[FFmpeg-devel] [PATCH 1/2] avcodec/dca_xll: Fix runtime error: signed integer overflow: 2147286116 + 6298923 cannot be represented in type 'int'
Hendrik Leppkes
h.leppkes at gmail.com
Fri Mar 10 19:50:34 EET 2017
On Fri, Mar 10, 2017 at 3:24 PM, Michael Niedermayer
<michael at niedermayer.cc> wrote:
> Fixes: 732/clusterfuzz-testcase-4872990070145024
>
> See: [FFmpeg-devel] [PATCH 2/6] avcodec/dca_xll: Fix runtime error: signed integer overflow: 2147286116 + 6298923 cannot be represented in type 'int'
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/dca_xll.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/dca_xll.c b/libavcodec/dca_xll.c
> index 6cebda35e4..0fe90c7348 100644
> --- a/libavcodec/dca_xll.c
> +++ b/libavcodec/dca_xll.c
> @@ -1312,7 +1312,7 @@ static int combine_residual_frame(DCAXllDecoder *s, DCAXllChSet *c)
> } else {
> // No downmix scaling
> for (n = 0; n < nsamples; n++)
> - dst[n] += (src[n] + round) >> shift;
> + dst[n] += (unsigned)((src[n] + round) >> shift);
> }
> }
>
audio samples are typically signed, using negative values too, is this
really safe to just cast it like that, without modifying the value in
the end?
- Hendrik
More information about the ffmpeg-devel
mailing list