[FFmpeg-devel] [PATCH 2/2] avutil/tx_priv: Use unsigned in BF() to avoid signed overflows

Sun Jan 22 02:02:22 EET 2023

Fixes: signed integer overflow: 100183269 - -2132769113 cannot be represented in type 'int'
Fixes: 55063/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5039294027005952

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavutil/tx_priv.h | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/libavutil/tx_priv.h b/libavutil/tx_priv.h
index 72f336eea7..d5ff8e1421 100644
--- a/libavutil/tx_priv.h
+++ b/libavutil/tx_priv.h
@@ -102,6 +102,12 @@ typedef void TXComplex;
 
 #define FOLD(a, b) ((a) + (b))
 
+#define BF(x, y, a, b)  \
+    do {                \
+        x = (a) - (b);  \
+        y = (a) + (b);  \
+    } while (0)
+
 #elif defined(TX_INT32)
 
 /* Properly rounds the result */
@@ -132,14 +138,14 @@ typedef void TXComplex;
 
 #define FOLD(x, y) ((int32_t)((x) + (unsigned)(y) + 32) >> 6)
 
-#endif /* TX_INT32 */
-
 #define BF(x, y, a, b)  \
     do {                \
-        x = (a) - (b);  \
-        y = (a) + (b);  \
+        x = (a) - (unsigned)(b);  \
+        y = (a) + (unsigned)(b);  \
     } while (0)
 
+#endif /* TX_INT32 */
+
 #define CMUL3(c, a, b) CMUL((c).re, (c).im, (a).re, (a).im, (b).re, (b).im)
 
 /* Codelet flags, used to pick codelets. Must be a superset of enum AVTXFlags,
-- 
2.17.1

