From d23a21ab427da642c8f32bb0659ae63a86f98e96 Mon Sep 17 00:00:00 2001
From: Martin Storsjo <martin@martin.st>
Date: Tue, 17 Nov 2020 12:18:36 +0200
Subject: [PATCH] Avoid undefined shifts in calculateSbrEnvelope

Fixes: 26845/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5670674796118016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
---
 libSBRdec/src/env_calc.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libSBRdec/src/env_calc.cpp b/libSBRdec/src/env_calc.cpp
index 1242833..2efff4f 100644
--- a/libSBRdec/src/env_calc.cpp
+++ b/libSBRdec/src/env_calc.cpp
@@ -1477,8 +1477,10 @@ void calculateSbrEnvelope(
 
       for (k = 0; k < noSubbands; k++) {
         int sc = scale_change - pNrgs->nrgGain_e[k] + (sc_change - 1);
-        pNrgs->nrgGain[k] >>= sc;
         pNrgs->nrgGain_e[k] += sc;
+        if (sc > 31)
+          sc = 31;
+        pNrgs->nrgGain[k] >>= sc;
       }
 
       if (!useLP) {