Message ID | 20190114232943.10560-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | c95d0fb23917c35886f3b62daa05af20d2700a1e |
Headers | show |
On Tue, Jan 15, 2019 at 12:29:42AM +0100, Michael Niedermayer wrote: > webrtc contains explicit code to ignore the undefined behavior (RTC_NO_SANITIZE / OverflowingAddS32S32ToS32()) > > Probably fixes: Integer overflow (unreproducable here) > Probably fixes: 12215/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5767142427852800 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/ilbcdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply patchset [...]
diff --git a/libavcodec/ilbcdec.c b/libavcodec/ilbcdec.c index 50012c0231..643547f4ab 100644 --- a/libavcodec/ilbcdec.c +++ b/libavcodec/ilbcdec.c @@ -745,7 +745,7 @@ static void construct_vector ( for (j = 0; j < veclen; j++) { a32 = SPL_MUL_16_16(*gainPtr++, cbvec0[j]); a32 += SPL_MUL_16_16(*gainPtr++, cbvec1[j]); - a32 += SPL_MUL_16_16(*gainPtr, cbvec2[j]); + a32 += (unsigned)SPL_MUL_16_16(*gainPtr, cbvec2[j]); gainPtr -= 2; decvector[j] = (a32 + 8192) >> 14; }
webrtc contains explicit code to ignore the undefined behavior (RTC_NO_SANITIZE / OverflowingAddS32S32ToS32()) Probably fixes: Integer overflow (unreproducable here) Probably fixes: 12215/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5767142427852800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/ilbcdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)