[FFmpeg-devel] [PATCH 1/6] avcodec/tta: Fix integer overflow in prediction
Michael Niedermayer
michael at niedermayer.cc
Mon Aug 12 03:17:14 EEST 2019
Fixes: signed integer overflow: -395281576 + -1827578048 cannot be represented in type 'int'
Fixes: 16038/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5646109705240576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/tta.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/tta.c b/libavcodec/tta.c
index 4d27fcd555..ec2a9c3a43 100644
--- a/libavcodec/tta.c
+++ b/libavcodec/tta.c
@@ -227,7 +227,7 @@ static int tta_decode_frame(AVCodecContext *avctx, void *data,
GetBitContext gb;
int i, ret;
int cur_chan = 0, framelen = s->frame_length;
- int32_t *p;
+ uint32_t *p;
if (avctx->err_recognition & AV_EF_CRCCHECK) {
if (buf_size < 4 ||
--
2.22.0
More information about the ffmpeg-devel
mailing list