[FFmpeg-devel] [PATCH 1/4] avcodec/ac3dec_fixed: Fix several invalid left shifts in scale_coefs()
Michael Niedermayer
michael at niedermayer.cc
Sun Feb 2 02:16:36 EET 2020
Fixes: left shift of negative value -14336
Fixes: 20298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-5675484201615360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/ac3dec_fixed.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/libavcodec/ac3dec_fixed.c b/libavcodec/ac3dec_fixed.c
index bd66175d50..1e1edc8964 100644
--- a/libavcodec/ac3dec_fixed.c
+++ b/libavcodec/ac3dec_fixed.c
@@ -107,29 +107,30 @@ static void scale_coefs (
}
} else {
shift = -shift;
+ mul <<= shift;
for (i=0; i<len; i+=8) {
temp = src[i] * mul;
temp1 = src[i+1] * mul;
temp2 = src[i+2] * mul;
- dst[i] = temp << shift;
+ dst[i] = temp;
temp3 = src[i+3] * mul;
- dst[i+1] = temp1 << shift;
+ dst[i+1] = temp1;
temp4 = src[i + 4] * mul;
- dst[i+2] = temp2 << shift;
+ dst[i+2] = temp2;
temp5 = src[i+5] * mul;
- dst[i+3] = temp3 << shift;
+ dst[i+3] = temp3;
temp6 = src[i+6] * mul;
- dst[i+4] = temp4 << shift;
+ dst[i+4] = temp4;
temp7 = src[i+7] * mul;
- dst[i+5] = temp5 << shift;
- dst[i+6] = temp6 << shift;
- dst[i+7] = temp7 << shift;
+ dst[i+5] = temp5;
+ dst[i+6] = temp6;
+ dst[i+7] = temp7;
}
}
--
2.17.1
More information about the ffmpeg-devel
mailing list