highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avcodec/cfhd: Avoid signed integer overflow in coeff

Browse Source 
Fixes: signed integer overflow: 15244032 * 256 cannot be represented in type 'int'
Fixes: 43504/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4865014842916864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2022-01-17 14:16:39 +01:00
parent 61cbfdc0a2
commit cd6ac013a0
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/cfhd.c
View File

@@ -838,7 +838,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
const uint16_t q = s->quantisation; const uint16_t q = s->quantisation;
for (i = 0; i < run; i++) { for (i = 0; i < run; i++) {
*coeff_data |= coeff * 256; *coeff_data |= coeff * 256U;
*coeff_data++ *= q; *coeff_data++ *= q;
} }
} else { } else {
@@ -869,7 +869,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
const uint16_t q = s->quantisation; const uint16_t q = s->quantisation;
for (i = 0; i < run; i++) { for (i = 0; i < run; i++) {
*coeff_data |= coeff * 256; *coeff_data |= coeff * 256U;
*coeff_data++ *= q; *coeff_data++ *= q;
} }
} else { } else {