diff mbox

[FFmpeg-devel,2/5] avcodec/vc1_block: Fix invalid left shift in vc1_decode_p_mb()

Message ID 20191002213740.17936-2-michael@niedermayer.cc
State Accepted
Commit 2f588ccfb70cba54a7ea8e740110953da604c0e6
Headers show

Commit Message

Michael Niedermayer Oct. 2, 2019, 9:37 p.m. UTC 
Fixes: left shift of negative value -6
Fixes: 17810/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5638541240958976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/vc1_block.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Paul B Mahol Oct. 3, 2019, 6:56 a.m. UTC | #1 
lgtm

On 10/2/19, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: left shift of negative value -6
> Fixes:
> 17810/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5638541240958976
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/vc1_block.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/vc1_block.c b/libavcodec/vc1_block.c
> index fe7dbf8b1d..f1c9f41f30 100644
> --- a/libavcodec/vc1_block.c
> +++ b/libavcodec/vc1_block.c
> @@ -1481,7 +1481,7 @@ static int vc1_decode_p_mb(VC1Context *v)
>
> v->vc1dsp.vc1_inv_trans_8x8(v->block[v->cur_blk_idx][block_map[i]]);
>                      if (v->rangeredfrm)
>                          for (j = 0; j < 64; j++)
> -                            v->block[v->cur_blk_idx][block_map[i]][j] <<=
> 1;
> +                            v->block[v->cur_blk_idx][block_map[i]][j] *= 2;
>                      block_cbp   |= 0xF << (i << 2);
>                      block_intra |= 1 << i;
>                  } else if (is_coded[i]) {
> --
> 2.23.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Michael Niedermayer Oct. 3, 2019, 5:39 p.m. UTC | #2 
On Thu, Oct 03, 2019 at 08:56:54AM +0200, Paul B Mahol wrote:
> lgtm

will apply

thx

[...]
diff mbox

Patch

diff --git a/libavcodec/vc1_block.c b/libavcodec/vc1_block.c
index fe7dbf8b1d..f1c9f41f30 100644
--- a/libavcodec/vc1_block.c
+++ b/libavcodec/vc1_block.c
@@ -1481,7 +1481,7 @@  static int vc1_decode_p_mb(VC1Context *v)
                     v->vc1dsp.vc1_inv_trans_8x8(v->block[v->cur_blk_idx][block_map[i]]);
                     if (v->rangeredfrm)
                         for (j = 0; j < 64; j++)
-                            v->block[v->cur_blk_idx][block_map[i]][j] <<= 1;
+                            v->block[v->cur_blk_idx][block_map[i]][j] *= 2;
                     block_cbp   |= 0xF << (i << 2);
                     block_intra |= 1 << i;
                 } else if (is_coded[i]) {