[FFmpeg-devel,1/6] avcodec/tta: Fix integer overflow in prediction

Submitted by Michael Niedermayer on Aug. 12, 2019, 12:17 a.m.

Details

Message ID 20190812001719.9247-1-michael@niedermayer.cc
State New
Headers show

Commit Message

Michael Niedermayer Aug. 12, 2019, 12:17 a.m.
Fixes: signed integer overflow: -395281576 + -1827578048 cannot be represented in type 'int'
Fixes: 16038/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5646109705240576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/tta.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/libavcodec/tta.c b/libavcodec/tta.c
index 4d27fcd555..ec2a9c3a43 100644
--- a/libavcodec/tta.c
+++ b/libavcodec/tta.c
@@ -227,7 +227,7 @@  static int tta_decode_frame(AVCodecContext *avctx, void *data,
     GetBitContext gb;
     int i, ret;
     int cur_chan = 0, framelen = s->frame_length;
-    int32_t *p;
+    uint32_t *p;
 
     if (avctx->err_recognition & AV_EF_CRCCHECK) {
         if (buf_size < 4 ||