- 21 Jul, 2024 40 commits
-
-
Michael Niedermayer authored
Fixes: CID1439581 Result is not floating-point Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ec18ec9f ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1591931 Explicit null dereferenced Sponsored-by: Sovereign Tech Fund Reviewed-by:
Roger Pack <rogerdpack@gmail.com> Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 175c1916 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1591929 Copy into fixed size buffer Sponsored-by: Sovereign Tech Fund Reviewed-by:
Roger Pack <rogerdpack@gmail.com> Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit daf61ddd ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Helps: CID1454676 Out-of-bounds read Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9af348bd ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Found by reviewing code related to CID1604365 Overflowed constant Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0474614e ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1604552 Overflowed constant Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f18b4423 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1604495 Overflowed constant Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d5532768 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1604400 Overflowed constant Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b9899866 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1604356 Overflowed constant Fixes: CID1604573 Overflowed constant Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6e4c0378 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This is more a style fix than a bugfix (CID1604392 Overflowed constant) Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cfe66dfe ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Found by code review related to CID1604563 Overflowed return value Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b2aaeb81 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Found while reviewing code related to CID1604409 Overflowed return value Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7cf5b83f ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Found by code review related to CID1604386 Overflowed constant Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e5af1c6e ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1604490 Overflowed constant Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 96fd9417 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
width and height > 32bit is not supported and its easier to check in a central place Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ba63e329 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of negative value -208 Fixes: 69073/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_KS_fuzzer-4745020002336768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 93e0265e ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Found while reviewing: CID1530313 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cedbef03 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
It is not entirely clear what would prevent such overflow so even if it is not possible, it is better to use 64bit Fixes: CID1491898 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 665be4fa ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1591944 Wrong sizeof argument Sponsored-by: Sovereign Tech Fund Reviewed-by:
Steve Lhomme <robux4@ycbcr.xyz> Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 628ba061 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1591909 Wrong sizeof argument Sponsored-by: Sovereign Tech Fund Reviewed-by:
Steve Lhomme <robux4@ycbcr.xyz> Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 698ed0d5 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1591881 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f022afea ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This may help CID1452449 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 426d8c84 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Found while reviewing CID1452449 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2a0a7d96 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1473554 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c8200d38 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
It seems reply1 is initialized by ff_rtsp_send_cmd() in most cases but there are code paths like "continue" which look like they could skip it but even if not writing this so a complex loop after several layers of calls initialized a local variable through a pointer is just bad design. This patch simply initialized the variable. Fixes: CID1473532 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 498ce4e8 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Found while reviewing CID1473532 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9bb38ba2 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1452585 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7a9ddb70 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1197065 Resource leak Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 382e9e79 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1500281 Out-of-bounds write Fixes: CID1500331 Out-of-bounds write Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5fe8bf4a ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Mark Thompson authored
The spec allows at least thirty-two zero bits followed by a one to mean 2^32-1, with no constraint on the number of zeroes. The libaom reference decoder does not match this, instead reading thirty-two zeroes but not the following one to mean 2^32-1. These two interpretations are incompatible and other implementations may follow one or the other. Therefore reject thirty-two zeroes because the intended behaviour is not clear. Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7110a36b ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 380a8213 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1551694 Use after free (false positive based on assuming that out == in and one is freed and one used) Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c296d4fd ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1473553 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0d0373de ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1473590 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ca237a84 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1591939 Logically dead code Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4c285bb2 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1591911 Logically dead code Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 86cd7c68 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: CID1435168 Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 63ecce9b ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Help coverity with CID1500302 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4824156f ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
The checked entity should be alone on one side of the check, this avoids complex considerations of overflows. This fixes a issue of bad style in our code and a coverity issue. Fixes: CID1439654 Untrusted pointer read Sponsored-by: Sovereign Tech Fund Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 385784a1 ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: 67492/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5778297231310848 Fixes: signed integer overflow: 2314885530818453536 + 7782220156096217088 cannot be represented in type 'long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2882d30e ) Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-