virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

avcodec/sbrdsp_fixed: Fix integer overflow in shift in sbr_hf_g_filt_c()

Browse Source 
Fixes: runtime error: shift exponent 66 is too large for 64-bit type 'long long'
Fixes: 3642/clusterfuzz-testcase-minimized-5443853801750528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2017-11-01 14:00:20 +01:00
parent 7d1dec4668
commit 981e99ab99
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libavcodec/sbrdsp_fixed.c
View File

@ -244,12 +244,14 @@ static void sbr_hf_g_filt_c(int (*Y)[2], const int (*X_high)[40][2],
int64_t accu;
for (m = 0; m < m_max; m++) {
int64_t r = 1LL << (22-g_filt[m].exp);
accu = (int64_t)X_high[m][ixh][0] * ((g_filt[m].mant + 0x40)>>7);
Y[m][0] = (int)((accu + r) >> (23-g_filt[m].exp));
if (22 - g_filt[m].exp < 61) {
int64_t r = 1LL << (22-g_filt[m].exp);
accu = (int64_t)X_high[m][ixh][0] * ((g_filt[m].mant + 0x40)>>7);
Y[m][0] = (int)((accu + r) >> (23-g_filt[m].exp));
accu = (int64_t)X_high[m][ixh][1] * ((g_filt[m].mant + 0x40)>>7);
Y[m][1] = (int)((accu + r) >> (23-g_filt[m].exp));
accu = (int64_t)X_high[m][ixh][1] * ((g_filt[m].mant + 0x40)>>7);
Y[m][1] = (int)((accu + r) >> (23-g_filt[m].exp));
}
}
}