[FFmpeg-cvslog] avcodec/simple_idct: Fix runtime error: left shift of negative value -6395

Tue Feb 21 16:32:13 EET 2017

ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Tue Feb 21 03:14:49 2017 +0100| [28dc6e729137ba7927f46ba15c337417b8708fe8] | committer: Michael Niedermayer

avcodec/simple_idct: Fix runtime error: left shift of negative value -6395

Fixes: 633/clusterfuzz-testcase-4553133554401280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=28dc6e729137ba7927f46ba15c337417b8708fe8
---

 libavcodec/simple_idct.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/simple_idct.c b/libavcodec/simple_idct.c
index 0711e16..65b2911 100644
--- a/libavcodec/simple_idct.c
+++ b/libavcodec/simple_idct.c
@@ -66,8 +66,8 @@ static inline void idct4col_put(uint8_t *dest, int line_size, const int16_t *col
     a1 = col[8*2];
     a2 = col[8*4];
     a3 = col[8*6];
-    c0 = ((a0 + a2) << (CN_SHIFT - 1)) + (1 << (C_SHIFT - 1));
-    c2 = ((a0 - a2) << (CN_SHIFT - 1)) + (1 << (C_SHIFT - 1));
+    c0 = ((a0 + a2) * (1 << CN_SHIFT - 1)) + (1 << (C_SHIFT - 1));
+    c2 = ((a0 - a2) * (1 << CN_SHIFT - 1)) + (1 << (C_SHIFT - 1));
     c1 = a1 * C1 + a3 * C2;
     c3 = a1 * C2 - a3 * C1;
     dest[0] = av_clip_uint8((c0 + c1) >> C_SHIFT);

