[FFmpeg-cvslog] avcodec/apedec: Fix 2 signed overflows
Michael Niedermayer
git at videolan.org
Mon Aug 5 20:50:21 EEST 2019
ffmpeg | branch: release/4.2 | Michael Niedermayer <michael at niedermayer.cc> | Sun Aug 4 09:46:34 2019 +0200| [739f93ebe1a2da7ec7072101dd354adfbe0b00f4] | committer: Michael Niedermayer
avcodec/apedec: Fix 2 signed overflows
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: signed integer overflow: 2049431315 + 262759074 cannot be represented in type 'int'
Fixes: 16012/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5719016003338240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 392c028cd23d128f33d93b2159eed5de42f72b4d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=739f93ebe1a2da7ec7072101dd354adfbe0b00f4
---
libavcodec/apedec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 1a86ac1786..b9df8c6b12 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -589,7 +589,7 @@ static void decode_array_0000(APEContext *ctx, GetBitContext *gb,
int32_t *out, APERice *rice, int blockstodecode)
{
int i;
- int ksummax, ksummin;
+ unsigned ksummax, ksummin;
rice->ksum = 0;
for (i = 0; i < FFMIN(blockstodecode, 5); i++) {
@@ -836,7 +836,7 @@ static av_always_inline int filter_fast_3320(APEPredictor *p,
else
p->coeffsA[filter][0]--;
- p->filterA[filter] += p->lastA[filter];
+ p->filterA[filter] += (unsigned)p->lastA[filter];
return p->filterA[filter];
}
More information about the ffmpeg-cvslog
mailing list