diff options
author | Tristan Matthews <tmatth@videolan.org> | 2019-08-02 20:02:08 +0300 |
---|---|---|
committer | Tristan Matthews <tmatth@videolan.org> | 2019-08-02 20:11:08 +0300 |
commit | 1147712264d05b85cf7b1cd173146ac75df88bf6 (patch) | |
tree | 3ea2fdafb855e694a6e5b9e5c0fc5dedb5443e97 | |
parent | 7a762519869e7d34ba1f5c2ff09519f1021f4f6a (diff) |
speexdec_fuzzer: avoid integer overflow
Fixes ubsan error:
"runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself"
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/speex
-rw-r--r-- | contrib/oss-fuzz/speexdec_fuzzer.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/contrib/oss-fuzz/speexdec_fuzzer.cc b/contrib/oss-fuzz/speexdec_fuzzer.cc index 6122497..7175fa3 100644 --- a/contrib/oss-fuzz/speexdec_fuzzer.cc +++ b/contrib/oss-fuzz/speexdec_fuzzer.cc @@ -239,6 +239,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *fuzz_data, size_t fuzz_size return 0; } skip_samples = frame_size*(int64_t)(a - b)/granule_frame_size; + if (skip_samples == INT_MIN) { + cleanup(st, &bits, stream_init, &os, &oy); + return 0; + } if (ogg_page_eos(&og)) skip_samples = -skip_samples; /*else if (!ogg_page_bos(&og)) |