[FFmpeg-devel,3/3] avcodec/interplayacm: Fix overflow of last unused value

Submitted by Michael Niedermayer on Oct. 25, 2019, 1:02 p.m.

Details

Message ID 20191025130218.26463-3-michael@niedermayer.cc
State Accepted
Commit 10eabb8e40df0ad84470d750f903917f4a05cb1f
Headers show

Commit Message

Michael Niedermayer Oct. 25, 2019, 1:02 p.m.
Fixes: signed integer overflow: -2147450880 - 65535 cannot be represented in type 'int'
Fixes: 18393/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5667520110919680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/interplayacm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer Nov. 9, 2019, 5:04 p.m.
On Fri, Oct 25, 2019 at 03:02:18PM +0200, Michael Niedermayer wrote:
> Fixes: signed integer overflow: -2147450880 - 65535 cannot be represented in type 'int'
> Fixes: 18393/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5667520110919680
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/interplayacm.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply

[...]

Patch hide | download patch | download mbox

diff --git a/libavcodec/interplayacm.c b/libavcodec/interplayacm.c
index cff79eb6b2..3704d1a2f2 100644
--- a/libavcodec/interplayacm.c
+++ b/libavcodec/interplayacm.c
@@ -529,7 +529,7 @@  static int decode_block(InterplayACMContext *s)
 
     for (i = 1, x = -val; i <= count; i++) {
         s->midbuf[-i] = x;
-        x -= val;
+        x -= (unsigned)val;
     }
 
     ret = fill_block(s);