]> git.sesse.net Git - ffmpeg/commitdiff
projects / ffmpeg / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b6abdb1)
avcodec/apedec: Fixes integer overflow of res+*data in do_apply_filter()
authorMichael Niedermayer <michael@niedermayer.cc>
Tue, 29 Oct 2019 17:30:07 +0000 (18:30 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Wed, 20 Nov 2019 14:50:15 +0000 (15:50 +0100)
Fixes: signed integer overflow: 7400 + 2147482786 cannot be represented in type 'int'
Fixes: 18405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5708834760294400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/apedec.c patch | blob | history

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index cfcf9a06c12a97cad0932b2059a420db8d0faa35..2b5bd759f561c28f8ba0a33c6844e02c71db66af 100644 (file)
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -1272,7 +1272,7 @@ static void do_apply_filter(APEContext *ctx, int version, APEFilter *f,
                                                      f->adaptcoeffs - order,
                                                      order, APESIGN(*data));
         res = (int)(res + (1U << (fracbits - 1))) >> fracbits;
-        res += *data;
+        res += (unsigned)*data;
         *data++ = res;
 
         /* Update the output history */
Unnamed repository; edit this file 'description' to name the repository.