Message ID | 20200301225934.2350-2-michael@niedermayer.cc |
---|---|
State | Accepted |
Headers | show |
Series | [FFmpeg-devel,1/2] avcodec/adpcm: Clip step index for ADPCM_IMA_APM | expand |
Context | Check | Description |
---|---|---|
andriy/ffmpeg-patchwork | success | Make fate finished |
On Sun, Mar 01, 2020 at 11:59:34PM +0100, Michael Niedermayer wrote: > Fixes: left shift of negative value -1 > Fixes: 20859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_PSX_fuzzer-5720391507247104 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/adpcm.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply [...]
diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index 5f152ee6ef..8af76ae2df 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -1863,7 +1863,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data, scale = sign_extend(byte, 4); } - scale = scale << 12; + scale = scale * (1 << 12); sample = (int)((scale >> shift) + (c->status[channel].sample1 * xa_adpcm_table[filter][0] + c->status[channel].sample2 * xa_adpcm_table[filter][1]) / 64); } *samples++ = av_clip_int16(sample);
Fixes: left shift of negative value -1 Fixes: 20859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_PSX_fuzzer-5720391507247104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/adpcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)