virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-07-11 14:30:22 +02:00
Code Issues Releases Activity

avcodec/takdec: Fix multiple runtime error: signed integer overflow: -512 * 4563386 cannot be represented in type 'int'

Browse Source 
Fixes: 1706/clusterfuzz-testcase-minimized-6112772670619648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2017-05-20 17:52:21 +02:00
parent 42e42af76c
commit 64d0dad93c
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/takdec.c
View File

@ -447,12 +447,12 @@ static int decode_subframe(TAKDecContext *s, int32_t *decoded,
tfilter[0] = s->predictors[0] * 64; tfilter[0] = s->predictors[0] * 64;
for (i = 1; i < filter_order; i++) { for (i = 1; i < filter_order; i++) {
int32_t *p1 = &tfilter[0]; uint32_t *p1 = &tfilter[0];
int32_t *p2 = &tfilter[i - 1]; uint32_t *p2 = &tfilter[i - 1];
for (j = 0; j < (i + 1) / 2; j++) { for (j = 0; j < (i + 1) / 2; j++) {
x = *p1 + (s->predictors[i] * *p2 + 256 >> 9); x = *p1 + ((int32_t)(s->predictors[i] * *p2 + 256) >> 9);
*p2 += s->predictors[i] * *p1 + 256 >> 9; *p2 += (int32_t)(s->predictors[i] * *p1 + 256) >> 9;
*p1++ = x; *p1++ = x;
p2--; p2--;
} }