[FFmpeg-cvslog] avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()

Michael Niedermayer git at videolan.org
Tue Dec 6 01:27:32 EET 2016


ffmpeg | branch: release/3.2 | Michael Niedermayer <michael at niedermayer.cc> | Sat Dec  3 17:05:43 2016 +0100| [a772aaf5dc76605666404acc80ddd4fae17ca9f6] | committer: Michael Niedermayer

avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()

Fixes undefined behavior
Fixes: 640912-media

Found-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 83a75bf6c31b3c0ce2ca7e1426d1f2e3df634239)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a772aaf5dc76605666404acc80ddd4fae17ca9f6
---

 libavcodec/flacdec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/flacdec.c b/libavcodec/flacdec.c
index b7237e1..5f5802c 100644
--- a/libavcodec/flacdec.c
+++ b/libavcodec/flacdec.c
@@ -268,7 +268,8 @@ static int decode_subframe_fixed(FLACContext *s, int32_t *decoded,
                                  int pred_order, int bps)
 {
     const int blocksize = s->blocksize;
-    int av_uninit(a), av_uninit(b), av_uninit(c), av_uninit(d), i;
+    unsigned av_uninit(a), av_uninit(b), av_uninit(c), av_uninit(d);
+    int i;
     int ret;
 
     /* warm up samples */



More information about the ffmpeg-cvslog mailing list