[FFmpeg-devel] [PATCH 04/11] avcodec/lsp: Fix undefined shifts in lsp2poly()
Michael Niedermayer
michael at niedermayer.cc
Fri Sep 27 20:23:43 EEST 2019
Fixes: left shift of negative value -30635
Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/lsp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/lsp.c b/libavcodec/lsp.c
index 9aba020ebb..fb4da47894 100644
--- a/libavcodec/lsp.c
+++ b/libavcodec/lsp.c
@@ -108,7 +108,7 @@ static void lsp2poly(int* f, const int16_t* lsp, int lp_half_order)
int i, j;
f[0] = 0x400000; // 1.0 in (3.22)
- f[1] = -lsp[0] << 8; // *2 and (0.15) -> (3.22)
+ f[1] = -lsp[0] * 256; // *2 and (0.15) -> (3.22)
for(i=2; i<=lp_half_order; i++)
{
@@ -116,7 +116,7 @@ static void lsp2poly(int* f, const int16_t* lsp, int lp_half_order)
for(j=i; j>1; j--)
f[j] -= MULL(f[j-1], lsp[2*i-2], FRAC_BITS) - f[j-2];
- f[1] -= lsp[2*i-2] << 8;
+ f[1] -= lsp[2*i-2] * 256;
}
}
--
2.23.0
More information about the ffmpeg-devel
mailing list