[FFmpeg-cvslog] avcodec/alsdec: Fix integer overflow in decode_var_block_data()

Michael Niedermayer git at videolan.org
Wed Sep 4 22:26:34 EEST 2019


ffmpeg | branch: release/4.2 | Michael Niedermayer <michael at niedermayer.cc> | Mon Aug 19 01:30:53 2019 +0200| [61268f24540a54e7ffe134aad9e46e00bb862789] | committer: Michael Niedermayer

avcodec/alsdec: Fix integer overflow in decode_var_block_data()

Fixes: signed integer overflow: 1927975249 - -514719744 cannot be represented in type 'int'
Fixes: 16413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5651206856245248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Thilo Borgmann <thilo.borgmann at mail.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 661a9b274b0181b2e36ff21fd13840f35992bea6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=61268f24540a54e7ffe134aad9e46e00bb862789
---

 libavcodec/alsdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index 1fdd0cb0fe..11bbd38f58 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -951,7 +951,7 @@ static int decode_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)
 
         // reconstruct difference signal for prediction (joint-stereo)
         if (bd->js_blocks && bd->raw_other) {
-            int32_t *left, *right;
+            uint32_t *left, *right;
 
             if (bd->raw_other > raw_samples) {  // D = R - L
                 left  = raw_samples;



More information about the ffmpeg-cvslog mailing list