virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-06-30 22:24:04 +02:00
Code Issues Releases Activity

avcodec/adpcm: Clip predictor for APC

Browse Source 
Fixes: signed integer overflow: -2147483648 - 13 cannot be represented in type 'int'
Fixes: 18893/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_APC_fuzzer-5630760442920960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9fe07908c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2019-11-21 23:02:56 +01:00
parent 2df3b2d01d
commit ac221d9cdd
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/adpcm.c
View File

@ -127,8 +127,8 @@ static av_cold int adpcm_decode_init(AVCodecContext * avctx)
break; break;
case AV_CODEC_ID_ADPCM_IMA_APC: case AV_CODEC_ID_ADPCM_IMA_APC:
if (avctx->extradata && avctx->extradata_size >= 8) { if (avctx->extradata && avctx->extradata_size >= 8) {
c->status[0].predictor = AV_RL32(avctx->extradata); c->status[0].predictor = av_clip_intp2(AV_RL32(avctx->extradata ), 18);
c->status[1].predictor = AV_RL32(avctx->extradata + 4); c->status[1].predictor = av_clip_intp2(AV_RL32(avctx->extradata + 4), 18);
} }
break; break;
case AV_CODEC_ID_ADPCM_IMA_WS: case AV_CODEC_ID_ADPCM_IMA_WS: