[FFmpeg-devel] [flac] Fix integer-overflow in flac_lpc_33_c
Michael Niedermayer
michael at niedermayer.cc
Wed Jul 30 13:01:38 EEST 2025
Hi Dale
On Tue, Jul 29, 2025 at 03:07:38PM -0700, Dale Curtis wrote:
> This fix copies a couple of casts from surrounding functions.
> See https://crbug.com/432528781 for stack trace details.
>
> Signed-off-by: Dale Curtis <dalecurtis at chromium.org>
> flacdsp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 187b2fdeaecb08d3683b90875f4d7c0e74a38da1 flac_fix_v1.patch
> From 0bf245bf8a031d12aec77e68dbc627247255eeb0 Mon Sep 17 00:00:00 2001
> From: Dale Curtis <dalecurtis at chromium.org>
> Date: Tue, 29 Jul 2025 22:05:19 +0000
> Subject: [PATCH] [flac] Fix integer-overflow in flac_lpc_33_c
>
> This fix copies a couple of casts from surrounding functions.
> See https://crbug.com/432528781 for stack trace details.
You (email=michael at niedermayer.cc) are not authorized to access this page!
[...]
> - decoded[j] = residual[i] + (sum >> qlevel);
> + decoded[j] = (uint64_t)residual[i] + (unsigned)(sum >> qlevel);
This does not give the same result for cases that do not overflow
I would guess more in the direction of:
decoded[j] = (int64_t)residual[i] + (uint64_t)(sum >> qlevel);
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
During times of universal deceit, telling the truth becomes a
revolutionary act. -- George Orwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250730/3fd8b95c/attachment.sig>
More information about the ffmpeg-devel
mailing list