Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06d67265)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Fixes NULL pointer dereference
Fixes: 36610/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6052641783283712
Fixes: 37907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-4725170850365440
Fixes: 37904/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6367889262247936
Fixes: 38085/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5175270823297024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 20afd3a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Timeout
Fixes: 37795/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-4846536543043584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f835efb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: invalid shift
Fixes: 37018/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-5290280902328320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a95abcc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: error: 1.66789e+11 is outside the range of representable values of type 'int'
Fixes: Ticket8201

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 245017ec)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 559334865 * 4 cannot be represented in type 'int'
Fixes: 37929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6751932295806976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 90da4355)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: -682581959642593728 * 16 cannot be represented in type 'long'
Fixes: 37883/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5311691517198336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 737e6bf2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: runtime error: signed integer overflow: 65312 * 65535 cannot be represented in type 'int'
Fixes: 32832/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-4817710040088576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e2c28723)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 34651/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5157941012463616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 989febfb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Out of array access
Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3dd5a8a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

In some extrme cases, like with adpcm_ms samples with an extremely high channel
count, get_audio_frame_duration() may return a negative frame duration value.
Don't propagate it, and instead return 0, signaling that a duration could not
be determined.

Fixes ticket #9312

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e01d306c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Infinite loop
Fixes: 36666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5912760671141888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3c659f86)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int'
Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 33feb527)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Timeout
Fixes: 37035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5142718576721920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e5869283)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

This fixes compilation with old mingw.org toolchains, which has got
much fewer errno.h entries.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 6569e950)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int'
Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a4c98c50)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Timeout
Fixes: 36262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-4969052454912000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 909faca9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary.
'buf' is  part of  'AVPacket pkt'.
replace init_get_bits with init_get_bits8.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9ffa4949)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Timeout
Fixes: 35401/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5714401821851648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5e00eab6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: out of array read
Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c59b5e3d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: MemLeak
Fixes: 8281
Fixes: PoC_option158.jpg
Fixes: CVE-2020-22037

Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7bba0dd6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Infinite loop
Fixes: 35591/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4503764022198272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f803635c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

The existing error concealment makes no sense for the image formats, they
use transformed source images which is different from keyframe + MC+difference
for which the error concealment is designed.
Of course feel free to re-enable this if you have a case where it works and
improves vissual results

Fixes: Timeout
Fixes: 36234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6300306743885824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 643b2d49)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 35593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5182217725804544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8f2856a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Infinite loop
Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 89505d38)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b57d2f0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9dbed908)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 24672 + 2147483424 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSICIN_fuzzer-6731325979623424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9d1c47ec)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6737028768202752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b4e77dfc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 527821a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 2147483607 + 64 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6753897878257664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f034c2e3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bae2e197)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: floating point division by 0
Fixes: Ticket8218

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 75a099fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: left shift of negative value -1
Fixes: Ticket8270

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06af6e10)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Timeout
Fixes: 35637/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6311060272447488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c52c99a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

av_shrink_packet() takes int size, so size must fit in int
Fixes: out of array access
Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 65b862ab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
crafted DNxHD data can cause unspecified impact.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 7150f957)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7874d40f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>