diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2019-11-14 16:38:36 +0100 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2019-12-10 16:09:14 +0100 |
commit | 6e15ba2d1f688c61759001839811b11903de9ce0 (patch) | |
tree | c384aba77aa3d93173ec7f495e207cfdef72c31c /libavcodec | |
parent | a9cbd25d89dbdf72f7b616fdf672d7da36143cfe (diff) |
avcodec/apedec: Fix 2 integer overflows
Fixes: signed integer overflow: 2119056926 - -134217728 cannot be represented in type 'int'
Fixes: 18728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5747539563511808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec')
-rw-r--r-- | libavcodec/apedec.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 2b5bd759f5..f87131ab4f 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -1234,7 +1234,7 @@ static void predictor_decode_mono_3950(APEContext *ctx, int count) p->buf = p->historybuffer; } - p->filterA[0] = currentA + ((int)(p->filterA[0] * 31U) >> 5); + p->filterA[0] = currentA + (unsigned)((int)(p->filterA[0] * 31U) >> 5); *(decoded0++) = p->filterA[0]; } @@ -1302,7 +1302,7 @@ static void do_apply_filter(APEContext *ctx, int version, APEFilter *f, else *f->adaptcoeffs = 0; - f->avg += (absres - f->avg) / 16; + f->avg += (int)(absres - (unsigned)f->avg) / 16; f->adaptcoeffs[-1] >>= 1; f->adaptcoeffs[-2] >>= 1; |