From eb892918778164ff0b7a398954109e5fc5bf8872 Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Sun, 15 Sep 2019 22:01:20 +0200 Subject: [PATCH] avcodec/ttaenc: Fix undefined shift MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ttaenc contained (1 << unary) - 1 as an argument for a function expecting an unsigned int. unary can be as big as 31 in this case. The type of the shift and the whole expression is int, because 1 fits into an integer, so that the behaviour is undefined if unary == 31 as the result of the shift can't be represented in an int §. Subtraction by 1 (which makes the result of the whole expression representable in an int) doesn't change that this is undefined (it usually leads to signed integer overflow which is undefined, too). The solution is simple: Make 1 unsigned to change the type of the whole expression to unsigned int (as the function expects anyway). Fixes ticket #8153. §: This of course presupposes the common int range of -2^31..2^31-1 Signed-off-by: Andreas Rheinhardt Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 3ab488a5407f833ecc66e8fa4c537dc4852db720) Signed-off-by: Andreas Rheinhardt --- libavcodec/ttaenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ttaenc.c b/libavcodec/ttaenc.c index 3cc54d78c5..08a0d0483a 100644 --- a/libavcodec/ttaenc.c +++ b/libavcodec/ttaenc.c @@ -164,7 +164,7 @@ pkt_alloc: put_bits(&pb, 31, 0x7FFFFFFF); unary -= 31; } else { - put_bits(&pb, unary, (1 << unary) - 1); + put_bits(&pb, unary, (1U << unary) - 1); unary = 0; } } while (unary);