diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2022-11-16 14:11:51 +0100 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2022-11-28 21:20:56 +0100 |
commit | 8f975641d7e853bd8e407974db5fba998e6eb5f4 (patch) | |
tree | b49fa131ba0106e2cc184285012e4858056d94f6 /libavcodec | |
parent | 88f0e05c72f0de0cae3d9f0c5644f1965632b641 (diff) | |
download | ffmpeg-8f975641d7e853bd8e407974db5fba998e6eb5f4.tar.gz |
avcodec/bonk: Use unsigned in predictor_init_state() to avoid undefined behavior
Fixes: signed integer overflow: -5010 * -717450 cannot be represented in type 'int'
Fixes: 53370/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-4945644204195840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec')
-rw-r--r-- | libavcodec/bonk.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c index 4793bf2561..182b5ef459 100644 --- a/libavcodec/bonk.c +++ b/libavcodec/bonk.c @@ -280,10 +280,10 @@ static int predictor_calc_error(int *k, int *state, int order, int error) return x; } -static void predictor_init_state(int *k, int *state, int order) +static void predictor_init_state(int *k, unsigned *state, int order) { for (int i = order - 2; i >= 0; i--) { - int x = state[i]; + unsigned x = state[i]; for (int j = 0, p = i + 1; p < order; j++, p++) { int tmp = x + shift_down(k[j] * state[p], LATTICE_SHIFT); |