breeze/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2026-01-12 00:06:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
81,425 Commits 38 Branches 415 Tags
release/3.1
Commit Graph

81425 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Rheinhardt
29584733e6 libavcodec/libvpxenc: Don't free user-provided AVPacket 
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 26b4509690)
 2020-05-23 21:02:30 +02:00
Andreas Rheinhardt
526628058e avcodec/libopusenc: Don't free user-provided AVPacket 
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit b803993b6d)
 2020-05-23 21:02:25 +02:00
Andreas Rheinhardt
24b4c4c5ba avformat/matroskadec: Fix default value of BlockAddID 
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit dbc50f8a93)
 2020-04-03 22:49:06 +02:00
Mark Harris
6f6cd2e29d avutil/mem: Fix invalid use of av_alloc_size 
The alloc_size attribute is valid only on functions that return a
pointer.  GCC 9 (not yet released) warns about invalid usage:

./libavutil/mem.h:342:1: warning: 'alloc_size' attribute ignored on a function returning int' [-Wattributes]
  342 | av_alloc_size(2, 3) int av_reallocp_array(void *ptr, size_t nmemb, size_t size);
      | ^~~~~~~~~~~~~

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4361293fcf)
 2019-07-23 01:21:46 -03:00
James Almer
f8e254716b avcodec/hevcdec: decode at most one slice reporting being the first in the picture 
Fixes deadlocks when decoding packets containing more than one of the aforementioned
slices when using frame threads.

Tested-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 70c8c8a818)
 2019-03-20 22:09:31 -03:00
Paul B Mahol
7653e8db4d avfilter/af_silenceremove: fix possible crash if supplied duration is negative 
Signed-off-by: Paul B Mahol <onemda@gmail.com>

Fixes ticket #7697.
(cherry picked from commit 2d1594a8d6)
 2019-01-25 00:57:38 +01:00
James Almer
a9c1ef2626 avcodec/bitstream_filters: check the input argument of av_bsf_get_by_name() for NULL 
Fixes crashes like "ffmpeg -h bsf" caused by passing NULL to strcmp()

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 3258cc6507)
 2018-07-28 22:46:33 -03:00
James Almer
ac1ddc6361 avdevice/iec61883: free the private context at the end 
Fixes part of ticket #7146.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 5079e96bcc)
 2018-04-18 22:59:37 -03:00
James Almer
86d6fca94b avdevice/iec61883: return reference counted packets 
Fixes part of ticket #7146, dealing with leaks of packet data since
commit 87c8812270.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit b8629654c6)
 2018-04-18 22:59:33 -03:00
Marton Balint
13deb0c1f6 avdevice/iec61883: free packet on buffer allocation error 
Fixes Coverity CID 1396416.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 4556dad2b7)
 2018-04-18 22:59:26 -03:00
James Almer
da11322641 avformat/libssh: check the user provided a password before trying to use it 
Fixes ticket #6413

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 8ddb6820bd)
 2018-01-11 10:40:33 -03:00
Rostislav Pehlivanov
7cce800930 vc2enc_dwt: pad the temporary buffer by the slice size 
Since non-Haar wavelets need to look into pixels outside the frame, we
need to pad the buffer. The old factor of two seemed to be a workaround
that fact and only padded to the left and bottom. This correctly pads
by the slice size and as such reduces memory usage and potential
exploits.
Reported by Liu Bingchang.

Ideally, there should be no temporary buffer but the encoder is designed
to deinterleave the coefficients into the classical wavelet structure
with the lower frequency values in the top left corner.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
(cherry picked from commit 3228ac730c)
 2017-11-09 02:10:40 +00:00
Michael Niedermayer
38c1df15c6 Update for 3.1.11 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
n3.1.11 		2017-09-25 11:12:38 +02:00
Michael Niedermayer
27505de3b9 avcodec/takdec: Fix integer overflow in decode_lpc() 
Fixes: runtime error: signed integer overflow: 16748560 + 2143729712 cannot be represented in type 'int'
Fixes: 3202/clusterfuzz-testcase-minimized-4988291642294272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d31f03a02)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-25 11:10:29 +02:00
Michael Niedermayer
dc5240a4d7 avcodec/proresdec2: Check bits in DECODE_CODEWORD(), fixes invalid shift 
Fixes: runtime error: shift exponent 42 is too large for 32-bit type 'unsigned int'
Fixes: 3410/clusterfuzz-testcase-minimized-5313377960198144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f5eaf0b59)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-25 11:10:15 +02:00
Michael Niedermayer
c7ad616dda avcodec/takdec: Fix integer overflows in decode_subframe() 
Fixes: runtime error: signed integer overflow: -1562477869 + -691460395 cannot be represented in type 'int'
Fixes: 3196/clusterfuzz-testcase-minimized-4528307146063872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3dabb9c69d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-25 11:09:06 +02:00
Michael Niedermayer
743354358b avcodec/dirac_dwt: Fix integer overflow in COMPOSE_FIDELITYi*() 
Fixes: runtime error: signed integer overflow: 161 * 13872281 cannot be represented in type 'int'

Fixes: 3295/clusterfuzz-testcase-minimized-4738998142500864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 67da2685e0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-24 02:43:53 +02:00
Michael Niedermayer
b9f0979e16 avcodec/ffv1dec: Fix integer overflow in read_quant_table() 
Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 3361/clusterfuzz-testcase-minimized-5065842955911168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d00fc952b6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-24 02:41:18 +02:00
Michael Niedermayer
bfb7744aaf avcodec/svq3: Fix overflow in svq3_add_idct_c() 
Fixes: runtime error: signed integer overflow: 2147392585 + 524288 cannot be represented in type 'int'
Fixes: 3348/clusterfuzz-testcase-minimized-4809500517203968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c933c5168)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-24 02:41:00 +02:00
Michael Niedermayer
7333799de5 avcodec/pngdec: Clean up on av_frame_ref() failure 
Fixes: memleak
Fixes: 3203/clusterfuzz-testcase-minimized-4514553595428864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5480e82d77)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-20 03:09:14 +02:00
Michael Niedermayer
61c5c89d04 avcodec/hevc_ps: Fix c?_qp_offset_list size 
Fixes: runtime error: index 5 out of bounds for type 'int8_t const[5]'
Fixes:3175/clusterfuzz-testcase-minimized-4736774054084608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit abf3f9fa23)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
19045efd05 avcodec/shorten: Move buffer allocation and offset init to end of read_header() 
They are time consuming operations, performing them after the other checks
improves the speed with damaged input dramatically.

Fixes: Timeout
Fixes: 2928/clusterfuzz-testcase-4992812120539136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 380659604f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
33e67eb80c avcodec/jpeg2000dsp: Fix multiple integer overflows in ict_int() 
Fixes: runtime error: signed integer overflow: 22553 * -188962 cannot be represented in type 'int'
Fixes: 3042/clusterfuzz-testcase-minimized-5174210131394560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d025e7428)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
4b43dd03ed avcodec/hevcdsp_template: Fix undefined shift in put_hevc_pel_bi_w_pixels 
Fixes: runtime error: left shift of negative value -95
Fixes: 3077/clusterfuzz-testcase-minimized-4684917524922368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c225da68cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
10ae5fb269 avcodec/diracdec: Fix overflow in DC computation 
Fixes: runtime error: signed integer overflow: 11896 + 2147483646 cannot be represented in type 'int'
Fixes: 3053/clusterfuzz-testcase-minimized-6355082062856192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5995856a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
5e7ddf0b4a avformat/asfdec: Fix DoS in asf_build_simple_index() 
Fixes: Missing EOF check in loop
No testcase

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit afc9c683ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
29b9505215 avformat/mov: Fix DoS in read_tfra() 
Fixes: Missing EOF check in loop
No testcase

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9cb4eb7728)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
5cc3add036 avcodec/dirac_dwt: Fix multiple overflows in 9/7 lifting 
Fixes: runtime error: signed integer overflow: 1073901567 + 1073901567 cannot be represented in type 'int'
Fixes: 3124/clusterfuzz-testcase-minimized-454643435752652

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f71cd44147)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
93a32c15a8 avcodec/diracdec: Fix integer overflow in INTRA_DC_PRED() 
Fixes: runtime error: signed integer overflow: 1168175789 + 1168178473 cannot be represented in type 'int'
Fixes: 3081/clusterfuzz-testcase-minimized-4807564879462400
Fixes: 2844/clusterfuzz-testcase-minimized-5561715838156800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a0823ae96)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
孙浩(晓黑)
22dbd1eb31 avformat/mxfdec: Fix Sign error in mxf_read_primer_pack() 
Fixes: 20170829B.mxf

Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9d00fb9d70)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
孙浩(晓黑)
92ec4eacf9 avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array() 
Fixes: 20170829A.mxf

Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 900f39692c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
孙浩(晓黑)
5d67851392 avformat/nsvdec: Fix DoS due to lack of eof check in nsvs_file_offset loop. 
Fixes: 20170829.nsv

Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c24bcb5536)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
0e4612ea68 avcodec/snowdec: Fix integer overflow in decode_subband_slice_buffered() 
Fixes: runtime error: signed integer overflow: 267 * 8388608 cannot be represented in type 'int'
Fixes: 2743/clusterfuzz-testcase-minimized-5820652076400640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 732f976456)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
f69905e230 avcodec/hevc_ps: Fix undefined shift in pcm code 
Fixes: runtime error: shift exponent -1 is negative
Fixes: 3091/clusterfuzz-testcase-minimized-6229767969832960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a83866c9f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
fcc2119eac avcodec/sbrdsp_fixed: Fix undefined overflows in autocorrelate() 
Fixes: runtime error: signed integer overflow: 8903997421129740175 + 354481484684609529 cannot be represented in type 'long'
Fixes: 2045/clusterfuzz-testcase-minimized-6751255865065472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eefb68c9c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
28c08ab943 avformat/mvdec: Fix DoS due to lack of eof check 
Fixes: loop.mv

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f05e2e2dc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
孙浩 and 张洪亮(望初)
953c6259d6 avformat/rl2: Fix DoS due to lack of eof check 
Fixes: loop.rl2

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 96f24d1bee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
孙浩 and 张洪亮(望初)
770482def3 avformat/rmdec: Fix DoS due to lack of eof check 
Fixes: loop.ivr

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 124eb202e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
孙浩 and 张洪亮(望初)
64aa8bb886 avformat/cinedec: Fix DoS due to lack of eof check 
Fixes: loop.cine

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7e80b63ecd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
孙浩 and 张洪亮(望初)
0eb399381a avformat/asfdec: Fix DoS due to lack of eof check 
Fixes: loop.asf

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7f9ec5593e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
0d32491b74 avformat/hls: Fix DoS due to infinite loop 
Fixes: loop.m3u

The default max iteration count of 1000 is arbitrary and ideas for a better solution are welcome

Found-by: Xiaohei and Wangchu from Alibaba Security Team

Previous version reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ec414892d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
d4a333f00b ffprobe: Fix NULL pointer handling in color parameter printing 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 351e28f9a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
5ff09443c5 ffprobe: Fix null pointer dereference with color primaries 
Found-by: AD-lab of venustech
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 837cb4325b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b2c39fcc3c0749490dc93bca80f56724878b55fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
0575adfd4a avcodec/hevc_ps: Check delta_pocs in ff_hevc_decode_short_term_rps() 
Fixes: integer overflow
Fixes: 2893/clusterfuzz-testcase-minimized-5809330567774208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2b44dcbc44)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
5351c8bd46 avformat/rtpdec_h264: Fix heap-buffer-overflow 
Fixes: rtp_sdp/poc.sdp

Found-by: Bingchang <l.bing.chang.bc@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c42a1388a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Vitaly Buka
6622be010b avformat/aviobuf: Fix signed integer overflow in avio_seek() 
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow

Signed-off-by: Vitaly Buka <vitalybuka@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eca2a49716)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Vitaly Buka
7b6dba892f avformat/mov: Fix signed integer overflows with total_size 
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow

Signed-off-by: Vitaly Buka <vitalybuka@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a404cb5b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Vitaly Buka
edac232860 avcodec/utils: Fix signed integer overflow in rc_initial_buffer_occupancy initialization 
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow

Signed-off-by: Vitaly Buka <vitalybuka@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c2bb10ddf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
1fa31e28fd avcodec/aacdec_template: Fix running cleanup in decode_ics_info() 
Fixes: out of array read
Fixes: 2873/clusterfuzz-testcase-minimized-5924145713905664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Previous version reviewed-by: Alex Converse <alex.converse@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f03ffb47d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00
Michael Niedermayer
3ee6a9cfb4 avcodec/me_cmp: Fix crashes on ARM due to misalignment 
Adds a diff_pixels_unaligned()

Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872503

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc488ec28a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2017-09-17 15:57:27 +02:00