Message ID | 20170226192802.4486-3-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 4ea7744859dc3d214ef13e920f5d07b070920e3f |
Headers | show |
2017-02-27 3:28 GMT+08:00 Michael Niedermayer <michael@niedermayer.cc>: > Fixes: 677/clusterfuzz-testcase-6635120628858880 > > Found-by: continuous fuzzing process https://github.com/google/oss- > fuzz/tree/master/targets/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/h264idct_template.c | 26 +++++++++++++------------- > 1 file changed, 13 insertions(+), 13 deletions(-) > > diff --git a/libavcodec/h264idct_template.c b/libavcodec/h264idct_ > template.c > index c00900b658..9c5a43ce4f 100644 > --- a/libavcodec/h264idct_template.c > +++ b/libavcodec/h264idct_template.c > @@ -40,10 +40,10 @@ void FUNCC(ff_h264_idct_add)(uint8_t *_dst, int16_t > *_block, int stride) > block[0] += 1 << 5; > > for(i=0; i<4; i++){ > - const int z0= block[i + 4*0] + block[i + 4*2]; > - const int z1= block[i + 4*0] - block[i + 4*2]; > - const int z2= (block[i + 4*1]>>1) - block[i + 4*3]; > - const int z3= block[i + 4*1] + (block[i + 4*3]>>1); > + const SUINT z0= block[i + 4*0] + block[i + 4*2]; > + const SUINT z1= block[i + 4*0] - block[i + 4*2]; > + const SUINT z2= (block[i + 4*1]>>1) - block[i + 4*3]; > + const SUINT z3= block[i + 4*1] + (block[i + 4*3]>>1); > > block[i + 4*0]= z0 + z3; > block[i + 4*1]= z1 + z2; > @@ -52,15 +52,15 @@ void FUNCC(ff_h264_idct_add)(uint8_t *_dst, int16_t > *_block, int stride) > } > > for(i=0; i<4; i++){ > - const int z0= block[0 + 4*i] + block[2 + 4*i]; > - const int z1= block[0 + 4*i] - block[2 + 4*i]; > - const int z2= (block[1 + 4*i]>>1) - block[3 + 4*i]; > - const int z3= block[1 + 4*i] + (block[3 + 4*i]>>1); > - > - dst[i + 0*stride]= av_clip_pixel(dst[i + 0*stride] + ((z0 + z3) > >> 6)); > - dst[i + 1*stride]= av_clip_pixel(dst[i + 1*stride] + ((z1 + z2) > >> 6)); > - dst[i + 2*stride]= av_clip_pixel(dst[i + 2*stride] + ((z1 - z2) > >> 6)); > - dst[i + 3*stride]= av_clip_pixel(dst[i + 3*stride] + ((z0 - z3) > >> 6)); > + const SUINT z0= block[0 + 4*i] + (SUINT)block[2 + 4*i]; > + const SUINT z1= block[0 + 4*i] - (SUINT)block[2 + 4*i]; > + const SUINT z2= (block[1 + 4*i]>>1) - (SUINT)block[3 + 4*i]; > + const SUINT z3= block[1 + 4*i] + (SUINT)(block[3 + 4*i]>>1); > + > + dst[i + 0*stride]= av_clip_pixel(dst[i + 0*stride] + ((int)(z0 + > z3) >> 6)); > + dst[i + 1*stride]= av_clip_pixel(dst[i + 1*stride] + ((int)(z1 + > z2) >> 6)); > + dst[i + 2*stride]= av_clip_pixel(dst[i + 2*stride] + ((int)(z1 - > z2) >> 6)); > + dst[i + 3*stride]= av_clip_pixel(dst[i + 3*stride] + ((int)(z0 - > z3) >> 6)); > } > > memset(block, 0, 16 * sizeof(dctcoef)); > -- > 2.11.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > lgtm
On Mon, Feb 27, 2017 at 07:15:57AM +0800, Steven Liu wrote: > 2017-02-27 3:28 GMT+08:00 Michael Niedermayer <michael@niedermayer.cc>: > > > Fixes: 677/clusterfuzz-testcase-6635120628858880 > > > > Found-by: continuous fuzzing process https://github.com/google/oss- > > fuzz/tree/master/targets/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/h264idct_template.c | 26 +++++++++++++------------- > > 1 file changed, 13 insertions(+), 13 deletions(-) > > > > diff --git a/libavcodec/h264idct_template.c b/libavcodec/h264idct_ > > template.c > > index c00900b658..9c5a43ce4f 100644 > > --- a/libavcodec/h264idct_template.c > > +++ b/libavcodec/h264idct_template.c > > @@ -40,10 +40,10 @@ void FUNCC(ff_h264_idct_add)(uint8_t *_dst, int16_t > > *_block, int stride) > > block[0] += 1 << 5; > > > > for(i=0; i<4; i++){ > > - const int z0= block[i + 4*0] + block[i + 4*2]; > > - const int z1= block[i + 4*0] - block[i + 4*2]; > > - const int z2= (block[i + 4*1]>>1) - block[i + 4*3]; > > - const int z3= block[i + 4*1] + (block[i + 4*3]>>1); > > + const SUINT z0= block[i + 4*0] + block[i + 4*2]; > > + const SUINT z1= block[i + 4*0] - block[i + 4*2]; > > + const SUINT z2= (block[i + 4*1]>>1) - block[i + 4*3]; > > + const SUINT z3= block[i + 4*1] + (block[i + 4*3]>>1); > > > > block[i + 4*0]= z0 + z3; > > block[i + 4*1]= z1 + z2; > > @@ -52,15 +52,15 @@ void FUNCC(ff_h264_idct_add)(uint8_t *_dst, int16_t > > *_block, int stride) > > } > > > > for(i=0; i<4; i++){ > > - const int z0= block[0 + 4*i] + block[2 + 4*i]; > > - const int z1= block[0 + 4*i] - block[2 + 4*i]; > > - const int z2= (block[1 + 4*i]>>1) - block[3 + 4*i]; > > - const int z3= block[1 + 4*i] + (block[3 + 4*i]>>1); > > - > > - dst[i + 0*stride]= av_clip_pixel(dst[i + 0*stride] + ((z0 + z3) > > >> 6)); > > - dst[i + 1*stride]= av_clip_pixel(dst[i + 1*stride] + ((z1 + z2) > > >> 6)); > > - dst[i + 2*stride]= av_clip_pixel(dst[i + 2*stride] + ((z1 - z2) > > >> 6)); > > - dst[i + 3*stride]= av_clip_pixel(dst[i + 3*stride] + ((z0 - z3) > > >> 6)); > > + const SUINT z0= block[0 + 4*i] + (SUINT)block[2 + 4*i]; > > + const SUINT z1= block[0 + 4*i] - (SUINT)block[2 + 4*i]; > > + const SUINT z2= (block[1 + 4*i]>>1) - (SUINT)block[3 + 4*i]; > > + const SUINT z3= block[1 + 4*i] + (SUINT)(block[3 + 4*i]>>1); > > + > > + dst[i + 0*stride]= av_clip_pixel(dst[i + 0*stride] + ((int)(z0 + > > z3) >> 6)); > > + dst[i + 1*stride]= av_clip_pixel(dst[i + 1*stride] + ((int)(z1 + > > z2) >> 6)); > > + dst[i + 2*stride]= av_clip_pixel(dst[i + 2*stride] + ((int)(z1 - > > z2) >> 6)); > > + dst[i + 3*stride]= av_clip_pixel(dst[i + 3*stride] + ((int)(z0 - > > z3) >> 6)); > > } > > > > memset(block, 0, 16 * sizeof(dctcoef)); > > -- > > 2.11.0 > > > > _______________________________________________ > > ffmpeg-devel mailing list > > ffmpeg-devel@ffmpeg.org > > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > lgtm applied also remaining patchset applied thx [...]
diff --git a/libavcodec/h264idct_template.c b/libavcodec/h264idct_template.c index c00900b658..9c5a43ce4f 100644 --- a/libavcodec/h264idct_template.c +++ b/libavcodec/h264idct_template.c @@ -40,10 +40,10 @@ void FUNCC(ff_h264_idct_add)(uint8_t *_dst, int16_t *_block, int stride) block[0] += 1 << 5; for(i=0; i<4; i++){ - const int z0= block[i + 4*0] + block[i + 4*2]; - const int z1= block[i + 4*0] - block[i + 4*2]; - const int z2= (block[i + 4*1]>>1) - block[i + 4*3]; - const int z3= block[i + 4*1] + (block[i + 4*3]>>1); + const SUINT z0= block[i + 4*0] + block[i + 4*2]; + const SUINT z1= block[i + 4*0] - block[i + 4*2]; + const SUINT z2= (block[i + 4*1]>>1) - block[i + 4*3]; + const SUINT z3= block[i + 4*1] + (block[i + 4*3]>>1); block[i + 4*0]= z0 + z3; block[i + 4*1]= z1 + z2; @@ -52,15 +52,15 @@ void FUNCC(ff_h264_idct_add)(uint8_t *_dst, int16_t *_block, int stride) } for(i=0; i<4; i++){ - const int z0= block[0 + 4*i] + block[2 + 4*i]; - const int z1= block[0 + 4*i] - block[2 + 4*i]; - const int z2= (block[1 + 4*i]>>1) - block[3 + 4*i]; - const int z3= block[1 + 4*i] + (block[3 + 4*i]>>1); - - dst[i + 0*stride]= av_clip_pixel(dst[i + 0*stride] + ((z0 + z3) >> 6)); - dst[i + 1*stride]= av_clip_pixel(dst[i + 1*stride] + ((z1 + z2) >> 6)); - dst[i + 2*stride]= av_clip_pixel(dst[i + 2*stride] + ((z1 - z2) >> 6)); - dst[i + 3*stride]= av_clip_pixel(dst[i + 3*stride] + ((z0 - z3) >> 6)); + const SUINT z0= block[0 + 4*i] + (SUINT)block[2 + 4*i]; + const SUINT z1= block[0 + 4*i] - (SUINT)block[2 + 4*i]; + const SUINT z2= (block[1 + 4*i]>>1) - (SUINT)block[3 + 4*i]; + const SUINT z3= block[1 + 4*i] + (SUINT)(block[3 + 4*i]>>1); + + dst[i + 0*stride]= av_clip_pixel(dst[i + 0*stride] + ((int)(z0 + z3) >> 6)); + dst[i + 1*stride]= av_clip_pixel(dst[i + 1*stride] + ((int)(z1 + z2) >> 6)); + dst[i + 2*stride]= av_clip_pixel(dst[i + 2*stride] + ((int)(z1 - z2) >> 6)); + dst[i + 3*stride]= av_clip_pixel(dst[i + 3*stride] + ((int)(z0 - z3) >> 6)); } memset(block, 0, 16 * sizeof(dctcoef));
Fixes: 677/clusterfuzz-testcase-6635120628858880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/h264idct_template.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-)