avfilter/bwdif: account for chroma sub-sampling in min size calculation The current logic for detecting frames that are too small for the algorithm does not account for chroma sub-sampling, and so a sample where the luma plane is large enough, but the chroma planes are not will not be rejected. In that event, a heap overflow will occur. This change adjusts the logic to consider the chroma planes and makes the change to all three bwdif implementations. Fixes #10688 Signed-off-by: Cosmin Stejerean <cosmin@cosmin.at> Reviewed-by: Thomas Mundt <tmundt75@gmail.com> Signed-off-by: Philip Langdale <philipl@overt.org> (cherry picked from commit 737ede405b11a37fdd61d19cf25df296a0cb0b75) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/iff: Check that we have a stream in read_dst_frame() Fixes: null pointer dereference Fixes: 385644864/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4551049565765632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8668957ef604bd2b99175310638bc5031ae0d991) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/mlvdec: fix size checks Fixes: heap-buffer-overflow Fixes: 391962476/clusterfuzz-testcase-minimized-ffmpeg_dem_MLV_fuzzer-5746746587676672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 251d43aef0df9262f2688c1c848af993bbb67d08) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/h263dec: Check against previous dimensions instead of coded Fixes: out of array access Fixes: crash-a41ef3db699013f669b076f02f36942925f5a98c Found-by: Kacper Michajlow <kasper93@gmail.com> Reviewed-by: Kacper Michajlow <kasper93@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0fe33c99a26a06a6875c4abfb96362a65145264b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet() Fixes: Use of uninitialized memory Fixes: 71444/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5448597561212928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ecc96f4d08d74b0590ab03f39f93f386910c4c0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/huffyuvdec: Initialize whole output for decode_gray_bitstream() Fixes: use of uninitialized memory Fixes: 375286238/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-6352546854141952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ef71552cf970876085d99834abdb8e429aea9730) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/ipmovie: Check signature_buffer read Fixes: use of uninitilaized data Fixes: 385167047/clusterfuzz-testcase-minimized-ffmpeg_dem_IPMOVIE_fuzzer-5941477505564672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 788abe0d253b2034af15876d7889265d4746df2b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/wtvdec: Initialize buf ff_parse_mpeg2_descriptor() reads over what is initialized Fixes: use of uninitialized memory Fixes: 383825645/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5144130618982400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 17b019c517af26c6d2f0c6266938c60d36db1fa3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/vqf: Propagate errors from add_metadata() Suggested-by: Marton Balint <cus@passwd.hu> Reviewed-by: Alexander Strasser <eclipse7@gmx.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 49fa3f6c5ba6d43cc4b3ade4f8d9dc2fdbc71f0a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/vqf: Check avio_read() in add_metadata() Fixes: use of uninitialized data Fixes: 383825642/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5380168801124352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c43dbecbdad152a91eadc7538b545852eee562ae) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avutil/avstring: dont mess with NULL pointers in av_match_list() Fixes: applying zero offset to null pointer Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c6c54943d161812b3c4034116cb14f3f5c05dc43) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/mpegvideo_enc: Check FLV1 resolution limits Found-by: Elias Myllym?ki <elias.myllymaki04p@gmail.com> Reviewed-by: Alexander Strasser <eclipse7@gmx.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 827c073154f4cc17d1bd3777dff3b58370210bcb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/ffv1enc: Fix handling of 32bit unsigned symbols This may be needed for floats Sponsored-by: Sovereign Tech Fund Reviewed-by: Alexander Strasser <eclipse7@gmx.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 402824e9e99461f1c9e74a6730ced40894669560) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/vc1dec: Clear block_index in vc1_decode_reset() Fixes: 377965565/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-4504434689769472 Fixes: out of array access Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 251de1791e645f16e80b09d82999d4a5e24b1ad1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/aacsbr_template: Clear n_q on error Fixes: index 5 out of bounds for type 'uint8_t [5]' Fixes: 377748135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5167109774049280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3f029bfb7f9ca1c73fecb8d0eacf3c4e0550f771) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
swscale/output: Fix undefined overflow in yuv2rgba64_full_X_c_template() Fixes: signed integer overflow: -1082982400 + -1195645138 cannot be represented in type 'int' Fixes: 376136843/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-4791844321427456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 56faee21c136942c491f30a2e82cfbbfce180beb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>