[FFmpeg-cvslog] avcodec/g723_1: Fix runtime error: signed integer overflow: -1013481472 + -1139123755 cannot be represented in type 'int'
Michael Niedermayer
git at videolan.org
Tue May 23 05:06:40 EEST 2017
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Tue May 23 03:43:51 2017 +0200| [504d5804ac5337f35d16aacbef5f7eb5348434e9] | committer: Michael Niedermayer
avcodec/g723_1: Fix runtime error: signed integer overflow: -1013481472 + -1139123755 cannot be represented in type 'int'
See: LsptoA() and L_add()
Fixes: 1758/clusterfuzz-testcase-minimized-6054857184116736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=504d5804ac5337f35d16aacbef5f7eb5348434e9
---
libavcodec/g723_1.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/g723_1.c b/libavcodec/g723_1.c
index 78ce922266..1deff495de 100644
--- a/libavcodec/g723_1.c
+++ b/libavcodec/g723_1.c
@@ -150,8 +150,8 @@ static void lsp2lpc(int16_t *lpc)
* each iteration for a final scaling factor of Q25
*/
for (i = 2; i < LPC_ORDER / 2; i++) {
- f1[i + 1] = f1[i - 1] + MULL2(f1[i], lpc[2 * i]);
- f2[i + 1] = f2[i - 1] + MULL2(f2[i], lpc[2 * i + 1]);
+ f1[i + 1] = av_clipl_int32(f1[i - 1] + (int64_t)MULL2(f1[i], lpc[2 * i]));
+ f2[i + 1] = av_clipl_int32(f2[i - 1] + (int64_t)MULL2(f2[i], lpc[2 * i + 1]));
for (j = i; j >= 2; j--) {
f1[j] = MULL2(f1[j - 1], lpc[2 * i]) +
More information about the ffmpeg-cvslog
mailing list