Message ID | 20171120202648.7321-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 97c00edaa043043c29d985653e7e1687b56dfa23 |
Headers | show |
On Mon, Nov 20, 2017 at 09:26:48PM +0100, Michael Niedermayer wrote: > The outputted bits should match what is used in the lossless check > > Fixes: runtime error: signed integer overflow: -538697856 * 256 cannot be represented in type 'int' > Fixes: 4326/clusterfuzz-testcase-minimized-5689449645080576 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/mlpdsp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) applied [...]
diff --git a/libavcodec/mlpdsp.c b/libavcodec/mlpdsp.c index 4e3a16c781..32a4503b64 100644 --- a/libavcodec/mlpdsp.c +++ b/libavcodec/mlpdsp.c @@ -117,7 +117,7 @@ int32_t ff_mlp_pack_output(int32_t lossless_check_data, (1U << output_shift[mat_ch]); lossless_check_data ^= (sample & 0xffffff) << mat_ch; if (is32) - *data_32++ = sample * 256; + *data_32++ = sample * 256U; else *data_16++ = sample >> 8; }
The outputted bits should match what is used in the lossless check Fixes: runtime error: signed integer overflow: -538697856 * 256 cannot be represented in type 'int' Fixes: 4326/clusterfuzz-testcase-minimized-5689449645080576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/mlpdsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)