[FFmpeg-devel] [PATCH 01/11] avcodec/adpcm: Fix integer overflow in intermediate in ADPCM_XMD

Michael Niedermayer michael at niedermayer.cc
Mon Apr 17 14:42:59 EEST 2023 

On Mon, Apr 17, 2023 at 09:27:03AM +0200, Paul B Mahol wrote:
> On Sun, Apr 16, 2023 at 6:48 PM Michael Niedermayer <michael at niedermayer.cc>
> wrote:
> 
> > Fixes: runtime error: signed integer overflow: 2140143616 + 254665816
> > cannot be represented in type 'int'
> > Fixes:
> > 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XMD_fuzzer-6690181676924928
> >
> > As a sideeffect this simplifies the equation, the high bits are different
> > after this but only
> > the low 16bits are stored and used in later steps.
> > The change is untested as there are no fate testcases, no sample files on
> > the server, no links on
> > the mailing list and no reports on trac referencing this format that i
> > could find.
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by
> > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> > Michael Niedermayer <michael at niedermayer.cc>
> > ---
> >  libavcodec/adpcm.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c
> > index 451696932d1..d8f334cf5a0 100644
> > --- a/libavcodec/adpcm.c
> > +++ b/libavcodec/adpcm.c
> > @@ -1579,11 +1579,11 @@ static int adpcm_decode_frame(AVCodecContext
> > *avctx, AVFrame *frame,
> >                      nibble[0] = sign_extend(byte & 15, 4);
> >                      nibble[1] = sign_extend(byte >> 4, 4);
> >
> > -                    out[2+n*2] = (nibble[0]*(scale<<14) +
> > (history[0]*29336) - (history[1]*13136)) >> 14;
> > +                    out[2+n*2  ] = nibble[0]*scale + ((history[0]*3667 -
> > history[1]*1642) >> 11);
> >
> 
> Please commit this with no extra spaces added.

ok


> 
> Here is sample: https://0x0.st/H8Le.xmd

thanks alot, i will test with this before applying


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If the United States is serious about tackling the national security threats 
related to an insecure 5G network, it needs to rethink the extent to which it
values corporate profits and government espionage over security.-Bruce Schneier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20230417/e0a5dd49/attachment.sig>

More information about the ffmpeg-devel mailing list