[FFmpeg-cvslog] avcodec/clearvideo: Fix runtime error: signed integer overflow: 181 * 18050756 cannot be represented in type 'int'
Michael Niedermayer
git at videolan.org
Tue May 9 02:29:39 EEST 2017
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Tue May 9 00:14:44 2017 +0200| [28230a690e73deca54eac9ae98bbcb2cecc27dd6] | committer: Michael Niedermayer
avcodec/clearvideo: Fix runtime error: signed integer overflow: 181 * 18050756 cannot be represented in type 'int'
Fixes: 1417/clusterfuzz-testcase-minimized-6606778030620672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=28230a690e73deca54eac9ae98bbcb2cecc27dd6
---
libavcodec/clearvideo.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/clearvideo.c b/libavcodec/clearvideo.c
index 060affeafd..27b00ce820 100644
--- a/libavcodec/clearvideo.c
+++ b/libavcodec/clearvideo.c
@@ -189,8 +189,8 @@ static inline int decode_block(CLVContext *ctx, int16_t *blk, int has_ac,
const int t7 = ((blk[0 * step] - blk[4 * step]) * (1 << dshift)) + bias; \
const int t8 = t0 + t2; \
const int t9 = t0 - t2; \
- const int tA = 181 * (t9 + (t1 - t3)) + 0x80 >> 8; \
- const int tB = 181 * (t9 - (t1 - t3)) + 0x80 >> 8; \
+ const int tA = (int)(181U * (t9 + (t1 - t3)) + 0x80) >> 8; \
+ const int tB = (int)(181U * (t9 - (t1 - t3)) + 0x80) >> 8; \
const int tC = t1 + t3; \
\
blk[0 * step] = (t6 + t5 + t8) >> shift; \
More information about the ffmpeg-cvslog
mailing list