mirror of https://git.ffmpeg.org/ffmpeg.git
avcodec/bonk: Use unsigned in predictor_calc_error() to avoid undefined overflows
Fixes: signed integer overflow: 22 * -2107998208 cannot be represented in type 'int' Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
024c5b4ab4
commit
f4df49eb48
|
@ -273,7 +273,7 @@ static int predictor_calc_error(int *k, int *state, int order, int error)
|
||||||
*state_ptr = &(state[order-2]);
|
*state_ptr = &(state[order-2]);
|
||||||
|
|
||||||
for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) {
|
for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) {
|
||||||
int k_value = *k_ptr, state_value = *state_ptr;
|
unsigned k_value = *k_ptr, state_value = *state_ptr;
|
||||||
|
|
||||||
x -= shift_down(k_value * state_value, LATTICE_SHIFT);
|
x -= shift_down(k_value * state_value, LATTICE_SHIFT);
|
||||||
state_ptr[1] = state_value + shift_down(k_value * x, LATTICE_SHIFT);
|
state_ptr[1] = state_value + shift_down(k_value * x, LATTICE_SHIFT);
|
||||||
|
|
Loading…
Reference in New Issue