diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2023-04-09 13:18:42 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2023-04-14 17:56:36 +0200 |
commit | 27e7857bd1127974ffe1512293abee83b1035194 (patch) | |
tree | bb9e2db1db26352216d2df53ffdcc7c56eb9bb9b /libavcodec | |
parent | 7c6e26a18403376987541f1ca801ae225f8ee6d4 (diff) | |
download | ffmpeg-27e7857bd1127974ffe1512293abee83b1035194.tar.gz |
avcodec/huffyuvdec: Fix undefined behavior with shift
Fixes: left shift of negative value -1
Fixes: 57554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFVHUFF_fuzzer-4853603839115264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec')
-rw-r--r-- | libavcodec/huffyuvdec.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/huffyuvdec.c b/libavcodec/huffyuvdec.c index 7d3515cc88..8ba67bbdeb 100644 --- a/libavcodec/huffyuvdec.c +++ b/libavcodec/huffyuvdec.c @@ -695,9 +695,9 @@ static void decode_422_bitstream(HYuvDecContext *s, int count) /* TODO instead of restarting the read when the code isn't in the first level * of the joint table, jump into the 2nd level of the individual table. */ #define READ_2PIX_PLANE16(dst0, dst1, plane){\ - dst0 = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)<<2;\ + dst0 = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)*4;\ dst0 += get_bits(&s->gb, 2);\ - dst1 = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)<<2;\ + dst1 = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)*4;\ dst1 += get_bits(&s->gb, 2);\ } static void decode_plane_bitstream(HYuvDecContext *s, int width, int plane) |