1. ffmpeg
  2. Commit ee89d9e3d6ee2023d5827ff26f32030ee013c41d
Browse code

avcodec/apedec: Fix 32bit int overflow in do_apply_filter()

Fixes: signed integer overflow: 2147480546 + 4096 cannot be represented in type 'int'
Fixes: 16280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5123442566758400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9d3ddef519e88c40c05be8cb94cd9e71c0957ec7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Michael Niedermayer authored on 2019/09/03 05:44:50
Showing 1 changed files
libavcodec/apedec.c
History View file @ ee89d9e
... ... 
@@ -1266,7 +1266,7 @@ static void do_apply_filter(APEContext *ctx, int version, APEFilter *f,
1266 1266 
                                                      f->delay - order,
1267 1267 
                                                      f->adaptcoeffs - order,
1268 1268 
                                                      order, APESIGN(*data));
1269 
-        res = (res + (1 << (fracbits - 1))) >> fracbits;
1269 
+        res = (int)(res + (1U << (fracbits - 1))) >> fracbits;
1270 1270 
         res += *data;
1271 1271 
         *data++ = res;
1272 1272