diff mbox

[FFmpeg-devel,1/3] avcodec/hevcdsp_template: Fix undefined shift in put_hevc_epel_bi_w_h()

Message ID 20171130225811.13103-1-michael@niedermayer.cc
State Accepted
Commit 0409d333115e623b5ccdbb364d64ca2a52fd8467
Headers show

Commit Message

Michael Niedermayer Nov. 30, 2017, 10:58 p.m. UTC 
Fixes: runtime error: left shift of negative value -127
Fixes: 4397/clusterfuzz-testcase-minimized-4779061080489984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/hevcdsp_template.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer Dec. 1, 2017, 9:59 p.m. UTC | #1 
On Thu, Nov 30, 2017 at 11:58:09PM +0100, Michael Niedermayer wrote:
> Fixes: runtime error: left shift of negative value -127
> Fixes: 4397/clusterfuzz-testcase-minimized-4779061080489984
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/hevcdsp_template.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

patchset applied

[...]
diff mbox

Patch

diff --git a/libavcodec/hevcdsp_template.c b/libavcodec/hevcdsp_template.c
index 46a0da2045..0623cfad89 100644
--- a/libavcodec/hevcdsp_template.c
+++ b/libavcodec/hevcdsp_template.c
@@ -1355,7 +1355,7 @@  static void FUNC(put_hevc_epel_bi_w_h)(uint8_t *_dst, ptrdiff_t _dststride, uint
     for (y = 0; y < height; y++) {
         for (x = 0; x < width; x++)
             dst[x] = av_clip_pixel(((EPEL_FILTER(src, 1) >> (BIT_DEPTH - 8)) * wx1 + src2[x] * wx0 +
-                                    ((ox0 + ox1 + 1) << log2Wd)) >> (log2Wd + 1));
+                                    ((ox0 + ox1 + 1) * (1 << log2Wd))) >> (log2Wd + 1));
         src  += srcstride;
         dst  += dststride;
         src2 += MAX_PB_SIZE;