aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec/ralf.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2019-09-14 14:26:49 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2019-09-28 18:35:27 +0200
commitfbb314b6f2c2b77608442966f28aac20343a1cae (patch)
tree592126201a948d5bea39d17ea89b7a8e73217381 /libavcodec/ralf.c
parente75e7fe1601b97c31e3ce90473ab71b9a0667573 (diff)
downloadffmpeg-fbb314b6f2c2b77608442966f28aac20343a1cae.tar.gz
avcodec/ralf: Fix integer overflow in decode_channel()
Fixes: signed integer overflow: -1094995519 * 64 cannot be represented in type 'int' Fixes: 17030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5640695838146560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/ralf.c')
-rw-r--r--libavcodec/ralf.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/ralf.c b/libavcodec/ralf.c
index 75c9371b95..006ab46414 100644
--- a/libavcodec/ralf.c
+++ b/libavcodec/ralf.c
@@ -300,8 +300,8 @@ static int decode_channel(RALFContext *ctx, GetBitContext *gb, int ch,
t = get_vlc2(gb, code_vlc->table, code_vlc->bits, 2);
code1 = t / range2;
code2 = t % range2;
- dst[i] = extend_code(gb, code1, range, 0) * (1 << add_bits);
- dst[i + 1] = extend_code(gb, code2, range, 0) * (1 << add_bits);
+ dst[i] = extend_code(gb, code1, range, 0) * (1U << add_bits);
+ dst[i + 1] = extend_code(gb, code2, range, 0) * (1U << add_bits);
if (add_bits) {
dst[i] |= get_bits(gb, add_bits);
dst[i + 1] |= get_bits(gb, add_bits);