Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/takdec: Fix multiple runtime error: signed integer overflow: -512 * 4563386 cannot be represented in type 'int'

Browse Source 
Fixes: 1706/clusterfuzz-testcase-minimized-6112772670619648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
pull/28/merge
Michael Niedermayer 8 years ago
parent 42e42af76c
commit 64d0dad93c
1 changed files with 4 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      libavcodec/takdec.c

8
libavcodec/takdec.c
Unescape View File

@ -447,12 +447,12 @@ static int decode_subframe(TAKDecContext *s, int32_t *decoded,
tfilter[0] = s->predictors[0] * 64;
for (i = 1; i < filter_order; i++) {
int32_t *p1 = &tfilter[0];
int32_t *p2 = &tfilter[i - 1];
uint32_t *p1 = &tfilter[0];
uint32_t *p2 = &tfilter[i - 1];
for (j = 0; j < (i + 1) / 2; j++) {
x = *p1 + (s->predictors[i] * *p2 + 256 >> 9);
*p2 += s->predictors[i] * *p1 + 256 >> 9;
x = *p1 + ((int32_t)(s->predictors[i] * *p2 + 256) >> 9);
*p2 += (int32_t)(s->predictors[i] * *p1 + 256) >> 9;
*p1++ = x;
p2--;
}

Write Preview
Loading…
Cancel
Save