diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2022-11-05 19:57:21 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2023-01-12 15:44:41 +0100 |
| commit | 977028f9f4f40efcac3ec9d6c226349dd0020b90 (patch) | |
| tree | 8d259c89d662d2291be957ca97a37c367e3e1c0d /libavcodec/bonk.c | |
| parent | 9f0602a717c3939529bfe49734f3d8029dc36625 (diff) | |
| download | ffmpeg-977028f9f4f40efcac3ec9d6c226349dd0020b90.tar.gz | |
avcodec/bonk: Avoid undefined overflow in quant
Fixes: signed integer overflow: -2889074 * 2048 cannot be represented in type 'int'
Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-6617680050520064
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-6743951854141440
No check is done for the overflow as this was rejected in last review, see the ML
Note: the 2nd and 3rd testcase was assigned by ossfuzz to a unrelated theora issue (48567)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/bonk.c')
| -rw-r--r-- | libavcodec/bonk.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c index 5d736b1563..9e176d5477 100644 --- a/libavcodec/bonk.c +++ b/libavcodec/bonk.c @@ -356,7 +356,7 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame *frame, sample++; } - sample[0] = predictor_calc_error(s->k, state, s->n_taps, s->input_samples[i] * quant); + sample[0] = predictor_calc_error(s->k, state, s->n_taps, s->input_samples[i] * (unsigned)quant); sample++; } |