[FFmpeg-cvslog] avcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()
Michael Niedermayer
git at videolan.org
Thu Mar 28 18:34:03 EET 2019
ffmpeg | branch: release/3.4 | Michael Niedermayer <michael at niedermayer.cc> | Sun Feb 3 15:13:03 2019 +0100| [80603682ff59f14197b5207c908c91b88aeda242] | committer: Michael Niedermayer
avcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()
Fixes: 1377/clusterfuzz-testcase-minimized-5487049807233024
Fixes: assertion failure in sbr_sum_square_c()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4cde7e62dbaa63eda173e8d24a97d273890f282c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=80603682ff59f14197b5207c908c91b88aeda242
---
libavcodec/sbrdsp_fixed.c | 34 +++++++++++++++++++---------------
1 file changed, 19 insertions(+), 15 deletions(-)
diff --git a/libavcodec/sbrdsp_fixed.c b/libavcodec/sbrdsp_fixed.c
index 57d98da979..91fa664c08 100644
--- a/libavcodec/sbrdsp_fixed.c
+++ b/libavcodec/sbrdsp_fixed.c
@@ -34,32 +34,36 @@
static SoftFloat sbr_sum_square_c(int (*x)[2], int n)
{
SoftFloat ret;
- uint64_t accu, round;
+ uint64_t accu = 0, round;
uint64_t accu0 = 0, accu1 = 0, accu2 = 0, accu3 = 0;
int i, nz, nz0;
unsigned u;
+ nz = 0;
for (i = 0; i < n; i += 2) {
- // Larger values are inavlid and could cause overflows of accu.
- av_assert2(FFABS(x[i + 0][0]) >> 30 == 0);
accu0 += (int64_t)x[i + 0][0] * x[i + 0][0];
- av_assert2(FFABS(x[i + 0][1]) >> 30 == 0);
accu1 += (int64_t)x[i + 0][1] * x[i + 0][1];
- av_assert2(FFABS(x[i + 1][0]) >> 30 == 0);
accu2 += (int64_t)x[i + 1][0] * x[i + 1][0];
- av_assert2(FFABS(x[i + 1][1]) >> 30 == 0);
accu3 += (int64_t)x[i + 1][1] * x[i + 1][1];
+ if ((accu0|accu1|accu2|accu3) > UINT64_MAX - INT32_MIN*(int64_t)INT32_MIN || i+2>=n) {
+ accu0 >>= nz;
+ accu1 >>= nz;
+ accu2 >>= nz;
+ accu3 >>= nz;
+ while ((accu0|accu1|accu2|accu3) > (UINT64_MAX - accu) >> 2) {
+ accu0 >>= 1;
+ accu1 >>= 1;
+ accu2 >>= 1;
+ accu3 >>= 1;
+ accu >>= 1;
+ nz ++;
+ }
+ accu += accu0 + accu1 + accu2 + accu3;
+ accu0 = accu1 = accu2 = accu3 = 0;
+ }
}
- nz0 = 15;
- while ((accu0|accu1|accu2|accu3) >> 62) {
- accu0 >>= 1;
- accu1 >>= 1;
- accu2 >>= 1;
- accu3 >>= 1;
- nz0 --;
- }
- accu = accu0 + accu1 + accu2 + accu3;
+ nz0 = 15 - nz;
u = accu >> 32;
if (u) {
More information about the ffmpeg-cvslog
mailing list