summaryrefslogtreecommitdiff
path: root/libavcodec/apedec.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2019-11-14 16:38:36 +0100
committerMichael Niedermayer <michael@niedermayer.cc>2019-12-10 16:09:14 +0100
commit6e15ba2d1f688c61759001839811b11903de9ce0 (patch)
treec384aba77aa3d93173ec7f495e207cfdef72c31c /libavcodec/apedec.c
parenta9cbd25d89dbdf72f7b616fdf672d7da36143cfe (diff)
avcodec/apedec: Fix 2 integer overflows
Fixes: signed integer overflow: 2119056926 - -134217728 cannot be represented in type 'int' Fixes: 18728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5747539563511808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/apedec.c')
-rw-r--r--libavcodec/apedec.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 2b5bd759f5..f87131ab4f 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -1234,7 +1234,7 @@ static void predictor_decode_mono_3950(APEContext *ctx, int count)
p->buf = p->historybuffer;
}
- p->filterA[0] = currentA + ((int)(p->filterA[0] * 31U) >> 5);
+ p->filterA[0] = currentA + (unsigned)((int)(p->filterA[0] * 31U) >> 5);
*(decoded0++) = p->filterA[0];
}
@@ -1302,7 +1302,7 @@ static void do_apply_filter(APEContext *ctx, int version, APEFilter *f,
else
*f->adaptcoeffs = 0;
- f->avg += (absres - f->avg) / 16;
+ f->avg += (int)(absres - (unsigned)f->avg) / 16;
f->adaptcoeffs[-1] >>= 1;
f->adaptcoeffs[-2] >>= 1;
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-09 02:53:19 +0000