- 06 Oct, 2021 2 commits
-
-
Michael Niedermayer authored
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 34651/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5157941012463616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 989febfb ) Signed-off-by:
-
Michael Niedermayer authored
Fixes: Out of array access Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by:
Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by:
-
- 13 Sep, 2021 16 commits
-
-
Paul B Mahol authored
Fixes #8261 (cherry picked from commit 8c3166e1 ) Signed-off-by:
James Almer <jamrial@gmail.com>
-
Paul B Mahol authored
Fixes #8262 (cherry picked from commit 0749082e ) Signed-off-by:
-
Paul B Mahol authored
Fixes #8236 (cherry picked from commit 1331e001 ) Signed-off-by:
-
Paul B Mahol authored
Fixes #8275 (cherry picked from commit de598f82 ) Signed-off-by:
-
Paul B Mahol authored
Fixes #8243 (cherry picked from commit 0e68e8c9 ) Signed-off-by:
-
Paul B Mahol authored
Fixes #8276 (cherry picked from commit e1b89c76 ) Signed-off-by:
-
Paul B Mahol authored
Fixes #8250 (cherry picked from commit a7fd1279 ) Signed-off-by:
-
Paul B Mahol authored
Monowhite pixel format is not supported, and it does not make sense to add support for it. Fixes #7989 (cherry picked from commit 5d9f44da ) Signed-off-by:
-
Paul B Mahol authored
Fixes #8309 (cherry picked from commit d4d6b7b0 ) Signed-off-by:
-
Paul B Mahol authored
Also fix use of uninitialized values. Fixes #8239 (cherry picked from commit ce5274c1 ) Signed-off-by:
-
Paul B Mahol authored
Fixes #8264 (cherry picked from commit 07050d7b ) Signed-off-by:
-
Paul B Mahol authored
Fixes #8244 (cherry picked from commit 0b567238 ) Signed-off-by:
-
Paul B Mahol authored
Fixes #8260 (cherry picked from commit ccf4ab8c ) Signed-off-by:
-
Paul B Mahol authored
Fixes #8317 (cherry picked from commit 58bb9d3a ) Signed-off-by:
-
Paul B Mahol authored
Fixes #8242 (cherry picked from commit e787f8fd ) Signed-off-by:
-
Paul B Mahol authored
Fixes #8274 (cherry picked from commit f069a9c2 ) Signed-off-by:
-
- 10 Sep, 2021 1 commit
-
-
Michael Niedermayer authored
The code this fixes is not in release/4.1 Found-by: <mkver> This reverts commit b81d1379.
-
- 09 Sep, 2021 21 commits
-
-
Michael Niedermayer authored
Signed-off-by: -
James Almer authored
In some extrme cases, like with adpcm_ms samples with an extremely high channel count, get_audio_frame_duration() may return a negative frame duration value. Don't propagate it, and instead return 0, signaling that a duration could not be determined. Fixes ticket #9312 Signed-off-by:
-
Michael Niedermayer authored
Fixes: Infinite loop Fixes: 36666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5912760671141888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by:
Paul B Mahol <onemda@gmail.com> Signed-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int' Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by:
-
Michael Niedermayer authored
Fixes: Timeout Fixes: 37035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5142718576721920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by:
-
Martin Storsjö authored
This fixes compilation with old mingw.org toolchains, which has got much fewer errno.h entries. Signed-off-by:
Martin Storsjö <martin@martin.st> (cherry picked from commit 6569e950 ) Signed-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int' Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: Timeout Fixes: 36262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4969052454912000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
maryam ebrahimzadeh authored
As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. 'buf' is part of 'AVPacket pkt'. replace init_get_bits with init_get_bits8. Signed-off-by:
-
Michael Niedermayer authored
Fixes: Timeout Fixes: 35401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5714401821851648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: out of array read Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: MemLeak Fixes: 8281 Fixes: PoC_option158.jpg Fixes: CVE-2020-22037 Reviewed-by:
Andreas Rheinhardt <andreas.rheinhardt@outlook.com> Signed-off-by:
-
Michael Niedermayer authored
Fixes: Infinite loop Fixes: 35591/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4503764022198272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
The existing error concealment makes no sense for the image formats, they use transformed source images which is different from keyframe + MC+difference for which the error concealment is designed. Of course feel free to re-enable this if you have a case where it works and improves vissual results Fixes: Timeout Fixes: 36234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6300306743885824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 35593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5182217725804544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: Infinite loop Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by:
Peter Ross <pross@xvid.org> Signed-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 24672 + 2147483424 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSICIN_fuzzer-6731325979623424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6737028768202752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long' Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
