[FFmpeg-cvslog] avcodec/hq_hqa: Fix: runtime error: signed integer overflow: -255 * 10180917 cannot be represented in type 'int'

Michael Niedermayer git at videolan.org
Wed May 17 01:32:06 EEST 2017


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Tue May 16 23:44:24 2017 +0200| [3d9cb583c8f005a260d255853ef5f1c21e8599a0] | committer: Michael Niedermayer

avcodec/hq_hqa: Fix: runtime error: signed integer overflow: -255 * 10180917 cannot be represented in type 'int'

Fixes: 1626/clusterfuzz-testcase-minimized-6416580571299840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3d9cb583c8f005a260d255853ef5f1c21e8599a0
---

 libavcodec/hq_hqa.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/hq_hqa.c b/libavcodec/hq_hqa.c
index 80dc6b5d40..f88ad7d5f5 100644
--- a/libavcodec/hq_hqa.c
+++ b/libavcodec/hq_hqa.c
@@ -83,7 +83,7 @@ static int hq_decode_block(HQContext *c, GetBitContext *gb, int16_t block[64],
         pos += ff_hq_ac_skips[val];
         if (pos >= 64)
             break;
-        block[ff_zigzag_direct[pos]] = (ff_hq_ac_syms[val] * q[pos]) >> 12;
+        block[ff_zigzag_direct[pos]] = (int)(ff_hq_ac_syms[val] * (unsigned)q[pos]) >> 12;
         pos++;
     }
 



More information about the ffmpeg-cvslog mailing list