[FFmpeg-cvslog] avcodec/truemotion1: Fix multiple runtime error: left shift of negative value -1
Michael Niedermayer
git at videolan.org
Wed May 10 22:34:18 EEST 2017
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed May 10 19:09:31 2017 +0200| [db5fae32294763677caa4c1417dcba704c7e764e] | committer: Michael Niedermayer
avcodec/truemotion1: Fix multiple runtime error: left shift of negative value -1
Fixes: 1446/clusterfuzz-testcase-minimized-5577409124368384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=db5fae32294763677caa4c1417dcba704c7e764e
---
libavcodec/truemotion1.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/libavcodec/truemotion1.c b/libavcodec/truemotion1.c
index c2022fb8d8..57694cb892 100644
--- a/libavcodec/truemotion1.c
+++ b/libavcodec/truemotion1.c
@@ -177,10 +177,10 @@ static int make_ydt15_entry(int p1, int p2, int16_t *ydt)
int lo, hi;
lo = ydt[p1];
- lo += (lo << 5) + (lo << 10);
+ lo += (lo * 32) + (lo * 1024);
hi = ydt[p2];
- hi += (hi << 5) + (hi << 10);
- return (lo + (hi << 16)) << 1;
+ hi += (hi * 32) + (hi * 1024);
+ return (lo + (hi * (1 << 16))) * 2;
}
static int make_cdt15_entry(int p1, int p2, int16_t *cdt)
@@ -188,9 +188,9 @@ static int make_cdt15_entry(int p1, int p2, int16_t *cdt)
int r, b, lo;
b = cdt[p2];
- r = cdt[p1] << 10;
+ r = cdt[p1] * 1024;
lo = b + r;
- return (lo + (lo << 16)) << 1;
+ return (lo + (lo * (1 << 16))) * 2;
}
#if HAVE_BIGENDIAN
More information about the ffmpeg-cvslog
mailing list