Message ID | 20200409181211.23480-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 20ade59d9633def4ebf84ec170f56367bfb6aa6c |
Headers | show |
Series | [FFmpeg-devel] avcodec/dpcm: clip exponent into supported range in XAN DPCM | expand |
Context | Check | Description |
---|---|---|
andriy/ffmpeg-patchwork | success | Make fate finished |
Quoting Michael Niedermayer (2020-04-09 20:12:11) > Fixes: shift exponent 32 is too large for 32-bit type 'int' > Fixes: 21200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_DPCM_fuzzer-5754704894361600 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/dpcm.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) Looks ok
On Sat, Apr 11, 2020 at 10:55:04AM +0200, Anton Khirnov wrote: > Quoting Michael Niedermayer (2020-04-09 20:12:11) > > Fixes: shift exponent 32 is too large for 32-bit type 'int' > > Fixes: 21200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_DPCM_fuzzer-5754704894361600 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/dpcm.c | 5 ++--- > > 1 file changed, 2 insertions(+), 3 deletions(-) > > Looks ok will apply thx [...]
diff --git a/libavcodec/dpcm.c b/libavcodec/dpcm.c index 069bf1dcd8..7078419f08 100644 --- a/libavcodec/dpcm.c +++ b/libavcodec/dpcm.c @@ -321,9 +321,8 @@ static int dpcm_decode_frame(AVCodecContext *avctx, void *data, shift[ch] -= (2 * n); diff = sign_extend((diff &~ 3) << 8, 16); - /* saturate the shifter to a lower limit of 0 */ - if (shift[ch] < 0) - shift[ch] = 0; + /* saturate the shifter to 0..31 */ + shift[ch] = av_clip_uintp2(shift[ch], 5); diff >>= shift[ch]; predictor[ch] += diff;
Fixes: shift exponent 32 is too large for 32-bit type 'int' Fixes: 21200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_DPCM_fuzzer-5754704894361600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/dpcm.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)