[FFmpeg-devel] [PATCH 3/5] avcodec/wmavoice: Fix integer overflow in synth_frame()
Michael Niedermayer
michael at niedermayer.cc
Sat Nov 2 18:05:59 EET 2019
Fixes: left shift of negative value -3
Fixes: 18518/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-6560514359951360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/wmavoice.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
index 68bb65986e..14e08c263e 100644
--- a/libavcodec/wmavoice.c
+++ b/libavcodec/wmavoice.c
@@ -1520,7 +1520,7 @@ static int synth_frame(AVCodecContext *ctx, GetBitContext *gb, int frame_idx,
/* "pitch-diff-per-sample" for calculation of pitch per sample */
s->pitch_diff_sh16 =
- ((cur_pitch_val - s->last_pitch_val) << 16) / MAX_FRAMESIZE;
+ (cur_pitch_val - s->last_pitch_val) * (1 << 16) / MAX_FRAMESIZE;
}
/* Global gain (if silence) and pitch-adaptive window coordinates */
--
2.23.0
More information about the ffmpeg-devel
mailing list