[FFmpeg-cvslog] avcodec/adpcm: Fix integer overflow in ADPCM THP
Michael Niedermayer
git at videolan.org
Wed May 13 10:04:09 EEST 2020
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Feb 12 21:30:08 2020 +0100| [b12b05374f7025167e2c43449ceb8ba3f0a6083f] | committer: Michael Niedermayer
avcodec/adpcm: Fix integer overflow in ADPCM THP
The reference (thp.txt) uses floats so wrap around would seem incorrect.
Fixes: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'
Fixes: 20658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_THP_fuzzer-5646302555930624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b12b05374f7025167e2c43449ceb8ba3f0a6083f
---
libavcodec/adpcm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c
index 846ec5ef9c..dc4a9222af 100644
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@@ -1853,8 +1853,8 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data,
int byte = bytestream2_get_byteu(&gb);
int index = (byte >> 4) & 7;
unsigned int exp = byte & 0x0F;
- int factor1 = table[ch][index * 2];
- int factor2 = table[ch][index * 2 + 1];
+ int64_t factor1 = table[ch][index * 2];
+ int64_t factor2 = table[ch][index * 2 + 1];
/* Decode 14 samples. */
for (n = 0; n < 14 && (i * 14 + n < nb_samples); n++) {
More information about the ffmpeg-cvslog
mailing list