Commit 7db954e9 authored by Tristan Matthews's avatar Tristan Matthews

speexdec_fuzzer: avoid integer overflow

Fixes ubsan error in fuzzer:
"runtime error: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'"

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/speex
parent 8d6eea3d
......@@ -232,7 +232,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *fuzz_data, size_t fuzz_size
ogg_stream_pagein(&os, &og);
page_granule = ogg_page_granulepos(&og);
page_nb_packets = ogg_page_packets(&og);
if (page_granule>0 && frame_size)
if (page_granule>0 && frame_size && (last_granule > 0 || INT64_MAX + last_granule > page_granule))
{
/* FIXME: shift the granule values if --force-* is specified */
int64_t a = page_nb_packets*granule_frame_size*(int64_t)nframes;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment