[FFmpeg-devel] [PATCH] avcodec/wavpack: Fix signed integer overflow: 1285114081 * 2 cannot be represented in type 'int'

Michael Niedermayer Thu, 04 May 2017 16:35:54 -0700

Fixes: 945/clusterfuzz-testcase-6037937588273152
Fixes: integer overflow

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <[email protected]>
---
 libavcodec/wavpack.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index bc4402f638..d2ba97ee2c 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -240,7 +240,7 @@ static int wv_get_value(WavpackFrameContext *ctx, 
GetBitContext *gb,
         if (get_bits_left(gb) <= 0)
             goto error;
     } else {
-        int mid = (base * 2 + add + 1) >> 1;
+        int mid = (base * 2U + add + 1) >> 1;
         while (add > c->error_limit) {
             if (get_bits_left(gb) <= 0)
                 goto error;
@@ -249,7 +249,7 @@ static int wv_get_value(WavpackFrameContext *ctx, 
GetBitContext *gb,
                 base = mid;
             } else
                 add = mid - base - 1;
-            mid = (base * 2 + add + 1) >> 1;
+            mid = (base * 2U + add + 1) >> 1;
         }
         ret = mid;
     }
-- 
2.11.0

_______________________________________________
ffmpeg-devel mailing list
[email protected]
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH] avcodec/wavpack: Fix signed integer overflow: 1285114081 * 2 cannot be represented in type 'int'

Reply via email to