From patchwork Mon Mar 28 11:52:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 35011 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:c05:b0:7a:e998:b410 with SMTP id bw5csp174965pzb; Mon, 28 Mar 2022 04:53:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwUjEDNJOavW+PPOFsx9q7UAAVwrk7knmr2qgGs5te5KbJsQuFbmRmNNBaT2IUw2IHIGP+K X-Received: by 2002:a17:906:3a55:b0:6ce:c2ee:3e10 with SMTP id a21-20020a1709063a5500b006cec2ee3e10mr25715663ejf.210.1648468404430; Mon, 28 Mar 2022 04:53:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648468404; cv=none; d=google.com; s=arc-20160816; b=RXOjgNCcPPNreicIpXvWxWHWPVjIllpkdiPUfNFqAwgjTy8FGdUALVtiXzwGF4Nowx y5CAGjHITgSISfPQNu25LY8zd6RMbd3Oh6rB/WsHb4ca9d2nGxRpoqtGtx0Qn5MqJK6x +kHN66UT+3+GmZitBcPWJu4eqXD5QlCozw7ezdV2+GgkU1iSt6aEhLPYcgyjkLTwVfZo /466VqnmnXXFTSB8qelO8HPf5lqsF0UHp/YK6JrBA0rCePNBLU9Z/zUtBRrJG15yF8oc Pk4yznNGjmnAaE1xrTDtN1ELhXDT2810t88C5HFjNTTZDv2+P5dbh6MZqVgQE0iSU+vt wQLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:delivered-to; bh=DfzmUdQXlX/Rm6vSzSbsIu2mA+ZQwhd+wmKDn6cWbqY=; b=ruutjW8hpms0ZJeL0PRfzOFxc53tPSbptTZXrFwEP38qxDaTHxhi2s3jbgLbbL637O Fa+D4lHbC4qU/bQeIKQzPyQt0tmD5efpxooDAgnaqLLo/eeEoHrgdM9Tq4Ds/mMyLDCg xmascP1h37DZrsVj0wpAAGToHv8cvYmZKK2CDY+Y9K7w0/qByRpOsHrpTpKX8KfwlzQd Bxavcr6v5Ju2KxLyHKxXa740i5/K6SQItdJgsYtYNzFhQoEetT3g2vidlc8dWEv12xFR o7h+Xxv9YaGfVa5nnDEgMeeOT4ZSskhxKKMx9jCui2zIeyIoPuC0TvIjTELg9aBdMAkn fzNg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id cb1-20020a0564020b6100b00418c2b5bd57si12336465edb.57.2022.03.28.04.53.23; Mon, 28 Mar 2022 04:53:24 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 06B7568B167; Mon, 28 Mar 2022 14:53:20 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at03-1.mx.upcmail.net (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BE7DC68A70F for ; Mon, 28 Mar 2022 14:53:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1nYnvm-0007RE-Cn for ffmpeg-devel@ffmpeg.org; Mon, 28 Mar 2022 13:53:06 +0200 Received: from ren-mail-psmtp-mg02. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id YnjLn6RFMSgGFYnvmnfNYs; Mon, 28 Mar 2022 13:53:06 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg02. with ESMTP id YnvXnrHlo8eSWYnvXn3d02; Mon, 28 Mar 2022 13:52:51 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=KKE5sHJo c=1 sm=1 tr=0 ts=6241a1a2 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=NEAV23lmAAAA:8 a=IpUFQXIsYts-bYstkN4A:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Mon, 28 Mar 2022 13:52:50 +0200 Message-Id: <20220328115251.24867-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 X-CMAE-Envelope: MS4wfOSpp5/Gb4Fw7DEo+SnbYO6V87l2JxLLNbvN4HPshecZ3jd5x35MMemG7olWaK3rKD5m+l2L6Ug6FwHPi2AopfqX/CGPSXVEFfU2TszgLMpO6IdG+EZN QhIvNDuqU0i9J/jQKmGSNMh2PRXaFKOjinF9IJ4//LqY5CTatGsgPHjosfg4gEBcSEaPr1nZNLug1g== Subject: [FFmpeg-devel] [PATCH 1/2] avcodec/apedec: fix a integer overflow in long_filter_high_3800() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: Zf+55qjTH8vA Fixes: signed integer overflow: -2146549696 - 3923884 cannot be represented in type 'int' Fixes: 45907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5992380584558592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/apedec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index f7f8a88994..65e5d152e0 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -959,7 +959,7 @@ static void long_filter_high_3800(int32_t *buffer, int order, int shift, int len dotprod += delay[j] * (unsigned)coeffs[j]; coeffs[j] += ((delay[j] >> 31) | 1) * sign; } - buffer[i] -= dotprod >> shift; + buffer[i] -= (unsigned)(dotprod >> shift); for (j = 0; j < order - 1; j++) delay[j] = delay[j + 1]; delay[order - 1] = buffer[i]; From patchwork Mon Mar 28 11:52:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 35012 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:c05:b0:7a:e998:b410 with SMTP id bw5csp175042pzb; Mon, 28 Mar 2022 04:53:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwCKQ1fGlDd5J5kIaAMeucK9jYdWpeFl6+HtMppcqy9JQ4HhOxQ5oE6zniV+Lf+g6hpJdRe X-Received: by 2002:a17:906:26c6:b0:6da:ecd5:fd48 with SMTP id u6-20020a17090626c600b006daecd5fd48mr26996663ejc.93.1648468414588; Mon, 28 Mar 2022 04:53:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648468414; cv=none; d=google.com; s=arc-20160816; b=tB4BbJuqDZdYxdTaAJVpIpDvN7u6fmkG1j7QkjjFV1e9mtNHFgnsIx9DQA0WiKrzY/ hbfKi5zADR/CdDT7OC/L0VHhSAtEhzS2EX/VrqM9GYSEWkNDTPjFjrL5efyCZj6MmgIB 7x9/WQLVgUx5N2kzK8EZmP5VDvCbUibawpa4o5hvzUb2Bgt6cntPPzqXG2YP3e4bKf0H 39L8p1P598JrlB2Zk9l4wCwZ1PLZNX+zdc3sswRFlCuNcRERwMR5MwKbUKmMxkhnkoE8 PLoB1QF8/fm/wvmmt48AQgNp2e2I8lKN4Sa0lsNrwdO2HSqg2QA40uIliKReP6l5IgIm 6aHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=APCbrjFbJH5iNwEtMUe3q5nowdOhsM+WBK2LkBmJmLA=; b=vCuZ+BrnwhGvegRiASl6/IpnmrDVDKWap4Chbc95IqH0Pf/mt+zQj4ZZ4rsRlIxDHc XQoLnHdx6IiG3QydyWvfjqQekoMwZdnidYs2jXSLPPzuYSkhOrDLyuBqivFQYJMip75N L4Gr+Ho3OOBKVONsxQoC/Ufibd3qp59ncjuyDKrG1pBJGxlJhalczTQRLba1+7rxCyts /RUF8XnKwWP98chXLysxdh5WXhmZDXKTVD3fpuBt7nfRpv6fKOjCkx0BYtTJJrzy74ii Xq9PQPY8wHksX3PHu4h9ynpBLxxQMP5vPc5c7XjpNX6drUNaQ6+hev7CIGKQXgC5nZRv X56g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id b19-20020a50e793000000b004193b0a8af1si14843780edn.285.2022.03.28.04.53.34; Mon, 28 Mar 2022 04:53:34 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2E1B668B1C7; Mon, 28 Mar 2022 14:53:21 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at03-1.mx.upcmail.net (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id DF9B268A70F for ; Mon, 28 Mar 2022 14:53:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1nYnvn-0007RE-1m for ffmpeg-devel@ffmpeg.org; Mon, 28 Mar 2022 13:53:07 +0200 Received: from ren-mail-psmtp-mg02. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id YnjLn6RFMSgGFYnvnnfNYv; Mon, 28 Mar 2022 13:53:07 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg02. with ESMTP id YnvYnrHm58eSWYnvYn3d04; Mon, 28 Mar 2022 13:52:52 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=KKE5sHJo c=1 sm=1 tr=0 ts=6241a1a3 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=NEAV23lmAAAA:8 a=R6V9MKFt3s4_gC6sfCAA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Mon, 28 Mar 2022 13:52:51 +0200 Message-Id: <20220328115251.24867-2-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220328115251.24867-1-michael@niedermayer.cc> References: <20220328115251.24867-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfISdvvuynjq18scHgwG0kqgg7Qt2HREKxY5N77Lenby95TQx8ljGEyQgBMklNbJaeMcHA7ZlZJ1oAccXk7el8x3GjzFo8upPLbGvPajp8alHtFFoi2Nd 6sQcXw9Gw5qyK0oX9XrJfgYZVYLHeO8BtVWD6eOiWVFH/Zx/KfL4k5gGGG2HpOBUMdWdVwyyCnZv8Q== Subject: [FFmpeg-devel] [PATCH 2/2] avcodec/takdsp: Fix integer overflow in decorrelate_sf() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: FQ4mwkswM1yZ Fixes: signed integer overflow: -101 * 71041254 cannot be represented in type 'int' Fixes: 45938/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-4687974320701440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/takdsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/takdsp.c b/libavcodec/takdsp.c index 9cb8052596..a8f9dba342 100644 --- a/libavcodec/takdsp.c +++ b/libavcodec/takdsp.c @@ -65,7 +65,7 @@ static void decorrelate_sf(int32_t *p1, int32_t *p2, int length, int dshift, int for (i = 0; i < length; i++) { int32_t a = p1[i]; int32_t b = p2[i]; - b = (unsigned)(dfactor * (b >> dshift) + 128 >> 8) << dshift; + b = (unsigned)((int)(dfactor * (unsigned)(b >> dshift) + 128) >> 8) << dshift; p1[i] = b - a; } }