[FFmpeg-cvslog] avcodec/aacdec_fixed: Handle more extreem cases in noise_scale()
Michael Niedermayer
git at videolan.org
Thu Jun 27 20:48:34 EEST 2019
ffmpeg | branch: release/4.1 | Michael Niedermayer <michael at niedermayer.cc> | Thu May 16 12:00:18 2019 +0200| [42245d49a4ad76b84e62aa1f7d2eca5b15534fbf] | committer: Michael Niedermayer
avcodec/aacdec_fixed: Handle more extreem cases in noise_scale()
Its unclear if these cases have any relevance in real files
Fixes: shift exponent -2 is negative
Fixes: 14489/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5681941631729664
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 3d14663f8345a84613b1ec041fd65e4a90057320)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=42245d49a4ad76b84e62aa1f7d2eca5b15534fbf
---
libavcodec/aacdec_fixed.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/libavcodec/aacdec_fixed.c b/libavcodec/aacdec_fixed.c
index 35425bd468..411d96d5a6 100644
--- a/libavcodec/aacdec_fixed.c
+++ b/libavcodec/aacdec_fixed.c
@@ -221,10 +221,15 @@ static void noise_scale(int *coefs, int scale, int band_energy, int len)
}
else {
s = s + 32;
- round = s ? 1 << (s-1) : 0;
- for (i=0; i<len; i++) {
- out = (int)((int64_t)((int64_t)coefs[i] * c + round) >> s);
- coefs[i] = -out;
+ if (s > 0) {
+ round = 1 << (s-1);
+ for (i=0; i<len; i++) {
+ out = (int)((int64_t)((int64_t)coefs[i] * c + round) >> s);
+ coefs[i] = -out;
+ }
+ } else {
+ for (i=0; i<len; i++)
+ coefs[i] = -(int64_t)coefs[i] * c * (1 << -s);
}
}
}
More information about the ffmpeg-cvslog
mailing list