diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2020-02-01 21:25:33 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2020-04-16 00:56:49 +0200 |
| commit | 8e30502abe62f741cfef1e7b75048ae86a99a50f (patch) | |
| tree | e82d24f1bc9cb494b5d02cc80157da5e4f400edb | |
| parent | 55f9683cf6be97f4b398a7a35ee5bfd1208ac2a5 (diff) | |
| download | ffmpeg-8e30502abe62f741cfef1e7b75048ae86a99a50f.tar.gz | |
avcodec/ac3dec_fixed: Fix several invalid left shifts in scale_coefs()
Fixes: left shift of negative value -14336
Fixes: 20298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-5675484201615360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavcodec/ac3dec_fixed.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/libavcodec/ac3dec_fixed.c b/libavcodec/ac3dec_fixed.c index bd66175d50..1e1edc8964 100644 --- a/libavcodec/ac3dec_fixed.c +++ b/libavcodec/ac3dec_fixed.c @@ -107,29 +107,30 @@ static void scale_coefs ( } } else { shift = -shift; + mul <<= shift; for (i=0; i<len; i+=8) { temp = src[i] * mul; temp1 = src[i+1] * mul; temp2 = src[i+2] * mul; - dst[i] = temp << shift; + dst[i] = temp; temp3 = src[i+3] * mul; - dst[i+1] = temp1 << shift; + dst[i+1] = temp1; temp4 = src[i + 4] * mul; - dst[i+2] = temp2 << shift; + dst[i+2] = temp2; temp5 = src[i+5] * mul; - dst[i+3] = temp3 << shift; + dst[i+3] = temp3; temp6 = src[i+6] * mul; - dst[i+4] = temp4 << shift; + dst[i+4] = temp4; temp7 = src[i+7] * mul; - dst[i+5] = temp5 << shift; - dst[i+6] = temp6 << shift; - dst[i+7] = temp7 << shift; + dst[i+5] = temp5; + dst[i+6] = temp6; + dst[i+7] = temp7; } } |