| Message ID | 20170909233252.23566-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | b5995856a4236c27f231210bb08d70688e045192 |
| Headers | show |
On Sun, Sep 10, 2017 at 01:32:50AM +0200, Michael Niedermayer wrote: > Fixes: runtime error: signed integer overflow: 11896 + 2147483646 cannot be represented in type 'int' > Fixes: 3053/clusterfuzz-testcase-minimized-6355082062856192 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> patchset applied [...]
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index f2aed6057d..0abb8b0599 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -1421,7 +1421,7 @@ static void decode_block_params(DiracContext *s, DiracArith arith[8], DiracBlock if (!block->ref) { pred_block_dc(block, stride, x, y); for (i = 0; i < 3; i++) - block->u.dc[i] += dirac_get_arith_int(arith+1+i, CTX_DC_F1, CTX_DC_DATA); + block->u.dc[i] += (unsigned)dirac_get_arith_int(arith+1+i, CTX_DC_F1, CTX_DC_DATA); return; }
Fixes: runtime error: signed integer overflow: 11896 + 2147483646 cannot be represented in type 'int' Fixes: 3053/clusterfuzz-testcase-minimized-6355082062856192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/diracdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)