| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 26b45096906097a73ba587bf3b98dada4e795224)
|
|
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit b803993b6d99423c8c1e01e7e206e3916a98d5d5)
|
|
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit dbc50f8a935043243232b2e01f3c012ab6d49928)
|
|
The alloc_size attribute is valid only on functions that return a
pointer. GCC 9 (not yet released) warns about invalid usage:
./libavutil/mem.h:342:1: warning: 'alloc_size' attribute ignored on a function returning int' [-Wattributes]
342 | av_alloc_size(2, 3) int av_reallocp_array(void *ptr, size_t nmemb, size_t size);
| ^~~~~~~~~~~~~
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4361293fcf59edb56879c36edcd25f0a91e0edf8)
|
|
picture
Fixes deadlocks when decoding packets containing more than one of the aforementioned
slices when using frame threads.
Tested-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 70c8c8a818f39bc262565ec29fae2baffb3e1660)
|
|
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Fixes ticket #7697.
(cherry picked from commit 2d1594a8d6a754a426cb53184dccf9cf8c8a94b0)
|
|
for NULL
Fixes crashes like "ffmpeg -h bsf" caused by passing NULL to strcmp()
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 3258cc6507a2012d54889ce5f8efbde7e81d927d)
|
|
Fixes part of ticket #7146.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 5079e96bcc7aaa9cae82a58397ce986e124028e4)
|
|
Fixes part of ticket #7146, dealing with leaks of packet data since
commit 87c88122703f2befcf96383d05bdf14373c22df9.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit b8629654c6460a28c507f816a977914e3a6f2520)
|
|
Fixes Coverity CID 1396416.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 4556dad2b7379a527134db519ab60111abefaf10)
|
|
Fixes ticket #6413
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 8ddb6820bd52df6ed616abc3d8be200b126aa8c1)
|
|
Since non-Haar wavelets need to look into pixels outside the frame, we
need to pad the buffer. The old factor of two seemed to be a workaround
that fact and only padded to the left and bottom. This correctly pads
by the slice size and as such reduces memory usage and potential
exploits.
Reported by Liu Bingchang.
Ideally, there should be no temporary buffer but the encoder is designed
to deinterleave the coefficients into the classical wavelet structure
with the lower frequency values in the top left corner.
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
(cherry picked from commit 3228ac730c11eca49d5680d5550128e397061c85)
|
|
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: signed integer overflow: 16748560 + 2143729712 cannot be represented in type 'int'
Fixes: 3202/clusterfuzz-testcase-minimized-4988291642294272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d31f03a0264cac24434c8108daef4ccba6d28f9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: shift exponent 42 is too large for 32-bit type 'unsigned int'
Fixes: 3410/clusterfuzz-testcase-minimized-5313377960198144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f5eaf0b5956e492ee5023929669b1d09aaf6299)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: signed integer overflow: -1562477869 + -691460395 cannot be represented in type 'int'
Fixes: 3196/clusterfuzz-testcase-minimized-4528307146063872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3dabb9c69db114b1f30c30e0a2788cffc50bac40)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: signed integer overflow: 161 * 13872281 cannot be represented in type 'int'
Fixes: 3295/clusterfuzz-testcase-minimized-4738998142500864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 67da2685e03805230207daab83ab43a390fbb887)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 3361/clusterfuzz-testcase-minimized-5065842955911168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d00fc952b6c261dd8eb0f7552b9ccf985dbc2b20)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: signed integer overflow: 2147392585 + 524288 cannot be represented in type 'int'
Fixes: 3348/clusterfuzz-testcase-minimized-4809500517203968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c933c51687db958d8045d25ed87848342e869f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: memleak
Fixes: 3203/clusterfuzz-testcase-minimized-4514553595428864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5480e82d77770e81e897a8c217f3c7f0c13a6de1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: index 5 out of bounds for type 'int8_t const[5]'
Fixes:3175/clusterfuzz-testcase-minimized-4736774054084608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit abf3f9fa232409c00b60041464604a91fa5612c0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
They are time consuming operations, performing them after the other checks
improves the speed with damaged input dramatically.
Fixes: Timeout
Fixes: 2928/clusterfuzz-testcase-4992812120539136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 380659604f2692b625928a3a76a1c046f473c9f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: signed integer overflow: 22553 * -188962 cannot be represented in type 'int'
Fixes: 3042/clusterfuzz-testcase-minimized-5174210131394560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d025e742843ca3532bd49ebbfebeacd51337347)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: left shift of negative value -95
Fixes: 3077/clusterfuzz-testcase-minimized-4684917524922368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c225da68cffbea11270a758ff42859194c980863)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: signed integer overflow: 11896 + 2147483646 cannot be represented in type 'int'
Fixes: 3053/clusterfuzz-testcase-minimized-6355082062856192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5995856a4236c27f231210bb08d70688e045192)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: Missing EOF check in loop
No testcase
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit afc9c683ed9db01edb357bc8c19edad4282b3a97)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: Missing EOF check in loop
No testcase
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9cb4eb772839c5e1de2855d126bf74ff16d13382)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: signed integer overflow: 1073901567 + 1073901567 cannot be represented in type 'int'
Fixes: 3124/clusterfuzz-testcase-minimized-454643435752652
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f71cd44147e7a914f80fcfacca46c9e7b0374362)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: signed integer overflow: 1168175789 + 1168178473 cannot be represented in type 'int'
Fixes: 3081/clusterfuzz-testcase-minimized-4807564879462400
Fixes: 2844/clusterfuzz-testcase-minimized-5561715838156800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a0823ae966be3ad40e5dba6ec4c4dc1e8c6bcad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: 20170829B.mxf
Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: 20170829A.mxf
Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 900f39692ca0337a98a7cf047e4e2611071810c2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: 20170829.nsv
Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c24bcb553650b91e9eff15ef6e54ca73de2453b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: signed integer overflow: 267 * 8388608 cannot be represented in type 'int'
Fixes: 2743/clusterfuzz-testcase-minimized-5820652076400640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 732f9764561558a388c05483ed6a722a5c67b05c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: shift exponent -1 is negative
Fixes: 3091/clusterfuzz-testcase-minimized-6229767969832960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a83866c9f9531eb096c9b9fe0550e742b931ad1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: runtime error: signed integer overflow: 8903997421129740175 + 354481484684609529 cannot be represented in type 'long'
Fixes: 2045/clusterfuzz-testcase-minimized-6751255865065472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eefb68c9c335dda423c9115ba11dc4bb3e73e3f9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: loop.mv
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f05e2e2dc1a89f38cd9f0960a6561083d714f1e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: loop.rl2
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: loop.ivr
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 124eb202e70678539544f6268efc98131f19fa49)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: loop.cine
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7e80b63ecd259d69d383623e75b318bf2bd491f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: loop.asf
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7f9ec5593e04827249e7aeb466da06a98a0d7329)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: loop.m3u
The default max iteration count of 1000 is arbitrary and ideas for a better solution are welcome
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Previous version reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ec414892ddcad88313848494b6fc5f437c9ca4a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 351e28f9a799d9bbbb33dd10c964dca7219fa13b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Found-by: AD-lab of venustech
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 837cb4325b712ff1aab531bf41668933f61d75d2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b2c39fcc3c0749490dc93bca80f56724878b55fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: integer overflow
Fixes: 2893/clusterfuzz-testcase-minimized-5809330567774208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2b44dcbc44e99daf9515753e9fd4c2e1ea53a2fa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: rtp_sdp/poc.sdp
Found-by: Bingchang <l.bing.chang.bc@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c42a1388a6d1bfd8001bf6a4241d8ca27e49326d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow
Signed-off-by: Vitaly Buka <vitalybuka@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eca2a49716ae1f42804dd3545da2f740edf03250)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow
Signed-off-by: Vitaly Buka <vitalybuka@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a404cb5b90b878cbe1bb528fac65cf508668cc5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
initialization
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow
Signed-off-by: Vitaly Buka <vitalybuka@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c2bb10ddfef1f151b9455d152c9aca91140a4b0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: out of array read
Fixes: 2873/clusterfuzz-testcase-minimized-5924145713905664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Previous version reviewed-by: Alex Converse <alex.converse@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f03ffb47d51368a4bbc87702df8446e4660845d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Adds a diff_pixels_unaligned()
Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872503
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc488ec28aec4bc91ba47283c49c9f7f25696eaa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
