diff mbox

[FFmpeg-devel,3/4] avformat/wsddec: Fix undefined shift

Message ID 20190608092801.3965-3-michael@niedermayer.cc
State New
Headers show

Commit Message

Michael Niedermayer June 8, 2019, 9:28 a.m. UTC 
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15123/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5738039235575808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/wsddec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Reimar Döffinger June 8, 2019, 4:11 p.m. UTC | #1 
On 08.06.2019, at 11:28, Michael Niedermayer <michael@niedermayer.cc> wrote:

> Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
> Fixes: 15123/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5738039235575808
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavformat/wsddec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/wsddec.c b/libavformat/wsddec.c
> index dfa8014b1c..43660d4cea 100644
> --- a/libavformat/wsddec.c
> +++ b/libavformat/wsddec.c
> @@ -137,7 +137,7 @@ static int wsd_read_header(AVFormatContext *s)
>     if (!(channel_assign & 1)) {
>         int i;
>         for (i = 1; i < 32; i++)
> -            if (channel_assign & (1 << i))
> +            if (channel_assign & (1U << i))

I'd be in favour of switching these kind of checks to
(a>>i)&1
as this is a much less risky idiom and IMO it would be best to spread that style...
Michael Niedermayer June 21, 2019, 2:56 p.m. UTC | #2 
On Sat, Jun 08, 2019 at 06:11:02PM +0200, Reimar Döffinger wrote:
> 
> 
> On 08.06.2019, at 11:28, Michael Niedermayer <michael@niedermayer.cc> wrote:
> 
> > Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
> > Fixes: 15123/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5738039235575808
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> > libavformat/wsddec.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/libavformat/wsddec.c b/libavformat/wsddec.c
> > index dfa8014b1c..43660d4cea 100644
> > --- a/libavformat/wsddec.c
> > +++ b/libavformat/wsddec.c
> > @@ -137,7 +137,7 @@ static int wsd_read_header(AVFormatContext *s)
> >     if (!(channel_assign & 1)) {
> >         int i;
> >         for (i = 1; i < 32; i++)
> > -            if (channel_assign & (1 << i))
> > +            if (channel_assign & (1U << i))
> 
> I'd be in favour of switching these kind of checks to
> (a>>i)&1
> as this is a much less risky idiom and IMO it would be best to spread that style...

will push patchset with this change

thanks

[...]
diff mbox

Patch

diff --git a/libavformat/wsddec.c b/libavformat/wsddec.c
index dfa8014b1c..43660d4cea 100644
--- a/libavformat/wsddec.c
+++ b/libavformat/wsddec.c
@@ -137,7 +137,7 @@  static int wsd_read_header(AVFormatContext *s)
     if (!(channel_assign & 1)) {
         int i;
         for (i = 1; i < 32; i++)
-            if (channel_assign & (1 << i))
+            if (channel_assign & (1U << i))
                 st->codecpar->channel_layout |= wsd_to_av_channel_layoyt(s, i);
     }