diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2019-09-14 14:26:49 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2019-09-28 18:35:27 +0200 |
commit | fbb314b6f2c2b77608442966f28aac20343a1cae (patch) | |
tree | 592126201a948d5bea39d17ea89b7a8e73217381 /libavcodec/ralf.c | |
parent | e75e7fe1601b97c31e3ce90473ab71b9a0667573 (diff) | |
download | ffmpeg-fbb314b6f2c2b77608442966f28aac20343a1cae.tar.gz |
avcodec/ralf: Fix integer overflow in decode_channel()
Fixes: signed integer overflow: -1094995519 * 64 cannot be represented in type 'int'
Fixes: 17030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5640695838146560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/ralf.c')
-rw-r--r-- | libavcodec/ralf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/ralf.c b/libavcodec/ralf.c index 75c9371b95..006ab46414 100644 --- a/libavcodec/ralf.c +++ b/libavcodec/ralf.c @@ -300,8 +300,8 @@ static int decode_channel(RALFContext *ctx, GetBitContext *gb, int ch, t = get_vlc2(gb, code_vlc->table, code_vlc->bits, 2); code1 = t / range2; code2 = t % range2; - dst[i] = extend_code(gb, code1, range, 0) * (1 << add_bits); - dst[i + 1] = extend_code(gb, code2, range, 0) * (1 << add_bits); + dst[i] = extend_code(gb, code1, range, 0) * (1U << add_bits); + dst[i + 1] = extend_code(gb, code2, range, 0) * (1U << add_bits); if (add_bits) { dst[i] |= get_bits(gb, add_bits); dst[i + 1] |= get_bits(gb, add_bits); |