Chiebot-Mirror
/
FFmpeg
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

avcodec/ilbcdec: Fix integer overflow in construct_vector()

Browse Source 
webrtc contains explicit code to ignore the undefined behavior (RTC_NO_SANITIZE / OverflowingAddS32S32ToS32())

Probably fixes: Integer overflow (unreproducable here)
Probably fixes: 12215/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5767142427852800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
pull/306/head
Michael Niedermayer 6 years ago
parent 3016e1f8c5
commit c95d0fb239
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      libavcodec/ilbcdec.c

2
libavcodec/ilbcdec.c
Unescape View File

@ -745,7 +745,7 @@ static void construct_vector (
for (j = 0; j < veclen; j++) {
a32 = SPL_MUL_16_16(*gainPtr++, cbvec0[j]);
a32 += SPL_MUL_16_16(*gainPtr++, cbvec1[j]);
a32 += SPL_MUL_16_16(*gainPtr, cbvec2[j]);
a32 += (unsigned)SPL_MUL_16_16(*gainPtr, cbvec2[j]);
gainPtr -= 2;
decvector[j] = (a32 + 8192) >> 14;
}

Write Preview
Loading…
Cancel
Save