diff mbox

[FFmpeg-devel,5/5] avcodec/g729dec: Use 64bit and clip in scalar product

Message ID 20191105232224.13680-5-michael@niedermayer.cc
State Accepted
Commit bf9c4a12750e593d753011166b066efce208d9e0
Headers show

Commit Message

Michael Niedermayer Nov. 5, 2019, 11:22 p.m. UTC 
The G729 reference clips after each individual operation and keeps track if overflow
occurred (in the fixed point implementation), this here is
simpler and faster but not 1:1 the same what the reference does.

Non fuzzed samples which trigger any such overflow are welcome, so
the need and impact of different clipping solutions can be evaluated.

Fixes: signed integer overflow: 1271483721 + 1073676289 cannot be represented in type 'int'
Fixes: 18617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5137705679978496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/g729dec.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Carl Eugen Hoyos Nov. 5, 2019, 11:44 p.m. UTC | #1 
Am Mi., 6. Nov. 2019 um 00:31 Uhr schrieb Michael Niedermayer
<michael@niedermayer.cc>:
>
> The G729 reference clips after each individual operation and keeps
> track if overflow occurred (in the fixed point implementation)

I believe this is missing the word "decoder".

Carl Eugen
Michael Niedermayer Nov. 6, 2019, 2:37 p.m. UTC | #2 
On Wed, Nov 06, 2019 at 12:44:32AM +0100, Carl Eugen Hoyos wrote:
> Am Mi., 6. Nov. 2019 um 00:31 Uhr schrieb Michael Niedermayer
> <michael@niedermayer.cc>:
> >
> > The G729 reference clips after each individual operation and keeps
> > track if overflow occurred (in the fixed point implementation)
> 
> I believe this is missing the word "decoder".

locally added

thx

[...]
Michael Niedermayer Nov. 24, 2019, 11:10 p.m. UTC | #3 
On Wed, Nov 06, 2019 at 03:37:48PM +0100, Michael Niedermayer wrote:
> On Wed, Nov 06, 2019 at 12:44:32AM +0100, Carl Eugen Hoyos wrote:
> > Am Mi., 6. Nov. 2019 um 00:31 Uhr schrieb Michael Niedermayer
> > <michael@niedermayer.cc>:
> > >
> > > The G729 reference clips after each individual operation and keeps
> > > track if overflow occurred (in the fixed point implementation)
> > 
> > I believe this is missing the word "decoder".
> 
> locally added

will apply

[...]
diff mbox

Patch

diff --git a/libavcodec/g729dec.c b/libavcodec/g729dec.c
index 67054b71df..16869e0df8 100644
--- a/libavcodec/g729dec.c
+++ b/libavcodec/g729dec.c
@@ -332,11 +332,14 @@  static int16_t g729d_voice_decision(int onset, int prev_voice_decision, const in
 
 static int32_t scalarproduct_int16_c(const int16_t * v1, const int16_t * v2, int order)
 {
-    int res = 0;
+    int64_t res = 0;
 
     while (order--)
         res += *v1++ * *v2++;
 
+    if      (res > INT32_MAX) return INT32_MAX;
+    else if (res < INT32_MIN) return INT32_MIN;
+
     return res;
 }