[FFmpeg-devel,3/3] avcodec/aacdec_fixed: Handle more extreem cases in noise_scale()

Submitted by Michael Niedermayer on May 16, 2019, 11:12 a.m.

Details

Message ID 20190516111205.12971-3-michael@niedermayer.cc
State New
Headers show

Commit Message

Michael Niedermayer May 16, 2019, 11:12 a.m.
Its unclear if these cases have any relevance in real files

Fixes: shift exponent -2 is negative
Fixes: 14489/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5681941631729664

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/aacdec_fixed.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

Patch hide | download patch | download mbox

diff --git a/libavcodec/aacdec_fixed.c b/libavcodec/aacdec_fixed.c
index 0808c81005..1d0142fdb0 100644
--- a/libavcodec/aacdec_fixed.c
+++ b/libavcodec/aacdec_fixed.c
@@ -221,10 +221,15 @@  static void noise_scale(int *coefs, int scale, int band_energy, int len)
     }
     else {
         s = s + 32;
-        round = s ? 1 << (s-1) : 0;
-        for (i=0; i<len; i++) {
-            out = (int)((int64_t)((int64_t)coefs[i] * c + round) >> s);
-            coefs[i] = -out;
+        if (s > 0) {
+            round = 1 << (s-1);
+            for (i=0; i<len; i++) {
+                out = (int)((int64_t)((int64_t)coefs[i] * c + round) >> s);
+                coefs[i] = -out;
+            }
+        } else {
+            for (i=0; i<len; i++)
+                coefs[i] = -(int64_t)coefs[i] * c * (1 << -s);
         }
     }
 }