Message ID | 20230220192929.4493-6-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | a02e45a1f3cc6f07c7437c1e225dea2683f843cf |
Headers | show |
Series | [FFmpeg-devel,1/6] avformat/mov: Check samplesize and offset to avoid integer overflow | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
diff --git a/libavcodec/rka.c b/libavcodec/rka.c index 1eb2289e58..2212e3f930 100644 --- a/libavcodec/rka.c +++ b/libavcodec/rka.c @@ -724,7 +724,7 @@ static int decode_filter(RKAContext *s, ChContext *ctx, ACoder *ac, int off, uns src = &ctx->buf1[off + -1]; for (int i = 0; i < filt.size && i < 15; i++) sum += filt.coeffs[i] * (unsigned)src[-i]; - sum = sum * 2; + sum = sum * 2U; for (int i = 15; i < filt.size; i++) sum += filt.coeffs[i] * (unsigned)src[-i]; sum = sum >> 6;
Fixes: signed integer overflow: -2124073172 * 2 cannot be represented in type 'int' Fixes: 56099/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-4530933127839744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/rka.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)