aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec/ra144.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2018-10-10 04:25:50 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2018-10-18 02:28:54 +0200
commitc6282141cba20934d9801f31134872fabbd6ba3e (patch)
treed64f4b12b80ea5981b47a48b84fc95428994422f /libavcodec/ra144.c
parent079d1a7175c4b881631a7e7f449c4c13b761cdeb (diff)
downloadffmpeg-c6282141cba20934d9801f31134872fabbd6ba3e.tar.gz
avcodec/ra144: Fix integer overflow in add_wav()
Fixes: signed integer overflow: -2144033225 + -5208934 cannot be represented in type 'int' Fixes: 10633/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5679133791617024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/ra144.c')
-rw-r--r--libavcodec/ra144.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/ra144.c b/libavcodec/ra144.c
index 573703d70b..65a744876c 100644
--- a/libavcodec/ra144.c
+++ b/libavcodec/ra144.c
@@ -1516,7 +1516,7 @@ static void add_wav(int16_t *dest, int n, int skip_first, int *m,
if (v[0]) {
for (i=0; i < BLOCKSIZE; i++)
- dest[i] = ((int)(s1[i]*(unsigned)v[0]) + s2[i]*v[1] + s3[i]*v[2]) >> 12;
+ dest[i] = (int)((s1[i]*(unsigned)v[0]) + s2[i]*v[1] + s3[i]*v[2]) >> 12;
} else {
for (i=0; i < BLOCKSIZE; i++)
dest[i] = ( s2[i]*v[1] + s3[i]*v[2]) >> 12;