| Message ID | 20231022003520.17154-5-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 907743239d83f7bbcacc466af8ace4e0f6ebc257 |
| Headers | show |
| Series | [FFmpeg-devel,1/6] avformat/mov: Check that is_still_picture_avif has no trak based streams | expand |
| Context | Check | Description |
|---|---|---|
| yinshiyou/make_loongarch64 | success | Make finished |
| yinshiyou/make_fate_loongarch64 | success | Make fate finished |
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
Oct 22, 2023, 02:36 by michael@niedermayer.cc: > Fixes: signed integer overflow: -1028966111 + -1314089526 cannot be represented in type 'int' > Fixes: 63174/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5853273711837184 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavutil/tx_template.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/libavutil/tx_template.c b/libavutil/tx_template.c > index 8dc3d2519c1..a2c27465cbc 100644 > --- a/libavutil/tx_template.c > +++ b/libavutil/tx_template.c > @@ -185,10 +185,9 @@ static av_always_inline void fft3(TXComplex *out, TXComplex *in, > BF(tmp[1].re, tmp[2].im, in[1].im, in[2].im); > BF(tmp[1].im, tmp[2].re, in[1].re, in[2].re); > > - out[0*stride].re = tmp[0].re + tmp[2].re; > - out[0*stride].im = tmp[0].im + tmp[2].im; > - > #ifdef TX_INT32 > + out[0*stride].re = (int64_t)tmp[0].re + tmp[2].re; > + out[0*stride].im = (int64_t)tmp[0].im + tmp[2].im; > mtmp[0] = (int64_t)tab[ 8] * tmp[1].re; > mtmp[1] = (int64_t)tab[ 9] * tmp[1].im; > mtmp[2] = (int64_t)tab[10] * tmp[2].re; > @@ -198,6 +197,8 @@ static av_always_inline void fft3(TXComplex *out, TXComplex *in, > out[2*stride].re = tmp[0].re - (mtmp[2] - mtmp[0] + 0x40000000 >> 31); > out[2*stride].im = tmp[0].im - (mtmp[3] + mtmp[1] + 0x40000000 >> 31); > #else > + out[0*stride].re = tmp[0].re + tmp[2].re; > + out[0*stride].im = tmp[0].im + tmp[2].im; > tmp[1].re = tab[ 8] * tmp[1].re; > tmp[1].im = tab[ 9] * tmp[1].im; > tmp[2].re = tab[10] * tmp[2].re; > lgtm
On Sun, Oct 22, 2023 at 03:55:47AM +0200, Lynne wrote: > Oct 22, 2023, 02:36 by michael@niedermayer.cc: > > > Fixes: signed integer overflow: -1028966111 + -1314089526 cannot be represented in type 'int' > > Fixes: 63174/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5853273711837184 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavutil/tx_template.c | 7 ++++--- > > 1 file changed, 4 insertions(+), 3 deletions(-) > > > > diff --git a/libavutil/tx_template.c b/libavutil/tx_template.c > > index 8dc3d2519c1..a2c27465cbc 100644 > > --- a/libavutil/tx_template.c > > +++ b/libavutil/tx_template.c > > @@ -185,10 +185,9 @@ static av_always_inline void fft3(TXComplex *out, TXComplex *in, > > BF(tmp[1].re, tmp[2].im, in[1].im, in[2].im); > > BF(tmp[1].im, tmp[2].re, in[1].re, in[2].re); > > > > - out[0*stride].re = tmp[0].re + tmp[2].re; > > - out[0*stride].im = tmp[0].im + tmp[2].im; > > - > > #ifdef TX_INT32 > > + out[0*stride].re = (int64_t)tmp[0].re + tmp[2].re; > > + out[0*stride].im = (int64_t)tmp[0].im + tmp[2].im; > > mtmp[0] = (int64_t)tab[ 8] * tmp[1].re; > > mtmp[1] = (int64_t)tab[ 9] * tmp[1].im; > > mtmp[2] = (int64_t)tab[10] * tmp[2].re; > > @@ -198,6 +197,8 @@ static av_always_inline void fft3(TXComplex *out, TXComplex *in, > > out[2*stride].re = tmp[0].re - (mtmp[2] - mtmp[0] + 0x40000000 >> 31); > > out[2*stride].im = tmp[0].im - (mtmp[3] + mtmp[1] + 0x40000000 >> 31); > > #else > > + out[0*stride].re = tmp[0].re + tmp[2].re; > > + out[0*stride].im = tmp[0].im + tmp[2].im; > > tmp[1].re = tab[ 8] * tmp[1].re; > > tmp[1].im = tab[ 9] * tmp[1].im; > > tmp[2].re = tab[10] * tmp[2].re; > > > > lgtm will apply thx [...]
diff --git a/libavutil/tx_template.c b/libavutil/tx_template.c index 8dc3d2519c1..a2c27465cbc 100644 --- a/libavutil/tx_template.c +++ b/libavutil/tx_template.c @@ -185,10 +185,9 @@ static av_always_inline void fft3(TXComplex *out, TXComplex *in, BF(tmp[1].re, tmp[2].im, in[1].im, in[2].im); BF(tmp[1].im, tmp[2].re, in[1].re, in[2].re); - out[0*stride].re = tmp[0].re + tmp[2].re; - out[0*stride].im = tmp[0].im + tmp[2].im; - #ifdef TX_INT32 + out[0*stride].re = (int64_t)tmp[0].re + tmp[2].re; + out[0*stride].im = (int64_t)tmp[0].im + tmp[2].im; mtmp[0] = (int64_t)tab[ 8] * tmp[1].re; mtmp[1] = (int64_t)tab[ 9] * tmp[1].im; mtmp[2] = (int64_t)tab[10] * tmp[2].re; @@ -198,6 +197,8 @@ static av_always_inline void fft3(TXComplex *out, TXComplex *in, out[2*stride].re = tmp[0].re - (mtmp[2] - mtmp[0] + 0x40000000 >> 31); out[2*stride].im = tmp[0].im - (mtmp[3] + mtmp[1] + 0x40000000 >> 31); #else + out[0*stride].re = tmp[0].re + tmp[2].re; + out[0*stride].im = tmp[0].im + tmp[2].im; tmp[1].re = tab[ 8] * tmp[1].re; tmp[1].im = tab[ 9] * tmp[1].im; tmp[2].re = tab[10] * tmp[2].re;
Fixes: signed integer overflow: -1028966111 + -1314089526 cannot be represented in type 'int' Fixes: 63174/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5853273711837184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavutil/tx_template.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)