RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2024-12-26 17:32:06 +00:00
Code Issues Projects Releases Wiki Activity

avcodec/mobiclip: Check quantizer for overflow

Browse Source 
Fixes: signed integer overflow: 127 + 2147483536 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6014034970804224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2022-09-10 23:58:36 +02:00
parent ac26712e35
commit 677e27a9af
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/mobiclip.c
View File

@ -330,7 +330,7 @@ static av_cold int mobiclip_init(AVCodecContext *avctx)
return 0; return 0;
} }
static int setup_qtables(AVCodecContext *avctx, int quantizer) static int setup_qtables(AVCodecContext *avctx, int64_t quantizer)
{ {
MobiClipContext *s = avctx->priv_data; MobiClipContext *s = avctx->priv_data;
int qx, qy; int qx, qy;
@ -1256,7 +1256,7 @@ static int mobiclip_decode(AVCodecContext *avctx, AVFrame *rframe,
frame->key_frame = 0; frame->key_frame = 0;
s->dct_tab_idx = 0; s->dct_tab_idx = 0;
ret = setup_qtables(avctx, s->quantizer + get_se_golomb(gb)); ret = setup_qtables(avctx, s->quantizer + (int64_t)get_se_golomb(gb));
if (ret < 0) if (ret < 0)
return ret; return ret;