Browse code
avcodec/hevcdsp_template: Fix Invalid shifts in put_hevc_qpel_bi_w_h() and put_hevc_qpel_bi_w_w()
Fixes: left shift of negative value -1
Fixes: 4690/clusterfuzz-testcase-minimized-6117482428366848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d135f3c514ac1723256c8e0f5cdd466fe98a2578)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer authored on 2017/12/27 07:24:45Showing 1 changed files
| ... | ... |
@@ -965,7 +965,7 @@ static void FUNC(put_hevc_qpel_bi_w_h)(uint8_t *_dst, ptrdiff_t _dststride, uint |
| 965 | 965 |
for (y = 0; y < height; y++) {
|
| 966 | 966 |
for (x = 0; x < width; x++) |
| 967 | 967 |
dst[x] = av_clip_pixel(((QPEL_FILTER(src, 1) >> (BIT_DEPTH - 8)) * wx1 + src2[x] * wx0 + |
| 968 |
- ((ox0 + ox1 + 1) << log2Wd)) >> (log2Wd + 1)); |
|
| 968 |
+ ((ox0 + ox1 + 1) * (1 << log2Wd))) >> (log2Wd + 1)); |
|
| 969 | 969 |
src += srcstride; |
| 970 | 970 |
dst += dststride; |
| 971 | 971 |
src2 += MAX_PB_SIZE; |
| ... | ... |
@@ -1020,7 +1020,7 @@ static void FUNC(put_hevc_qpel_bi_w_v)(uint8_t *_dst, ptrdiff_t _dststride, uint |
| 1020 | 1020 |
for (y = 0; y < height; y++) {
|
| 1021 | 1021 |
for (x = 0; x < width; x++) |
| 1022 | 1022 |
dst[x] = av_clip_pixel(((QPEL_FILTER(src, srcstride) >> (BIT_DEPTH - 8)) * wx1 + src2[x] * wx0 + |
| 1023 |
- ((ox0 + ox1 + 1) << log2Wd)) >> (log2Wd + 1)); |
|
| 1023 |
+ ((ox0 + ox1 + 1) * (1 << log2Wd))) >> (log2Wd + 1)); |
|
| 1024 | 1024 |
src += srcstride; |
| 1025 | 1025 |
dst += dststride; |
| 1026 | 1026 |
src2 += MAX_PB_SIZE; |