Fixes: signed integer overflow: 2147475672 + 8192 cannot be represented in type 'int'
Fixes: 15415/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5712074128228352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: division by 0
Fixes: 15480/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5746727434321920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: 15530/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5637370344374272
Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 2040 * 1187872 cannot be represented in type 'int'
Fixes: 15368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV20_fuzzer-5681657136283648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

libtta 2.3 has a limit of 6 channels, so 16 is substantially above the "official" already

Fixes: OOM
Fixes: 15249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5643988125614080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Timeout (76 sec -> 24 sec)
Fixes: 15043/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-5699856238116864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: out of array read
Fixes: 15286/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5658245101780992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int'
Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Infinite loop
Fixes: 15337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5757428949319680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int'
Fixes: infinite loop
Fixes: 15396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5116605501014016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Instead we ask for a sample, its unclear what to do in this case.

Fixes: index 30 out of bounds for type 'int8_t [30][64]'
Fixes: 15339/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5749441484554240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 1106434976 + 1041773512 cannot be represented in type 'int'
Fixes: 15421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5669209314426880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: -1027919784 + -1120041624 cannot be represented in type 'int'
Fixes: 15406/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5700646528876544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: OOM
Fixes: 15410/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5659464805384192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

This checks the ham value much stricter and avoids hitting cases which cannot be reached
with data from the libavformat demuxer.

Fixes: out of array access
Fixes: 15320/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5080476840099840
Fixes: 15423/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5630765833912320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: signed integer overflow: 6494225984479297536 - -6043795377581187040 cannot be represented in type 'long'
Fixes: 15285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5632780307791872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 15289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5709034499342336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: out of array access
Fixes: 15360/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5653837190266880
Fixes: 15412/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5740537648250880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: index -1 out of bounds for type 'const uint8_t [185][2]'
Fixes: 15250/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5648992869810176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

lpc_quant of 0 produces undefined behavior, thus disallow this.
If valid samples use this then such a sample would be quite
usefull to confirm the correct&lossles handling of this.

Fixes: libavcodec/alac.c:218:25: runtime error: shift exponent -1 is negative
Fixes: 15273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5656388535058432
Fixes: 15276/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5761238417539072
Fixes: 15315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5767260766994432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

Fixes: Various anomalies
Fixes: 14493/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5071018000908288
Fixes: 14630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5714888963391488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

This commit changes vp9_metadata to (a) use ff_bsf_get_packet_ref
instead of ff_bsf_get_packet (thereby avoiding one malloc and free per
filtered packet) and (b) to use only one packet structure at all,
thereby avoiding a call to av_packet_copy_props.

(b) has been made possible by the recent changes to ff_cbs_write_packet.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

If a new sequence display extension had to be added, this was up until
now done at two places: One where a sequence display extension was
initialized with default values and one where the actual sequence
display extension was inserted into the fragment. This division of
labour is unnecessary and pointless; it has been changed.

Furthermore, if a sequence display extension has to be added, the
earlier code set some fields to their default value twice. This has been
changed, too.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

This commit changes mpeg2_metadata to (a) use ff_bsf_get_packet_ref
instead of ff_bsf_get_packet (thereby avoiding one malloc and free per
filtered packet) and (b) to use only one packet structure at all,
thereby avoiding a call to av_packet_copy_props.

(b) has been made possible by the recent changes to ff_cbs_write_packet.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

This commit changes h265_metadata to (a) use ff_bsf_get_packet_ref
instead of ff_bsf_get_packet (thereby avoiding one malloc and free per
filtered packet) and (b) to use only one packet structure at all,
thereby avoiding a call to av_packet_copy_props.

(b) has been made possible by the recent changes to ff_cbs_write_packet.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

When looping over an access unit's units in positive direction and
deleting some of them, one needs to make sure that a unit that is at
the position of a unit that just got deleted gets checked, too.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

This commit changes h264_redundant_pps to (a) use ff_bsf_get_packet_ref
instead of ff_bsf_get_packet (thereby avoiding one malloc and free per
filtered packet) and (b) to use only one packet structure at all,
thereby avoiding a call to av_packet_copy_props.

(b) has been made possible by the recent changes to ff_cbs_write_packet.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>