diff mbox

[FFmpeg-devel,1/3] avcodec/adxdec: Fix runtime error: left shift of negative value -1

Message ID 20170303033906.31173-1-michael@niedermayer.cc
State Accepted
Commit d23727e0420b9f77f0d4cb28b43819b402f702e5
Headers show

Commit Message

Michael Niedermayer March 3, 2017, 3:39 a.m. UTC 
Fixes: 705/clusterfuzz-testcase-5129572590813184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/adxdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer March 4, 2017, 4:33 p.m. UTC | #1 
On Fri, Mar 03, 2017 at 04:39:04AM +0100, Michael Niedermayer wrote:
> Fixes: 705/clusterfuzz-testcase-5129572590813184
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/adxdec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

patchset applied

[...]
diff mbox

Patch

diff --git a/libavcodec/adxdec.c b/libavcodec/adxdec.c
index 32cc0f005a..178ea99dcf 100644
--- a/libavcodec/adxdec.c
+++ b/libavcodec/adxdec.c
@@ -81,7 +81,7 @@  static int adx_decode(ADXContext *c, int16_t *out, int offset,
     s2 = prev->s2;
     for (i = 0; i < BLOCK_SAMPLES; i++) {
         d  = get_sbits(&gb, 4);
-        s0 = ((d << COEFF_BITS) * scale + c->coeff[0] * s1 + c->coeff[1] * s2) >> COEFF_BITS;
+        s0 = ((d * (1 << COEFF_BITS)) * scale + c->coeff[0] * s1 + c->coeff[1] * s2) >> COEFF_BITS;
         s2 = s1;
         s1 = av_clip_int16(s0);
         *out++ = s1;