mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-11-26 19:01:44 +02:00
avcodec/smacker: Fix integer overflows in pred[] in smka_decode_frame()
Fixes: signed integer overflow: -2147481503 + -32732 cannot be represented in type 'int' Fixes: 17782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5769672225456128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
8c69310477
commit
a76897e19c
@ -746,7 +746,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
|
||||
goto error;
|
||||
}
|
||||
val |= h[3].values[res] << 8;
|
||||
pred[1] += sign_extend(val, 16);
|
||||
pred[1] += (unsigned)sign_extend(val, 16);
|
||||
*samples++ = pred[1];
|
||||
} else {
|
||||
if(vlc[0].table)
|
||||
@ -769,7 +769,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
|
||||
goto error;
|
||||
}
|
||||
val |= h[1].values[res] << 8;
|
||||
pred[0] += sign_extend(val, 16);
|
||||
pred[0] += (unsigned)sign_extend(val, 16);
|
||||
*samples++ = pred[0];
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user