Commit 876cfa67 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/utvideodec: Fix integer overflow in decode_plane()

Fixes: signed integer overflow: 2147483594 + 142 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-5658568101724160

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent 86278851
...@@ -317,7 +317,7 @@ static int decode_plane(UtvideoContext *c, int plane_no, ...@@ -317,7 +317,7 @@ static int decode_plane(UtvideoContext *c, int plane_no,
for (i = 0; i < width; i++) { for (i = 0; i < width; i++) {
pix = fsym; pix = fsym;
if (use_pred) { if (use_pred) {
prev += pix; prev += (unsigned)pix;
pix = prev; pix = prev;
} }
dest[i] = pix; dest[i] = pix;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment