Message ID | 20201123004304.23464-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 4dfb7ff528c02afbafba14676c139ecb82164c44 |
Headers | show |
Series | [FFmpeg-devel,1/6] avcodec/vp9dsp_template: Fix integer overflows in itxfm_wrapper | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
On Mon, Nov 23, 2020 at 01:42:59AM +0100, Michael Niedermayer wrote: > Fixes: signed integer overflow: 2147483641 + 32 cannot be represented in type 'int' > Fixes: 27452/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5078752576667648 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/vp9dsp_template.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) will apply remaining patches of this set [...]
diff --git a/libavcodec/vp9dsp_template.c b/libavcodec/vp9dsp_template.c index 3acf94c583..9b11661704 100644 --- a/libavcodec/vp9dsp_template.c +++ b/libavcodec/vp9dsp_template.c @@ -1138,7 +1138,7 @@ static void type_a##_##type_b##_##sz##x##sz##_add_c(uint8_t *_dst, \ for (j = 0; j < sz; j++) \ dst[j * stride] = av_clip_pixel(dst[j * stride] + \ (bits ? \ - (t + (1 << (bits - 1))) >> bits : \ + (int)(t + (1U << (bits - 1))) >> bits : \ t)); \ dst++; \ } \ @@ -1153,7 +1153,7 @@ static void type_a##_##type_b##_##sz##x##sz##_add_c(uint8_t *_dst, \ for (j = 0; j < sz; j++) \ dst[j * stride] = av_clip_pixel(dst[j * stride] + \ (bits ? \ - (out[j] + (1 << (bits - 1))) >> bits : \ + (int)(out[j] + (1U << (bits - 1))) >> bits : \ out[j])); \ dst++; \ } \
Fixes: signed integer overflow: 2147483641 + 32 cannot be represented in type 'int' Fixes: 27452/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5078752576667648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/vp9dsp_template.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)