avcodec/wavarc: avoid signed integer overflow in AC code

Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-659847401740697
Fixes: signed integer overflow: 65312 * 34078 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1eb8cbd09c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2024-03-26 03:14:08 +01:00
parent 9062d89849
commit e709315488
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 3 additions and 3 deletions

View File

@ -414,7 +414,7 @@ static int ac_init(AVCodecContext *avctx,
static uint16_t ac_get_prob(WavArcContext *s)
{
return ((s->freq_range - 1) + (s->ac_value - s->ac_low) * s->freq_range) /
return ((s->freq_range - 1) + (s->ac_value - s->ac_low) * (unsigned)s->freq_range) /
((s->ac_high - s->ac_low) + 1U);
}
@ -439,8 +439,8 @@ static int ac_normalize(AVCodecContext *avctx, WavArcContext *s, GetBitContext *
goto fail;
range = (s->ac_high - s->ac_low) + 1;
s->ac_high = (range * s->range_high) / s->freq_range + s->ac_low - 1;
s->ac_low += (range * s->range_low) / s->freq_range;
s->ac_high = (range * (unsigned)s->range_high) / s->freq_range + s->ac_low - 1;
s->ac_low += (range * (unsigned)s->range_low) / s->freq_range;
if (s->ac_high < s->ac_low)
goto fail;