aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2017-05-11 23:06:50 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2017-05-11 23:55:59 +0200
commitd05bdba2428dd0c1c5cd3426d69c712b127f996c (patch)
tree28ed90471cbd8b5613660f74387760ec51cb2c54
parent2752410c47889a94778a541c09ed29ccce8a8de9 (diff)
downloadffmpeg-d05bdba2428dd0c1c5cd3426d69c712b127f996c.tar.gz
avcodec/mss3: Fix runtime error: signed integer overflow: -2146318336 - 2139696256 cannot be represented in type 'int'
Fix is similar to rac_get_model_sym() Fixes: 1483/clusterfuzz-testcase-minimized-6386507814273024 Fixes: 1485/clusterfuzz-testcase-minimized-6639880215986176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavcodec/mss3.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/libavcodec/mss3.c b/libavcodec/mss3.c
index 81b7e2017c..21226f9085 100644
--- a/libavcodec/mss3.c
+++ b/libavcodec/mss3.c
@@ -389,9 +389,10 @@ static int rac_get_model_sym(RangeCoder *c, Model *m)
static int rac_get_model256_sym(RangeCoder *c, Model256 *m)
{
- int prob, prob2, helper, val;
+ int val;
int start, end;
int ssym;
+ unsigned prob, prob2, helper;
prob2 = c->range;
c->range >>= MODEL_SCALE;