speexdec_fuzzer: avoid integer overflow

Fixes ubsan error: "runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself" Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/speex
author: Tristan Matthews <tmatth@videolan.org> 2019-08-02 20:02:08 +0300
committer: Tristan Matthews <tmatth@videolan.org> 2019-08-02 20:11:08 +0300
commit: 1147712264d05b85cf7b1cd173146ac75df88bf6 (patch)
tree: 3ea2fdafb855e694a6e5b9e5c0fc5dedb5443e97
parent: 7a762519869e7d34ba1f5c2ff09519f1021f4f6a (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/contrib/oss-fuzz/speexdec_fuzzer.cc b/contrib/oss-fuzz/speexdec_fuzzer.cc
index 6122497..7175fa3 100644
--- a/contrib/oss-fuzz/speexdec_fuzzer.cc
+++ b/contrib/oss-fuzz/speexdec_fuzzer.cc
@@ -239,6 +239,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *fuzz_data, size_t fuzz_size
                return 0;
             }
             skip_samples = frame_size*(int64_t)(a - b)/granule_frame_size;
+            if (skip_samples == INT_MIN) {
+               cleanup(st, &bits, stream_init, &os, &oy);
+               return 0;
+            }
             if (ogg_page_eos(&og))
                skip_samples = -skip_samples;
             /*else if (!ogg_page_bos(&og))
author	Tristan Matthews <tmatth@videolan.org>	2019-08-02 20:02:08 +0300
committer	Tristan Matthews <tmatth@videolan.org>	2019-08-02 20:11:08 +0300
commit	1147712264d05b85cf7b1cd173146ac75df88bf6 (patch)
tree	3ea2fdafb855e694a6e5b9e5c0fc5dedb5443e97
parent	7a762519869e7d34ba1f5c2ff09519f1021f4f6a (diff)