avcodec/adxdec: Fix runtime error: left shift of negative value -1
authorMichael Niedermayer <michael@niedermayer.cc>
Fri, 3 Mar 2017 03:39:04 +0000 (04:39 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Sat, 20 May 2017 01:41:33 +0000 (03:41 +0200)
Fixes: 705/clusterfuzz-testcase-5129572590813184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d23727e0420b9f77f0d4cb28b43819b402f702e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/adxdec.c

index 32cc0f0..178ea99 100644 (file)
@@ -81,7 +81,7 @@ static int adx_decode(ADXContext *c, int16_t *out, int offset,
     s2 = prev->s2;
     for (i = 0; i < BLOCK_SAMPLES; i++) {
         d  = get_sbits(&gb, 4);
-        s0 = ((d << COEFF_BITS) * scale + c->coeff[0] * s1 + c->coeff[1] * s2) >> COEFF_BITS;
+        s0 = ((d * (1 << COEFF_BITS)) * scale + c->coeff[0] * s1 + c->coeff[1] * s2) >> COEFF_BITS;
         s2 = s1;
         s1 = av_clip_int16(s0);
         *out++ = s1;