From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 9EE3A444C7 for ; Wed, 11 Jan 2023 21:06:53 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A58CD68BD6E; Wed, 11 Jan 2023 23:06:52 +0200 (EET) Received: from mail-vs1-f53.google.com (mail-vs1-f53.google.com [209.85.217.53]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 82A2168BD6C for ; Wed, 11 Jan 2023 23:06:46 +0200 (EET) Received: by mail-vs1-f53.google.com with SMTP id p1so306716vsr.5 for ; Wed, 11 Jan 2023 13:06:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:references:in-reply-to:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=PQAIW1WB6RKzWRDr85iVrOtPAudgbyb7tCz5Qrz5VG4=; b=kolKF1LCuBrPqfyFG5h/nF1bcgVSepFtbYyoRHWOsk/cphU+XTeFQkXXJZe3dtw6wW afErH/wl3iEmr5WuC2sGJZLL+RLSS/Ixx1B6ZgkCvHuNujaYGeD/wUqtUcgkMLMK36ic hCNqkqdoH0z+agmYKXkz2exw+jDicgTV2sgIC+M3KhJx4fSWWkeN/XFe0hgc0fP0eyF3 K0vt4sGyC6qYjpP4mfwU7Cen4vzrFU+yzvwWbGspUgxzqGmyWQXjcjsgz+Zp8eB/LEq3 VfwHw/nTRgp+ASVbH90ZoQdkhUG1fALkBThoLPgfXiPtSVl4bGMgg7EMKjh4cRBhx93+ jvBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:references:in-reply-to:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=PQAIW1WB6RKzWRDr85iVrOtPAudgbyb7tCz5Qrz5VG4=; b=uViNcmkYZWBZ5+neHuYXWkpNjxWN4ni9K4rUBh6gveQSa7sJ5Y9mPDflpBmqSVxpc/ 83OisKggA//zosKMlVDwH3rIbe0z22KU43VEbuBzGSrdodp/weRIfwoxuIpSfFcsPj3l UwXbV01AgddQImFrhQtcoduF6mfrY49rNNE+7kA6IuZH9lUXrjfkGlljUOOXxdGY7H2b W0KLrWBCQr6YN02YIAg1f6r/ZDZpBDGw/DkVcJHrqEDqFkiHE2znxxZkkHbBK53kuYY/ Q7WouB1SDmePGCpZ6dhvvwzVz+K5UVEPOIVOH5Af30FsPMbxeW7QlXfzhihy3889pWuh 5xJA== X-Gm-Message-State: AFqh2kr8jdJZohpXZN596yod4LsuD7k7b6e5Z8uBUMWo3tS1k1y2Uz6n lne1XCux0CJRim/Z4eLTQlnMEEQkdhrOJBd+sHL+MQCV X-Google-Smtp-Source: AMrXdXsyJP9BX5DIppS5dw4oJ5W3X2imGoRKYbribMmmQHGu5ZS72ZiWeq2TtDxXLTvzh69RTvBE42f2f1TPBZQwVE8= X-Received: by 2002:a05:6102:14a9:b0:3cb:b9c:4a24 with SMTP id d41-20020a05610214a900b003cb0b9c4a24mr6516011vsv.57.1673471204905; Wed, 11 Jan 2023 13:06:44 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a05:612c:2428:b0:32a:5eaa:92e4 with HTTP; Wed, 11 Jan 2023 13:06:44 -0800 (PST) In-Reply-To: <20230111204221.22550-5-michael@niedermayer.cc> References: <20230111204221.22550-1-michael@niedermayer.cc> <20230111204221.22550-5-michael@niedermayer.cc> From: Paul B Mahol Date: Wed, 11 Jan 2023 22:06:44 +0100 Message-ID: To: FFmpeg development discussions and patches Subject: Re: [FFmpeg-devel] [PATCH 5/6] avcodec/bonk: Avoid undefined overflow in quant X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 1/11/23, Michael Niedermayer wrote: > Fixes: signed integer overflow: -2889074 * 2048 cannot be represented in > type 'int' > Fixes: > 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360 > Fixes: > 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-6617680050520064 > Fixes: > 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-6743951854141440 > > No check is done for the overflow as this was rejected in last review, see > the ML > > Note: the 2nd and 3rd testcase was assigned by ossfuzz to a unrelated theora > issue (48567) > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/bonk.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c > index 5d736b1563..9e176d5477 100644 > --- a/libavcodec/bonk.c > +++ b/libavcodec/bonk.c > @@ -356,7 +356,7 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame > *frame, > sample++; > } > > - sample[0] = predictor_calc_error(s->k, state, s->n_taps, > s->input_samples[i] * quant); > + sample[0] = predictor_calc_error(s->k, state, s->n_taps, > s->input_samples[i] * (unsigned)quant); > sample++; > } > > -- > 2.17.1 > LGTM > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".