| Message ID | 20190810210949.1743-4-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | cdea0206efeca83a0a9b57d0764b177b2e11ab7c |
| Headers | show |
Michael Niedermayer (12019-08-10): > Fixes: left shift of negative value -961533698048 > Fixes: 16242/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5738550670131200 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/ffwavesynth.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) No objection for either of these patches. But I want to be on record that I think they were a waste of time, as these undefined behaviors have no chance of devolving into anything except possibly garbled output on strange architectures for an obscure format. Compilers are practical tools, not an axiomatic system. Regards,
On Mon, Aug 12, 2019 at 10:49:56PM +0200, Nicolas George wrote: > Michael Niedermayer (12019-08-10): > > Fixes: left shift of negative value -961533698048 > > Fixes: 16242/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5738550670131200 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/ffwavesynth.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > No objection for either of these patches. will apply thx > > But I want to be on record that I think they were a waste of time, as > these undefined behaviors have no chance of devolving into anything > except possibly garbled output on strange architectures for an obscure > format. Compilers are practical tools, not an axiomatic system. > > Regards, > > -- > Nicolas George [...]
diff --git a/libavcodec/ffwavesynth.c b/libavcodec/ffwavesynth.c index e6d2606c2f..cfd0951d8f 100644 --- a/libavcodec/ffwavesynth.c +++ b/libavcodec/ffwavesynth.c @@ -220,7 +220,7 @@ static void wavesynth_seek(struct wavesynth_context *ws, int64_t ts) int64_t pink_ts_cur = (ws->cur_ts + PINK_UNIT - 1) & ~(PINK_UNIT - 1); int64_t pink_ts_next = ts & ~(PINK_UNIT - 1); int pos = ts & (PINK_UNIT - 1); - lcg_seek(&ws->pink_state, (pink_ts_next - pink_ts_cur) << 1); + lcg_seek(&ws->pink_state, (pink_ts_next - pink_ts_cur) * 2); if (pos) { pink_fill(ws); ws->pink_pos = pos;
Fixes: left shift of negative value -961533698048 Fixes: 16242/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5738550670131200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/ffwavesynth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)