diff mbox

[FFmpeg-devel,1/5] avcodec/g723_1dec: Clip bits2 in both directions

Message ID 20180525225247.7886-1-michael@niedermayer.cc
State Accepted
Commit 53f241218d9eac368e2e1c58bcca9bbdf10fd0e1
Headers show

Commit Message

Michael Niedermayer May 25, 2018, 10:52 p.m. UTC 
Fixes: shift exponent 33 is too large for 32-bit type 'int'
Fixes: 6743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5823772687859712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/g723_1dec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer May 27, 2018, 8:14 p.m. UTC | #1 
On Sat, May 26, 2018 at 12:52:43AM +0200, Michael Niedermayer wrote:
> Fixes: shift exponent 33 is too large for 32-bit type 'int'
> Fixes: 6743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5823772687859712
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/g723_1dec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply patchset

[...]
diff mbox

Patch

diff --git a/libavcodec/g723_1dec.c b/libavcodec/g723_1dec.c
index c8202a937c..ab952ec66d 100644
--- a/libavcodec/g723_1dec.c
+++ b/libavcodec/g723_1dec.c
@@ -549,7 +549,7 @@  static void gain_scale(G723_1_Context *p, int16_t * buf, int energy)
         denom <<= bits2;
 
         bits2 = 5 + bits1 - bits2;
-        bits2 = FFMAX(0, bits2);
+        bits2 = av_clip_uintp2(bits2, 5);
 
         gain = (num >> 1) / (denom >> 16);
         gain = square_root(gain << 16 >> bits2);