[FFmpeg-devel] [PATCH 10/11] avcodec/aptx: Fix multiple shift anomalies

Paul B Mahol onemda at gmail.com
Mon Sep 30 11:45:42 EEST 2019 

probably ok

On 9/27/19, Michael Niedermayer <michael at niedermayer.cc> wrote:
> Fixes: left shift of negative value -24576
> Fixes:
> 17719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APTX_fuzzer-5710508002377728
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavcodec/aptx.c | 16 ++++++++--------
>  1 file changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/libavcodec/aptx.c b/libavcodec/aptx.c
> index 8750d8421f..e3fb064a6d 100644
> --- a/libavcodec/aptx.c
> +++ b/libavcodec/aptx.c
> @@ -480,7 +480,7 @@ static void aptx_update_codeword_history(Channel
> *channel)
>      int32_t cw = ((channel->quantize[0].quantized_sample & 3) << 0) +
>                   ((channel->quantize[1].quantized_sample & 2) << 1) +
>                   ((channel->quantize[2].quantized_sample & 1) << 3);
> -    channel->codeword_history = (cw << 8) + (channel->codeword_history <<
> 4);
> +    channel->codeword_history = (cw << 8) +
> ((unsigned)channel->codeword_history << 4);
>  }
>
>  static void aptx_generate_dither(Channel *channel)
> @@ -492,9 +492,9 @@ static void aptx_generate_dither(Channel *channel)
>      aptx_update_codeword_history(channel);
>
>      m = (int64_t)5184443 * (channel->codeword_history >> 7);
> -    d = (m << 2) + (m >> 22);
> +    d = (m * 4) + (m >> 22);
>      for (subband = 0; subband < NB_SUBBANDS; subband++)
> -        channel->dither[subband] = d << (23 - 5*subband);
> +        channel->dither[subband] = (unsigned)d << (23 - 5*subband);
>      channel->dither_parity = (d >> 25) & 1;
>  }
>
> @@ -759,12 +759,12 @@ static void aptx_invert_quantization(InvertQuantize
> *invert_quantize,
>      if (quantized_sample < 0)
>          qr = -qr;
>
> -    qr = rshift64_clip24(((int64_t)qr<<32) + MUL64(dither,
> tables->invert_quantize_dither_factors[idx]), 32);
> +    qr = rshift64_clip24((qr * (1LL<<32)) + MUL64(dither,
> tables->invert_quantize_dither_factors[idx]), 32);
>      invert_quantize->reconstructed_difference =
> MUL64(invert_quantize->quantization_factor, qr) >> 19;
>
>      /* update factor_select */
>      factor_select = 32620 * invert_quantize->factor_select;
> -    factor_select = rshift32(factor_select +
> (tables->quantize_factor_select_offset[idx] << 15), 15);
> +    factor_select = rshift32(factor_select +
> (tables->quantize_factor_select_offset[idx] * (1 << 15)), 15);
>      invert_quantize->factor_select = av_clip(factor_select, 0,
> tables->factor_max);
>
>      /* update quantization factor */
> @@ -801,7 +801,7 @@ static void aptx_prediction_filtering(Prediction
> *prediction,
>      prediction->previous_reconstructed_sample = reconstructed_sample;
>
>      reconstructed_differences =
> aptx_reconstructed_differences_update(prediction, reconstructed_difference,
> order);
> -    srd0 = FFDIFFSIGN(reconstructed_difference, 0) << 23;
> +    srd0 = FFDIFFSIGN(reconstructed_difference, 0) * (1 << 23);
>      for (i = 0; i < order; i++) {
>          int32_t srd = FF_SIGNBIT(reconstructed_differences[-i-1]) | 1;
>          prediction->d_weight[i] -= rshift32(prediction->d_weight[i] -
> srd*srd0, 8);
> @@ -830,7 +830,7 @@ static void aptx_process_subband(InvertQuantize
> *invert_quantize,
>
>      range = 0x100000;
>      sw1 = rshift32(-same_sign[1] * prediction->s_weight[1], 1);
> -    sw1 = (av_clip(sw1, -range, range) & ~0xF) << 4;
> +    sw1 = (av_clip(sw1, -range, range) & ~0xF) * 16;
>
>      range = 0x300000;
>      weight[0] = 254 * prediction->s_weight[0] + 0x800000*same_sign[0] +
> sw1;
> @@ -1044,7 +1044,7 @@ static int aptx_decode_frame(AVCodecContext *avctx,
> void *data,
>          for (channel = 0; channel < NB_CHANNELS; channel++)
>              for (sample = 0; sample < 4; sample++)
>                  AV_WN32A(&frame->data[channel][4*(opos+sample)],
> -                         samples[channel][sample] << 8);
> +                         samples[channel][sample] * 256);
>      }
>
>      *got_frame_ptr = 1;
> --
> 2.23.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".

More information about the ffmpeg-devel mailing list