Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-10-06avformat/aiffdec: Check for size overflow in header parsingMichael Niedermayer
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bae2e1977744f42d56b85193d4910811de829714) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/aaccoder: Add minimal bias in search_for_ms()Michael Niedermayer
Fixes: floating point division by 0 Fixes: Ticket8218 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75a099fc734a4ee2b1347d0a3d8c53d883b95174) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avfilter/af_drmeter: Check that there is dataMichael Niedermayer
Fixes: floating point division by 0 Fixes: -nan is outside the range of representable values of type 'int' Fixes: Ticket8307 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f49fa6abe89e2fca2585cac4c63190315972cf0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avfilter/vf_mestimate: Check b_countMichael Niedermayer
Fixes: left shift of negative value -1 Fixes: Ticket8270 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 06af6e101bbd04e8ecc5337bc3b6894a5e058e14) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/mov: do not ignore errors in mov_metadata_hmmt()Michael Niedermayer
Fixes: Timeout Fixes: 35637/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6311060272447488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c52c99a18f6e40973e52d99d4bb29e34a66c695a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/mxfdec: Check size for shrinkingMichael Niedermayer
av_shrink_packet() takes int size, so size must fit in int Fixes: out of array access Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65b862ab59c4bfaae98be596b84a072f52444398) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/dnxhddec: check and propagate function return valuemaryam ebr
Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed. crafted DNxHD data can cause unspecified impact. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 7150f9575671f898382c370acae35f9087a30ba1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06swscale/slice: Fix wrong return on errorMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7874d40f10cca922797a8da14189a53ee52f0156) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06swscale/slice: Check slice for allocation failureMichael Niedermayer
Fixes: null pointer dereference Fixes: alloc_slice.mp4 Found-by: Rafael Dutra <rafael.dutra@cispa.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 997f9cfc1295769be8d3180860ceebbc16f59069) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/matroskadec: Fix handling of huge default durationsMichael Niedermayer
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 343d950a4a8a8c32f5f7d9d4ac1fbe317cb9cc80) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/lpc: check for zero err in normalization in compute_lpc_coefs()Michael Niedermayer
Fixes: floating point division by 0 Fixes: Ticket8213 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 70874e024a6eae0f95bd8dd4b9b4367ffd937f41) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/ftp: Check for av_strtok() failureMichael Niedermayer
Fixes: CID1396258 Dereference null return value Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9d40782088cf969fbadc881e4a97ec22b8ae0177) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06tools/cws2fws: Check read() for failureMichael Niedermayer
Fixes: CID1452579 Argument cannot be negative Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0b3cdd7cc2c63969e144cc3eb39d0c61260509ee) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/cpia: Fix missing src_size updateMichael Niedermayer
Fixes: out of array read Fixes: 35210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5669199688105984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cea05864e65db9a2dc8af82b2c63fb8f03c5f876) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/clearvideo: Check tile_size to be not too largeMichael Niedermayer
Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 35023/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-6740166587842560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 11fac9613e6a340d4d9968e2d8a43c3726ab57d3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/utils: Use 64bit for intermediate in AV_CODEC_ID_ADPCM_THP* duration ↵Michael Niedermayer
calculation Fixes: signed integer overflow: 486539264 * 14 cannot be represented in type 'int' Fixes: 35281/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6068262742917120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 00ae9b77ef757f82660b4b3d2f490374a4f209fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/rmdec: Check old_format len for overflowMichael Niedermayer
Maybe such large values could be disallowed earlier and closer to where they are set. Fixes: signed integer overflow: 538976288 * 8224 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6704350354341888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 06d174e289eb185f03a34a738965f0042f39c038) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/realtextdec: Check the pts difference before using it for the ↵Michael Niedermayer
duration computation Fixes: signed integer overflow: 5404200000 - -9223372031709351616 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-6737340551790592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe12aa689003db9b07a6e1b837031dcc57a71435) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/qcp: Avoid negative nb_ratesMichael Niedermayer
Fixes: signed integer overflow: 2 * -1725947872 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_QCP_fuzzer-6726807632084992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1b865cc703d29cb307e1fa628aa02940d54eb42a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/nutdec: Check tmp_sizeMichael Niedermayer
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6739990530883584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1ca00b5e44f21840b608e238fa135a1aab6e576b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/msf: Check that channels doesnt overflow during extradata constructionMichael Niedermayer
Fixes: signed integer overflow: 2048 * 1122336 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6726959600107520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1a277926b49dad60d9e78c6c7a8c6b5d0d6d7c9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/mpc8: Check for position overflow in mpc8_handle_chunk()Michael Niedermayer
Fixes: signed integer overflow: 15 + 9223372036854775796 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6723520756318208 Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6739833034768384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8ef25d118246bf443900033fb3588dba628d11b0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/iff: Use 64bit in duration computationMichael Niedermayer
Fixes: signed integer overflow: 588 * 16719904 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6748331936186368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 93d964689c3b2bae26e6e3f502c1ffc4c2e46989) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/dxa: Check fps to be within the supported range more precisselyMichael Niedermayer
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself Fixes: assertion failure Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6744985740378112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ea494befcb5d944ce8275e6f59de1a24c25ffb6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/iff: Only write palette to plane 1 if its PAL8Michael Niedermayer
Fixes: null pointer passed as argument 1, which is declared to never be null Fixes: 33791/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5107575256383488.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 216eb60b853e9a230c1238ab7d1c63d3fa892d34) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/tta: Check for EOF in index reading loopMichael Niedermayer
Fixes: OOM Fixes: 33585/clusterfuzz-testcase-minimized-ffmpeg_dem_TTA_fuzzer-4564665830080512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b72d657b73b2aa4a2a2f72f613199e6080ad48c0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06Update missed irc linksMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c067d20177613e9cf74bcbd2a26e729ef7ababdb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/rpl: The associative law doesnt hold for signed integers in CMichael Niedermayer
Add () to avoid undefined behavior Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long' Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 480f11bdd713c15e4964093be7ef0adf5b619cc1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/faxcompr: Check available bits in decode_uncompressed()Michael Niedermayer
Fixes: Timeout Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112 Fixes: 34966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4587409334468608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ff56c139e07a4de2803b974b6595f6b71fbf53bd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/faxcompr: Check if bits are available before reading in cmode == 9 ↵Michael Niedermayer
|| cmode == 10 Fixes: Timeout Fixes: 34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7d8421e3d5bc1300687a65384baccbcb3874b7ac) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/utils: do "calc from frame_bytes, channels, and block_align" in 64bitMichael Niedermayer
Fixes: signed integer overflow: 104962766 * 32 cannot be represented in type 'int' Fixes: 33614/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6252129036664832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3447979d08d701581a65f7275425cb1a59302319) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/ttadata: Add sentinel at the end of ff_tta_shift_1Michael Niedermayer
Fixes: out of array access Fixes: 34933/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5629322560929792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dbbcfbcc4e4f0e91f814f2e13ced7b6d99069518) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/mov: Check for duplicate mdcvMichael Niedermayer
Fixes: memleak Fixes: 34932/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5456227658235904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f54d85cee64b98bca5d2bee703f2a266ea75dce7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avfilter/vf_dctdnoiz: Check threadsMichael Niedermayer
Fixes: floating point division by 0 Fixes: Ticket 8269 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4a3917c02c428b11128ac3d4a01b780ea44aa53c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avfilter/vf_ciescope: Fix undefined behavior in rgb_to_xy() with blackMichael Niedermayer
Fixes: floating point division by 0 Fixes: undefined behavior in handling NaN Fixes: Ticket 8268 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3d500e62f6206ad11308b18976246366aed8c1a5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/rpl: Check for EOF and zero framesizeMichael Niedermayer
Fixes: Infinite loop Fixes: 34751/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5439330800762880 Fixes: 34774/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5851571660390400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a0a4a527c3b0819368d9b148542bb7663f39df79) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/vc2enc: Check for non negative slice boundsMichael Niedermayer
Fixes: invalid shifts Fixes: Ticket 8221 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f7862e82686b347eb6a9e64fa7ccdf25d5a76b4b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/rpl: Use 64bit in bitrate computation and check itMichael Niedermayer
Fixes: signed integer overflow: 777777776 * 4 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6726188921913344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 29b244ffc15abe2c24d2145f63048e8b3bdaa303) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/svq1enc: Do not print debug RD value before it has been computedMichael Niedermayer
Avoids floating point division by 0 Fixes: Ticket8191 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c297f7e57a223da9f0d350e30456d60c8c87f902) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/aacpsy: Check bandwidthMichael Niedermayer
Fixes: Ticket8011 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 36dead4bc28ca8aab13c61661f28c68bdefa5e9d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/aacenc: Do not divide by lambda_count if it is 0Michael Niedermayer
Avoids Floating point division by 0 Fixes: Ticket8011 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c520b986915a3fdf3a20f6ce0ad5833eccfb7a91) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/aacenc: Use FLT_EPSILON for lambda minimumMichael Niedermayer
(cherry picked from commit 4b89cf7aa49191c7f8a5ae6e9cf6cfc79ff4ee5e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/cinedec: Fix index_entries size checkMichael Niedermayer
Fixes: out of array access Fixes: 29868/clusterfuzz-testcase-minimized-ffmpeg_dem_CINE_fuzzer-5692001957445632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avfilter/vf_yadif: Fix handing of tiny imagesMichael Niedermayer
Fixes: out of array access Fixes: Ticket8240 Fixes: CVE-2020-22021 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7971f62120a55c141ec437aa3f0bacc1c1a3526b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avfilter/vf_vmafmotion: Check dimensionsMichael Niedermayer
Fixes: out of array access Fixes: Ticket8241 Fixes: Ticket8246 Fixes: CVE-2020-22019 Fixes: CVE-2020-22033 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 82ad1b76751bcfad5005440db48c46a4de5d6f02) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avformat/movenc: Check pal_size before useMichael Niedermayer
Fixes: assertion failure Fixes: out of array read Fixes: Ticket8190 Fixes: CVE-2020-22015 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4c1afa292520329eecd1cc7631bc59a8cca95c46) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/lpc: Avoid floating point division by 0Michael Niedermayer
Fixes: Ticket7996 Fixes: CVE-2020-20445 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38d18fb57863bb9c54e68ae44aa780c5c282a184) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/aacpsy: Avoid floating point division by 0 of norm_facMichael Niedermayer
Fixes: Ticket7995 Fixes: CVE-2020-20446 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 223b5e8ac9f6461bb13ed365419ec485c5b2b002) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/aacenc: Avoid 0 lambdaMichael Niedermayer
Fixes: Ticket8003 Fixes: CVE-2020-20453 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-10-06avcodec/exr: x/ymax cannot be INT_MAXMichael Niedermayer
The code uses x/ymax + 1 so the maximum is INT_MAX-1 Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 33158/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5545462457303040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 48342aa0750f83006582d1598b5f22297f6dbf83) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-31 04:58:40 +0300