diff mbox

[FFmpeg-devel] avcodec/ralf: Fix overflows of biased values

Message ID 20191226234325.5495-1-michael@niedermayer.cc
State New
Headers show

Commit Message

Michael Niedermayer Dec. 26, 2019, 11:43 p.m. UTC
Fixes: signed integer overflow: 2003010644 * 2 cannot be represented in type 'int'
Fixes: 19593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5660628006207488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/ralf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer Jan. 30, 2020, 7:39 p.m. UTC | #1
On Fri, Dec 27, 2019 at 12:43:25AM +0100, Michael Niedermayer wrote:
> Fixes: signed integer overflow: 2003010644 * 2 cannot be represented in type 'int'
> Fixes: 19593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5660628006207488
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/ralf.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply

[...]
diff mbox

Patch

diff --git a/libavcodec/ralf.c b/libavcodec/ralf.c
index d8f1803086..5d88b4c943 100644
--- a/libavcodec/ralf.c
+++ b/libavcodec/ralf.c
@@ -60,7 +60,7 @@  typedef struct RALFContext {
     int     filter_bits;     ///< filter precision for the current channel data
     int32_t filter[64];
 
-    int     bias[2];         ///< a constant value added to channel data after filtering
+    unsigned bias[2];        ///< a constant value added to channel data after filtering
 
     int num_blocks;          ///< number of blocks inside the frame
     int sample_offset;