[FFmpeg-cvslog] avcodec/aacsbr_fixed: Fix multiple runtime error: left shift of negative value -407
Michael Niedermayer
git at videolan.org
Fri May 19 14:15:00 EEST 2017
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Fri May 19 12:14:59 2017 +0200| [2ccd2c9003c77aee8ffb5f4f43863e35bdf0e4b6] | committer: Michael Niedermayer
avcodec/aacsbr_fixed: Fix multiple runtime error: left shift of negative value -407
Fixes: 1674/clusterfuzz-testcase-minimized-6092531563495424
Fixes: 1686/clusterfuzz-testcase-minimized-6282691643179008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2ccd2c9003c77aee8ffb5f4f43863e35bdf0e4b6
---
libavcodec/aacdec_template.c | 4 ++--
libavcodec/aacsbr_fixed.c | 8 ++++----
libavcodec/sbrdsp_fixed.c | 4 ++--
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
index a3780c647e..4b98142536 100644
--- a/libavcodec/aacdec_template.c
+++ b/libavcodec/aacdec_template.c
@@ -2800,9 +2800,9 @@ static void spectral_to_sample(AACContext *ac, int samples)
int j;
/* preparation for resampler */
for(j = 0; j<samples; j++){
- che->ch[0].ret[j] = (int32_t)av_clip64((int64_t)che->ch[0].ret[j]<<7, INT32_MIN, INT32_MAX-0x8000)+0x8000;
+ che->ch[0].ret[j] = (int32_t)av_clip64((int64_t)che->ch[0].ret[j]*128, INT32_MIN, INT32_MAX-0x8000)+0x8000;
if(type == TYPE_CPE)
- che->ch[1].ret[j] = (int32_t)av_clip64((int64_t)che->ch[1].ret[j]<<7, INT32_MIN, INT32_MAX-0x8000)+0x8000;
+ che->ch[1].ret[j] = (int32_t)av_clip64((int64_t)che->ch[1].ret[j]*128, INT32_MIN, INT32_MAX-0x8000)+0x8000;
}
}
#endif /* USE_FIXED */
diff --git a/libavcodec/aacsbr_fixed.c b/libavcodec/aacsbr_fixed.c
index b26314a7eb..b15a963ebf 100644
--- a/libavcodec/aacsbr_fixed.c
+++ b/libavcodec/aacsbr_fixed.c
@@ -289,7 +289,7 @@ static void sbr_hf_inverse_filter(SBRDSPContext *dsp,
if (shift >= 3)
alpha0[k][0] = 0x7fffffff;
else {
- a00.mant <<= 1;
+ a00.mant *= 2;
shift = 2-shift;
if (shift == 0)
alpha0[k][0] = a00.mant;
@@ -303,7 +303,7 @@ static void sbr_hf_inverse_filter(SBRDSPContext *dsp,
if (shift >= 3)
alpha0[k][1] = 0x7fffffff;
else {
- a01.mant <<= 1;
+ a01.mant *= 2;
shift = 2-shift;
if (shift == 0)
alpha0[k][1] = a01.mant;
@@ -316,7 +316,7 @@ static void sbr_hf_inverse_filter(SBRDSPContext *dsp,
if (shift >= 3)
alpha1[k][0] = 0x7fffffff;
else {
- a10.mant <<= 1;
+ a10.mant *= 2;
shift = 2-shift;
if (shift == 0)
alpha1[k][0] = a10.mant;
@@ -330,7 +330,7 @@ static void sbr_hf_inverse_filter(SBRDSPContext *dsp,
if (shift >= 3)
alpha1[k][1] = 0x7fffffff;
else {
- a11.mant <<= 1;
+ a11.mant *= 2;
shift = 2-shift;
if (shift == 0)
alpha1[k][1] = a11.mant;
diff --git a/libavcodec/sbrdsp_fixed.c b/libavcodec/sbrdsp_fixed.c
index fb9aba4e8d..a018b4dd82 100644
--- a/libavcodec/sbrdsp_fixed.c
+++ b/libavcodec/sbrdsp_fixed.c
@@ -116,7 +116,7 @@ static av_always_inline SoftFloat autocorr_calc(int64_t accu)
} else {
nz = 0;
while (FFABS(i) < 0x40000000) {
- i <<= 1;
+ i *= 2;
nz++;
}
nz = 32-nz;
@@ -125,7 +125,7 @@ static av_always_inline SoftFloat autocorr_calc(int64_t accu)
round = 1U << (nz-1);
mant = (int)((accu + round) >> nz);
mant = (mant + 0x40)>>7;
- mant <<= 6;
+ mant *= 64;
expo = nz + 15;
return av_int2sf(mant, 30 - expo);
}
More information about the ffmpeg-cvslog
mailing list