speexdec_fuzzer: avoid integer overflow

Fixes ubsan error: "runtime error: signed integer overflow: 51200 - -9223372036854767360 cannot be represented in type 'long'" Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/speex
author: Tristan Matthews <tmatth@videolan.org> 2019-10-29 19:15:45 +0300
committer: Tristan Matthews <tmatth@videolan.org> 2019-10-29 19:29:17 +0300
commit: d5f30cba3d969e21c0303494045331b21183fc06 (patch)
tree: f24f0c7afbf87609367ec5facc4ae8b240036c9f
parent: 58ac1d4ff1cfad77426d98af5c9b143395f25acd (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/oss-fuzz/speexdec_fuzzer.cc b/contrib/oss-fuzz/speexdec_fuzzer.cc
index e68201d..8ec9051 100644
--- a/contrib/oss-fuzz/speexdec_fuzzer.cc
+++ b/contrib/oss-fuzz/speexdec_fuzzer.cc
@@ -237,7 +237,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *fuzz_data, size_t fuzz_size
             /* FIXME: shift the granule values if --force-* is specified */
             int64_t a = page_nb_packets*granule_frame_size*(int64_t)nframes;
             int64_t b = page_granule - last_granule;
-            if (b > a || (a - b) > INT64_MAX/640)
+            if (b > a || (INT64_MAX/640 - a < -b) || (a - b) > INT64_MAX/640)
             {
                cleanup(st, &bits, stream_init, &os, &oy);
                return 0;
author	Tristan Matthews <tmatth@videolan.org>	2019-10-29 19:15:45 +0300
committer	Tristan Matthews <tmatth@videolan.org>	2019-10-29 19:29:17 +0300
commit	d5f30cba3d969e21c0303494045331b21183fc06 (patch)
tree	f24f0c7afbf87609367ec5facc4ae8b240036c9f
parent	58ac1d4ff1cfad77426d98af5c9b143395f25acd (diff)