| Message ID | 20200510104058.10321-3-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 82d4c7b95ed98d38aa834ef5a8fb1d2ef3901698 |
| Headers | show |
| Series | [FFmpeg-devel,1/4] avcodec/adpcm: Clip predictor for IMA_APM | expand |
| Context | Check | Description |
|---|---|---|
| andriy/default | pending | |
| andriy/make | success | Make finished |
| andriy/make_fate | success | Make fate finished |
diff --git a/libavcodec/g729postfilter.c b/libavcodec/g729postfilter.c index ab668594d2..617744ec8e 100644 --- a/libavcodec/g729postfilter.c +++ b/libavcodec/g729postfilter.c @@ -600,6 +600,7 @@ int16_t ff_g729_adaptive_gain_control(int gain_before, int gain_after, int16_t * gain = ((gain_before - gain_after) << 14) / gain_after + 0x4000; gain = bidir_sal(gain, exp_after - exp_before); } + gain = av_clip_int16(gain); gain = (gain * G729_AGC_FAC1 + 0x4000) >> 15; // gain * (1-0.9875) } else gain = 0;
The fixed point integer reference specifies the multiplication used to have 16bit input and clips so we need to clip the input The floating point implementation does not seem to do that. Fixes: signed integer overflow: 6317568 * 410 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5700189272932352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/g729postfilter.c | 1 + 1 file changed, 1 insertion(+)