aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2017-09-18 17:26:09 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2017-09-24 02:41:18 +0200
commitb9f0979e16c02a60a9482b1c330220e89fd9cd8b (patch)
tree725af3fc606728c51512c9163af6445226708251 /libavcodec
parentbfb7744aaffa551093d2e39ff9f08b6b95e05006 (diff)
downloadffmpeg-b9f0979e16c02a60a9482b1c330220e89fd9cd8b.tar.gz
avcodec/ffv1dec: Fix integer overflow in read_quant_table()
Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 3361/clusterfuzz-testcase-minimized-5065842955911168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d00fc952b6c261dd8eb0f7552b9ccf985dbc2b20) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec')
-rw-r--r--libavcodec/ffv1dec.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 3ddef24556..c532eb227c 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -483,7 +483,7 @@ static int read_quant_table(RangeCoder *c, int16_t *quant_table, int scale)
memset(state, 128, sizeof(state));
for (v = 0; i < 128; v++) {
- unsigned len = get_symbol(c, state, 0) + 1;
+ unsigned len = get_symbol(c, state, 0) + 1U;
if (len > 128 - i || !len)
return AVERROR_INVALIDDATA;