[FFmpeg-cvslog] avcodec/ra144: Fix runtime error: signed integer overflow: -2200 * 1033073 cannot be represented in type 'int'
Michael Niedermayer
git at videolan.org
Sun Jun 18 17:34:55 EEST 2017
ffmpeg | branch: release/3.1 | Michael Niedermayer <michael at niedermayer.cc> | Sun Jun 11 00:45:20 2017 +0200| [9f5ada68805113d96b26ec0eee7748714a7910d4] | committer: Michael Niedermayer
avcodec/ra144: Fix runtime error: signed integer overflow: -2200 * 1033073 cannot be represented in type 'int'
Fixes: 2175/clusterfuzz-testcase-minimized-5809657849315328
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 71da0a5c9750e9fd0c9609470f610d32952923eb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9f5ada68805113d96b26ec0eee7748714a7910d4
---
libavcodec/ra144.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/ra144.c b/libavcodec/ra144.c
index 2ed7361e38..c077b7b327 100644
--- a/libavcodec/ra144.c
+++ b/libavcodec/ra144.c
@@ -1601,7 +1601,7 @@ void ff_eval_coefs(int *coefs, const int *refl)
b1[i] = refl[i] * 16;
for (j=0; j < i; j++)
- b1[j] = ((refl[i] * b2[i-j-1]) >> 12) + b2[j];
+ b1[j] = ((int)(refl[i] * (unsigned)b2[i-j-1]) >> 12) + b2[j];
FFSWAP(int *, b1, b2);
}
More information about the ffmpeg-cvslog
mailing list