This reverts a hunk from f1ca40ee00402102046fc7e59606651930436b0e
Fixes: out of array read
Fixes: 16924/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5157893162139648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 722fd4696583cc984700eaec4745922ae177b2da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
... | ... |
@@ -1513,7 +1513,7 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, |
1513 | 1513 |
} |
1514 | 1514 |
|
1515 | 1515 |
} else if (vr_type == 2) { |
1516 |
- unsigned voffs_div = FASTDIV(voffset << 1, ch <<1); |
|
1516 |
+ unsigned voffs_div = ch == 1 ? voffset : FASTDIV(voffset, ch); |
|
1517 | 1517 |
unsigned voffs_mod = voffset - voffs_div * ch; |
1518 | 1518 |
|
1519 | 1519 |
for (k = 0; k < step; ++k) { |