Fixes: 945/clusterfuzz-testcase-6037937588273152
Fixes: integer overflow
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavcodec/wavpack.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index bc4402f638..d2ba97ee2c 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -240,7 +240,7 @@ static int wv_get_value(WavpackFrameContext *ctx,
GetBitContext *gb,
if (get_bits_left(gb) <= 0)
goto error;
} else {
- int mid = (base * 2 + add + 1) >> 1;
+ int mid = (base * 2U + add + 1) >> 1;
while (add > c->error_limit) {
if (get_bits_left(gb) <= 0)
goto error;
@@ -249,7 +249,7 @@ static int wv_get_value(WavpackFrameContext *ctx,
GetBitContext *gb,
base = mid;
} else
add = mid - base - 1;
- mid = (base * 2 + add + 1) >> 1;
+ mid = (base * 2U + add + 1) >> 1;
}
ret = mid;
}
--
2.11.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
