diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2018-10-10 04:25:50 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2018-10-18 02:28:54 +0200 |
commit | c6282141cba20934d9801f31134872fabbd6ba3e (patch) | |
tree | d64f4b12b80ea5981b47a48b84fc95428994422f | |
parent | 079d1a7175c4b881631a7e7f449c4c13b761cdeb (diff) | |
download | ffmpeg-c6282141cba20934d9801f31134872fabbd6ba3e.tar.gz |
avcodec/ra144: Fix integer overflow in add_wav()
Fixes: signed integer overflow: -2144033225 + -5208934 cannot be represented in type 'int'
Fixes: 10633/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5679133791617024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavcodec/ra144.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/ra144.c b/libavcodec/ra144.c index 573703d70b..65a744876c 100644 --- a/libavcodec/ra144.c +++ b/libavcodec/ra144.c @@ -1516,7 +1516,7 @@ static void add_wav(int16_t *dest, int n, int skip_first, int *m, if (v[0]) { for (i=0; i < BLOCKSIZE; i++) - dest[i] = ((int)(s1[i]*(unsigned)v[0]) + s2[i]*v[1] + s3[i]*v[2]) >> 12; + dest[i] = (int)((s1[i]*(unsigned)v[0]) + s2[i]*v[1] + s3[i]*v[2]) >> 12; } else { for (i=0; i < BLOCKSIZE; i++) dest[i] = ( s2[i]*v[1] + s3[i]*v[2]) >> 12; |