diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2017-09-22 20:45:27 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2017-09-24 21:54:13 +0200 |
commit | 5d31f03a0264cac24434c8108daef4ccba6d28f9 (patch) | |
tree | 0d742b719a8810d09b2560838cfe7cdd8b1f738b | |
parent | 4f5eaf0b5956e492ee5023929669b1d09aaf6299 (diff) | |
download | ffmpeg-5d31f03a0264cac24434c8108daef4ccba6d28f9.tar.gz |
avcodec/takdec: Fix integer overflow in decode_lpc()
Fixes: runtime error: signed integer overflow: 16748560 + 2143729712 cannot be represented in type 'int'
Fixes: 3202/clusterfuzz-testcase-minimized-4988291642294272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavcodec/takdec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/takdec.c b/libavcodec/takdec.c index 9c253c1e8e..0439a3ac9b 100644 --- a/libavcodec/takdec.c +++ b/libavcodec/takdec.c @@ -206,7 +206,7 @@ static void decode_lpc(int32_t *coeffs, int mode, int length) unsigned a1 = *coeffs++; for (i = 0; i < length - 1 >> 1; i++) { *coeffs += a1; - coeffs[1] += *coeffs; + coeffs[1] += (unsigned)*coeffs; a1 = coeffs[1]; coeffs += 2; } |