diff options
author | Tristan Matthews <tmatth@videolan.org> | 2019-10-29 19:15:45 +0300 |
---|---|---|
committer | Tristan Matthews <tmatth@videolan.org> | 2019-10-29 19:29:17 +0300 |
commit | d5f30cba3d969e21c0303494045331b21183fc06 (patch) | |
tree | f24f0c7afbf87609367ec5facc4ae8b240036c9f /contrib | |
parent | 58ac1d4ff1cfad77426d98af5c9b143395f25acd (diff) |
speexdec_fuzzer: avoid integer overflow
Fixes ubsan error:
"runtime error: signed integer overflow: 51200 - -9223372036854767360 cannot be represented in type 'long'"
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/speex
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/oss-fuzz/speexdec_fuzzer.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/oss-fuzz/speexdec_fuzzer.cc b/contrib/oss-fuzz/speexdec_fuzzer.cc index e68201d..8ec9051 100644 --- a/contrib/oss-fuzz/speexdec_fuzzer.cc +++ b/contrib/oss-fuzz/speexdec_fuzzer.cc @@ -237,7 +237,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *fuzz_data, size_t fuzz_size /* FIXME: shift the granule values if --force-* is specified */ int64_t a = page_nb_packets*granule_frame_size*(int64_t)nframes; int64_t b = page_granule - last_granule; - if (b > a || (a - b) > INT64_MAX/640) + if (b > a || (INT64_MAX/640 - a < -b) || (a - b) > INT64_MAX/640) { cleanup(st, &bits, stream_init, &os, &oy); return 0; |