[FFmpeg-cvslog] avcodec/ralf: Fix integer overflow in decode_channel()
Michael Niedermayer
git at videolan.org
Sat Sep 28 20:24:32 EEST 2019
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sat Sep 14 14:26:49 2019 +0200| [fbb314b6f2c2b77608442966f28aac20343a1cae] | committer: Michael Niedermayer
avcodec/ralf: Fix integer overflow in decode_channel()
Fixes: signed integer overflow: -1094995519 * 64 cannot be represented in type 'int'
Fixes: 17030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5640695838146560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fbb314b6f2c2b77608442966f28aac20343a1cae
---
libavcodec/ralf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/ralf.c b/libavcodec/ralf.c
index 75c9371b95..006ab46414 100644
--- a/libavcodec/ralf.c
+++ b/libavcodec/ralf.c
@@ -300,8 +300,8 @@ static int decode_channel(RALFContext *ctx, GetBitContext *gb, int ch,
t = get_vlc2(gb, code_vlc->table, code_vlc->bits, 2);
code1 = t / range2;
code2 = t % range2;
- dst[i] = extend_code(gb, code1, range, 0) * (1 << add_bits);
- dst[i + 1] = extend_code(gb, code2, range, 0) * (1 << add_bits);
+ dst[i] = extend_code(gb, code1, range, 0) * (1U << add_bits);
+ dst[i + 1] = extend_code(gb, code2, range, 0) * (1U << add_bits);
if (add_bits) {
dst[i] |= get_bits(gb, add_bits);
dst[i + 1] |= get_bits(gb, add_bits);
More information about the ffmpeg-cvslog
mailing list