[FFmpeg-cvslog] avcodec/eac3dec: Fix runtime error: left shift of negative value

Michael Niedermayer git at videolan.org
Sun Feb 19 22:51:08 EET 2017


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sun Feb 19 20:32:48 2017 +0100| [067485b673f6ac4b1207d6fc975d1fd968edc68e] | committer: Michael Niedermayer

avcodec/eac3dec: Fix runtime error: left shift of negative value

Fixes: 610/clusterfuzz-testcase-4831030085156864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=067485b673f6ac4b1207d6fc975d1fd968edc68e
---

 libavcodec/eac3dec.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/eac3dec.c b/libavcodec/eac3dec.c
index 83a54bc..be23502 100644
--- a/libavcodec/eac3dec.c
+++ b/libavcodec/eac3dec.c
@@ -252,7 +252,7 @@ static void ff_eac3_decode_transform_coeffs_aht_ch(AC3DecodeContext *s, int ch)
             /* Vector Quantization */
             int v = get_bits(gbc, bits);
             for (blk = 0; blk < 6; blk++) {
-                s->pre_mantissa[ch][bin][blk] = ff_eac3_mantissa_vq[hebap][v][blk] << 8;
+                s->pre_mantissa[ch][bin][blk] = ff_eac3_mantissa_vq[hebap][v][blk] * (1 << 8);
             }
         } else {
             /* Gain Adaptive Quantization */
@@ -271,12 +271,12 @@ static void ff_eac3_decode_transform_coeffs_aht_ch(AC3DecodeContext *s, int ch)
                     int b;
                     int mbits = bits - (2 - log_gain);
                     mant = get_sbits(gbc, mbits);
-                    mant <<= (23 - (mbits - 1));
+                    mant = ((unsigned)mant) << (23 - (mbits - 1));
                     /* remap mantissa value to correct for asymmetric quantization */
                     if (mant >= 0)
                         b = 1 << (23 - log_gain);
                     else
-                        b = ff_eac3_gaq_remap_2_4_b[hebap-8][log_gain-1] << 8;
+                        b = ff_eac3_gaq_remap_2_4_b[hebap-8][log_gain-1] * (1 << 8);
                     mant += ((ff_eac3_gaq_remap_2_4_a[hebap-8][log_gain-1] * (int64_t)mant) >> 15) + b;
                 } else {
                     /* small mantissa, no GAQ, or Gk=1 */



More information about the ffmpeg-cvslog mailing list