| Message ID | 20221106123430.1668-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | f4df49eb483fc49026a8d5578983376347d8e532 |
| Headers | show |
| Series | [FFmpeg-devel,1/7] avcodec/bonk: Use unsigned in predictor_calc_error() to avoid undefined overflows | expand |
| Context | Check | Description |
|---|---|---|
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
On 11/6/22, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: signed integer overflow: 22 * -2107998208 cannot be represented in > type 'int' > Fixes: > 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/bonk.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c > index 1695229dbd..9e8892e4db 100644 > --- a/libavcodec/bonk.c > +++ b/libavcodec/bonk.c > @@ -278,7 +278,7 @@ static int predictor_calc_error(int *k, int *state, int > order, int error) > *state_ptr = &(state[order-2]); > > for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) { > - int k_value = *k_ptr, state_value = *state_ptr; > + unsigned k_value = *k_ptr, state_value = *state_ptr; > > x -= shift_down(k_value * state_value, LATTICE_SHIFT); > state_ptr[1] = state_value + shift_down(k_value * x, > LATTICE_SHIFT); > -- > 2.17.1 > probably fine. > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >
On Sun, Nov 06, 2022 at 07:31:23PM +0100, Paul B Mahol wrote: > On 11/6/22, Michael Niedermayer <michael@niedermayer.cc> wrote: > > Fixes: signed integer overflow: 22 * -2107998208 cannot be represented in > > type 'int' > > Fixes: > > 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/bonk.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c > > index 1695229dbd..9e8892e4db 100644 > > --- a/libavcodec/bonk.c > > +++ b/libavcodec/bonk.c > > @@ -278,7 +278,7 @@ static int predictor_calc_error(int *k, int *state, int > > order, int error) > > *state_ptr = &(state[order-2]); > > > > for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) { > > - int k_value = *k_ptr, state_value = *state_ptr; > > + unsigned k_value = *k_ptr, state_value = *state_ptr; > > > > x -= shift_down(k_value * state_value, LATTICE_SHIFT); > > state_ptr[1] = state_value + shift_down(k_value * x, > > LATTICE_SHIFT); > > -- > > 2.17.1 > > > > probably fine. will apply thx [...]
diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c index 1695229dbd..9e8892e4db 100644 --- a/libavcodec/bonk.c +++ b/libavcodec/bonk.c @@ -278,7 +278,7 @@ static int predictor_calc_error(int *k, int *state, int order, int error) *state_ptr = &(state[order-2]); for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) { - int k_value = *k_ptr, state_value = *state_ptr; + unsigned k_value = *k_ptr, state_value = *state_ptr; x -= shift_down(k_value * state_value, LATTICE_SHIFT); state_ptr[1] = state_value + shift_down(k_value * x, LATTICE_SHIFT);
Fixes: signed integer overflow: 22 * -2107998208 cannot be represented in type 'int' Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/bonk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)