Message ID | 20170702022856.16195-1-michael@niedermayer.cc |
---|---|
State | Superseded |
Headers | show |
On Sun, 2 Jul 2017 04:28:54 +0200 Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 cannot be represented in type 'int' > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/aac_defines.h | 2 ++ > libavcodec/aacdec_template.c | 5 +++-- > 2 files changed, 5 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h > index 3c79a8a4a1..ee4c73a87d 100644 > --- a/libavcodec/aac_defines.h > +++ b/libavcodec/aac_defines.h > @@ -35,6 +35,7 @@ > #define AAC_RENAME(x) x ## _fixed > #define AAC_RENAME_32(x) x ## _fixed_32 > typedef int INTFLOAT; > +typedef unsigned SUINTFLOAT; > typedef int64_t INT64FLOAT; > typedef int16_t SHORTFLOAT; > typedef SoftFloat AAC_FLOAT; > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; > #define AAC_RENAME(x) x > #define AAC_RENAME_32(x) x > typedef float INTFLOAT; > +typedef float SUINTFLOAT; Not more of this damn shit. > typedef float INT64FLOAT; > typedef float SHORTFLOAT; > typedef float AAC_FLOAT; > diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c > index 4b98142536..add333e862 100644 > --- a/libavcodec/aacdec_template.c > +++ b/libavcodec/aacdec_template.c > @@ -2389,7 +2389,7 @@ static int decode_extension_payload(AACContext *ac, GetBitContext *gb, int cnt, > * @param decode 1 if tool is used normally, 0 if tool is used in LTP. > * @param coef spectral coefficients > */ > -static void apply_tns(INTFLOAT coef[1024], TemporalNoiseShaping *tns, > +static void apply_tns(INTFLOAT coef_param[1024], TemporalNoiseShaping *tns, > IndividualChannelStream *ics, int decode) > { > const int mmm = FFMIN(ics->tns_max_bands, ics->max_sfb); > @@ -2397,6 +2397,7 @@ static void apply_tns(INTFLOAT coef[1024], TemporalNoiseShaping *tns, > int bottom, top, order, start, end, size, inc; > INTFLOAT lpc[TNS_MAX_ORDER]; > INTFLOAT tmp[TNS_MAX_ORDER+1]; > + SUINTFLOAT *coef = coef_param; > > for (w = 0; w < ics->num_windows; w++) { > bottom = ics->num_swb; > @@ -2426,7 +2427,7 @@ static void apply_tns(INTFLOAT coef[1024], TemporalNoiseShaping *tns, > // ar filter > for (m = 0; m < size; m++, start += inc) > for (i = 1; i <= FFMIN(m, order); i++) > - coef[start] -= AAC_MUL26(coef[start - i * inc], lpc[i - 1]); > + coef[start] -= AAC_MUL26((INTFLOAT)coef[start - i * inc], lpc[i - 1]); > } else { > // ma filter > for (m = 0; m < size; m++, start += inc) {
On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote: > On Sun, 2 Jul 2017 04:28:54 +0200 > Michael Niedermayer <michael@niedermayer.cc> wrote: > > > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 cannot be represented in type 'int' > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/aac_defines.h | 2 ++ > > libavcodec/aacdec_template.c | 5 +++-- > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h > > index 3c79a8a4a1..ee4c73a87d 100644 > > --- a/libavcodec/aac_defines.h > > +++ b/libavcodec/aac_defines.h > > @@ -35,6 +35,7 @@ > > #define AAC_RENAME(x) x ## _fixed > > #define AAC_RENAME_32(x) x ## _fixed_32 > > typedef int INTFLOAT; > > +typedef unsigned SUINTFLOAT; > > typedef int64_t INT64FLOAT; > > typedef int16_t SHORTFLOAT; > > typedef SoftFloat AAC_FLOAT; > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; > > #define AAC_RENAME(x) x > > #define AAC_RENAME_32(x) x > > typedef float INTFLOAT; > > +typedef float SUINTFLOAT; > > Not more of this damn shit. i dont think i understand your comment The code is templated and uses largely the INTFLOAT data type which is either signed int or float depending on if the code is build for the fixed point or floating point decoder to fix the undefined behavior in the fixed point decoder a type which is unsigned int is the obvious choice. Such type must be float in the floating point decoder. This patch adds such type. do you object to fixing the issue ? do you want to suggest a different solution ? [...]
On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote: > On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote: > > On Sun, 2 Jul 2017 04:28:54 +0200 > > Michael Niedermayer <michael@niedermayer.cc> wrote: > > > > > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 cannot be represented in type 'int' > > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 > > > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > --- > > > libavcodec/aac_defines.h | 2 ++ > > > libavcodec/aacdec_template.c | 5 +++-- > > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h > > > index 3c79a8a4a1..ee4c73a87d 100644 > > > --- a/libavcodec/aac_defines.h > > > +++ b/libavcodec/aac_defines.h > > > @@ -35,6 +35,7 @@ > > > #define AAC_RENAME(x) x ## _fixed > > > #define AAC_RENAME_32(x) x ## _fixed_32 > > > typedef int INTFLOAT; > > > +typedef unsigned SUINTFLOAT; > > > typedef int64_t INT64FLOAT; > > > typedef int16_t SHORTFLOAT; > > > typedef SoftFloat AAC_FLOAT; > > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; > > > #define AAC_RENAME(x) x > > > #define AAC_RENAME_32(x) x > > > typedef float INTFLOAT; > > > +typedef float SUINTFLOAT; > > > > Not more of this damn shit. > > i dont think i understand your comment > > The code is templated and uses largely the INTFLOAT data type > which is either signed int or float depending on if the code is build > for the fixed point or floating point decoder > > to fix the undefined behavior in the fixed point decoder a type which > is unsigned int is the obvious choice. > Such type must be float in the floating point decoder. > > This patch adds such type. > > do you object to fixing the issue ? > do you want to suggest a different solution ? over a week passed, noone replied. Is everyone ok with patch 1/3 ? does someone object to it ? does anyone have a better solution ? If noone replies, i will apply this patch, i do not want to leave undefined behavior in the codebase. Thanks
On Tue, 11 Jul 2017 22:34:24 +0200 Michael Niedermayer <michael@niedermayer.cc> wrote: > On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote: > > On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote: > > > On Sun, 2 Jul 2017 04:28:54 +0200 > > > Michael Niedermayer <michael@niedermayer.cc> wrote: > > > > > > > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 cannot be represented in type 'int' > > > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 > > > > > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > > --- > > > > libavcodec/aac_defines.h | 2 ++ > > > > libavcodec/aacdec_template.c | 5 +++-- > > > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h > > > > index 3c79a8a4a1..ee4c73a87d 100644 > > > > --- a/libavcodec/aac_defines.h > > > > +++ b/libavcodec/aac_defines.h > > > > @@ -35,6 +35,7 @@ > > > > #define AAC_RENAME(x) x ## _fixed > > > > #define AAC_RENAME_32(x) x ## _fixed_32 > > > > typedef int INTFLOAT; > > > > +typedef unsigned SUINTFLOAT; > > > > typedef int64_t INT64FLOAT; > > > > typedef int16_t SHORTFLOAT; > > > > typedef SoftFloat AAC_FLOAT; > > > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; > > > > #define AAC_RENAME(x) x > > > > #define AAC_RENAME_32(x) x > > > > typedef float INTFLOAT; > > > > +typedef float SUINTFLOAT; > > > > > > Not more of this damn shit. > > > > i dont think i understand your comment > > > > The code is templated and uses largely the INTFLOAT data type > > which is either signed int or float depending on if the code is build > > for the fixed point or floating point decoder > > > > to fix the undefined behavior in the fixed point decoder a type which > > is unsigned int is the obvious choice. > > Such type must be float in the floating point decoder. > > > > This patch adds such type. > > > > do you object to fixing the issue ? > > do you want to suggest a different solution ? > > over a week passed, noone replied. > Is everyone ok with patch 1/3 ? > does someone object to it ? > does anyone have a better solution ? > > If noone replies, i will apply this patch, i do not want to leave > undefined behavior in the codebase. Fix the type name?
On Wed, Jul 12, 2017 at 09:22:44AM +0200, wm4 wrote: > On Tue, 11 Jul 2017 22:34:24 +0200 > Michael Niedermayer <michael@niedermayer.cc> wrote: > > > On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote: > > > On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote: > > > > On Sun, 2 Jul 2017 04:28:54 +0200 > > > > Michael Niedermayer <michael@niedermayer.cc> wrote: > > > > > > > > > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 cannot be represented in type 'int' > > > > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 > > > > > > > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > > > --- > > > > > libavcodec/aac_defines.h | 2 ++ > > > > > libavcodec/aacdec_template.c | 5 +++-- > > > > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > > > > > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h > > > > > index 3c79a8a4a1..ee4c73a87d 100644 > > > > > --- a/libavcodec/aac_defines.h > > > > > +++ b/libavcodec/aac_defines.h > > > > > @@ -35,6 +35,7 @@ > > > > > #define AAC_RENAME(x) x ## _fixed > > > > > #define AAC_RENAME_32(x) x ## _fixed_32 > > > > > typedef int INTFLOAT; > > > > > +typedef unsigned SUINTFLOAT; > > > > > typedef int64_t INT64FLOAT; > > > > > typedef int16_t SHORTFLOAT; > > > > > typedef SoftFloat AAC_FLOAT; > > > > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; > > > > > #define AAC_RENAME(x) x > > > > > #define AAC_RENAME_32(x) x > > > > > typedef float INTFLOAT; > > > > > +typedef float SUINTFLOAT; > > > > > > > > Not more of this damn shit. > > > > > > i dont think i understand your comment > > > > > > The code is templated and uses largely the INTFLOAT data type > > > which is either signed int or float depending on if the code is build > > > for the fixed point or floating point decoder > > > > > > to fix the undefined behavior in the fixed point decoder a type which > > > is unsigned int is the obvious choice. > > > Such type must be float in the floating point decoder. > > > > > > This patch adds such type. > > > > > > do you object to fixing the issue ? > > > do you want to suggest a different solution ? > > > > over a week passed, noone replied. > > Is everyone ok with patch 1/3 ? > > does someone object to it ? > > does anyone have a better solution ? > > > > If noone replies, i will apply this patch, i do not want to leave > > undefined behavior in the codebase. > > Fix the type name? Iam happy to change the name, what name would you prefer ? [...]
On Wed, 12 Jul 2017 12:16:15 +0200 Michael Niedermayer <michael@niedermayer.cc> wrote: > On Wed, Jul 12, 2017 at 09:22:44AM +0200, wm4 wrote: > > On Tue, 11 Jul 2017 22:34:24 +0200 > > Michael Niedermayer <michael@niedermayer.cc> wrote: > > > > > On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote: > > > > On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote: > > > > > On Sun, 2 Jul 2017 04:28:54 +0200 > > > > > Michael Niedermayer <michael@niedermayer.cc> wrote: > > > > > > > > > > > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 cannot be represented in type 'int' > > > > > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 > > > > > > > > > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > > > > --- > > > > > > libavcodec/aac_defines.h | 2 ++ > > > > > > libavcodec/aacdec_template.c | 5 +++-- > > > > > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > > > > > > > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h > > > > > > index 3c79a8a4a1..ee4c73a87d 100644 > > > > > > --- a/libavcodec/aac_defines.h > > > > > > +++ b/libavcodec/aac_defines.h > > > > > > @@ -35,6 +35,7 @@ > > > > > > #define AAC_RENAME(x) x ## _fixed > > > > > > #define AAC_RENAME_32(x) x ## _fixed_32 > > > > > > typedef int INTFLOAT; > > > > > > +typedef unsigned SUINTFLOAT; > > > > > > typedef int64_t INT64FLOAT; > > > > > > typedef int16_t SHORTFLOAT; > > > > > > typedef SoftFloat AAC_FLOAT; > > > > > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; > > > > > > #define AAC_RENAME(x) x > > > > > > #define AAC_RENAME_32(x) x > > > > > > typedef float INTFLOAT; > > > > > > +typedef float SUINTFLOAT; > > > > > > > > > > Not more of this damn shit. > > > > > > > > i dont think i understand your comment > > > > > > > > The code is templated and uses largely the INTFLOAT data type > > > > which is either signed int or float depending on if the code is build > > > > for the fixed point or floating point decoder > > > > > > > > to fix the undefined behavior in the fixed point decoder a type which > > > > is unsigned int is the obvious choice. > > > > Such type must be float in the floating point decoder. > > > > > > > > This patch adds such type. > > > > > > > > do you object to fixing the issue ? > > > > do you want to suggest a different solution ? > > > > > > over a week passed, noone replied. > > > Is everyone ok with patch 1/3 ? > > > does someone object to it ? > > > does anyone have a better solution ? > > > > > > If noone replies, i will apply this patch, i do not want to leave > > > undefined behavior in the codebase. > > > > Fix the type name? > > Iam happy to change the name, what name would you prefer ? UINTFLOAT obviously.
On 7/11/17, Michael Niedermayer <michael@niedermayer.cc> wrote: > On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote: >> On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote: >> > On Sun, 2 Jul 2017 04:28:54 +0200 >> > Michael Niedermayer <michael@niedermayer.cc> wrote: >> > >> > > Fixes: runtime error: signed integer overflow: -2147483648 - >> > > 1202286525 cannot be represented in type 'int' >> > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 >> > > >> > > Found-by: continuous fuzzing process >> > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >> > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >> > > --- >> > > libavcodec/aac_defines.h | 2 ++ >> > > libavcodec/aacdec_template.c | 5 +++-- >> > > 2 files changed, 5 insertions(+), 2 deletions(-) >> > > >> > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h >> > > index 3c79a8a4a1..ee4c73a87d 100644 >> > > --- a/libavcodec/aac_defines.h >> > > +++ b/libavcodec/aac_defines.h >> > > @@ -35,6 +35,7 @@ >> > > #define AAC_RENAME(x) x ## _fixed >> > > #define AAC_RENAME_32(x) x ## _fixed_32 >> > > typedef int INTFLOAT; >> > > +typedef unsigned SUINTFLOAT; >> > > typedef int64_t INT64FLOAT; >> > > typedef int16_t SHORTFLOAT; >> > > typedef SoftFloat AAC_FLOAT; >> > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; >> > > #define AAC_RENAME(x) x >> > > #define AAC_RENAME_32(x) x >> > > typedef float INTFLOAT; >> > > +typedef float SUINTFLOAT; >> > >> > Not more of this damn shit. >> >> i dont think i understand your comment >> >> The code is templated and uses largely the INTFLOAT data type >> which is either signed int or float depending on if the code is build >> for the fixed point or floating point decoder >> >> to fix the undefined behavior in the fixed point decoder a type which >> is unsigned int is the obvious choice. >> Such type must be float in the floating point decoder. >> >> This patch adds such type. >> >> do you object to fixing the issue ? >> do you want to suggest a different solution ? > > over a week passed, noone replied. > Is everyone ok with patch 1/3 ? > does someone object to it ? > does anyone have a better solution ? > > If noone replies, i will apply this patch, i do not want to leave > undefined behavior in the codebase. I actually would request a short note explaining the SUINTFLOAT type usage. Something like: +typedef unsigned SUINTFLOAT; // Equivalent to INTFLOAT, Used as temporal cast to avoid undefined sign overflow operations. Maybe add such note to all "signed value in unsigned type" typedefs.
> > I actually would request a short note explaining the SUINTFLOAT type usage. > Something like: > +typedef unsigned SUINTFLOAT; // Equivalent to INTFLOAT, > Used as temporal cast to avoid undefined sign overflow operations. > > Maybe add such note to all "signed value in unsigned type" typedefs. > Needs to be in main documentation because nobody is going to understand this in 50 years time when mailing lists have bitrotted. Kieran
On Wed, Jul 12, 2017 at 01:54:28PM +0000, Kieran Kunhya wrote: > > > > I actually would request a short note explaining the SUINTFLOAT type usage. > > Something like: > > +typedef unsigned SUINTFLOAT; // Equivalent to INTFLOAT, > > Used as temporal cast to avoid undefined sign overflow operations. > > > > Maybe add such note to all "signed value in unsigned type" typedefs. > > > > Needs to be in main documentation because nobody is going to understand > this in 50 years time when mailing lists have bitrotted. ill post a patch that adds this as a doxygen comment in the patch, that way it should be in the doxygen documentation if you meant it to be put some other place clarify where thx [...]
On Thu, 13 Jul 2017 at 23:06 Michael Niedermayer <michael@niedermayer.cc> wrote: > On Wed, Jul 12, 2017 at 01:54:28PM +0000, Kieran Kunhya wrote: > > > > > > I actually would request a short note explaining the SUINTFLOAT type > usage. > > > Something like: > > > +typedef unsigned SUINTFLOAT; // Equivalent to INTFLOAT, > > > Used as temporal cast to avoid undefined sign overflow operations. > > > > > > Maybe add such note to all "signed value in unsigned type" typedefs. > > > > > > > Needs to be in main documentation because nobody is going to understand > > this in 50 years time when mailing lists have bitrotted. > > ill post a patch that adds this as a doxygen comment in the patch, > that way it should be in the doxygen documentation > > if you meant it to be put some other place clarify where I mean full documentation of the thought process behind all these changes in doc/. Just like James spent weeks trying to fix the undocumented IDCTs from 15 years ago, someone will probably end up struggling to understand this SUINT stuff in 20 years time. > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > Modern terrorism, a quick summary: Need oil, start war with country that > has oil, kill hundread thousand in war. Let country fall into chaos, > be surprised about raise of fundamantalists. Drop more bombs, kill more > people, be surprised about them taking revenge and drop even more bombs > and strip your own citizens of their rights and freedoms. to be continued What relevance do your political views have on this mailing list about FFmpeg? Kieran
Hi, On Fri, Jul 14, 2017 at 6:55 AM, Kieran Kunhya <kierank@obe.tv> wrote: > On Thu, 13 Jul 2017 at 23:06 Michael Niedermayer <michael@niedermayer.cc> > wrote: > > > On Wed, Jul 12, 2017 at 01:54:28PM +0000, Kieran Kunhya wrote: > > > > > > > > I actually would request a short note explaining the SUINTFLOAT type > > usage. > > > > Something like: > > > > +typedef unsigned SUINTFLOAT; // Equivalent to INTFLOAT, > > > > Used as temporal cast to avoid undefined sign overflow operations. > > > > > > > > Maybe add such note to all "signed value in unsigned type" typedefs. > > > > > > > > > > Needs to be in main documentation because nobody is going to understand > > > this in 50 years time when mailing lists have bitrotted. > > > > ill post a patch that adds this as a doxygen comment in the patch, > > that way it should be in the doxygen documentation > > > > if you meant it to be put some other place clarify where > > > I mean full documentation of the thought process behind all these changes > in doc/. > Just like James spent weeks trying to fix the undocumented IDCTs from 15 > years ago, someone will probably end up struggling to understand this SUINT > stuff in 20 years time. The IDCTs are still not documented by the way... :-). Part of that is hard because some changes are to reduce round-trip error which requires source+encoder access... Ronald
On Fri, Jul 14, 2017 at 10:55:56AM +0000, Kieran Kunhya wrote: > On Thu, 13 Jul 2017 at 23:06 Michael Niedermayer <michael@niedermayer.cc> > wrote: > > > On Wed, Jul 12, 2017 at 01:54:28PM +0000, Kieran Kunhya wrote: > > > > > > > > I actually would request a short note explaining the SUINTFLOAT type > > usage. > > > > Something like: > > > > +typedef unsigned SUINTFLOAT; // Equivalent to INTFLOAT, > > > > Used as temporal cast to avoid undefined sign overflow operations. > > > > > > > > Maybe add such note to all "signed value in unsigned type" typedefs. > > > > > > > > > > Needs to be in main documentation because nobody is going to understand > > > this in 50 years time when mailing lists have bitrotted. > > > > ill post a patch that adds this as a doxygen comment in the patch, > > that way it should be in the doxygen documentation > > > > if you meant it to be put some other place clarify where > > > I mean full documentation of the thought process behind all these changes > in doc/. > Just like James spent weeks trying to fix the undocumented IDCTs from 15 > years ago, someone will probably end up struggling to understand this SUINT > stuff in 20 years time. you are correct. Most code is undocumented, its never good. Ill post a patch that adds some docs for undefined / suint. > > > > -- > > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > > > Modern terrorism, a quick summary: Need oil, start war with country that > > has oil, kill hundread thousand in war. Let country fall into chaos, > > be surprised about raise of fundamantalists. Drop more bombs, kill more > > people, be surprised about them taking revenge and drop even more bombs > > and strip your own citizens of their rights and freedoms. to be continued > > > What relevance do your political views have on this mailing list about > FFmpeg? <off topic> Its just a automatically generated email signature for this specific one here, i think terrorism is a major problem the world faces Not so much because of terrorists or their victims but because of what is being done by law makers and governments to counter terrorism. (just think about it, if you wanted to do a terror attack would any of the new anti terror laws prevent you from doing it ?) The terrorists are a negligbible point in human mortality statistics, you are more likely to become president than being killed in an attack. the freedoms everyone looses from the laws are a big part of the damage the terrorists have achieved. Thats besides fear and innocent lifes. IMO terrorism is self limiting, the attacker dies, give him a darwin award if you must, but not what he wants to achieve. You can disagree 100% about everything. In fact i might myself have a somewhat different oppinion in a few years. But just having people think about this whole subject logically is a step towards a solution. I was not sure anyone reads these silly signatures at all, or cares about them. </off topic> [...]
> > <off topic> > > Its just a automatically generated email signature > > for this specific one here, i think terrorism is a major problem the > world faces > Not so much because of terrorists or their victims but because of > what is being done by law makers and governments to counter terrorism. > (just think about it, if you wanted to do a terror attack would any of > the new anti terror laws prevent you from doing it ?) > The terrorists are a negligbible point in human mortality statistics, > you are more likely to become president than being killed in an attack. > the freedoms everyone looses from the laws are a big part of the > damage the terrorists have achieved. Thats besides fear and innocent > lifes. > > IMO terrorism is self limiting, the attacker dies, give him a darwin > award if you must, but not what he wants to achieve. > > You can disagree 100% about everything. In fact i might myself have a > somewhat different oppinion in a few years. But just having people > think about this whole subject logically is a step towards a solution. > > I was not sure anyone reads these silly signatures at all, or cares > about them. > > </off topic> > So if you don't mind please keep these views to yourself or post them in a suitable place. I guess nobody else cares but I'd rather FFmpeg development stay clear of people's personal political views since pretty much everywhere online you are forced to read people's unsolicited views. Kieran
diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h index 3c79a8a4a1..ee4c73a87d 100644 --- a/libavcodec/aac_defines.h +++ b/libavcodec/aac_defines.h @@ -35,6 +35,7 @@ #define AAC_RENAME(x) x ## _fixed #define AAC_RENAME_32(x) x ## _fixed_32 typedef int INTFLOAT; +typedef unsigned SUINTFLOAT; typedef int64_t INT64FLOAT; typedef int16_t SHORTFLOAT; typedef SoftFloat AAC_FLOAT; @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; #define AAC_RENAME(x) x #define AAC_RENAME_32(x) x typedef float INTFLOAT; +typedef float SUINTFLOAT; typedef float INT64FLOAT; typedef float SHORTFLOAT; typedef float AAC_FLOAT; diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c index 4b98142536..add333e862 100644 --- a/libavcodec/aacdec_template.c +++ b/libavcodec/aacdec_template.c @@ -2389,7 +2389,7 @@ static int decode_extension_payload(AACContext *ac, GetBitContext *gb, int cnt, * @param decode 1 if tool is used normally, 0 if tool is used in LTP. * @param coef spectral coefficients */ -static void apply_tns(INTFLOAT coef[1024], TemporalNoiseShaping *tns, +static void apply_tns(INTFLOAT coef_param[1024], TemporalNoiseShaping *tns, IndividualChannelStream *ics, int decode) { const int mmm = FFMIN(ics->tns_max_bands, ics->max_sfb); @@ -2397,6 +2397,7 @@ static void apply_tns(INTFLOAT coef[1024], TemporalNoiseShaping *tns, int bottom, top, order, start, end, size, inc; INTFLOAT lpc[TNS_MAX_ORDER]; INTFLOAT tmp[TNS_MAX_ORDER+1]; + SUINTFLOAT *coef = coef_param; for (w = 0; w < ics->num_windows; w++) { bottom = ics->num_swb; @@ -2426,7 +2427,7 @@ static void apply_tns(INTFLOAT coef[1024], TemporalNoiseShaping *tns, // ar filter for (m = 0; m < size; m++, start += inc) for (i = 1; i <= FFMIN(m, order); i++) - coef[start] -= AAC_MUL26(coef[start - i * inc], lpc[i - 1]); + coef[start] -= AAC_MUL26((INTFLOAT)coef[start - i * inc], lpc[i - 1]); } else { // ma filter for (m = 0; m < size; m++, start += inc) {
Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 cannot be represented in type 'int' Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/aac_defines.h | 2 ++ libavcodec/aacdec_template.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-)