[FFmpeg-devel] [PATCH 2/3] avcodec/alsdec: Fix integer overflow in decode_var_block_data()

Michael Niedermayer michael at niedermayer.cc
Mon Aug 19 02:30:53 EEST 2019


Fixes: signed integer overflow: 1927975249 - -514719744 cannot be represented in type 'int'
Fixes: 16413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5651206856245248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavcodec/alsdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index 425cf73be9..4794556aad 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -953,7 +953,7 @@ static int decode_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)
 
         // reconstruct difference signal for prediction (joint-stereo)
         if (bd->js_blocks && bd->raw_other) {
-            int32_t *left, *right;
+            uint32_t *left, *right;
 
             if (bd->raw_other > raw_samples) {  // D = R - L
                 left  = raw_samples;
-- 
2.22.1



More information about the ffmpeg-devel mailing list