[FFmpeg-devel] [PATCH] avcodec/bonk: Fix integer overflow in predictor_calc_error()
Michael Niedermayer
michael at niedermayer.cc
Mon Sep 4 22:06:35 EEST 2023
Fixes: signed integer overflow: -2147483300 - 12285 cannot be represented in type 'int'
Fixes: 59462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5714298807386112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/bonk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
index fbea91c750..6cd6a0af61 100644
--- a/libavcodec/bonk.c
+++ b/libavcodec/bonk.c
@@ -277,7 +277,7 @@ static int predictor_calc_error(int *k, int *state, int order, int error)
for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) {
unsigned k_value = *k_ptr, state_value = *state_ptr;
- x -= shift_down(k_value * (unsigned)state_value, LATTICE_SHIFT);
+ x -= (unsigned) shift_down(k_value * (unsigned)state_value, LATTICE_SHIFT);
state_ptr[1] = state_value + shift_down(k_value * x, LATTICE_SHIFT);
}
--
2.17.1
More information about the ffmpeg-devel
mailing list