From patchwork Fri Oct 23 18:39:33 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 23178
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id D5675449AB7
	for <patchwork@ffaux-bg.ffmpeg.org>; Fri, 23 Oct 2020 21:46:01 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B0E8268A107;
	Fri, 23 Oct 2020 21:46:01 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-pe02-3.mx.upcmail.net
 (vie01a-dmta-pe02-3.mx.upcmail.net [62.179.121.159])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CBDE8688036
 for <ffmpeg-devel@ffmpeg.org>; Fri, 23 Oct 2020 21:45:55 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-pe02.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1kW1zV-0006fs-0b
 for ffmpeg-devel@ffmpeg.org; Fri, 23 Oct 2020 20:40:41 +0200
Received: from localhost ([213.47.68.29])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id W1yWkeLWUIr7GW1yWksCN9; Fri, 23 Oct 2020 20:39:40 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.3 cv=QN4WuTDL c=1 sm=1 tr=0
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10
 a=nZOtpAppAAAA:20 a=CUkpiSPqfUNRAq_3XFgA:9 a=1fhp2MxaeJtTNGEnv6mo:22
 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=bWyr8ysk75zN3GCy5bjg:22
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 23 Oct 2020 20:39:33 +0200
Message-Id: <20201023183940.31485-1-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
X-CMAE-Envelope: 
 MS4wfP699hPVs3O/np8gNBGQ0H2P50+vwmQyHRTBPQJspE1AxI3H2yo7BPM9n5Ww/hoT9TfQlgHA40l0ldMrkrYarl8X5irq8+DA4rSO4YXlXAxiMAmMtPSp
 qbyKI7Sd1c2vXLxxRum8BaN4KMTVnzSohH/JLksdzCTnIrsoblAC0P9Z
Subject: [FFmpeg-devel] [PATCH 1/8] avcodec/magicyuv: Check slice size
	before reading flags and pred
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Fixes: heap-buffer-overflow
Fixes: 26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/magicyuv.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c
index ea1f727e5c..e2b7bdd326 100644
--- a/libavcodec/magicyuv.c
+++ b/libavcodec/magicyuv.c
@@ -267,6 +267,9 @@ static int magy_decode_slice(AVCodecContext *avctx, void *tdata,
         const uint8_t *slice = s->buf + s->slices[i][j].start;
         int flags, pred;
 
+        if (s->slices[i][j].size < 2)
+            return AVERROR_INVALIDDATA;
+
         flags = bytestream_get_byte(&slice);
         pred  = bytestream_get_byte(&slice);
 

From patchwork Fri Oct 23 18:39:34 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 23176
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 034A544AC5B
	for <patchwork@ffaux-bg.ffmpeg.org>; Fri, 23 Oct 2020 21:40:48 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CBF11689D06;
	Fri, 23 Oct 2020 21:40:47 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-pe05-1.mx.upcmail.net
 (vie01a-dmta-pe05-1.mx.upcmail.net [84.116.36.11])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B0E45680A7C
 for <ffmpeg-devel@ffmpeg.org>; Fri, 23 Oct 2020 21:40:41 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-pe05.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1kW1zV-0000jr-0X
 for ffmpeg-devel@ffmpeg.org; Fri, 23 Oct 2020 20:40:41 +0200
Received: from localhost ([213.47.68.29])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id W1yXkeLYGIr7GW1yXksCOA; Fri, 23 Oct 2020 20:39:41 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.3 cv=QN4WuTDL c=1 sm=1 tr=0
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10
 a=nZOtpAppAAAA:20 a=y2Gkb-ytfN5d1m4xtPYA:9 a=1fhp2MxaeJtTNGEnv6mo:22
 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=SsAZrZ5W_gNWK9tOzrEV:22
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 23 Oct 2020 20:39:34 +0200
Message-Id: <20201023183940.31485-2-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201023183940.31485-1-michael@niedermayer.cc>
References: <20201023183940.31485-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfP699hPVs3O/np8gNBGQ0H2P50+vwmQyHRTBPQJspE1AxI3H2yo7BPM9n5Ww/hoT9TfQlgHA40l0ldMrkrYarl8X5irq8+DA4rSO4YXlXAxiMAmMtPSp
 qbyKI7Sd1c2vXLxxRum8BaN4KMTVnzSohH/JLksdzCTnIrsoblAC0P9Z
Subject: [FFmpeg-devel] [PATCH 2/8] tools/target_dem_fuzzer: Consider it an
	EIO when reading position wraps around 64bit
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Fixes: signed integer overflow: 9223372036854775807 + 564 cannot be represented in type 'long'
Fixes: 26494/clusterfuzz-testcase-minimized-ffmpeg_dem_VOC_fuzzer-576754158849228

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dem_fuzzer.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c
index 8c9e373367..4add459aef 100644
--- a/tools/target_dem_fuzzer.c
+++ b/tools/target_dem_fuzzer.c
@@ -49,6 +49,8 @@ static int io_read(void *opaque, uint8_t *buf, int buf_size)
         c->filesize = FFMIN(c->pos, c->filesize);
         return AVERROR_EOF;
     }
+    if (c->pos > INT64_MAX - size)
+        return AVERROR(EIO);
 
     memcpy(buf, c->fuzz, size);
     c->fuzz      += size;

From patchwork Fri Oct 23 18:39:35 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 23179
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id D553A449AB7
	for <patchwork@ffaux-bg.ffmpeg.org>; Fri, 23 Oct 2020 21:46:56 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B9D2768A0C3;
	Fri, 23 Oct 2020 21:46:56 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-pe02-3.mx.upcmail.net
 (vie01a-dmta-pe02-3.mx.upcmail.net [62.179.121.159])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 41F20688036
 for <ffmpeg-devel@ffmpeg.org>; Fri, 23 Oct 2020 21:46:50 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-pe02.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1kW1zV-0006f0-0Z
 for ffmpeg-devel@ffmpeg.org; Fri, 23 Oct 2020 20:40:41 +0200
Received: from localhost ([213.47.68.29])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id W1yXkeLYdIr7GW1yXksCOJ; Fri, 23 Oct 2020 20:39:41 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.3 cv=QN4WuTDL c=1 sm=1 tr=0
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10
 a=PsmbHbcKy_CFd5Wc-kgA:9 a=pHzHmUro8NiASowvMSCR:22 a=Ew2E2A-JSTLzCXPT_086:22
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 23 Oct 2020 20:39:35 +0200
Message-Id: <20201023183940.31485-3-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201023183940.31485-1-michael@niedermayer.cc>
References: <20201023183940.31485-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfP699hPVs3O/np8gNBGQ0H2P50+vwmQyHRTBPQJspE1AxI3H2yo7BPM9n5Ww/hoT9TfQlgHA40l0ldMrkrYarl8X5irq8+DA4rSO4YXlXAxiMAmMtPSp
 qbyKI7Sd1c2vXLxxRum8BaN4KMTVnzSohH/JLksdzCTnIrsoblAC0P9Z
Subject: [FFmpeg-devel] [PATCH 3/8] tools/target_dem_fuzzer: remove unused
	label
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dem_fuzzer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c
index 4add459aef..992b1a4d89 100644
--- a/tools/target_dem_fuzzer.c
+++ b/tools/target_dem_fuzzer.c
@@ -195,7 +195,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
             break;
         av_packet_unref(&pkt);
     }
-end:
+
     av_freep(&fuzzed_pb->buffer);
     av_freep(&fuzzed_pb);
     avformat_close_input(&avfmt);

From patchwork Fri Oct 23 18:39:36 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 23183
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id E093444A014
	for <patchwork@ffaux-bg.ffmpeg.org>; Fri, 23 Oct 2020 21:48:30 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C64B468A315;
	Fri, 23 Oct 2020 21:48:30 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-pe01-1.mx.upcmail.net
 (vie01a-dmta-pe01-1.mx.upcmail.net [62.179.121.154])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E49E0680864
 for <ffmpeg-devel@ffmpeg.org>; Fri, 23 Oct 2020 21:48:24 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-pe01.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1kW1zV-0008cy-0V
 for ffmpeg-devel@ffmpeg.org; Fri, 23 Oct 2020 20:40:41 +0200
Received: from localhost ([213.47.68.29])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id W1yXkeLYuIr7GW1yXksCOQ; Fri, 23 Oct 2020 20:39:41 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.3 cv=QN4WuTDL c=1 sm=1 tr=0
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10
 a=nZOtpAppAAAA:20 a=QSNnM-wVcZgBh_VoE8QA:9 a=1fhp2MxaeJtTNGEnv6mo:22
 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=UDnyf2zBuKT2w-IlGP_r:22
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 23 Oct 2020 20:39:36 +0200
Message-Id: <20201023183940.31485-4-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201023183940.31485-1-michael@niedermayer.cc>
References: <20201023183940.31485-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfP699hPVs3O/np8gNBGQ0H2P50+vwmQyHRTBPQJspE1AxI3H2yo7BPM9n5Ww/hoT9TfQlgHA40l0ldMrkrYarl8X5irq8+DA4rSO4YXlXAxiMAmMtPSp
 qbyKI7Sd1c2vXLxxRum8BaN4KMTVnzSohH/JLksdzCTnIrsoblAC0P9Z
Subject: [FFmpeg-devel] [PATCH 4/8] avformat/utils: wrap_timestamp() is only
	needed for less than 64 bits
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Fixes: shift exponent 64 is too large for 64-bit type 'unsigned long long'
Fixes: 26497/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5690188355076096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/utils.c b/libavformat/utils.c
index e8335a601f..b1ce6f4fdb 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -101,7 +101,7 @@ static int is_relative(int64_t ts) {
  */
 static int64_t wrap_timestamp(const AVStream *st, int64_t timestamp)
 {
-    if (st->pts_wrap_behavior != AV_PTS_WRAP_IGNORE &&
+    if (st->pts_wrap_behavior != AV_PTS_WRAP_IGNORE && st->pts_wrap_bits < 64 &&
         st->pts_wrap_reference != AV_NOPTS_VALUE && timestamp != AV_NOPTS_VALUE) {
         if (st->pts_wrap_behavior == AV_PTS_WRAP_ADD_OFFSET &&
             timestamp < st->pts_wrap_reference)

From patchwork Fri Oct 23 18:39:37 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 23177
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 531E344AC5B
	for <patchwork@ffaux-bg.ffmpeg.org>; Fri, 23 Oct 2020 21:40:49 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2BDCE68A107;
	Fri, 23 Oct 2020 21:40:49 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-pe06-2.mx.upcmail.net
 (vie01a-dmta-pe06-2.mx.upcmail.net [84.116.36.15])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B34B4689CFB
 for <ffmpeg-devel@ffmpeg.org>; Fri, 23 Oct 2020 21:40:41 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-pe06.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1kW1zV-00069Z-0Y
 for ffmpeg-devel@ffmpeg.org; Fri, 23 Oct 2020 20:40:41 +0200
Received: from localhost ([213.47.68.29])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id W1yXkeLZ4Ir7GW1yXksCOX; Fri, 23 Oct 2020 20:39:41 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.3 cv=QN4WuTDL c=1 sm=1 tr=0
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10
 a=nZOtpAppAAAA:20 a=pgOoI-MwBP5v1RDjV8QA:9 a=1fhp2MxaeJtTNGEnv6mo:22
 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=SsAZrZ5W_gNWK9tOzrEV:22
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 23 Oct 2020 20:39:37 +0200
Message-Id: <20201023183940.31485-5-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201023183940.31485-1-michael@niedermayer.cc>
References: <20201023183940.31485-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfP699hPVs3O/np8gNBGQ0H2P50+vwmQyHRTBPQJspE1AxI3H2yo7BPM9n5Ww/hoT9TfQlgHA40l0ldMrkrYarl8X5irq8+DA4rSO4YXlXAxiMAmMtPSp
 qbyKI7Sd1c2vXLxxRum8BaN4KMTVnzSohH/JLksdzCTnIrsoblAC0P9Z
Subject: [FFmpeg-devel] [PATCH 5/8] uavformat/rsd: check for EOF in extradata
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Fixes: OOM
Fixes: 26503/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6530816735444992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/rsd.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/rsd.c b/libavformat/rsd.c
index e23c8abae5..933b1dbadc 100644
--- a/libavformat/rsd.c
+++ b/libavformat/rsd.c
@@ -139,6 +139,8 @@ static int rsd_read_header(AVFormatContext *s)
             return ret;
 
         for (i = 0; i < par->channels; i++) {
+            if (avio_feof(pb))
+                return AVERROR_EOF;
             avio_read(s->pb, st->codecpar->extradata + 32 * i, 32);
             avio_skip(s->pb, 8);
         }

From patchwork Fri Oct 23 18:39:38 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 23181
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id E4103449BF4
	for <patchwork@ffaux-bg.ffmpeg.org>; Fri, 23 Oct 2020 21:47:29 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C829768A2B6;
	Fri, 23 Oct 2020 21:47:29 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-pe02-3.mx.upcmail.net
 (vie01a-dmta-pe02-3.mx.upcmail.net [62.179.121.159])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id ABD5F688109
 for <ffmpeg-devel@ffmpeg.org>; Fri, 23 Oct 2020 21:47:23 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-pe02.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1kW1zV-0006ft-0b
 for ffmpeg-devel@ffmpeg.org; Fri, 23 Oct 2020 20:40:41 +0200
Received: from localhost ([213.47.68.29])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id W1yXkeLZJIr7GW1yXksCOk; Fri, 23 Oct 2020 20:39:41 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.3 cv=QN4WuTDL c=1 sm=1 tr=0
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10
 a=nZOtpAppAAAA:20 a=Dn499lM_F7AJTRht8_cA:9 a=1fhp2MxaeJtTNGEnv6mo:22
 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=SsAZrZ5W_gNWK9tOzrEV:22
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 23 Oct 2020 20:39:38 +0200
Message-Id: <20201023183940.31485-6-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201023183940.31485-1-michael@niedermayer.cc>
References: <20201023183940.31485-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfP699hPVs3O/np8gNBGQ0H2P50+vwmQyHRTBPQJspE1AxI3H2yo7BPM9n5Ww/hoT9TfQlgHA40l0ldMrkrYarl8X5irq8+DA4rSO4YXlXAxiMAmMtPSp
 qbyKI7Sd1c2vXLxxRum8BaN4KMTVnzSohH/JLksdzCTnIrsoblAC0P9Z
Subject: [FFmpeg-devel] [PATCH 6/8] avformat/aaxdec: Check string before
	strcmp()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Fixes: NULL ptr dereference
Fixes: 26508/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5694725249826816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/aaxdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/aaxdec.c b/libavformat/aaxdec.c
index 3db6e9bc6d..7d10e805ca 100644
--- a/libavformat/aaxdec.c
+++ b/libavformat/aaxdec.c
@@ -232,7 +232,7 @@ static int aax_read_header(AVFormatContext *s)
         int64_t col_offset;
         int flag, type;
 
-        if (strcmp(a->xcolumns[c].name, "data"))
+        if (!a->xcolumns[c].name || strcmp(a->xcolumns[c].name, "data"))
             continue;
 
         type = a->xcolumns[c].type;

From patchwork Fri Oct 23 18:39:39 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 23182
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id CD30B449BF4
	for <patchwork@ffaux-bg.ffmpeg.org>; Fri, 23 Oct 2020 21:47:39 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id AE9C868A921;
	Fri, 23 Oct 2020 21:47:39 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-pe02-3.mx.upcmail.net
 (vie01a-dmta-pe02-3.mx.upcmail.net [62.179.121.159])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0AE5F68A912
 for <ffmpeg-devel@ffmpeg.org>; Fri, 23 Oct 2020 21:47:34 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-pe02.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1kW1zW-0006f0-0G
 for ffmpeg-devel@ffmpeg.org; Fri, 23 Oct 2020 20:40:42 +0200
Received: from localhost ([213.47.68.29])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id W1yXkeLZjIr7GW1yYksCOu; Fri, 23 Oct 2020 20:39:42 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.3 cv=QN4WuTDL c=1 sm=1 tr=0
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10
 a=nZOtpAppAAAA:20 a=oQcFlyDwUDKT6A6p-PoA:9 a=1fhp2MxaeJtTNGEnv6mo:22
 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=UDnyf2zBuKT2w-IlGP_r:22
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 23 Oct 2020 20:39:39 +0200
Message-Id: <20201023183940.31485-7-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201023183940.31485-1-michael@niedermayer.cc>
References: <20201023183940.31485-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfJMv4+U6zTI3Kyj8N3BlqFMpGMrVrFezMdkor5Y0zJHPBI3OBXIaE8CokSsLWTyN40bObc82gXaYlcTvw9xHhk/sbEcW9w71l+AB998QFD2fGq7N5eb3
 C1F4Qv4r1dN1mBOV77kncpJkJ3qFWixPlqFLdpr4v0GD/GrmxmrRQuZP
Subject: [FFmpeg-devel] [PATCH 7/8] tools/target_dem_fuzzer: Limit max blocks
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

With a IO block size of 1 byte potentially megabytes are quite slow to read, thus
limit the number

Fixes: 26511/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-5679249073373184
Fixes: 26517/clusterfuzz-testcase-minimized-ffmpeg_dem_XMV_fuzzer-6316634501021696
Fixes: 26518/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-485568285324083
Fixes: OOM
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dem_fuzzer.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c
index 992b1a4d89..dbfed6354a 100644
--- a/tools/target_dem_fuzzer.c
+++ b/tools/target_dem_fuzzer.c
@@ -88,6 +88,7 @@ static int64_t io_seek(void *opaque, int64_t offset, int whence)
 
 // Ensure we don't loop forever
 const uint32_t maxiteration = 8096;
+const int maxblocks= 100000;
 
 static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
 
@@ -160,6 +161,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
             av_strlcatf(filename, sizeof(filename), ".%s", extension);
         }
     }
+
+    if (!io_buffer_size || size / io_buffer_size > maxblocks)
+        io_buffer_size = size;
+
     io_buffer = av_malloc(io_buffer_size);
     if (!io_buffer)
         error("Failed to allocate io_buffer");

From patchwork Fri Oct 23 18:39:40 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 23184
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 08B2244A014
	for <patchwork@ffaux-bg.ffmpeg.org>; Fri, 23 Oct 2020 21:48:53 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E53E468A7D8;
	Fri, 23 Oct 2020 21:48:52 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-pe01-1.mx.upcmail.net
 (vie01a-dmta-pe01-1.mx.upcmail.net [62.179.121.154])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7276D688368
 for <ffmpeg-devel@ffmpeg.org>; Fri, 23 Oct 2020 21:48:47 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-pe01.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1kW1zW-0008pe-0C
 for ffmpeg-devel@ffmpeg.org; Fri, 23 Oct 2020 20:40:42 +0200
Received: from localhost ([213.47.68.29])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id W1yYkeLZzIr7GW1yYksCP0; Fri, 23 Oct 2020 20:39:42 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.3 cv=QN4WuTDL c=1 sm=1 tr=0
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10
 a=nZOtpAppAAAA:20 a=-p-WRWJU-2zE_tWovAoA:9 a=1fhp2MxaeJtTNGEnv6mo:22
 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=UDnyf2zBuKT2w-IlGP_r:22
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 23 Oct 2020 20:39:40 +0200
Message-Id: <20201023183940.31485-8-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201023183940.31485-1-michael@niedermayer.cc>
References: <20201023183940.31485-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfJMv4+U6zTI3Kyj8N3BlqFMpGMrVrFezMdkor5Y0zJHPBI3OBXIaE8CokSsLWTyN40bObc82gXaYlcTvw9xHhk/sbEcW9w71l+AB998QFD2fGq7N5eb3
 C1F4Qv4r1dN1mBOV77kncpJkJ3qFWixPlqFLdpr4v0GD/GrmxmrRQuZP
Subject: [FFmpeg-devel] [PATCH 8/8] avcodec/dirac_parser: do not offset
	AV_NOPTS_OFFSET
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Fixes: signed integer overflow: -9223372036854775807 - 48000 cannot be represented in type 'long long'
Fixes: 26521/clusterfuzz-testcase-minimized-ffmpeg_dem_DIRAC_fuzzer-5635536506847232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/dirac_parser.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c
index fbc7414c79..8e68b4a9da 100644
--- a/libavcodec/dirac_parser.c
+++ b/libavcodec/dirac_parser.c
@@ -215,7 +215,7 @@ static int dirac_combine_frame(AVCodecParserContext *s, AVCodecContext *avctx,
             int64_t pts = AV_RB32(cur_pu + 13);
             if (s->last_pts == 0 && s->last_dts == 0)
                 s->dts = pts - 1;
-            else
+            else if (s->last_dts != AV_NOPTS_VALUE)
                 s->dts = s->last_dts + 1;
             s->pts = pts;
             if (!avctx->has_b_frames && (cur_pu[4] & 0x03))