[FFmpeg-devel] [PATCH 5/6] avutil/tx_template: fix integer ovberflwo in fft3()

Michael Niedermayer michael at niedermayer.cc
Mon Oct 23 23:44:04 EEST 2023


On Sun, Oct 22, 2023 at 03:55:47AM +0200, Lynne wrote:
> Oct 22, 2023, 02:36 by michael at niedermayer.cc:
> 
> > Fixes: signed integer overflow: -1028966111 + -1314089526 cannot be represented in type 'int'
> > Fixes: 63174/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5853273711837184
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> >  libavutil/tx_template.c | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/libavutil/tx_template.c b/libavutil/tx_template.c
> > index 8dc3d2519c1..a2c27465cbc 100644
> > --- a/libavutil/tx_template.c
> > +++ b/libavutil/tx_template.c
> > @@ -185,10 +185,9 @@ static av_always_inline void fft3(TXComplex *out, TXComplex *in,
> >  BF(tmp[1].re, tmp[2].im, in[1].im, in[2].im);
> >  BF(tmp[1].im, tmp[2].re, in[1].re, in[2].re);
> >  
> > -    out[0*stride].re = tmp[0].re + tmp[2].re;
> > -    out[0*stride].im = tmp[0].im + tmp[2].im;
> > -
> >  #ifdef TX_INT32
> > +    out[0*stride].re = (int64_t)tmp[0].re + tmp[2].re;
> > +    out[0*stride].im = (int64_t)tmp[0].im + tmp[2].im;
> >  mtmp[0] = (int64_t)tab[ 8] * tmp[1].re;
> >  mtmp[1] = (int64_t)tab[ 9] * tmp[1].im;
> >  mtmp[2] = (int64_t)tab[10] * tmp[2].re;
> > @@ -198,6 +197,8 @@ static av_always_inline void fft3(TXComplex *out, TXComplex *in,
> >  out[2*stride].re = tmp[0].re - (mtmp[2] - mtmp[0] + 0x40000000 >> 31);
> >  out[2*stride].im = tmp[0].im - (mtmp[3] + mtmp[1] + 0x40000000 >> 31);
> >  #else
> > +    out[0*stride].re = tmp[0].re + tmp[2].re;
> > +    out[0*stride].im = tmp[0].im + tmp[2].im;
> >  tmp[1].re = tab[ 8] * tmp[1].re;
> >  tmp[1].im = tab[ 9] * tmp[1].im;
> >  tmp[2].re = tab[10] * tmp[2].re;
> >
> 
> lgtm

will apply

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No human being will ever know the Truth, for even if they happen to say it
by chance, they would not even known they had done so. -- Xenophanes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20231023/64bf7777/attachment.sig>


More information about the ffmpeg-devel mailing list