Browse code
avcodec/ralf: use multiply instead of shift to avoid undefined behavior in decode_block()
Fixes: left shift of negative value -249
Fixes: 18566/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5649394561187840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b7d02642b2096622cee6165fea1301bb9ad54ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer authored on 2019/11/02 23:52:52Showing 1 changed files
| ... | ... |
@@ -408,7 +408,7 @@ static int decode_block(AVCodecContext *avctx, GetBitContext *gb, |
| 408 | 408 |
case 4: |
| 409 | 409 |
for (i = 0; i < len; i++) {
|
| 410 | 410 |
t = ch1[i] + ctx->bias[1]; |
| 411 |
- t2 = ((ch0[i] + ctx->bias[0]) << 1) | (t & 1); |
|
| 411 |
+ t2 = ((ch0[i] + ctx->bias[0]) * 2) | (t & 1); |
|
| 412 | 412 |
dst0[i] = (t2 + t) / 2; |
| 413 | 413 |
dst1[i] = (t2 - t) / 2; |
| 414 | 414 |
} |