From 1d0d5d323e935c2350aa11dfee95c9828203a1a2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 6 May 2017 19:07:59 +0200 Subject: [PATCH] avcodec/mss3: Change types in rac_get_model_sym() to match the types they are initialized from Fixes integer overflow Fixes: 1372/clusterfuzz-testcase-minimized-5712192982745088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 2ef0f392711445e173a56b2c073dedb021ae3783) Signed-off-by: Michael Niedermayer --- libavcodec/mss3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/mss3.c b/libavcodec/mss3.c index 075685b902..3b97320c6a 100644 --- a/libavcodec/mss3.c +++ b/libavcodec/mss3.c @@ -356,8 +356,9 @@ static int rac_get_model2_sym(RangeCoder *c, Model2 *m) static int rac_get_model_sym(RangeCoder *c, Model *m) { - int prob, prob2, helper, val; + int val; int end, end2; + unsigned prob, prob2, helper; prob = 0; prob2 = c->range;