diff mbox

[FFmpeg-devel,1/2] avcodec/hevcdsp_template: Fix invalid shift in put_hevc_epel_bi_w_v()

Message ID 20171118003318.31683-1-michael@niedermayer.cc
State Accepted
Commit 7d88586e4728e97349f98e07ff782bb168ab96c3
Headers show

Commit Message

Michael Niedermayer Nov. 18, 2017, 12:33 a.m. UTC 
Fixes: runtime error: left shift of negative value -255
Fixes: 4037/clusterfuzz-testcase-minimized-5290998163832832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/hevcdsp_template.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer Nov. 20, 2017, 8:28 p.m. UTC | #1 
On Sat, Nov 18, 2017 at 01:33:17AM +0100, Michael Niedermayer wrote:
> Fixes: runtime error: left shift of negative value -255
> Fixes: 4037/clusterfuzz-testcase-minimized-5290998163832832
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/hevcdsp_template.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

applied

[...]
diff mbox

Patch

diff --git a/libavcodec/hevcdsp_template.c b/libavcodec/hevcdsp_template.c
index e09c661759..46a0da2045 100644
--- a/libavcodec/hevcdsp_template.c
+++ b/libavcodec/hevcdsp_template.c
@@ -1407,7 +1407,7 @@  static void FUNC(put_hevc_epel_bi_w_v)(uint8_t *_dst, ptrdiff_t _dststride, uint
     for (y = 0; y < height; y++) {
         for (x = 0; x < width; x++)
             dst[x] = av_clip_pixel(((EPEL_FILTER(src, srcstride) >> (BIT_DEPTH - 8)) * wx1 + src2[x] * wx0 +
-                                    ((ox0 + ox1 + 1) << log2Wd)) >> (log2Wd + 1));
+                                    ((ox0 + ox1 + 1) * (1 << log2Wd))) >> (log2Wd + 1));
         src  += srcstride;
         dst  += dststride;
         src2 += MAX_PB_SIZE;