fenix
/
fdk-aac
mirror of https://github.com/mstorsjo/fdk-aac.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Avoid undefined shifts in SATURATE_SHIFT 

Make sure that the shift amount is less than the size of the shifted
value, otherwise return the saturation max values (for left shift, if
the source values was nonzero) or zero (for right shift, or zero
shifted left).

Fixes: 24376/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-6529411206348800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
This commit is contained in:
Martin Storsjo 2020-09-02 12:55:33 +03:00
parent 8439b745f6
commit 3a831a5fbc
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libFDK/include/scale.h
View File

@ -241,20 +241,31 @@ inline void scaleValueInPlace(FIXP_DBL *value, /*!< Value */
#ifndef SATURATE_RIGHT_SHIFT
#define SATURATE_RIGHT_SHIFT(src, scale, dBits) \
(((scale) >= 8*sizeof(LONG)) ? (LONG)0 : \
((((LONG)(src) >> (scale)) > (LONG)(((1U) << ((dBits)-1)) - 1)) \
? (LONG)(((1U) << ((dBits)-1)) - 1) \
: (((LONG)(src) >> (scale)) < ~((LONG)(((1U) << ((dBits)-1)) - 1))) \
? ~((LONG)(((1U) << ((dBits)-1)) - 1)) \
: ((LONG)(src) >> (scale)))
: ((LONG)(src) >> (scale))))
#endif
#ifndef SATURATE_LEFT_MAX
#define SATURATE_LEFT_MAX(src, dBits) \
(((LONG)(src) > 0) \
? (LONG)(((1U) << ((dBits)-1)) - 1) \
: ((LONG)(src) < 0) \
? ~((LONG)(((1U) << ((dBits)-1)) - 1)) \
: (LONG)0)
#endif
#ifndef SATURATE_LEFT_SHIFT
#define SATURATE_LEFT_SHIFT(src, scale, dBits) \
(((scale) >= 8*sizeof(LONG)) ? SATURATE_LEFT_MAX(src, dBits) : \
(((LONG)(src) > ((LONG)(((1U) << ((dBits)-1)) - 1) >> (scale))) \
? (LONG)(((1U) << ((dBits)-1)) - 1) \
: ((LONG)(src) < ~((LONG)(((1U) << ((dBits)-1)) - 1) >> (scale))) \
? ~((LONG)(((1U) << ((dBits)-1)) - 1)) \
: ((LONG)(src) << (scale)))
: ((LONG)(src) << (scale))))
#endif
#ifndef SATURATE_SHIFT