From b1aecad9eae900b9c3054392994d150d5ae572c5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 22 Jan 2020 23:11:47 +0100 Subject: [PATCH] avcodec/dpcm: Fix integer overflow in AV_CODEC_ID_GREMLIN_DPCM Fixes: signed integer overflow: -2147479324 + -32568 cannot be represented in type 'int' Fixes: 20103/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GREMLIN_DPCM_fuzzer-5667667579240448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/dpcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/dpcm.c b/libavcodec/dpcm.c index 7d3934ee35..5958081b66 100644 --- a/libavcodec/dpcm.c +++ b/libavcodec/dpcm.c @@ -367,7 +367,7 @@ static int dpcm_decode_frame(AVCodecContext *avctx, void *data, while (output_samples < samples_end) { uint8_t n = bytestream2_get_byteu(&gb); - *output_samples++ = s->sample[idx] += s->array[n]; + *output_samples++ = s->sample[idx] += (unsigned)s->array[n]; idx ^= 1; } }