diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2019-10-01 01:10:47 +0300 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2019-10-20 20:57:51 +0300 |
commit | a76897e19ca96127e07f5acc5a773b904dcf6124 (patch) | |
tree | 0a53f202015aec7018505cb204a1e350c98c5627 /libavcodec/smacker.c | |
parent | 8c693104779830028bd5f76bf32a93e059c04d2c (diff) |
avcodec/smacker: Fix integer overflows in pred[] in smka_decode_frame()
Fixes: signed integer overflow: -2147481503 + -32732 cannot be represented in type 'int'
Fixes: 17782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5769672225456128
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/smacker.c')
-rw-r--r-- | libavcodec/smacker.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index a81c5e3e6c..4c20831155 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -746,7 +746,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, goto error; } val |= h[3].values[res] << 8; - pred[1] += sign_extend(val, 16); + pred[1] += (unsigned)sign_extend(val, 16); *samples++ = pred[1]; } else { if(vlc[0].table) @@ -769,7 +769,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, goto error; } val |= h[1].values[res] << 8; - pred[0] += sign_extend(val, 16); + pred[0] += (unsigned)sign_extend(val, 16); *samples++ = pred[0]; } } |