Browse code
avcodec/alac: fix undefined behavior with INT_MIN in lpc_prediction()
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 16786/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5632818851348480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer authored on 2019/09/06 17:36:43Showing 1 changed files
| ... | ... |
@@ -222,7 +222,7 @@ static void lpc_prediction(int32_t *error_buffer, uint32_t *buffer_out, |
| 222 | 222 |
/* adapt LPC coefficients */ |
| 223 | 223 |
error_sign = sign_only(error_val); |
| 224 | 224 |
if (error_sign) {
|
| 225 |
- for (j = 0; j < lpc_order && (int)error_val * error_sign > 0; j++) {
|
|
| 225 |
+ for (j = 0; j < lpc_order && (int)(error_val * error_sign) > 0; j++) {
|
|
| 226 | 226 |
int sign; |
| 227 | 227 |
val = d - pred[j]; |
| 228 | 228 |
sign = sign_only(val) * error_sign; |