Message ID | 20230113000138.9994-5-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,1/5] avcodec/wbmpdec: use remaining size not whole size | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
On 1/13/23, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: signed integer overflow: -1094995529 * 16 cannot be represented in > type 'int' > Fixes: > 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-6681622236233728 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/sonic.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/sonic.c b/libavcodec/sonic.c > index 77bdb418a7..95ac2b1a96 100644 > --- a/libavcodec/sonic.c > +++ b/libavcodec/sonic.c > @@ -1013,7 +1013,7 @@ static int sonic_decode_frame(AVCodecContext *avctx, > AVFrame *frame, > if (s->lossless) > quant = 1; > else > - quant = get_symbol(&c, state, 0) * SAMPLE_FACTOR; > + quant = get_symbol(&c, state, 0) * (unsigned)SAMPLE_FACTOR; > > // av_log(NULL, AV_LOG_INFO, "quant: %d\n", quant); > > -- > 2.17.1 > You are pointlessly wasting resources on broken bonk clone. > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >
diff --git a/libavcodec/sonic.c b/libavcodec/sonic.c index 77bdb418a7..95ac2b1a96 100644 --- a/libavcodec/sonic.c +++ b/libavcodec/sonic.c @@ -1013,7 +1013,7 @@ static int sonic_decode_frame(AVCodecContext *avctx, AVFrame *frame, if (s->lossless) quant = 1; else - quant = get_symbol(&c, state, 0) * SAMPLE_FACTOR; + quant = get_symbol(&c, state, 0) * (unsigned)SAMPLE_FACTOR; // av_log(NULL, AV_LOG_INFO, "quant: %d\n", quant);
Fixes: signed integer overflow: -1094995529 * 16 cannot be represented in type 'int' Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-6681622236233728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/sonic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)