avcodec/aacdec_fixed: Handle more extreem cases in noise_scale()
authorMichael Niedermayer <michael@niedermayer.cc>
Thu, 16 May 2019 10:00:18 +0000 (12:00 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Tue, 4 Jun 2019 11:06:41 +0000 (13:06 +0200)
Its unclear if these cases have any relevance in real files

Fixes: shift exponent -2 is negative
Fixes: 14489/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5681941631729664

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/aacdec_fixed.c

index 0808c81..1d0142f 100644 (file)
@@ -221,10 +221,15 @@ static void noise_scale(int *coefs, int scale, int band_energy, int len)
     }
     else {
         s = s + 32;
-        round = s ? 1 << (s-1) : 0;
-        for (i=0; i<len; i++) {
-            out = (int)((int64_t)((int64_t)coefs[i] * c + round) >> s);
-            coefs[i] = -out;
+        if (s > 0) {
+            round = 1 << (s-1);
+            for (i=0; i<len; i++) {
+                out = (int)((int64_t)((int64_t)coefs[i] * c + round) >> s);
+                coefs[i] = -out;
+            }
+        } else {
+            for (i=0; i<len; i++)
+                coefs[i] = -(int64_t)coefs[i] * c * (1 << -s);
         }
     }
 }