[FFmpeg-cvslog] avcodec/celp_filters: Avoid invalid negation in ff_celp_lp_synthesis_filter()

Michael Niedermayer git at videolan.org
Sat Oct 10 14:09:05 EEST 2020


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Sep 23 23:31:59 2020 +0200| [11a6347f9e544a1b9fba059ae02c30c0e512c195] | committer: Michael Niedermayer

avcodec/celp_filters: Avoid invalid negation in ff_celp_lp_synthesis_filter()

Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 25675/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-4786580731199488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=11a6347f9e544a1b9fba059ae02c30c0e512c195
---

 libavcodec/celp_filters.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/celp_filters.c b/libavcodec/celp_filters.c
index fafedd99a3..40ff7427df 100644
--- a/libavcodec/celp_filters.c
+++ b/libavcodec/celp_filters.c
@@ -65,11 +65,11 @@ int ff_celp_lp_synthesis_filter(int16_t *out, const int16_t *filter_coeffs,
     int i,n;
 
     for (n = 0; n < buffer_length; n++) {
-        int sum = -rounder, sum1;
+        int sum = rounder, sum1;
         for (i = 1; i <= filter_length; i++)
-            sum += (unsigned)(filter_coeffs[i-1] * out[n-i]);
+            sum -= (unsigned)(filter_coeffs[i-1] * out[n-i]);
 
-        sum1 = ((-sum >> 12) + in[n]) >> shift;
+        sum1 = ((sum >> 12) + in[n]) >> shift;
         sum  = av_clip_int16(sum1);
 
         if (stop_on_overflow && sum != sum1)



More information about the ffmpeg-cvslog mailing list