[FFmpeg-cvslog] avcodec/diracdsp: Fix integer anomaly in dequant_subband_*

Michael Niedermayer git at videolan.org
Sat Sep 19 02:17:16 EEST 2020


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sat Jul 18 14:30:19 2020 +0200| [ca3c6c981aa5b0af8a5576020b79fdd3cdf9ae9e] | committer: Michael Niedermayer

avcodec/diracdsp: Fix integer anomaly in dequant_subband_*

Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 23760/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-604209011412172

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca3c6c981aa5b0af8a5576020b79fdd3cdf9ae9e
---

 libavcodec/diracdsp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/diracdsp.c b/libavcodec/diracdsp.c
index 2dd56f83f3..4e08d3817e 100644
--- a/libavcodec/diracdsp.c
+++ b/libavcodec/diracdsp.c
@@ -198,9 +198,9 @@ static void dequant_subband_ ## PX ## _c(uint8_t *src, uint8_t *dst, ptrdiff_t s
         PX c, sign, *src_r = (PX *)src, *dst_r = (PX *)dst;                                \
         for (i = 0; i < tot_h; i++) {                                                      \
             c = *src_r++;                                                                  \
-            sign = FFSIGN(c)*(!!c);                                                        \
-            c = (FFABS(c)*(unsigned)qf + qs) >> 2;                                                   \
-            *dst_r++ = c*sign;                                                             \
+            if     (c < 0) c = -((-(unsigned)c*qf + qs) >> 2);                             \
+            else if(c > 0) c =  (( (unsigned)c*qf + qs) >> 2);                             \
+            *dst_r++ = c;                                                                  \
         }                                                                                  \
         src += tot_h << (sizeof(PX) >> 1);                                                 \
         dst += stride;                                                                     \



More information about the ffmpeg-cvslog mailing list