[FFmpeg-devel] [PATCH 5/5] avcodec/sonic: avoid integer overflow on quantization parameter
Michael Niedermayer
michael at niedermayer.cc
Fri Jan 13 02:01:38 EET 2023
Fixes: signed integer overflow: -1094995529 * 16 cannot be represented in type 'int'
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-6681622236233728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/sonic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/sonic.c b/libavcodec/sonic.c
index 77bdb418a7..95ac2b1a96 100644
--- a/libavcodec/sonic.c
+++ b/libavcodec/sonic.c
@@ -1013,7 +1013,7 @@ static int sonic_decode_frame(AVCodecContext *avctx, AVFrame *frame,
if (s->lossless)
quant = 1;
else
- quant = get_symbol(&c, state, 0) * SAMPLE_FACTOR;
+ quant = get_symbol(&c, state, 0) * (unsigned)SAMPLE_FACTOR;
// av_log(NULL, AV_LOG_INFO, "quant: %d\n", quant);
--
2.17.1
More information about the ffmpeg-devel
mailing list