aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2022-11-16 14:11:51 +0100
committerMichael Niedermayer <michael@niedermayer.cc>2022-11-28 21:20:56 +0100
commit8f975641d7e853bd8e407974db5fba998e6eb5f4 (patch)
treeb49fa131ba0106e2cc184285012e4858056d94f6 /libavcodec
parent88f0e05c72f0de0cae3d9f0c5644f1965632b641 (diff)
downloadffmpeg-8f975641d7e853bd8e407974db5fba998e6eb5f4.tar.gz
avcodec/bonk: Use unsigned in predictor_init_state() to avoid undefined behavior
Fixes: signed integer overflow: -5010 * -717450 cannot be represented in type 'int' Fixes: 53370/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-4945644204195840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec')
-rw-r--r--libavcodec/bonk.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
index 4793bf2561..182b5ef459 100644
--- a/libavcodec/bonk.c
+++ b/libavcodec/bonk.c
@@ -280,10 +280,10 @@ static int predictor_calc_error(int *k, int *state, int order, int error)
return x;
}
-static void predictor_init_state(int *k, int *state, int order)
+static void predictor_init_state(int *k, unsigned *state, int order)
{
for (int i = order - 2; i >= 0; i--) {
- int x = state[i];
+ unsigned x = state[i];
for (int j = 0, p = i + 1; p < order; j++, p++) {
int tmp = x + shift_down(k[j] * state[p], LATTICE_SHIFT);