[FFmpeg-devel] [PATCH 1/2] avcodec/pgxdec: Fix invalid shift in write_frame_*

Sun Jul 26 05:43:12 EEST 2020

Michael Niedermayer:
> Fixes: left shift of negative value -121
> Fixes: 23911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGX_fuzzer-4986800258154496
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavcodec/pgxdec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavcodec/pgxdec.c b/libavcodec/pgxdec.c
> index 93b9f4e7a0..e72ec84152 100644
> --- a/libavcodec/pgxdec.c
> +++ b/libavcodec/pgxdec.c
> @@ -102,7 +102,7 @@ error:
>          for (i = 0; i < height; i++) {                                                      \
>              PIXEL *line = (PIXEL*)frame->data[0] + i*frame->linesize[0]/sizeof(PIXEL);      \
>              for (j = 0; j < width; j++) {                                                   \
> -                int val;                                                                    \
> +                unsigned val;                                                                    \

"unsigned" is longer than "int", so you need to delete a few spaces or
the '\' won't be in line with the others any more.

- Andreas