diff mbox series

[FFmpeg-devel] avcodec/dpcm: clip exponent into supported range in XAN DPCM

Message ID 20200409181211.23480-1-michael@niedermayer.cc
State Accepted
Commit 20ade59d9633def4ebf84ec170f56367bfb6aa6c
Headers show
Series [FFmpeg-devel] avcodec/dpcm: clip exponent into supported range in XAN DPCM | expand

Checks

Context Check Description
andriy/ffmpeg-patchwork success Make fate finished

Commit Message

Michael Niedermayer April 9, 2020, 6:12 p.m. UTC 
Fixes: shift exponent 32 is too large for 32-bit type 'int'
Fixes: 21200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_DPCM_fuzzer-5754704894361600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/dpcm.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

Comments

Anton Khirnov April 11, 2020, 8:55 a.m. UTC | #1 
Quoting Michael Niedermayer (2020-04-09 20:12:11)
> Fixes: shift exponent 32 is too large for 32-bit type 'int'
> Fixes: 21200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_DPCM_fuzzer-5754704894361600
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/dpcm.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)

Looks ok
Michael Niedermayer April 11, 2020, 4:22 p.m. UTC | #2 
On Sat, Apr 11, 2020 at 10:55:04AM +0200, Anton Khirnov wrote:
> Quoting Michael Niedermayer (2020-04-09 20:12:11)
> > Fixes: shift exponent 32 is too large for 32-bit type 'int'
> > Fixes: 21200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_DPCM_fuzzer-5754704894361600
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/dpcm.c | 5 ++---
> >  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> Looks ok

will apply

thx

[...]
diff mbox series

Patch

diff --git a/libavcodec/dpcm.c b/libavcodec/dpcm.c
index 069bf1dcd8..7078419f08 100644
--- a/libavcodec/dpcm.c
+++ b/libavcodec/dpcm.c
@@ -321,9 +321,8 @@  static int dpcm_decode_frame(AVCodecContext *avctx, void *data,
                 shift[ch] -= (2 * n);
             diff = sign_extend((diff &~ 3) << 8, 16);
 
-            /* saturate the shifter to a lower limit of 0 */
-            if (shift[ch] < 0)
-                shift[ch] = 0;
+            /* saturate the shifter to 0..31 */
+            shift[ch] = av_clip_uintp2(shift[ch], 5);
 
             diff >>= shift[ch];
             predictor[ch] += diff;