| Message ID | 20190927172350.2095-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 8695fbec573b0d434cf2e703a0d45742a09a5d94 |
| Headers | show |
On Fri, Sep 27, 2019 at 07:23:40PM +0200, Michael Niedermayer wrote: > Fixes: left shift of negative value -1 > Fixes: 17683/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_EA_R2_fuzzer-5111690013704192 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/adpcm.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) will apply patchset [...]
diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index 7f2ebfc99d..8ed2b6c9d9 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -1380,10 +1380,10 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data, for (count2=0; count2<28; count2++) { if (count2 & 1) - next_sample = sign_extend(byte, 4) << shift; + next_sample = (unsigned)sign_extend(byte, 4) << shift; else { byte = bytestream2_get_byte(&gb); - next_sample = sign_extend(byte >> 4, 4) << shift; + next_sample = (unsigned)sign_extend(byte >> 4, 4) << shift; } next_sample += (current_sample * coeff1) +
Fixes: left shift of negative value -1 Fixes: 17683/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_EA_R2_fuzzer-5111690013704192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/adpcm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)