diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2017-08-26 14:00:55 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2017-08-28 01:44:23 +0200 |
| commit | a5018026af1d1eb89005fe5f4646398276e9fcfd (patch) | |
| tree | 37d65caf8e570b6f211b2387f1b8d8aad8af8552 | |
| parent | 9a73a776816b359cc5befe2ddaa7edef22c4f353 (diff) | |
| download | ffmpeg-a5018026af1d1eb89005fe5f4646398276e9fcfd.tar.gz | |
avcodec/sbrdsp_fixed: Fix undefined overflows in autocorrelate()
Fixes: runtime error: signed integer overflow: 8903997421129740175 + 354481484684609529 cannot be represented in type 'long'
Fixes: 2045/clusterfuzz-testcase-minimized-6751255865065472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eefb68c9c335dda423c9115ba11dc4bb3e73e3f9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavcodec/sbrdsp_fixed.c | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/libavcodec/sbrdsp_fixed.c b/libavcodec/sbrdsp_fixed.c index 7d593a18b8..f45bb847a8 100644 --- a/libavcodec/sbrdsp_fixed.c +++ b/libavcodec/sbrdsp_fixed.c @@ -136,19 +136,19 @@ static av_always_inline void autocorrelate(const int x[40][2], SoftFloat phi[3][ if (lag) { for (i = 1; i < 38; i++) { - accu_re += (int64_t)x[i][0] * x[i+lag][0]; - accu_re += (int64_t)x[i][1] * x[i+lag][1]; - accu_im += (int64_t)x[i][0] * x[i+lag][1]; - accu_im -= (int64_t)x[i][1] * x[i+lag][0]; + accu_re += (uint64_t)x[i][0] * x[i+lag][0]; + accu_re += (uint64_t)x[i][1] * x[i+lag][1]; + accu_im += (uint64_t)x[i][0] * x[i+lag][1]; + accu_im -= (uint64_t)x[i][1] * x[i+lag][0]; } real_sum = accu_re; imag_sum = accu_im; - accu_re += (int64_t)x[ 0][0] * x[lag][0]; - accu_re += (int64_t)x[ 0][1] * x[lag][1]; - accu_im += (int64_t)x[ 0][0] * x[lag][1]; - accu_im -= (int64_t)x[ 0][1] * x[lag][0]; + accu_re += (uint64_t)x[ 0][0] * x[lag][0]; + accu_re += (uint64_t)x[ 0][1] * x[lag][1]; + accu_im += (uint64_t)x[ 0][0] * x[lag][1]; + accu_im -= (uint64_t)x[ 0][1] * x[lag][0]; phi[2-lag][1][0] = autocorr_calc(accu_re); phi[2-lag][1][1] = autocorr_calc(accu_im); @@ -156,28 +156,28 @@ static av_always_inline void autocorrelate(const int x[40][2], SoftFloat phi[3][ if (lag == 1) { accu_re = real_sum; accu_im = imag_sum; - accu_re += (int64_t)x[38][0] * x[39][0]; - accu_re += (int64_t)x[38][1] * x[39][1]; - accu_im += (int64_t)x[38][0] * x[39][1]; - accu_im -= (int64_t)x[38][1] * x[39][0]; + accu_re += (uint64_t)x[38][0] * x[39][0]; + accu_re += (uint64_t)x[38][1] * x[39][1]; + accu_im += (uint64_t)x[38][0] * x[39][1]; + accu_im -= (uint64_t)x[38][1] * x[39][0]; phi[0][0][0] = autocorr_calc(accu_re); phi[0][0][1] = autocorr_calc(accu_im); } } else { for (i = 1; i < 38; i++) { - accu_re += (int64_t)x[i][0] * x[i][0]; - accu_re += (int64_t)x[i][1] * x[i][1]; + accu_re += (uint64_t)x[i][0] * x[i][0]; + accu_re += (uint64_t)x[i][1] * x[i][1]; } real_sum = accu_re; - accu_re += (int64_t)x[ 0][0] * x[ 0][0]; - accu_re += (int64_t)x[ 0][1] * x[ 0][1]; + accu_re += (uint64_t)x[ 0][0] * x[ 0][0]; + accu_re += (uint64_t)x[ 0][1] * x[ 0][1]; phi[2][1][0] = autocorr_calc(accu_re); accu_re = real_sum; - accu_re += (int64_t)x[38][0] * x[38][0]; - accu_re += (int64_t)x[38][1] * x[38][1]; + accu_re += (uint64_t)x[38][0] * x[38][0]; + accu_re += (uint64_t)x[38][1] * x[38][1]; phi[1][0][0] = autocorr_calc(accu_re); } |