[FFmpeg-devel,4/8] avcodec/ffwavesynth: Fixes invalid shift with pink noise seeking

Submitted by Michael Niedermayer on Aug. 10, 2019, 9:09 p.m.

Details

Message ID 20190810210949.1743-4-michael@niedermayer.cc
State Accepted
Commit cdea0206efeca83a0a9b57d0764b177b2e11ab7c
Headers show

Commit Message

Michael Niedermayer Aug. 10, 2019, 9:09 p.m.
Fixes: left shift of negative value -961533698048
Fixes: 16242/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5738550670131200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/ffwavesynth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Nicolas George Aug. 12, 2019, 8:49 p.m.
Michael Niedermayer (12019-08-10):
> Fixes: left shift of negative value -961533698048
> Fixes: 16242/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5738550670131200
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/ffwavesynth.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

No objection for either of these patches.

But I want to be on record that I think they were a waste of time, as
these undefined behaviors have no chance of devolving into anything
except possibly garbled output on strange architectures for an obscure
format. Compilers are practical tools, not an axiomatic system.

Regards,
Michael Niedermayer Aug. 14, 2019, 11:23 p.m.
On Mon, Aug 12, 2019 at 10:49:56PM +0200, Nicolas George wrote:
> Michael Niedermayer (12019-08-10):
> > Fixes: left shift of negative value -961533698048
> > Fixes: 16242/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5738550670131200
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/ffwavesynth.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> No objection for either of these patches.

will apply

thx

> 
> But I want to be on record that I think they were a waste of time, as
> these undefined behaviors have no chance of devolving into anything
> except possibly garbled output on strange architectures for an obscure
> format. Compilers are practical tools, not an axiomatic system.
> 
> Regards,
> 
> -- 
>   Nicolas George

[...]

Patch hide | download patch | download mbox

diff --git a/libavcodec/ffwavesynth.c b/libavcodec/ffwavesynth.c
index e6d2606c2f..cfd0951d8f 100644
--- a/libavcodec/ffwavesynth.c
+++ b/libavcodec/ffwavesynth.c
@@ -220,7 +220,7 @@  static void wavesynth_seek(struct wavesynth_context *ws, int64_t ts)
         int64_t pink_ts_cur  = (ws->cur_ts + PINK_UNIT - 1) & ~(PINK_UNIT - 1);
         int64_t pink_ts_next = ts & ~(PINK_UNIT - 1);
         int pos = ts & (PINK_UNIT - 1);
-        lcg_seek(&ws->pink_state, (pink_ts_next - pink_ts_cur) << 1);
+        lcg_seek(&ws->pink_state, (pink_ts_next - pink_ts_cur) * 2);
         if (pos) {
             pink_fill(ws);
             ws->pink_pos = pos;