avcodec/ffv1dec: Fix integer overflow in read_quant_table()

Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 3361/clusterfuzz-testcase-minimized-5065842955911168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2017-09-18 17:26:09 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2017-09-22 12:19:07 +0200
commit: d00fc952b6c261dd8eb0f7552b9ccf985dbc2b20 (patch)
tree: f340e705f7427035f46afdf1e01c58085a91a9a3
parent: 2c933c51687db958d8045d25ed87848342e869f6 (diff)
download: ffmpeg-d00fc952b6c261dd8eb0f7552b9ccf985dbc2b20.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index b13ecd3eab..d2bfee784f 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -372,7 +372,7 @@ static int read_quant_table(RangeCoder *c, int16_t *quant_table, int scale)
     memset(state, 128, sizeof(state));
 
     for (v = 0; i < 128; v++) {
-        unsigned len = get_symbol(c, state, 0) + 1;
+        unsigned len = get_symbol(c, state, 0) + 1U;
 
         if (len > 128 - i || !len)
             return AVERROR_INVALIDDATA;
author	Michael Niedermayer <michael@niedermayer.cc>	2017-09-18 17:26:09 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2017-09-22 12:19:07 +0200
commit	d00fc952b6c261dd8eb0f7552b9ccf985dbc2b20 (patch)
tree	f340e705f7427035f46afdf1e01c58085a91a9a3
parent	2c933c51687db958d8045d25ed87848342e869f6 (diff)
download	ffmpeg-d00fc952b6c261dd8eb0f7552b9ccf985dbc2b20.tar.gz