[FFmpeg-devel] [PATCH 3/3] avcodec/wavpack: Check value before shift in wp_exp2()
Michael Niedermayer
michael at niedermayer.cc
Tue Feb 28 23:07:38 EET 2017
Fixes undefined shift, all callers should be changed to check the value
they use with wp_exp2() or its return value.
Fixes: 692/clusterfuzz-testcase-5757381516460032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/wavpack.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/wavpack.h b/libavcodec/wavpack.h
index a1b46d5bd7..0196574aab 100644
--- a/libavcodec/wavpack.h
+++ b/libavcodec/wavpack.h
@@ -171,6 +171,8 @@ static av_always_inline int wp_exp2(int16_t val)
res = wp_exp2_table[val & 0xFF] | 0x100;
val >>= 8;
+ if (val > 31)
+ return INT_MIN;
res = (val > 9) ? (res << (val - 9)) : (res >> (9 - val));
return neg ? -res : res;
}
--
2.11.0
More information about the ffmpeg-devel
mailing list