avcodec/aacsbr_fixed: Fix multiple runtime error: shift exponent 150 is too large...
authorMichael Niedermayer <michael@niedermayer.cc>
Fri, 19 May 2017 10:25:52 +0000 (12:25 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Sat, 20 May 2017 01:41:34 +0000 (03:41 +0200)
Fixes: 1681/clusterfuzz-testcase-minimized-5970545365483520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3fb104f4476ad238e2ca768e9b80dc314e6e856d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/aacsbr_fixed.c

index b4e3ac7..a563057 100644 (file)
@@ -291,6 +291,8 @@ static void sbr_hf_inverse_filter(SBRDSPContext *dsp,
         shift = a00.exp;
         if (shift >= 3)
             alpha0[k][0] = 0x7fffffff;
+        else if (shift <= -30)
+            alpha0[k][0] = 0;
         else {
             a00.mant <<= 1;
             shift = 2-shift;
@@ -305,6 +307,8 @@ static void sbr_hf_inverse_filter(SBRDSPContext *dsp,
         shift = a01.exp;
         if (shift >= 3)
             alpha0[k][1] = 0x7fffffff;
+        else if (shift <= -30)
+            alpha0[k][1] = 0;
         else {
             a01.mant <<= 1;
             shift = 2-shift;
@@ -318,6 +322,8 @@ static void sbr_hf_inverse_filter(SBRDSPContext *dsp,
         shift = a10.exp;
         if (shift >= 3)
             alpha1[k][0] = 0x7fffffff;
+        else if (shift <= -30)
+            alpha1[k][0] = 0;
         else {
             a10.mant <<= 1;
             shift = 2-shift;
@@ -332,6 +338,8 @@ static void sbr_hf_inverse_filter(SBRDSPContext *dsp,
         shift = a11.exp;
         if (shift >= 3)
             alpha1[k][1] = 0x7fffffff;
+        else if (shift <= -30)
+            alpha1[k][1] = 0;
         else {
             a11.mant <<= 1;
             shift = 2-shift;