| Message ID | 20190818233054.2069-2-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 661a9b274b0181b2e36ff21fd13840f35992bea6 |
| Headers | show |
Am 19.08.19 um 01:30 schrieb Michael Niedermayer: > Fixes: signed integer overflow: 1927975249 - -514719744 cannot be represented in type 'int' > Fixes: 16413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5651206856245248 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/alsdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c > index 425cf73be9..4794556aad 100644 > --- a/libavcodec/alsdec.c > +++ b/libavcodec/alsdec.c > @@ -953,7 +953,7 @@ static int decode_var_block_data(ALSDecContext *ctx, ALSBlockData *bd) > > // reconstruct difference signal for prediction (joint-stereo) > if (bd->js_blocks && bd->raw_other) { > - int32_t *left, *right; > + uint32_t *left, *right; > > if (bd->raw_other > raw_samples) { // D = R - L > left = raw_samples; > LGTM -Thilo
On Mon, Aug 19, 2019 at 07:41:56AM +0200, Thilo Borgmann wrote: > Am 19.08.19 um 01:30 schrieb Michael Niedermayer: > > Fixes: signed integer overflow: 1927975249 - -514719744 cannot be represented in type 'int' > > Fixes: 16413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5651206856245248 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/alsdec.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c > > index 425cf73be9..4794556aad 100644 > > --- a/libavcodec/alsdec.c > > +++ b/libavcodec/alsdec.c > > @@ -953,7 +953,7 @@ static int decode_var_block_data(ALSDecContext *ctx, ALSBlockData *bd) > > > > // reconstruct difference signal for prediction (joint-stereo) > > if (bd->js_blocks && bd->raw_other) { > > - int32_t *left, *right; > > + uint32_t *left, *right; > > > > if (bd->raw_other > raw_samples) { // D = R - L > > left = raw_samples; > > > > LGTM will apply thx [...]
diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index 425cf73be9..4794556aad 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -953,7 +953,7 @@ static int decode_var_block_data(ALSDecContext *ctx, ALSBlockData *bd) // reconstruct difference signal for prediction (joint-stereo) if (bd->js_blocks && bd->raw_other) { - int32_t *left, *right; + uint32_t *left, *right; if (bd->raw_other > raw_samples) { // D = R - L left = raw_samples;
Fixes: signed integer overflow: 1927975249 - -514719744 cannot be represented in type 'int' Fixes: 16413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5651206856245248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/alsdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)