1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

avcodec/shorten: Fix integer overflow with offset

Fixes: signed integer overflow: -1625810908 - 582229060 cannot be represented in type 'int'
Fixes: 10977/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5732602018267136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2018-11-09 19:59:27 +01:00
parent 6b4c9854da
commit 2f888771cd

View File

@ -382,7 +382,7 @@ static int decode_subframe_lpc(ShortenContext *s, int command, int channel,
/* subtract offset from previous samples to use in prediction */
if (command == FN_QLPC && coffset)
for (i = -pred_order; i < 0; i++)
s->decoded[channel][i] -= coffset;
s->decoded[channel][i] -= (unsigned)coffset;
/* decode residual and do LPC prediction */
init_sum = pred_order ? (command == FN_QLPC ? s->lpcqoffset : 0) : coffset;
@ -397,7 +397,7 @@ static int decode_subframe_lpc(ShortenContext *s, int command, int channel,
/* add offset to current samples */
if (command == FN_QLPC && coffset)
for (i = 0; i < s->blocksize; i++)
s->decoded[channel][i] += coffset;
s->decoded[channel][i] += (unsigned)coffset;
return 0;
}