[FFmpeg-cvslog] avcodec/aacdec_template: fix integer overflow in imdct_and_windowing()
Michael Niedermayer
git at videolan.org
Sun Aug 11 20:15:46 EEST 2019
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Jul 10 00:04:02 2019 +0200| [da93e2b14218c4ab0fda60e21882a4633aac5748] | committer: Michael Niedermayer
avcodec/aacdec_template: fix integer overflow in imdct_and_windowing()
Fixes: signed integer overflow: 2147483645 + 4 cannot be represented in type 'int'
Fixes: 15418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5685269069561856
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=da93e2b14218c4ab0fda60e21882a4633aac5748
---
libavcodec/aacdec_template.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
index 28765c768d..6e086e00df 100644
--- a/libavcodec/aacdec_template.c
+++ b/libavcodec/aacdec_template.c
@@ -2659,7 +2659,7 @@ static void imdct_and_windowing(AACContext *ac, SingleChannelElement *sce)
ac->mdct.imdct_half(&ac->mdct, buf, in);
#if USE_FIXED
for (i=0; i<1024; i++)
- buf[i] = (buf[i] + 4) >> 3;
+ buf[i] = (buf[i] + 4LL) >> 3;
#endif /* USE_FIXED */
}
More information about the ffmpeg-cvslog
mailing list