diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2023-04-09 14:48:37 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2023-04-14 17:56:44 +0200 |
commit | 0ecda4fbce8e77152e9b450c4efa8c1b81c8982e (patch) | |
tree | a571b873cc711bd75c2a2d5bde9bdd45ece2eaa8 /libavcodec/rka.c | |
parent | 80ac1fd1483a4b3c92a6e59d24cb050dfecb90df (diff) | |
download | ffmpeg-0ecda4fbce8e77152e9b450c4efa8c1b81c8982e.tar.gz |
avcodec/rka: Fix signed integer overflow in decode_filter()
Fixes: signed integer overflow: -631553 * 32768 cannot be represented in type 'int'
Fixes: 57814/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-4614661233573888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/rka.c')
-rw-r--r-- | libavcodec/rka.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/rka.c b/libavcodec/rka.c index 2212e3f930..3e86d83819 100644 --- a/libavcodec/rka.c +++ b/libavcodec/rka.c @@ -737,7 +737,7 @@ static int decode_filter(RKAContext *s, ChContext *ctx, ACoder *ac, int off, uns } ctx->buf0[off] = ctx->buf1[off] + ctx->buf0[off + -1]; } else { - val *= 1 << ctx->cmode; + val *= 1U << ctx->cmode; sum += ctx->buf0[off + -1] + val; switch (s->bps) { case 16: sum = av_clip_int16(sum); break; |