[FFmpeg-devel] [PATCH 4/5] avcodec/eac3dec: Fix runtime error: left shift of negative value -3

Sun Feb 26 22:33:36 EET 2017

On Sat, 25 Feb 2017 at 20:08 Michael Niedermayer <michael at niedermayer.cc>
wrote:

> Fixes: 672/clusterfuzz-testcase-5595018867769344
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/targets/ffmpegSigned-off-by>:
> Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavcodec/eac3dec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/eac3dec.c b/libavcodec/eac3dec.c
> index be2350237e..c971879b2d 100644
> --- a/libavcodec/eac3dec.c
> +++ b/libavcodec/eac3dec.c
> @@ -280,7 +280,7 @@ static void
> ff_eac3_decode_transform_coeffs_aht_ch(AC3DecodeContext *s, int ch)
>                      mant +=
> ((ff_eac3_gaq_remap_2_4_a[hebap-8][log_gain-1] * (int64_t)mant) >> 15) + b;
>                  } else {
>                      /* small mantissa, no GAQ, or Gk=1 */
> -                    mant <<= 24 - bits;
> +                    mant *= (1 << 24 - bits);
>
>
How is this possible?  ff_eac3_bits_vs_hebap doesn't have a value that
causes this.

Kieran