mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
avcodec/shorten: Fix integer overflow with offset
Fixes: signed integer overflow: -1625810908 - 582229060 cannot be represented in type 'int' Fixes: 10977/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5732602018267136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
6b4c9854da
commit
2f888771cd
@ -382,7 +382,7 @@ static int decode_subframe_lpc(ShortenContext *s, int command, int channel,
|
||||
/* subtract offset from previous samples to use in prediction */
|
||||
if (command == FN_QLPC && coffset)
|
||||
for (i = -pred_order; i < 0; i++)
|
||||
s->decoded[channel][i] -= coffset;
|
||||
s->decoded[channel][i] -= (unsigned)coffset;
|
||||
|
||||
/* decode residual and do LPC prediction */
|
||||
init_sum = pred_order ? (command == FN_QLPC ? s->lpcqoffset : 0) : coffset;
|
||||
@ -397,7 +397,7 @@ static int decode_subframe_lpc(ShortenContext *s, int command, int channel,
|
||||
/* add offset to current samples */
|
||||
if (command == FN_QLPC && coffset)
|
||||
for (i = 0; i < s->blocksize; i++)
|
||||
s->decoded[channel][i] += coffset;
|
||||
s->decoded[channel][i] += (unsigned)coffset;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user