[FFmpeg-cvslog] avcodec/wavarc: Avoid signed integer overflow in sample

Michael Niedermayer git at videolan.org
Wed Mar 27 00:24:20 EET 2024


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Tue Mar 26 03:10:14 2024 +0100| [6009dd07bd2bde72f2e01723678c1994ecef035e] | committer: Michael Niedermayer

avcodec/wavarc: Avoid signed integer overflow in sample

Fixes: signed integer overflow: -2147483648 + -25122315 cannot be represented in type 'int'
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6199806972198912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6009dd07bd2bde72f2e01723678c1994ecef035e
---

 libavcodec/wavarc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c
index 09ed4d473a..99cbaf0109 100644
--- a/libavcodec/wavarc.c
+++ b/libavcodec/wavarc.c
@@ -374,7 +374,7 @@ static int decode_2slp(AVCodecContext *avctx,
                 for (int o = 0; o < order; o++)
                     sum += s->filter[ch][o] * (unsigned)samples[n + 70 - o - 1];
 
-                samples[n + 70] = get_srice(gb, k) + (sum >> 4);
+                samples[n + 70] = get_srice(gb, k) + (unsigned)(sum >> 4);
             }
             finished = 1;
             break;



More information about the ffmpeg-cvslog mailing list