Message ID | 20200725221637.11848-1-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,1/2] avcodec/pgxdec: Fix invalid shift in write_frame_* | expand |
Context | Check | Description |
---|---|---|
andriy/default | pending | |
andriy/make | success | Make finished |
andriy/make_fate | success | Make fate finished |
Michael Niedermayer: > Fixes: left shift of negative value -121 > Fixes: 23911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGX_fuzzer-4986800258154496 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/pgxdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/pgxdec.c b/libavcodec/pgxdec.c > index 93b9f4e7a0..e72ec84152 100644 > --- a/libavcodec/pgxdec.c > +++ b/libavcodec/pgxdec.c > @@ -102,7 +102,7 @@ error: > for (i = 0; i < height; i++) { \ > PIXEL *line = (PIXEL*)frame->data[0] + i*frame->linesize[0]/sizeof(PIXEL); \ > for (j = 0; j < width; j++) { \ > - int val; \ > + unsigned val; \ "unsigned" is longer than "int", so you need to delete a few spaces or the '\' won't be in line with the others any more. - Andreas
On Sun, Jul 26, 2020 at 04:43:12AM +0200, Andreas Rheinhardt wrote: > Michael Niedermayer: > > Fixes: left shift of negative value -121 > > Fixes: 23911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGX_fuzzer-4986800258154496 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/pgxdec.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/pgxdec.c b/libavcodec/pgxdec.c > > index 93b9f4e7a0..e72ec84152 100644 > > --- a/libavcodec/pgxdec.c > > +++ b/libavcodec/pgxdec.c > > @@ -102,7 +102,7 @@ error: > > for (i = 0; i < height; i++) { \ > > PIXEL *line = (PIXEL*)frame->data[0] + i*frame->linesize[0]/sizeof(PIXEL); \ > > for (j = 0; j < width; j++) { \ > > - int val; \ > > + unsigned val; \ > > "unsigned" is longer than "int", so you need to delete a few spaces or > the '\' won't be in line with the others any more. will apply with this fixed thx [...]
diff --git a/libavcodec/pgxdec.c b/libavcodec/pgxdec.c index 93b9f4e7a0..e72ec84152 100644 --- a/libavcodec/pgxdec.c +++ b/libavcodec/pgxdec.c @@ -102,7 +102,7 @@ error: for (i = 0; i < height; i++) { \ PIXEL *line = (PIXEL*)frame->data[0] + i*frame->linesize[0]/sizeof(PIXEL); \ for (j = 0; j < width; j++) { \ - int val; \ + unsigned val; \ if (sign) \ val = (PIXEL)bytestream2_get_ ##suffix(g) + (1 << (depth - 1)); \ else \
Fixes: left shift of negative value -121 Fixes: 23911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGX_fuzzer-4986800258154496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/pgxdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)