| Message ID | 20200924202039.30285-3-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 4f54f530039db149808478796e8389c14eb73095 |
| Headers | show |
| Series | [FFmpeg-devel,1/4] avcodec/svq3: dont crash on free_picture(NULL) | expand |
| Context | Check | Description |
|---|---|---|
| andriy/default | pending | |
| andriy/make | success | Make finished |
| andriy/make_fate | success | Make fate finished |
On Thu, Sep 24, 2020 at 10:20:38PM +0200, Michael Niedermayer wrote: > Fixes: left shift of negative value -4 > Fixes: 25723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6250580752990208 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/takdsp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply without the typo in the commit message [...]
diff --git a/libavcodec/takdsp.c b/libavcodec/takdsp.c index 2441c2baa6..9cb8052596 100644 --- a/libavcodec/takdsp.c +++ b/libavcodec/takdsp.c @@ -65,7 +65,7 @@ static void decorrelate_sf(int32_t *p1, int32_t *p2, int length, int dshift, int for (i = 0; i < length; i++) { int32_t a = p1[i]; int32_t b = p2[i]; - b = dfactor * (b >> dshift) + 128 >> 8 << dshift; + b = (unsigned)(dfactor * (b >> dshift) + 128 >> 8) << dshift; p1[i] = b - a; } }
Fixes: left shift of negative value -4 Fixes: 25723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6250580752990208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/takdsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)