Fixes: runtime error: signed integer overflow: 211633430 + 2147483647 cannot be represented in type 'int'
Fixes: 1874/clusterfuzz-testcase-minimized-5037763613163520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

avcodec/snow: Fix runtime error: signed integer overflow: 1086573993 + 1086573994 cannot be represented in type 'int'

Fixes: 1871/clusterfuzz-testcase-minimized-5719950331215872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

avcodec/jpeg2000: Fix runtime error: signed integer overflow: 4185 + 2147483394 cannot be represented in type 'int'

Fixes: 1870/clusterfuzz-testcase-minimized-4686788029317120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: Timeout
Fixes: 1858/clusterfuzz-testcase-minimized-6450473802399744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

avcodec/wavpack: Fix runtime error: signed integer overflow: -1386217472 * 4 cannot be represented in type 'int'

Fixes: 1853/clusterfuzz-testcase-minimized-5471155626442752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

avcodec/aacdec_fixed: Fix multiple runtime error: shift exponent 127 is too large for 32-bit type 'int'

Fixes: 1851/clusterfuzz-testcase-minimized-5692607495667712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

This requires at least 25% of a picture to allocate and decode it

Fixes: Timeout
Fixes: 1845/clusterfuzz-testcase-minimized-5075974343360512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

the timeDataSize argument to aacDecoder_DecodeFrame() seems undocumented and until
2016 04 (203e3f28fbebec7011342017fafc2a0bda0ce530) unused.
after that commit libfdk-aacdec interprets it as size in sample units and memsets that on error.
FFmpeg as well as others (like GStreamer) did interpret it as size in bytes

Fixes: 1442/clusterfuzz-testcase-minimized-4540199973421056 (This requires recent libfdk to reproduce)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

avcodec/sbrdsp_template: Fix: runtime error: signed integer overflow: 849815297 + 1315389781 cannot be represented in type 'int'

Fixes: 1770/clusterfuzz-testcase-minimized-5285511235108864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: runtime error: left shift of negative value -67108864
Fixes: 1738/clusterfuzz-testcase-minimized-6734814327603200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

instead of deciding whether to encrypt based on the encryption scheme,
decide according to whether cenc was initialized or not.
mov_create_timecode_track calls ff_mov_write_packet with a track that
doesn't have cenc initialized.
Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: 1839/clusterfuzz-testcase-minimized-6238490993885184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Signed-off-by: NKevin Mark <kmark937@gmail.com>
Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>

As defined in "VP Codec ISO Media File Format Binding v1.0"
https://github.com/webmproject/vp9-dash/blob/master/VPCodecISOMediaFileFormatBinding.mdReviewed-by: NMichael Niedermayer <michael@niedermayer.cc>
Signed-off-by: NJames Almer <jamrial@gmail.com>

As defined in "VP Codec ISO Media File Format Binding v1.0"
https://github.com/webmproject/vp9-dash/blob/master/VPCodecISOMediaFileFormatBinding.mdReviewed-by: NMichael Niedermayer <michael@niedermayer.cc>
Signed-off-by: NJames Almer <jamrial@gmail.com>

Fixes: runtime error: index 12 out of bounds for type 'uint8_t [8]'
Fixes: 1832/clusterfuzz-testcase-minimized-6574546079449088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: 1830/clusterfuzz-testcase-minimized-5828293733384192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

avcodec/pixlet: Fix runtime error: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int'

Fixes: 1829/clusterfuzz-testcase-minimized-5527165321871360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Found-by: NRoger Scott <rscott@grammatech.com>
Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Signed-off-by: NVittorio Giovara <vittorio.giovara@gmail.com>

Reviewed-by: NPaul B Mahol <onemda@gmail.com>
Signed-off-by: NVittorio Giovara <vittorio.giovara@gmail.com>

This merges commit 1202b712 from libav,
originally written by Anton Khirnov and skipped in
fc63d5ce.

 libavcodec/vp3.c | 26 +++++++++-----------------
 1 file changed, 9 insertions(+), 17 deletions(-)

This merges commit c3e84820 from libav,
originally written by Anton Khirnov and skipped in
fc63d5ce.

 libavcodec/h264_picture.c |  3 ---
 libavcodec/h264_ps.c      |  9 ---------
 libavcodec/h264_slice.c   | 25 +++++++++++++++++++------
 libavcodec/h264dec.c      | 13 +------------
 libavcodec/h264dec.h      |  9 +++++----
 5 files changed, 25 insertions(+), 34 deletions(-)

This merges commit 4fded048 from libav,
originally written by Anton Khirnov and skipped in
fc63d5ce.

 libavcodec/h264_slice.c | 20 +++++++++++++-------
 libavcodec/h264dec.c    |  3 +++
 libavcodec/h264dec.h    |  5 +++++
 3 files changed, 21 insertions(+), 7 deletions(-)

This merges commit a02ae1c6 from libav,
originally written by Anton Khirnov and skipped in
fc63d5ce.

 libavcodec/hevc_parser.c |  6 ++++--
 libavcodec/hevc_ps.c     | 31 ++++++++++++-------------------
 libavcodec/hevc_ps.h     |  2 --
 libavcodec/hevc_refs.c   | 18 +++++-------------
 libavcodec/hevcdec.c     |  7 ++++---
 libavcodec/hevcdec.h     |  2 --
 6 files changed, 25 insertions(+), 41 deletions(-)
Signed-off-by: NJames Almer <jamrial@gmail.com>

Fixes; Timeout
Fixes: 1826/clusterfuzz-testcase-minimized-5728569256837120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

avcodec/aacdec_fixed: Fix runtime error: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'

Fixes: 1825/clusterfuzz-testcase-minimized-6002833050566656

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: Timeout
Fixes: 1818/clusterfuzz-testcase-minimized-5039166473633792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: out of array read
Fixes: 1781/clusterfuzz-testcase-minimized-4617176877105152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Should fix tsan errors in utvideoenc_rgb_left and related tests.

These variables are shared between frame threads, but they are updated
post-setup_finished() if a EOB/EOS slice type occurs. Moving the EOB/EOS
slices to the next frame thread instance (by parsing them leading into
the next picture instead of trailing behind the last picture) effectively
prevents this race condition.

This fixes tsan failures on hevc-conformance-NoOutPrior_A_Qualcomm_1.

This turns CFR duplicated frames into skiped frames

Fixes: Timeout
Fixes: 1719/clusterfuzz-testcase-minimized-6375090079924224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Fixes: 1778/clusterfuzz-testcase-minimized-5128953268273152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

avcodec/wavpack: Fix: runtime error: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'

Fixes: 1776/clusterfuzz-testcase-minimized-6191258231898112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Found-by: jamrial
Signed-off-by: NMichael Niedermayer <michael@niedermayer.cc>

Tested-by: rcombs
Signed-off-by: NJames Almer <jamrial@gmail.com>