[FFmpeg-cvslog] avcodec/cfhd: Avoid signed integer overflow in coeff
Michael Niedermayer
git at videolan.org
Tue Mar 29 02:27:18 EEST 2022
ffmpeg | branch: release/5.0 | Michael Niedermayer <michael at niedermayer.cc> | Mon Jan 17 14:16:39 2022 +0100| [f1ae88029830e64d348a7ae86a5f12babe0afcb4] | committer: Michael Niedermayer
avcodec/cfhd: Avoid signed integer overflow in coeff
Fixes: signed integer overflow: 15244032 * 256 cannot be represented in type 'int'
Fixes: 43504/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4865014842916864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cd6ac013a00373126bf3d313743d39b5edd5428a)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f1ae88029830e64d348a7ae86a5f12babe0afcb4
---
libavcodec/cfhd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
index 008a6360b6..ac7826250f 100644
--- a/libavcodec/cfhd.c
+++ b/libavcodec/cfhd.c
@@ -838,7 +838,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
const uint16_t q = s->quantisation;
for (i = 0; i < run; i++) {
- *coeff_data |= coeff * 256;
+ *coeff_data |= coeff * 256U;
*coeff_data++ *= q;
}
} else {
@@ -869,7 +869,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
const uint16_t q = s->quantisation;
for (i = 0; i < run; i++) {
- *coeff_data |= coeff * 256;
+ *coeff_data |= coeff * 256U;
*coeff_data++ *= q;
}
} else {
More information about the ffmpeg-cvslog
mailing list