| Message ID | 20170827233350.5037-2-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 732f9764561558a388c05483ed6a722a5c67b05c |
| Headers | show |
On Mon, Aug 28, 2017 at 01:33:50AM +0200, Michael Niedermayer wrote: > Fixes: runtime error: signed integer overflow: 267 * 8388608 cannot be represented in type 'int' > Fixes: 2743/clusterfuzz-testcase-minimized-5820652076400640 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/snowdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) applied [...]
diff --git a/libavcodec/snowdec.c b/libavcodec/snowdec.c index 734f43e7d1..b74c468ce3 100644 --- a/libavcodec/snowdec.c +++ b/libavcodec/snowdec.c @@ -140,7 +140,7 @@ static inline void decode_subband_slice_buffered(SnowContext *s, SubBand *b, sli v = b->x_coeff[new_index].coeff; x = b->x_coeff[new_index++].x; while(x < w){ - register int t= ( (v>>1)*qmul + qadd)>>QEXPSHIFT; + register int t= (int)( (v>>1)*(unsigned)qmul + qadd)>>QEXPSHIFT; register int u= -(v&1); line[x] = (t^u) - u;
Fixes: runtime error: signed integer overflow: 267 * 8388608 cannot be represented in type 'int' Fixes: 2743/clusterfuzz-testcase-minimized-5820652076400640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/snowdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)