Commit d5f30cba authored by Tristan Matthews's avatar Tristan Matthews

speexdec_fuzzer: avoid integer overflow

Fixes ubsan error:
"runtime error: signed integer overflow: 51200 - -9223372036854767360 cannot be represented in type 'long'"

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/speex
parent 58ac1d4f
......@@ -237,7 +237,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *fuzz_data, size_t fuzz_size
/* FIXME: shift the granule values if --force-* is specified */
int64_t a = page_nb_packets*granule_frame_size*(int64_t)nframes;
int64_t b = page_granule - last_granule;
if (b > a || (a - b) > INT64_MAX/640)
if (b > a || (INT64_MAX/640 - a < -b) || (a - b) > INT64_MAX/640)
{
cleanup(st, &bits, stream_init, &os, &oy);
return 0;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment