufficient alignment is used

It may be better to only apply this for the encoder, as it would safe a few bytes of memory
for the decoder. Until then, this fixes the issue in a simple way.

Fixes: out of array access
Fixes: 68963/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-4979988435632128
Fixes: 68969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6239933667803136.fuzz
Fixed: 70497/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5751882631413760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 58fbeb59e74ac9a4ca81e9bc44141abcbff8ab6d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/proresdec: Consider negative bits left
commit | commitdiff | tree
Michael Niedermayer [Fri, 19 Jul 2024 17:21:41 +0000 (19:21 +0200)]
avcodec/proresdec: Consider negative bits left

Fixes: 70036/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_fuzzer-6298797647396864
Fixes: shift exponent 40 is too large for 32-bit type 'uint32_t' (aka 'unsigned int')

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 419eee63565f81aca67b29582297841c59deaab8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/hevc/hevcdec: Do not allow slices to depend on failed slices
commit | commitdiff | tree
Michael Niedermayer [Sun, 23 Jun 2024 21:17:24 +0000 (23:17 +0200)]
avcodec/hevc/hevcdec: Do not allow slices to depend on failed slices

An alternative would be to leave the context unchanged on failure of hls_slice_header()

Fixes: out of array access
Fixes: NULL pointer dereference
Fixes: 69584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5931086299856896
Fixes: 69724/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5104066422702080
Fixes: 70422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5908731129298944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d9544cfb03d8597aa2b0037def3a4679949cec6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/xmv: Check this_packet_size
commit | commitdiff | tree
Michael Niedermayer [Thu, 11 Jul 2024 20:37:54 +0000 (22:37 +0200)]
avformat/xmv: Check this_packet_size

Fixes: CID1604489 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 696685df0ccf437083d15f40358a6ec86f5748ac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/siff: Basic pkt_size check
commit | commitdiff | tree
Michael Niedermayer [Thu, 11 Jul 2024 18:58:21 +0000 (20:58 +0200)]
avformat/siff: Basic pkt_size check

Fixes: half of CID1258461 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 124a97dd8b7636fb52e042b2e85a44cce40ab5e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/sauce: Check avio_size() for failure
commit | commitdiff | tree
Michael Niedermayer [Thu, 11 Jul 2024 18:49:08 +0000 (20:49 +0200)]
avformat/sauce: Check avio_size() for failure

Fixes: CID1604592 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 759aae590c0298414db4d2925a33b084d7f9e7f9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/sapdec: Check ffurl_get_file_handle() for error
commit | commitdiff | tree
Michael Niedermayer [Thu, 11 Jul 2024 18:44:45 +0000 (20:44 +0200)]
avformat/sapdec: Check ffurl_get_file_handle() for error

Fixes: CID1604506 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e305a0e703843765d4dd7042092c3a38c0f97af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/mp3dec; Check for avio_size() failure
commit | commitdiff | tree
Michael Niedermayer [Thu, 11 Jul 2024 18:17:00 +0000 (20:17 +0200)]
avformat/mp3dec; Check for avio_size() failure

Fixes: CID1608710 Improper use of negative value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bb936a1a720856a51c48bf907475daa8065920c9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/mov: Use 64bit for str_size
commit | commitdiff | tree
Michael Niedermayer [Thu, 11 Jul 2024 18:03:45 +0000 (20:03 +0200)]
avformat/mov: Use 64bit for str_size

We assign a 64bit variable to it before checking

Fixes: CID1604544 Overflowed integer argument

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 046d069552f5c2824f36fcf95d409670208dc94b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/mm: Check length
commit | commitdiff | tree
Michael Niedermayer [Thu, 11 Jul 2024 17:29:14 +0000 (19:29 +0200)]
avformat/mm: Check length

Fixes: CID1220824 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 139bf412464e62a83984cd49093936dcaa7a0865)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/hnm: Check *chunk_size
commit | commitdiff | tree
Michael Niedermayer [Thu, 11 Jul 2024 16:40:46 +0000 (18:40 +0200)]
avformat/hnm: Check *chunk_size

Fixes: CID1604419 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 291356f58b8a1af491c692a89e6c4e70e9496f9d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/asfdec_o: Check size of index object
commit | commitdiff | tree
Michael Niedermayer [Thu, 11 Jul 2024 15:38:08 +0000 (17:38 +0200)]
avformat/asfdec_o: Check size of index object

We subtract 24 so it must be at least 24

Fixes: CID1604482 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 891bc070f0294e564a02f9a71f6591b6a62c90cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/utvideoenc: Use unsigned shift to build flags
commit | commitdiff | tree
Michael Niedermayer [Wed, 19 Jun 2024 21:55:01 +0000 (23:55 +0200)]
avcodec/utvideoenc: Use unsigned shift to build flags

Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 69083/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-5608202363273216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 69e90491f15d8eef643f8dfd1b75805829496678)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavdevice/dshow_filter: Use wcscpy_s()
commit | commitdiff | tree
Michael Niedermayer [Sun, 26 May 2024 23:34:48 +0000 (01:34 +0200)]
avdevice/dshow_filter: Use wcscpy_s()

Fixes: CID1591929 Copy into fixed size buffer

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit daf61dddc8e27424c320d5c3abe3e0c5182cd5c0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/flac_parser: Assert that we do not overrun the link_penalty array
commit | commitdiff | tree
Michael Niedermayer [Sat, 4 May 2024 23:51:59 +0000 (01:51 +0200)]
avcodec/flac_parser: Assert that we do not overrun the link_penalty array

Helps: CID1454676 Out-of-bounds read

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9af348bd1aa41ea10d6719c56ed2b4eda97642f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/motion_est: Fix score squaring overflow
commit | commitdiff | tree
Michael Niedermayer [Fri, 5 Jul 2024 00:21:55 +0000 (02:21 +0200)]
avcodec/motion_est: Fix score squaring overflow

Fixes: CID1604552 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f18b442370d714b930e3e983c2e5d789229f3356)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/loco: Check loco_get_rice() for failure
commit | commitdiff | tree
Michael Niedermayer [Fri, 5 Jul 2024 00:21:52 +0000 (02:21 +0200)]
avcodec/loco: Check loco_get_rice() for failure

Fixes: CID1604495 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d55327684349b4db5d5905eefaa7d2aec597908d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/loco: check get_ur_golomb_jpegls() for failure
commit | commitdiff | tree
Michael Niedermayer [Fri, 5 Jul 2024 00:21:51 +0000 (02:21 +0200)]
avcodec/loco: check get_ur_golomb_jpegls() for failure

Fixes: CID1604400 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b9899866418cb3bd930846271470e3096917f5f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/golomb: Assert that k is in the supported range for get_ur/sr_golomb()
commit | commitdiff | tree
Michael Niedermayer [Fri, 5 Jul 2024 00:21:46 +0000 (02:21 +0200)]
avcodec/golomb: Assert that k is in the supported range for get_ur/sr_golomb()

Found by code review related to CID1604563 Overflowed return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b2aaeb81f65aaa61238d74a77034b118055340d3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/golomb: Document return for get_ur_golomb_jpegls() and get_sr_golomb_flac()
commit | commitdiff | tree
Michael Niedermayer [Fri, 5 Jul 2024 00:21:45 +0000 (02:21 +0200)]
avcodec/golomb: Document return for get_ur_golomb_jpegls() and get_sr_golomb_flac()

Found while reviewing code related to CID1604409 Overflowed return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7cf5b83f6fa367f99aefc1321bafc0a7e8db33cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavutil/imgutils: av_image_check_size2() ensure width and height fit in 32bit
commit | commitdiff | tree
Michael Niedermayer [Wed, 10 Jul 2024 15:49:56 +0000 (17:49 +0200)]
avutil/imgutils: av_image_check_size2() ensure width and height fit in 32bit

width and height > 32bit is not supported and its easier to check in a central place

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba63e329572b74207045fd82c93fcc0fa0479bc4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/rtmppkt: Simplify and deobfuscate amf_tag_skip() slightly
commit | commitdiff | tree
Michael Niedermayer [Fri, 7 Jun 2024 21:05:47 +0000 (23:05 +0200)]
avformat/rtmppkt: Simplify and deobfuscate amf_tag_skip() slightly

Found while reviewing: CID1530313 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cedbef03946625bc0f7f96e9f77ad59c512b9900)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/rmdec: use 64bit for audio_framesize checks
commit | commitdiff | tree
Michael Niedermayer [Fri, 7 Jun 2024 19:57:40 +0000 (21:57 +0200)]
avformat/rmdec: use 64bit for audio_framesize checks

It is not entirely clear what would prevent such overflow so even if it is
not possible, it is better to use 64bit

Fixes: CID1491898 Unintentional integer overflow

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 665be4fa2f47910bf85a6f17b6cac9dabc6591f0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/subfile: Assert that whence is a known case
commit | commitdiff | tree
Michael Niedermayer [Sat, 8 Jun 2024 18:46:28 +0000 (20:46 +0200)]
avformat/subfile: Assert that whence is a known case

This may help CID1452449 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 426d8c84c37064eef93bbcfaffd886d00a9a4ee8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/rtsp: Check that lower transport is handled in one of the if()
commit | commitdiff | tree
Michael Niedermayer [Sat, 8 Jun 2024 17:43:15 +0000 (19:43 +0200)]
avformat/rtsp: Check that lower transport is handled in one of the if()

Fixes: CID1473554 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8200d382503f5fd839a72af7ba93d53880ad4b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/rtsp: initialize reply1
commit | commitdiff | tree
Michael Niedermayer [Sat, 8 Jun 2024 16:28:49 +0000 (18:28 +0200)]
avformat/rtsp: initialize reply1

It seems reply1 is initialized by ff_rtsp_send_cmd() in most cases but there
are code paths like "continue" which look like they could skip it but even if not
writing this so a complex loop after several layers of calls initialized a local
variable through a pointer is just bad design.
This patch simply initialized the variable.

Fixes: CID1473532 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 498ce4e8b82e2312690613df45f87e592dcb91a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/rtsp: use < 0 for error check
commit | commitdiff | tree
Michael Niedermayer [Sat, 8 Jun 2024 16:23:47 +0000 (18:23 +0200)]
avformat/rtsp: use < 0 for error check

Found while reviewing CID1473532 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9bb38ba2b782cdb6052ddcb415ef1554b0462401)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavfilter/af_pan: check nb_output_channels before use
commit | commitdiff | tree
Michael Niedermayer [Mon, 10 Jun 2024 21:41:07 +0000 (23:41 +0200)]
avfilter/af_pan: check nb_output_channels before use

Fixes: CID1500281 Out-of-bounds write
Fixes: CID1500331 Out-of-bounds write

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5fe8bf4aa51350b14d0babd47b0314232e703caf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/rdt: Check pkt_len
commit | commitdiff | tree
Michael Niedermayer [Thu, 6 Jun 2024 23:50:00 +0000 (01:50 +0200)]
avformat/rdt: Check pkt_len

Fixes: CID1473553 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0d0373de3bc6aa6fa5c71247191afccfaf20723d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/mpeg: Check len in mpegps_probe()
commit | commitdiff | tree
Michael Niedermayer [Thu, 6 Jun 2024 22:19:01 +0000 (00:19 +0200)]
avformat/mpeg: Check len in mpegps_probe()

Fixes: CID1473590 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca237a841e9e78ac02694124d81ff78c74b0bf72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavdevice/dshow: Check ICaptureGraphBuilder2_SetFiltergraph() for failure
commit | commitdiff | tree
Michael Niedermayer [Sun, 26 May 2024 23:52:25 +0000 (01:52 +0200)]
avdevice/dshow: Check ICaptureGraphBuilder2_SetFiltergraph() for failure

Fixes: CID1591939 Logically dead code

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c285bb2789667bcf014ede8b0ab06ebbbee833f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavformat/img2dec: assert no pipe on ts_from_file
commit | commitdiff | tree
Michael Niedermayer [Wed, 8 May 2024 02:15:50 +0000 (04:15 +0200)]
avformat/img2dec: assert no pipe on ts_from_file

Help coverity with CID1500302 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4824156fa06bd60b27f9f0673fbd6a3cfc780e56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoswscale/output: Avoid undefined overflow in yuv2rgb_write_full()
commit | commitdiff | tree
Michael Niedermayer [Sat, 15 Jun 2024 23:59:23 +0000 (01:59 +0200)]
swscale/output: Avoid undefined overflow in yuv2rgb_write_full()

Fixes: signed integer overflow: -140140 * 16525 cannot be represented in type 'int'
Fixes: 68859/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-4516387130245120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c221c7422f07f2245db5c4cdc958b42ca25eb2b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoswscale/output: alpha can become negative after scaling, use multiply
commit | commitdiff | tree
Michael Niedermayer [Sat, 15 Jun 2024 23:51:22 +0000 (01:51 +0200)]
swscale/output: alpha can become negative after scaling, use multiply

Fixes: left shift of negative value -3245
Fixes: 69047/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6571511551950848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e6c5b6e865a6b1b9c3a471fc06143f11e69d71b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/targaenc: Allocate space for the palette
commit | commitdiff | tree
Michael Niedermayer [Sun, 16 Jun 2024 17:33:02 +0000 (19:33 +0200)]
avcodec/targaenc: Allocate space for the palette

Fixes: out of array access
Fixes: 68927/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TARGA_fuzzer-5105665067515904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a7220bd5c1871827ee0edba14fc88f63173e169)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
19 months agoavcodec/snowenc: MV limits due to mv_penalty table size
commit | commitdiff | tree
Michael Niedermayer [Tue, 18 Jun 2024 13:48:23 +0000 (15:48 +0200)]
avcodec/snowenc: MV limits due to mv_penalty table size

Fixes: out of array read
Fixes: 69673/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5476592894148608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a9292aff320d7b5048b371b1babea2f9b3c4e69)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoconfigure: update copyright year
commit | commitdiff | tree
Lynne [Mon, 1 Jan 2024 00:00:00 +0000 (00:00 +0000)]
configure: update copyright year

(cherry picked from commit b95ee2ec5f84054de8bf6db9fe1b1119d569f269)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavfilter/vf_rotate: Check ff_draw_init2() return value
commit | commitdiff | tree
Michael Niedermayer [Mon, 3 Jun 2024 17:51:49 +0000 (19:51 +0200)]
avfilter/vf_rotate: Check ff_draw_init2() return value

Fixes: NULL pointer dereference
Fixes: 3_343

Found-by: De3mond
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c9f095e30c196c0e3d510dc5300182ddb49a803)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavformat/sdp: Check before appending ","
commit | commitdiff | tree
Michael Niedermayer [Wed, 8 May 2024 02:07:40 +0000 (04:07 +0200)]
avformat/sdp: Check before appending ","

Found by reviewing code related to CID1500301 String not null terminated

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5b82852519e92a2b94de0f22da1a81df5b3e0412)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/vp8: Check cond init
commit | commitdiff | tree
Michael Niedermayer [Sun, 26 May 2024 21:50:40 +0000 (23:50 +0200)]
avcodec/vp8: Check cond init

Fixes: CID1598563 Unchecked return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b76e49061a321467df23f7b1c8e8e715c8dec71)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/vp8: Check mutex init
commit | commitdiff | tree
Michael Niedermayer [Sun, 26 May 2024 21:50:40 +0000 (23:50 +0200)]
avcodec/vp8: Check mutex init

Fixes: CID1598556 Unchecked return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4ac7405aafb8e66dff2ac926f33b7ff755f224cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/wavpackenc: Use unsigned for potential 31bit shift
commit | commitdiff | tree
Michael Niedermayer [Sun, 19 May 2024 02:49:15 +0000 (04:49 +0200)]
avcodec/wavpackenc: Use unsigned for potential 31bit shift

Fixes: CID1465481 Unintentional integer overflow

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f976db251864ad698c935130370774783bf12f4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavformat/ape: Use 64bit for final frame size
commit | commitdiff | tree
Michael Niedermayer [Wed, 22 May 2024 23:51:53 +0000 (01:51 +0200)]
avformat/ape: Use 64bit for final frame size

Fixes: CID1505963 Unintentional integer overflow

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a2b8d03347930c051358fcbbdc557e57e157d9c9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoswscale/yuv2rgb: Use 64bit for brightness computation
commit | commitdiff | tree
Michael Niedermayer [Mon, 20 May 2024 23:35:08 +0000 (01:35 +0200)]
swscale/yuv2rgb: Use 64bit for brightness computation

This will not overflow for normal values
Fixes: CID1500280 Unintentional integer overflow

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bfc22f364d31d8f2dc2acae1bd03d5894a00b8c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoffmpeg_filter: Factor get_compliance_unofficial_pix_fmts() out
commit | commitdiff | tree
Michael Niedermayer [Wed, 10 Feb 2016 11:57:11 +0000 (12:57 +0100)]
ffmpeg_filter: Factor get_compliance_unofficial_pix_fmts() out

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d94b11a721385aa406187da8f49380f29be0fa7e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/mpegvideo_enc: Fix 1 line and one column images
commit | commitdiff | tree
Michael Niedermayer [Mon, 8 Apr 2024 16:38:42 +0000 (18:38 +0200)]
avcodec/mpegvideo_enc: Fix 1 line and one column images

Fixes: Ticket10952
Fixes: poc21ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/mpeg4videodec: assert impossible wrap points
commit | commitdiff | tree
Michael Niedermayer [Sat, 11 May 2024 20:08:21 +0000 (22:08 +0200)]
avcodec/mpeg4videodec: assert impossible wrap points

Helps: CID1473517 Uninitialized scalar variable
Helps: CID1473497 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8fc649b931a3cbc3a2dd9b50b75a9261a2fb4b49)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/vble: Check av_image_get_buffer_size() for failure
commit | commitdiff | tree
Michael Niedermayer [Fri, 17 May 2024 22:32:43 +0000 (00:32 +0200)]
avcodec/vble: Check av_image_get_buffer_size() for failure

Fixes: CID1461482 Improper use of negative value

Sponsored-by: Sovereign Tech Fund
Reviewed-.by: "Xiang, Haihao" <haihao.xiang@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd5379db5d83d8b06654582afe327daa6be678a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/jpeg2000dec: remove ST=3 case
commit | commitdiff | tree
Michael Niedermayer [Fri, 10 May 2024 14:07:04 +0000 (16:07 +0200)]
avcodec/jpeg2000dec: remove ST=3 case

Fixes: CID1460979 Logically dead code

Sponsored-by: Sovereign Tech Fund
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4ed4f9a6c0a99c823706bfc4bb4df53f963f2f5a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/lpc: copy levenson coeffs only when they have been computed
commit | commitdiff | tree
Michael Niedermayer [Sat, 11 May 2024 18:50:44 +0000 (20:50 +0200)]
avcodec/lpc: copy levenson coeffs only when they have been computed

Fixes: CID1473514 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c2d897f3566fdf5c190583c6f5197ead5abec2ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agolibavutil/base64: Try not to write over the array end
commit | commitdiff | tree
Michael Niedermayer [Sat, 11 May 2024 01:13:17 +0000 (03:13 +0200)]
libavutil/base64: Try not to write over the array end

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d216566f258badd07bc58de1e089b6e4175dc46)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/hevcdec: Check ref frame
commit | commitdiff | tree
Michael Niedermayer [Fri, 26 Apr 2024 22:09:02 +0000 (00:09 +0200)]
avcodec/hevcdec: Check ref frame

Fixes: NULL pointer dereferences
Fixes: 68197/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-6382538823106560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5eb05f44503da3fdff82f1fed8ee2706d9841a9a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
22 months agoavformat/mxfdec: Check index_edit_rate
commit | commitdiff | tree
Michael Niedermayer [Wed, 3 Apr 2024 22:38:20 +0000 (00:38 +0200)]
avformat/mxfdec: Check index_edit_rate

Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62
Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed49391961999f028e0bc55767d0eef6eeb15e49)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
22 months agoswscale/utils: Fix xInc overflow
commit | commitdiff | tree
Michael Niedermayer [Wed, 3 Apr 2024 22:31:40 +0000 (00:31 +0200)]
swscale/utils: Fix xInc overflow

Fixes: signed integer overflow: 2 * 1073741824 cannot be represented in type 'int'
Fixes: 67802/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6249515855183872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1a9eda65d027e0167f7363e0514f71311ac5d8d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
22 months agoavformat/mxfdec: Make edit_unit_byte_count unsigned
commit | commitdiff | tree
Michael Niedermayer [Mon, 1 Apr 2024 16:29:46 +0000 (18:29 +0200)]
avformat/mxfdec: Make edit_unit_byte_count unsigned

Suggested-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f30fe5e8d002e15f07eaacf720c5654097cb62df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
22 months agoavformat/movenc: Check that cts fits in 32bit
commit | commitdiff | tree
Michael Niedermayer [Sat, 30 Mar 2024 18:51:43 +0000 (19:51 +0100)]
avformat/movenc: Check that cts fits in 32bit

Fixes: Assertion av_rescale_rnd(start_dts, mov->movie_timescale, track->timescale, AV_ROUND_DOWN) <= 0 failed at libavformat/movenc.c:3694
Fixes: poc2

Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d88c284c18bf6cd3dd24a7c86b5e496dd3037405)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
22 months agoavformat/mxfdec: Check first case of offset_temp computation for overflow
commit | commitdiff | tree
Michael Niedermayer [Fri, 29 Mar 2024 02:35:18 +0000 (03:35 +0100)]
avformat/mxfdec: Check first case of offset_temp computation for overflow

This is kind of ugly
Fixes: signed integer overflow: 255 * 1157565362826411919 cannot be represented in type 'long'
Fixes: 67313/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6250434245230592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6ed6f6e8dffcf777c336869f56002da588e2de8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
22 months agoavformat/westwood_vqa: Fix 2g packets
commit | commitdiff | tree
Michael Niedermayer [Tue, 26 Mar 2024 00:00:13 +0000 (01:00 +0100)]
avformat/westwood_vqa: Fix 2g packets

Fixes: signed integer overflow: 2147483424 * 2 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4576211411795968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 86f73277bf014e2ce36dd2594f1e0fb8b3bd6661)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
22 months agoavformat/matroskadec: Check timescale
commit | commitdiff | tree
Michael Niedermayer [Mon, 25 Mar 2024 23:57:33 +0000 (00:57 +0100)]
avformat/matroskadec: Check timescale

Fixes: 3.82046e+18 is outside the range of representable values of type 'unsigned int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6381436594421760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e849eb23432e45d0a1fda3901bb84eff0ce91282)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
22 months agoavformat/sbgdec: Check for negative duration
commit | commitdiff | tree
Michael Niedermayer [Mon, 25 Mar 2024 23:39:49 +0000 (00:39 +0100)]
avformat/sbgdec: Check for negative duration

Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0bed22d597b78999151e3bde0768b7fe763fc2a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
22 months agoavformat/rpl: Use 64bit for total_audio_size and check it
commit | commitdiff | tree
Michael Niedermayer [Mon, 25 Mar 2024 23:36:40 +0000 (00:36 +0100)]
avformat/rpl: Use 64bit for total_audio_size and check it

Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4677434693517312
Fixes: signed integer overflow: 5555555555555555556 * 8 cannot be represented in type 'long long'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 878625812f164fbb733f442965235656d9eaccc8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
22 months agoavformat/timecode: use 64bit for intermediate for rounding in fps_from_frame_rate()
commit | commitdiff | tree
Michael Niedermayer [Mon, 25 Mar 2024 23:27:39 +0000 (00:27 +0100)]
avformat/timecode: use 64bit for intermediate for rounding in fps_from_frame_rate()

Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4802790784303104
Fixes: signed integer overflow: 1768972133 + 968491058 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d8d778a68531b406455f8090d81216ef374ab75)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
22 months agoavcodec/truemotion1: Height not being a multiple of 4 is unsupported
commit | commitdiff | tree
Michael Niedermayer [Tue, 26 Mar 2024 01:52:04 +0000 (02:52 +0100)]
avcodec/truemotion1: Height not being a multiple of 4 is unsupported

mb_change_bits is given space based on height >> 2, while more data is read

Fixes: out of array access
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION1_fuzzer-5201925062590464.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ebdcf9849905fdd67dcd3ab93e55e47ded35fda2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavformat/cafdec: dont seek beyond 64bit
commit | commitdiff | tree
Michael Niedermayer [Fri, 29 Sep 2023 22:38:17 +0000 (00:38 +0200)]
avformat/cafdec: dont seek beyond 64bit

Fixes: signed integer overflow: 64 + 9223372036854775807 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d973fcbcc2f944752ff10e6a76b0b2d9329937a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavformat/id3v2: read_uslt() check for the amount read
commit | commitdiff | tree
Michael Niedermayer [Wed, 20 Mar 2024 02:51:05 +0000 (03:51 +0100)]
avformat/id3v2: read_uslt() check for the amount read

Fixes: timeout
Fixes: 66783/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5356884892647424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0f4abe2aa0117a10fb651f2c1c030d4cd516081)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavcodec/proresenc_kostya: Remove bug similarity text
commit | commitdiff | tree
Michael Niedermayer [Wed, 28 Feb 2024 18:38:41 +0000 (19:38 +0100)]
avcodec/proresenc_kostya: Remove bug similarity text

According to kostya, it is not based on Wassermans encoder

CC: Kostya Shishkov <kostya.shishkov@gmail.com>
CC: Anatoliy Wasserman <anatoliy.wasserman@yandex.ru>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e0e30e07a1755c4f7829f64d35dc07e399c02c6e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
next
FFmpeg git repo