git.ffmpeg.org Git - ffmpeg.git/log

avcodec/x86/mathops: clip constants used with shift instructions within inline assembly

Fixes assembling with binutil as >= 2.41

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit effadce6c756247ea8bae32dc13bb3e6f464f0eb)

avformat/mov: Check if a key is longer than the atom containing it

Stop reading keys and return AVERROR_INVALIDDATA if key_size
is larger than the amount of space left in the atom.

Bug: https://crbug.com/41496983
Signed-off-by: Eugene Zemtsov <eugene@chromium.org>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 8a23a145d85964950123952d897b89c2c2b1b8c5)

avcodec/nvdec: reset bitstream_len/nb_slices when resetting bitstream pointer

avcodec/noise_bsf: Check for wrapped frames

Wrapped frames contain pointers so they need specific code to
noise them, the generic code would lead to segfaults

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0889ebc577749ee6abc620bc9030d2002487935f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/nutdec: Add check for avformat_new_stream

Check for failure of avformat_new_stream() and propagate
the error code.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Update for 4.1.11

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/wavdec: Check that smv block fits in available space

Fixes: OOM
Fixes: 56271/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5290810045497344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a76efafdb9be966ae3ad52b32370dc644dd582bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/tak: Check remaining bits in ff_tak_decode_frame_header()

Fixes: out of array access
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6682195323650048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 19b66b89da4b4ff086dc1fc79bbf540e82bdbcb4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/utils: the IFF_ILBM implementation assumes that there are a multiple of 16 allocated

Fixes: out of array access
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5124452659888128
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6362836707442688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 34056a94eab5f8fbc7e0b8510f7c9851931f23b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/pngdec: Do not pass AVFrame into global header decode

The global header should not contain a frame, and decoding it
would result in leaks

Fixes: memleak
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-6603443149340672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d31d4f32283f765c79d6e127d31ee2c37a0acef7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/vorbisdec: Check codebook float values to be finite

Fixes: Timeout
Fixes: 55116/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-4572159970508800

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cadd7e7a7589b5c118ad1648a09c629a6b65a3be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/g2meet: Replace fake allocation avoidance for framebuf

framebuf is only allocated when the new width/height are larger than the old
but nothing sets the old so its always allocated.
Use av_fast_mallocz() instead.

Fixes: Timeout
Fixes: 55094/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5116909932904448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38adbc6eebd7f2f34ecf1b0b18019e88bad9d9f4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/lcldec: More space for rgb24

Fixes: Ticket 10239
Fixes: zlib_306_306_rgb24.av

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e2c3aa8e2b800c5b860315277b3ea426b8b23393)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/lcldec: Support 4:1:1 and 4:2:2 with odd width

Fixes: Ticket10240
Fixes: zlib_306_306_yuv422.avi
Fixes: zlib_306_306_yuv411.avi

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0cf1ac905d2d97355a389c3baa4e132824b29f21)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libavcodec/lcldec: width and height should not be unsigned

Computations like col < width - 3 will not work with unsigned width=1

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3eb4e28c26c3bce608214f392ab1fe6ee28ec1df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/escape124: Check that blocks are allocated before use

Fixes: NULL pointer dereference
Fixes: 57819/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-5077280228769792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5366ae12b9ba60404822f6b39b41f6c0d98a7c8a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/huffyuvdec: Fix undefined behavior with shift

Fixes: left shift of negative value -1
Fixes: 57554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFVHUFF_fuzzer-4853603839115264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 27e7857bd1127974ffe1512293abee83b1035194)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/j2kenc: Replace RGB24 special case by generic test

This fixes RGB48 with libavcodec as decoder

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad4d647591dbd953a5cf3a32a779ee5e42465bbb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/j2kenc: remove misleading pred value

This field is only checked for being 0 or not and not zero means 5/3

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0adb375377f369b69b24d86bbfe674b7693ccf3c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/j2kenc: fix 5/3 DWT identifer

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f6955b6df4b599ff5604e82987b96957414f8dd5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/vp3: Check width to avoid assertion failure

Fixes: Assertion failure on x86-32
av_assert2(block_w * sizeof(pixel) <= FFABS(buf_linesize)); in ff_emulated_edge_mc()
Fixes: 39641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5925660741206016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dab1cd2dc0471d497f481736059b2023c5b7986a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/g729postfilter: Limit shift in long term filter

Fixes: shift exponent 34 is too large for 32-bit type 'int'
Fixes: 57389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-6229522659016704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6d1d8609ac1054017ea3d11b325ed94a1205e9fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

configure: update copyright year

(cherry picked from commit 62da0b4a741a064f118a0eece496d6bcc437ec91)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/tests/snowenc: Fix 2nd test

(cherry picked from commit 163013c72452621624f634c706824c77222b77c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/tests/snowenc: return a failure if DWT/IDWT mismatches

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 771c266c0be29e6a1001fbd6795dd343147da1f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/snowenc: Fix visual weight calculation

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5b5fcadea059ab458a886261a5b7a1cc134b517a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/tests/snowenc: unbreak DWT tests

the IDWT data type mismatched current code

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b3351bbead47f7f306621b45c8f2391b6bd23d2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/escape124: Fix some return codes

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 98df605f7a8e80471a113f7beb0983c90aa84525)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/escape124: fix signdness of end of input check

Fixes: Timeout
Fixes: 56561/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-5560363635834880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 87ad0a5dd7d12c91badc215c3b5d6745fa7acb02)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Use https for repository links

Reviewed-by: Stefano Sabatini <stefasab@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 011f30fc8205eff8e775d04afb98e02685cd8a7a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/motionpixels: Mask pixels to valid values

Fixes: out of array access
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-6724203352555520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ac6eec1fc258efce219e4fccb84312a1b13a7a23)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/xpmdec: Check size before allocation to avoid truncation

Fixes:OOM
Fixes:out of array access (no testcase)
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-6573323838685184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 95f0f84dae4f040d91f1e60dc5438612c58e8906)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/bink: Avoid undefined out of array end pointers in binkb_decode_plane()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea9deafd3b13233802c4548c4c58a707d76805a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/bink: Fix off by 1 error in ref end

Fixes: out of array access
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6657932926517248

Alterantivly to this it is possibly to allocate a bigger array

Note: oss-fuzz assigned this issue to a unrelated theora bug so the bug number matches that

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 49487045dde6f69194332aac51fd4e598e19c7b6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/utils: Ensure linesize for SVQ3

Fixes: Assertion block_w * sizeof(uint8_t) <= ((buf_linesize) >= 0 ? (buf_linesize) : (-(buf_linesize))
Fixes: 54861/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5352418248622080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4eef658ca59d3d6ba46ab52a36d7faf5fe820874)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/utils: allocate a line more for VC1 and WMV3

Fixes: out of array read on 32bit
Fixes: 54857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5840588224462848

The chroma MC code reads over the currently allocated frame.
Alternative fixes would be allocating a few bytes more at the end instead of a whole
line extra or to adjust the threshold where the edge emu code is activated

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01636a63d452c592ece35af6f72bb7affcad58f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/videodsp_template: Adjust pointers to avoid undefined pointer things

Fixes: subtraction of unsigned offset from 0xf6602770 overflowed to 0xf6638c80
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-495074400600064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f0150cd41c2d3c01050a6c4f3df1de511a217913)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/pngdec: Check deloco index more exactly

Fixes: out of array access:
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-6716193709096960

Alternatively it should be possible to limit this to 3 plane RGB 8 /16bit to ensure the size is what it should be

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d5bae704068dc37191280e024eecb8d02b762b28)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/ffv1dec: Check that num h/v slices is supported

Fixes: out of array access
Fixes: 55597/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-4898293416329216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8ead0ae68eb64ad325efafd686c434727f3d666a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mov: Check samplesize and offset to avoid integer overflow

Fixes: signed integer overflow: 9223372036854775584 + 536870912 cannot be represented in type 'long'
Fixes: 55844/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-510613920664780

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 53c1f5c2e28e54ea8174b196d5cf4a158907395a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/pictordec: Remove mid exit branch

This causes the RLE decoder to exit before applying the last RLE run
All images i tested with are unchanged, this makes the special case
for handling the last run unused for non truncated images.

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 88f0e05c72f0de0cae3d9f0c5644f1965632b641)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/eac3dec: avoid float noise in fixed mode addition to overflow

Fixes: 2.28595e+09 is outside the range of representable values of type 'int'
Fixes: 54644/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-4816961584627712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f48d227c153fa6f0a2156f3e8d18ea1bfedf18d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/utils: use 32pixel alignment for bink

bink supports 16x16 blocks in chroma planes thus we need to allocate enough.
Fixes: out of array access
Fixes: 55026/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6013915371012096
Reviewed-by: Peter Ross <pross@xvid.org>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b95b2c8492fc1b52afd8fbe67b3be3cd518485d6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/012v: Order operations for odd size handling

Fixes: out of array access
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZERO12V_fuzzer-6714182078955520.fuzz
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZERO12V_fuzzer-6698145212137472.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4d42d82563d806b5610c0c91497e24ef7f37d4cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/eatgq: : Check index increments in tgq_decode_block()

Fixes: out of array access
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGQ_fuzzer-6743211456724992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e7755b433e913e32bb061f17d5ecfcbcfef995b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/scpr: Test bx before use

Fixes: out of array access on 32bit
Fixes: 54850/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5302669294305280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b59de3770b2e3f7f44ec4adba27c88b79adaaec)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/sunrast: Fix maplength check

Fixes: out of bounds read

Found-by: Ibrahim Mohamed <ielsayed@meta.com>
Reviewed-by; Ibrahim Mohamed <ielsayed@meta.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f8a2a65078eaac37eae4a0d7ef440849a9d8f5b5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/wavpack: Avoid undefined shift in get_tail()

Fixes: left shift of 1208485947 by 1 places cannot be represented in type 'int'
Fixes: 54058/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5827521084260352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8374a747af247d45eb466fcb4aee90f3ae798aad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/id3v2: Check taglen in read_uslt()

Fixes: Timeout (read mostly the same data repeatly)
Fixes: 52457/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-6610706313379840
Fixes: 53098/clusterfuzz-testcase-minimized-ffmpeg_dem_SOL_fuzzer-6481382981632000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a798af91d7d1fc31cfc1ae09cc6ab3907304f44f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/ffv1dec: restructure slice coordinate reading a bit

Fixes: signed integer overflow: -1094995528 * 8224 cannot be represented in type 'int'
Fixes: 53508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-474551033462784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 74b6ac7ebb5c1e06a5fdfa29f79a18599942dbfa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mlpdec: Check max matrix instead of max channel in noise check

This is a regression since: adaa06581c5444c94eef72d61b8166f096e2687a
Before this, max_channel and max_matrix_channel where compared for equality

Fixes: out of array access
Fixes: 53340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-514959011885875

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa79560de5e9596ada0345e5d12aa00dbeddaaa6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

swscale/input: Use more unsigned intermediates

Same principle as previous commit, with sufficiently huge rgb2yuv table
values this produces wrong results and undefined behavior.
The unsigned produces the same incorrect results. That is probably
ok as these cases with huge values seem not to occur in any real
use case.

Fixes: signed integer overflow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba209e3d5142fd31bb6c3e05c5b183118a278afc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/alsdec: The minimal block is at least 7 bits

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5280947fb6db37063334eae5b467cecd2417b063)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/replaygain: avoid undefined / negative abs

Fixes: signed integer overflow: -2147483648 * 100000 cannot be represented in type 'int'
Fixes: 52060/clusterfuzz-testcase-minimized-ffmpeg_dem_MP3_fuzzer-5131616708329472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2532b20b17ec557f1b925bfc41c00e7d4e17356c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

swscale/output: Bias 16bps output calculations to improve non overflowing range

Fixes: integer overflow
Fixes: ./ffmpeg -f rawvideo -video_size 66x64 -pixel_format yuva420p10le -i ~/videos/overflow_input_w66h64.yuva420p10le -filter_complex "scale=flags=bicubic+full_chroma_int+full_chroma_inp+bitexact+accurate_rnd:in_color_matrix=bt2020:out_color_matrix=bt2020:in_range=full:out_range=full,format=rgba64[out]" -pixel_format rgba64 -map '[out]' -y overflow_w66h64.png

Found-by: Drew Dunne <asdunne@google.com>
Tested-by: Drew Dunne <asdunne@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0f0afc7fb5d30c40108d81b320823d8f5c9fbedc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/speedhq: Check buf_size to be big enough for DC

Fixes: Timeout
Fixes: 51919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-6023716480090112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9184d3d7b64459e975f26284a7b2e26cbf76480b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/ffv1dec: Fail earlier if prior context is corrupted

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4df91e2215a79546a7f08faa457c05182646b302)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/vdpau_mpeg4: fix order of quant matrix coefficients

The matrix coefficients are stored permutated for the IDCT,
rather then in plain raster order, and need to be un-permutated
for the hardware.

avcodec/vdpau_mpeg12: fix order of quant matrix coefficients

The matrix coefficients are stored permutated for the IDCT,
rather then in plain raster order, and need to be un-permutated
for the hardware.

avcodec/nvdec_mpeg4: fix order of quant matrix coefficients

The matrix coefficients are stored permutated for the IDCT,
rather then in plain raster order, and need to be un-permutated
for the hardware.

avcodec/nvdec_mpeg2: fix order of quant matrix coefficients

The matrix coefficients are stored permutated for the IDCT,
rather then in plain raster order, and need to be un-permutated
for the hardware.

avcodec/vp3: Add missing check for av_malloc

Since the av_malloc() may fail and return NULL pointer,
it is needed that the 's->edge_emu_buffer' should be checked
whether the new allocation is success.

Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
(cherry picked from commit 656cb0450aeb73b25d7d26980af342b37ac4c568)

avcodec/mjpegenc: take into account component count when writing the SOF header size

Fixes ticket #10069

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 100939695307743396e30e6310d2ea9cf42f9aab)

checkasm: float_dsp: Scale FLT/DBL_EPSILON sufficiently when comparing

As the values generated by av_bmg_get can be arbitrarily large
(only the stddev is specified), we can't use a fixed tolerance.

This matches what was done for test_vector_dmul_scalar in
38f966b2222db.

This fixes the float_dsp checkasm test for some seeds, when built
with clang for mingw/x86_32.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8f70e261fa6ff1f3efda5dbcebf02dcf6dea13b4)

Fixes ticket #10010

swscale: aarch64: Fix yuv2rgb with negative strides

Treat the 32 bit stride registers as signed.

Alternatively, we could make the stride arguments ptrdiff_t instead
of int, and changing all of the assembly to operate on these
registers with their full 64 bit width, but that's a much larger
and more intrusive change (and risks missing some operation, which
would clamp the intermediates to 32 bit still).

Fixes: https://trac.ffmpeg.org/ticket/9985

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit cb803a0072cb98945dcd3f1660bd2a975650ce42)
Signed-off-by: Martin Storsjö <martin@martin.st>

Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/dstdec: Check for overflow in build_filter()

Fixes: signed integer overflow: 1917019860 + 265558963 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-4833165046317056

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8008940da5aa43895fd4574114309c3324249eab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/spdifdec: Use 64bit to compute bit rate

Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4075f0cec1830a7ac081b1a23bd3f5c4e266fe26)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/xwma: Use av_rescale() for duration computation

Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c789f753c3657be9041307f9c03749f5ba5a6bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation

Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa8eb1bed075931b0ce0a8bc9a8ff5882830044c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/rmdec: check tag_size

Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2cb7ee8a36bddd3425897135db514ca62fec6e44)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/nutdec: Check fields

Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c146406eac06f3d3cd3d981c29e7affd834cb4d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/dxa: avoid bpc overflows

Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93db0f0740cacd64ae07b5e8606b70021e48d364)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/cafdec: Check that nb_frasmes fits within 64bit

Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/asfdec_o: Limit packet offset

avoids overflows with it

Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 736e9e69d5dbbe1d81885dfef59917eb915d2f96)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/ape: Check frames size

Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/icodec: Check nb_pal

Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db73ae0dc114aa6fae08e69f977944f056a24995)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/aiffdec: Use 64bit for block_duration use

Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9303ba272e988d87084880c57056b750cc5ffd08)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/aiffdec: Check block_duration

Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1c2b6265c87417033f990fa4a14da9d4008320a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mxfdec: only probe max run in

Suggested-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1182bbb2c3226260ed672920251e3410bde8c6c9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mxfdec: Check run_in is within 65536

Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7786097825d9e3f02b4574c1924c28818eb83340)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/apedec: Fix integer overflow in filter_3800()

Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f05247f6a4698c14f1cd523daa90188f50dcf6ad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/tta: Check 24bit scaling for overflow

Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3993345f915bccceee315f44d412445346990e14)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libavformat/hls: Free keys

Fixes: memleak
Fixes: 50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d32a9f3137c91de86547601a38fea0693c3497f1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/fmvc: Move frame allocation to a later stage

This way more things are checked before allocation

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9783749c66bf6ca2ce7a6db4c74957fe77cbe803)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/speedhq: Check width

Fixes: out of array access
Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400

Alternatively the buffer size can be increased

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f0395f9ef6051315973f1fdded1804f81458566d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/bink: disallow odd positioned scaled blocks

Fixes: out of array access
Fixes: 47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b14104a6376cd774b08cbe5fda56b34320a41b2e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/asfdec_o: limit recursion depth in asf_read_unknown()

The threshold of 5 is arbitrary, both smaller and larger should work fine

Fixes: Stack overflow
Fixes: 50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f1a368169ef9d945dc4b4764f5c60ba9bbc9134)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

doc/git-howto.texi: Document commit signing

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ced0dc807eb67516b341d68f04ce5a87b02820de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libavcodec/8bps: Check that line lengths fit within the buffer

Fixes: Timeout
Fixes: undefined pointer arithmetic
Fixes: 50330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5436287485607936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2316d5ec1a95b13ff9a0ce80409fa367a041966d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libavformat/iff: Check for overflow in body_end calculation

Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 cannot be represented in type 'long'
Fixes: 50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bcb46903040e5a5199281f4ad0a1fdaf750ebc37)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/avidec: Prevent entity expansion attacks

Fixes: Timeout
Fixes no testcase, this is the same idea as similar attacks against XML parsers

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f3e823c2aa04d4f5571a5e04c27a244890704c8d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/h263dec: Sanity check against minimal I/P frame size

Fixes: Timeout
Fixes: 49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca4ff9c21cb77e024fa4ff5889826a8bee4d0e0a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccel

This is somewhat redundant with the is_decoded check. Maybe
there is a nicer solution

Fixes: Null pointer dereference
Fixes: 49584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5297367351427072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3b51e1992289383aa9f083c88e153e34b6412c89)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

MAINTAINERS: Add ED25519 key for signing my commits in the future

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 05225180bea208dfd81efac327e429711a963697)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/hevc_filter: copy_CTB() only within width&height

Fixes: out of array access
Fixes: 49271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5424984922652672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 009ef35d384c3df22d8a8be7416dc9d532e91c52)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/flvdec: Check for EOF in index reading

Fixes: Timeout
Fixes: 47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ceff5d7b74cd9ae6055957979d27d289c70a9e1b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/nutdec: Check get_packetheader() in mainheader

Fixes; Timeout
Fixes: 48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5de084aa63b79586bc445e6a7fea837688b3941)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/asfdec_f: Use 64bit for packet start time

Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int'
Fixes: 49014/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6314973315334144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8ed78486fcb065b5b459f14d4b1c3242f6d21ec7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>