diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2020-12-26 18:55:08 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2021-02-02 14:18:21 +0100 |
| commit | 67e2eab73e441f95578532f30d6b430497710417 (patch) | |
| tree | e350a64e8af11f518a420be0c48f6929ae2d3032 | |
| parent | b5d5ccb050efeee41a70bc442d2076875614f3fc (diff) | |
| download | ffmpeg-67e2eab73e441f95578532f30d6b430497710417.tar.gz | |
avcodec/alsdec: Fix integer overflow with quant_cof
Fixes: signed integer overflow: -210824 * 16384 cannot be represented in type 'int'
Fixes: 28670/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5682310846480384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ce40dde03ea56684f2cb6b40991a90bc38c3ad9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavcodec/alsdec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index 62c6036037..7eb14db8fe 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -762,7 +762,7 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd) } for (k = 2; k < opt_order; k++) - quant_cof[k] = (quant_cof[k] * (1 << 14)) + (add_base << 13); + quant_cof[k] = (quant_cof[k] * (1U << 14)) + (add_base << 13); } } |