[FFmpeg-cvslog] avcodec/ttadsp: Fix integer overflows in tta_filter_process_c()

Wed, 13 Apr 2022 15:08:11 -0700 

ffmpeg | branch: release/3.4 | Michael Niedermayer <mich...@niedermayer.cc> | 
Fri Oct 15 00:04:59 2021 +0200| [a2c450db44ca0df462648059283a546de68b0533] | 
committer: Michael Niedermayer

avcodec/ttadsp: Fix integer overflows in tta_filter_process_c()

Fixes: signed integer overflow: 822841647 + 1647055738 cannot be represented in 
type 'int'
Fixes: 
39935/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-4592657142251520

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
(cherry picked from commit f24028c798397af720acb838357785aa705a8122)
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a2c450db44ca0df462648059283a546de68b0533
---

 libavcodec/ttadsp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/ttadsp.c b/libavcodec/ttadsp.c
index 1d1443aee0..99dd66a0c2 100644
--- a/libavcodec/ttadsp.c
+++ b/libavcodec/ttadsp.c
@@ -47,9 +47,9 @@ static void tta_filter_process_c(int32_t *qmi, int32_t *dx, 
int32_t *dl,
     *error = *in;
     *in += (round >> shift);
 
-    dl[4] = -dl[5]; dl[5] = -dl[6];
-    dl[6] = *in - dl[7]; dl[7] = *in;
-    dl[5] += dl[6]; dl[4] += dl[5];
+    dl[4] = -(unsigned)dl[5]; dl[5] = -(unsigned)dl[6];
+    dl[6] = *in -(unsigned)dl[7]; dl[7] = *in;
+    dl[5] += (unsigned)dl[6]; dl[4] += (unsigned)dl[5];
 }
 
 av_cold void ff_ttadsp_init(TTADSPContext *c)

_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to