aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec/apedec.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2019-08-04 09:46:34 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2019-08-05 17:50:27 +0200
commit392c028cd23d128f33d93b2159eed5de42f72b4d (patch)
tree0598b471b6cd935ce2871e5d7e60a16e6d2ddacb /libavcodec/apedec.c
parent99a172f3f4d0bef024c6293f575caaaddce0b267 (diff)
downloadffmpeg-392c028cd23d128f33d93b2159eed5de42f72b4d.tar.gz
avcodec/apedec: Fix 2 signed overflows
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int' Fixes: signed integer overflow: 2049431315 + 262759074 cannot be represented in type 'int' Fixes: 16012/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5719016003338240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/apedec.c')
-rw-r--r--libavcodec/apedec.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 8872185b84..70939abeb4 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -589,7 +589,7 @@ static void decode_array_0000(APEContext *ctx, GetBitContext *gb,
int32_t *out, APERice *rice, int blockstodecode)
{
int i;
- int ksummax, ksummin;
+ unsigned ksummax, ksummin;
rice->ksum = 0;
for (i = 0; i < FFMIN(blockstodecode, 5); i++) {
@@ -836,7 +836,7 @@ static av_always_inline int filter_fast_3320(APEPredictor *p,
else
p->coeffsA[filter][0]--;
- p->filterA[filter] += p->lastA[filter];
+ p->filterA[filter] += (unsigned)p->lastA[filter];
return p->filterA[filter];
}