aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2022-05-02 00:51:12 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2022-07-12 21:55:22 +0200
commit1537f40516d625fc5fa57db4fdfb737312fbc500 (patch)
tree3a880961bdacbc10988d6579842815a5ab5863d9
parent4f9ee4bf43623ff0960d3d8cf2025c2cdb54382a (diff)
downloadffmpeg-1537f40516d625fc5fa57db4fdfb737312fbc500.tar.gz
avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c()
Fixes: signed integer overflow: 2147483645 + 16 cannot be represented in type 'int' Fixes: 46993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4759025234870272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavcodec/sbrdsp_fixed.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/sbrdsp_fixed.c b/libavcodec/sbrdsp_fixed.c
index 43fcc90ae5..0d34a2a710 100644
--- a/libavcodec/sbrdsp_fixed.c
+++ b/libavcodec/sbrdsp_fixed.c
@@ -114,8 +114,8 @@ static void sbr_qmf_deint_neg_c(int *v, const int *src)
{
int i;
for (i = 0; i < 32; i++) {
- v[ i] = ( src[63 - 2*i ] + 0x10) >> 5;
- v[63 - i] = (-src[63 - 2*i - 1] + 0x10) >> 5;
+ v[ i] = (int)(0x10U + src[63 - 2*i ]) >> 5;
+ v[63 - i] = (int)(0x10U - src[63 - 2*i - 1]) >> 5;
}
}