[FFmpeg-devel] [PATCH] avcodec/mjpegdec: Fixes runtime error: signed integer overflow: -24543 * 2031616 cannot be represented in type 'int'
wm4
nfxjfg at googlemail.com
Sun Mar 26 19:51:11 EEST 2017
On Sun, 26 Mar 2017 18:11:01 +0200
Michael Niedermayer <michael at niedermayer.cc> wrote:
> Fixes: 943/clusterfuzz-testcase-5114865297391616
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/mjpegdec.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
> index f26e8a3f9a..e08b045fe7 100644
> --- a/libavcodec/mjpegdec.c
> +++ b/libavcodec/mjpegdec.c
> @@ -757,7 +757,8 @@ static int decode_block_progressive(MJpegDecodeContext *s, int16_t *block,
> uint16_t *quant_matrix,
> int ss, int se, int Al, int *EOBRUN)
> {
> - int code, i, j, level, val, run;
> + int code, i, j, val, run;
> + SUINT level;
>
> if (*EOBRUN) {
> (*EOBRUN)--;
Please make the type either signed or unsigned. Making it both
(depending on the debug level) just to make the fuzzer happy (or
something more complicated than that?) isn't a good idea. You probably
want to make it always unsigned?
More information about the ffmpeg-devel
mailing list