aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2017-05-06 16:32:56 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2017-05-16 16:00:22 +0200
commit677c9f27cc60278c3b7b74b211eda547c56d941c (patch)
tree0796be04e2d2b797fe786cd585fe9a7e9a7b7db0
parent9f7bc8296bddfa68a375b45905e641cfe40fd048 (diff)
downloadffmpeg-677c9f27cc60278c3b7b74b211eda547c56d941c.tar.gz
avcodec/g723_1: Fix multiple runtime error: left shift of negative value
Fixes: 1367/clusterfuzz-testcase-minimized-571496882346393 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4ace2d22192f3995911ec926940125dcb29d606a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavcodec/g723_1.c18
-rw-r--r--libavcodec/g723_1.h2
-rw-r--r--libavcodec/g723_1dec.c4
3 files changed, 12 insertions, 12 deletions
diff --git a/libavcodec/g723_1.c b/libavcodec/g723_1.c
index a11fec8a9e..78ce922266 100644
--- a/libavcodec/g723_1.c
+++ b/libavcodec/g723_1.c
@@ -41,7 +41,7 @@ int ff_g723_1_scale_vector(int16_t *dst, const int16_t *vector, int length)
bits= FFMAX(bits, 0);
for (i = 0; i < length; i++)
- dst[i] = vector[i] << bits >> 3;
+ dst[i] = (vector[i] * (1 << bits)) >> 3;
return bits - 3;
}
@@ -125,9 +125,9 @@ static void lsp2lpc(int16_t *lpc)
for (j = 0; j < LPC_ORDER; j++) {
int index = (lpc[j] >> 7) & 0x1FF;
int offset = lpc[j] & 0x7f;
- int temp1 = cos_tab[index] << 16;
+ int temp1 = cos_tab[index] * (1 << 16);
int temp2 = (cos_tab[index + 1] - cos_tab[index]) *
- ((offset << 8) + 0x80) << 1;
+ (((offset << 8) + 0x80) << 1);
lpc[j] = -(av_sat_dadd32(1 << 15, temp1 + temp2) >> 16);
}
@@ -138,11 +138,11 @@ static void lsp2lpc(int16_t *lpc)
*/
/* Initialize with values in Q28 */
f1[0] = 1 << 28;
- f1[1] = (lpc[0] << 14) + (lpc[2] << 14);
+ f1[1] = (lpc[0] + lpc[2]) * (1 << 14);
f1[2] = lpc[0] * lpc[2] + (2 << 28);
f2[0] = 1 << 28;
- f2[1] = (lpc[1] << 14) + (lpc[3] << 14);
+ f2[1] = (lpc[1] + lpc[3]) * (1 << 14);
f2[2] = lpc[1] * lpc[3] + (2 << 28);
/*
@@ -162,8 +162,8 @@ static void lsp2lpc(int16_t *lpc)
f1[0] >>= 1;
f2[0] >>= 1;
- f1[1] = ((lpc[2 * i] << 16 >> i) + f1[1]) >> 1;
- f2[1] = ((lpc[2 * i + 1] << 16 >> i) + f2[1]) >> 1;
+ f1[1] = ((lpc[2 * i] * 65536 >> i) + f1[1]) >> 1;
+ f2[1] = ((lpc[2 * i + 1] * 65536 >> i) + f2[1]) >> 1;
}
/* Convert polynomial coefficients to LPC coefficients */
@@ -171,8 +171,8 @@ static void lsp2lpc(int16_t *lpc)
int64_t ff1 = f1[i + 1] + f1[i];
int64_t ff2 = f2[i + 1] - f2[i];
- lpc[i] = av_clipl_int32(((ff1 + ff2) << 3) + (1 << 15)) >> 16;
- lpc[LPC_ORDER - i - 1] = av_clipl_int32(((ff1 - ff2) << 3) +
+ lpc[i] = av_clipl_int32(((ff1 + ff2) * 8) + (1 << 15)) >> 16;
+ lpc[LPC_ORDER - i - 1] = av_clipl_int32(((ff1 - ff2) * 8) +
(1 << 15)) >> 16;
}
}
diff --git a/libavcodec/g723_1.h b/libavcodec/g723_1.h
index 40d6e700b1..f833af01c6 100644
--- a/libavcodec/g723_1.h
+++ b/libavcodec/g723_1.h
@@ -55,7 +55,7 @@
* @param b 16 bit multiplier
*/
#define MULL2(a, b) \
- ((((a) >> 16) * (b) << 1) + (((a) & 0xffff) * (b) >> 15))
+ ((((a) >> 16) * (b) * 2) + (((a) & 0xffff) * (b) >> 15))
/**
* G723.1 frame types
diff --git a/libavcodec/g723_1dec.c b/libavcodec/g723_1dec.c
index 6f283b449f..3454ed6074 100644
--- a/libavcodec/g723_1dec.c
+++ b/libavcodec/g723_1dec.c
@@ -516,7 +516,7 @@ static void residual_interp(int16_t *buf, int16_t *out, int lag,
(iir_coef)[n - 1] * ((dest)[m - n] >> in_shift);\
}\
\
- (dest)[m] = av_clipl_int32(((src)[m] << 16) + (filter << 3) +\
+ (dest)[m] = av_clipl_int32(((src)[m] * 65536) + (filter * 8) +\
(1 << 15)) >> res_shift;\
}\
}
@@ -903,7 +903,7 @@ static int g723_1_decode_frame(AVCodecContext *avctx, void *data,
&p->subframe[i], p->cur_rate);
/* Get the total excitation */
for (j = 0; j < SUBFRAME_LEN; j++) {
- int v = av_clip_int16(vector_ptr[j] << 1);
+ int v = av_clip_int16(vector_ptr[j] * 2);
vector_ptr[j] = av_clip_int16(v + acb_vector[j]);
}
vector_ptr += SUBFRAME_LEN;