Commit 6e0b5d3a authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/dxv: Correct integer overflow in get_opcodes()

Fixes: 13099/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5665598896340992
Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent f94b4f16
......@@ -426,7 +426,8 @@ static int fill_optable(unsigned *table0, OpcodeTable *table1, int nb_elements)
static int get_opcodes(GetByteContext *gb, uint32_t *table, uint8_t *dst, int op_size, int nb_elements)
{
OpcodeTable optable[1024];
int sum, x, val, lshift, rshift, ret, size_in_bits, i, idx;
int sum, x, val, lshift, rshift, ret, i, idx;
int64_t size_in_bits;
unsigned endoffset, newoffset, offset;
unsigned next;
uint8_t *src = (uint8_t *)gb->buffer;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment