PR #22242 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22242 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22242.patch
Fixes: signed integer overflow: 2147483640 + 32 cannot be represented in type 'int' Fixes: 473569764/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_DEC_fuzzer-5377306970619904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From b7d96eb662d9c2b455d7b625f9c7830689820787 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Sat, 21 Feb 2026 01:42:31 +0100 Subject: [PATCH] avcodec/jpeg2000dec: fix integer overflow in dequantization_int_97() Fixes: signed integer overflow: 2147483640 + 32 cannot be represented in type 'int' Fixes: 473569764/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_DEC_fuzzer-5377306970619904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/jpeg2000dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 017be6f025..99c9bf7125 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -2201,7 +2201,7 @@ static void dequantization_int_97(int x, int y, Jpeg2000Cblk *cblk, if (val < 0) // Convert sign-magnitude to two's complement val = -(val & INT32_MAX); // Shifting down to prevent overflow in dequantization - val = (val + (1 << (PRESCALE - 1))) >> PRESCALE; + val = (val + (1LL << (PRESCALE - 1))) >> PRESCALE; datap[i] = RSHIFT(val * (int64_t)band->i_stepsize, 16); } } -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
