From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 1D8AB45ED7
	for <ffmpegdev@gitmailbox.com>; Mon, 17 Apr 2023 11:43:10 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7326B68AF6C;
	Mon, 17 Apr 2023 14:43:07 +0300 (EEST)
Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net
 [217.70.183.198])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 69E11689C15
 for <ffmpeg-devel@ffmpeg.org>; Mon, 17 Apr 2023 14:43:01 +0300 (EEST)
Received: (Authenticated sender: michael@niedermayer.cc)
 by mail.gandi.net (Postfix) with ESMTPSA id B475CC0003
 for <ffmpeg-devel@ffmpeg.org>; Mon, 17 Apr 2023 11:43:00 +0000 (UTC)
Date: Mon, 17 Apr 2023 13:42:59 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20230417114259.GK275832@pb2>
References: <20230416164830.15664-1-michael@niedermayer.cc>
 <CAPYw7P4XO2L0gijrUjTHPSDiJgAicuEmcJ6Np3XtLGxcchedCw@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CAPYw7P4XO2L0gijrUjTHPSDiJgAicuEmcJ6Np3XtLGxcchedCw@mail.gmail.com>
Subject: Re: [FFmpeg-devel] [PATCH 01/11] avcodec/adpcm: Fix integer
 overflow in intermediate in ADPCM_XMD
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============7684185705009299866=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20230417114259.GK275832@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============7684185705009299866==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="gBYU9MM4gf8jKg2V"
Content-Disposition: inline


--gBYU9MM4gf8jKg2V
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Apr 17, 2023 at 09:27:03AM +0200, Paul B Mahol wrote:
> On Sun, Apr 16, 2023 at 6:48=E2=80=AFPM Michael Niedermayer <michael@nied=
ermayer.cc>
> wrote:
>=20
> > Fixes: runtime error: signed integer overflow: 2140143616 + 254665816
> > cannot be represented in type 'int'
> > Fixes:
> > 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XMD_fuzze=
r-6690181676924928
> >
> > As a sideeffect this simplifies the equation, the high bits are differe=
nt
> > after this but only
> > the low 16bits are stored and used in later steps.
> > The change is untested as there are no fate testcases, no sample files =
on
> > the server, no links on
> > the mailing list and no reports on trac referencing this format that i
> > could find.
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by
> > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-o=
ff-by>:
> > Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/adpcm.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c
> > index 451696932d1..d8f334cf5a0 100644
> > --- a/libavcodec/adpcm.c
> > +++ b/libavcodec/adpcm.c
> > @@ -1579,11 +1579,11 @@ static int adpcm_decode_frame(AVCodecContext
> > *avctx, AVFrame *frame,
> >                      nibble[0] =3D sign_extend(byte & 15, 4);
> >                      nibble[1] =3D sign_extend(byte >> 4, 4);
> >
> > -                    out[2+n*2] =3D (nibble[0]*(scale<<14) +
> > (history[0]*29336) - (history[1]*13136)) >> 14;
> > +                    out[2+n*2  ] =3D nibble[0]*scale + ((history[0]*36=
67 -
> > history[1]*1642) >> 11);
> >
>=20
> Please commit this with no extra spaces added.

ok


>=20
> Here is sample: https://0x0.st/H8Le.xmd

thanks alot, i will test with this before applying


[...]
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If the United States is serious about tackling the national security threat=
s=20
related to an insecure 5G network, it needs to rethink the extent to which =
it
values corporate profits and government espionage over security.-Bruce Schn=
eier

--gBYU9MM4gf8jKg2V
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZD0wwwAKCRBhHseHBAsP
q+QqAKCTal0kTaT9aMVfC0wjouOLncSCpACaAwnWePTt+Vd67dr/m33iFZD9Fko=
=9Wf2
-----END PGP SIGNATURE-----

--gBYU9MM4gf8jKg2V--

--===============7684185705009299866==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============7684185705009299866==--