diff mbox series

[FFmpeg-devel,2/6] avcodec/dxtory: Fix negative shift in dxtory_decode_v1_410()

Message ID 20200925222638.23675-2-michael@niedermayer.cc
State Accepted
Commit c3d1c7f903892455161fa1f722e01a7eaf2c6451
Headers show
Series [FFmpeg-devel,1/6] avcodec/dxtory: Fix get_raw_size() for YUV | expand

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Michael Niedermayer Sept. 25, 2020, 10:26 p.m. UTC 
Fixes: left shift of negative value -256
Fixes: 25460/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5073252341514240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/dxtory.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Paul B Mahol Sept. 26, 2020, 7:40 a.m. UTC | #1 
On Sat, Sep 26, 2020 at 12:26:34AM +0200, Michael Niedermayer wrote:
> Fixes: left shift of negative value -256
> Fixes: 25460/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5073252341514240
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/dxtory.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)

lgtm

> 
> diff --git a/libavcodec/dxtory.c b/libavcodec/dxtory.c
> index 157e4b3ed2..a82532c467 100644
> --- a/libavcodec/dxtory.c
> +++ b/libavcodec/dxtory.c
> @@ -177,10 +177,10 @@ static int dxtory_decode_v1_410(AVCodecContext *avctx, AVFrame *pic,
>              V[huvborder] = src[1] + 0x80;
>              src += 2;
>          }
> -        Y1 += pic->linesize[0] << 2;
> -        Y2 += pic->linesize[0] << 2;
> -        Y3 += pic->linesize[0] << 2;
> -        Y4 += pic->linesize[0] << 2;
> +        Y1 += pic->linesize[0] * 4;
> +        Y2 += pic->linesize[0] * 4;
> +        Y3 += pic->linesize[0] * 4;
> +        Y4 += pic->linesize[0] * 4;
>          U  += pic->linesize[1];
>          V  += pic->linesize[2];
>      }
> -- 
> 2.17.1
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Michael Niedermayer Sept. 26, 2020, 5:32 p.m. UTC | #2 
On Sat, Sep 26, 2020 at 09:40:23AM +0200, Paul B Mahol wrote:
> On Sat, Sep 26, 2020 at 12:26:34AM +0200, Michael Niedermayer wrote:
> > Fixes: left shift of negative value -256
> > Fixes: 25460/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5073252341514240
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/dxtory.c | 8 ++++----
> >  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> lgtm

will apply

thx

[...]
diff mbox series

Patch

diff --git a/libavcodec/dxtory.c b/libavcodec/dxtory.c
index 157e4b3ed2..a82532c467 100644
--- a/libavcodec/dxtory.c
+++ b/libavcodec/dxtory.c
@@ -177,10 +177,10 @@  static int dxtory_decode_v1_410(AVCodecContext *avctx, AVFrame *pic,
             V[huvborder] = src[1] + 0x80;
             src += 2;
         }
-        Y1 += pic->linesize[0] << 2;
-        Y2 += pic->linesize[0] << 2;
-        Y3 += pic->linesize[0] << 2;
-        Y4 += pic->linesize[0] << 2;
+        Y1 += pic->linesize[0] * 4;
+        Y2 += pic->linesize[0] * 4;
+        Y3 += pic->linesize[0] * 4;
+        Y4 += pic->linesize[0] * 4;
         U  += pic->linesize[1];
         V  += pic->linesize[2];
     }