diff mbox

[FFmpeg-devel,1/6] avcodec/tta: Fix integer overflow in prediction

Message ID 20190812001719.9247-1-michael@niedermayer.cc
State New
Headers show

Commit Message

Michael Niedermayer Aug. 12, 2019, 12:17 a.m. UTC 
Fixes: signed integer overflow: -395281576 + -1827578048 cannot be represented in type 'int'
Fixes: 16038/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5646109705240576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/tta.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer Aug. 29, 2019, 1:20 p.m. UTC | #1 
On Mon, Aug 12, 2019 at 02:17:14AM +0200, Michael Niedermayer wrote:
> Fixes: signed integer overflow: -395281576 + -1827578048 cannot be represented in type 'int'
> Fixes: 16038/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5646109705240576
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/tta.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply

[...]
diff mbox

Patch

diff --git a/libavcodec/tta.c b/libavcodec/tta.c
index 4d27fcd555..ec2a9c3a43 100644
--- a/libavcodec/tta.c
+++ b/libavcodec/tta.c
@@ -227,7 +227,7 @@  static int tta_decode_frame(AVCodecContext *avctx, void *data,
     GetBitContext gb;
     int i, ret;
     int cur_chan = 0, framelen = s->frame_length;
-    int32_t *p;
+    uint32_t *p;
 
     if (avctx->err_recognition & AV_EF_CRCCHECK) {
         if (buf_size < 4 ||