| Message ID | 20190621232936.11052-3-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | e9dd3c7126097d7c8d4f137db9957b81a219aa2c |
| Headers | show |
On Sat, Jun 22, 2019 at 01:29:33AM +0200, Michael Niedermayer wrote: > Fixes: signed integer overflow: 6494225984479297536 - -6043795377581187040 cannot be represented in type 'long' > Fixes: 15285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5632780307791872 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/ffwavesynth.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply [...]
Michael Niedermayer (12019-07-08): > On Sat, Jun 22, 2019 at 01:29:33AM +0200, Michael Niedermayer wrote: > > Fixes: signed integer overflow: 6494225984479297536 - -6043795377581187040 cannot be represented in type 'long' > > Fixes: 15285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5632780307791872 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/ffwavesynth.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > will apply Sorry, I thought I missed the spot and you already applied it. This patch could be merged with this one: avcodec/ffwavesynth: More correct cast in wavesynth_seek() but it is not very important. As for: avcodec/ffwavesynth: Fix backward lcg_seek() avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative case If you checked they generate the same sequence, then ok and thanks. If not, then I can do the testing tomorrow. Regards,
Nicolas George (12019-07-19): > Sorry, I thought I missed the spot and you already applied it. > > This patch could be merged with this one: > > avcodec/ffwavesynth: More correct cast in wavesynth_seek() > > but it is not very important. > > As for: > > avcodec/ffwavesynth: Fix backward lcg_seek() > avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative case > > If you checked they generate the same sequence, then ok and thanks. If > not, then I can do the testing tomorrow. I tested with the following testing code, and the new version behaves perfectly. I do not believe this requires including the test program as part of the code base. It would have been if somebody had not had the bad idea of removing the possibility of having just "#if TEST \n int main() {...}" for quick tests. Regards,
diff --git a/libavcodec/ffwavesynth.c b/libavcodec/ffwavesynth.c index b2cc7c8fc1..793eada7a5 100644 --- a/libavcodec/ffwavesynth.c +++ b/libavcodec/ffwavesynth.c @@ -215,7 +215,7 @@ static void wavesynth_seek(struct wavesynth_context *ws, int64_t ts) ws->next_inter = i; ws->next_ts = i < ws->nb_inter ? ws->inter[i].ts_start : INF_TS; *last = -1; - lcg_seek(&ws->dither_state, ts - ws->cur_ts); + lcg_seek(&ws->dither_state, (uint32_t)ts - ws->cur_ts); if (ws->pink_need) { int64_t pink_ts_cur = (ws->cur_ts + PINK_UNIT - 1) & ~(PINK_UNIT - 1); int64_t pink_ts_next = ts & ~(PINK_UNIT - 1);
Fixes: signed integer overflow: 6494225984479297536 - -6043795377581187040 cannot be represented in type 'long' Fixes: 15285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5632780307791872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/ffwavesynth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)