summaryrefslogtreecommitdiff
path: root/libavcodec/g729dec.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2019-11-05 23:28:35 +0100
committerMichael Niedermayer <michael@niedermayer.cc>2019-12-31 19:51:56 +0100
commit10fb811c0d2e33e1379867955426c27ac0db71df (patch)
tree83ef7ffc302b771888e32581b00eb014bd4e5aaa /libavcodec/g729dec.c
parent1aeef9979ddd695dc33bf5aa144a42c2bd503f8c (diff)
downloadffmpeg-10fb811c0d2e33e1379867955426c27ac0db71df.tar.gz
avcodec/g729dec: Use 64bit and clip in scalar product
The G729 reference decoder clips after each individual operation and keeps track if overflow occurred (in the fixed point implementation), this here is simpler and faster but not 1:1 the same what the reference does. Non fuzzed samples which trigger any such overflow are welcome, so the need and impact of different clipping solutions can be evaluated. Fixes: signed integer overflow: 1271483721 + 1073676289 cannot be represented in type 'int' Fixes: 18617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5137705679978496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bf9c4a12750e593d753011166b066efce208d9e0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/g729dec.c')
-rw-r--r--libavcodec/g729dec.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/libavcodec/g729dec.c b/libavcodec/g729dec.c
index 888abafcc0..5a07e61482 100644
--- a/libavcodec/g729dec.c
+++ b/libavcodec/g729dec.c
@@ -332,11 +332,14 @@ static int16_t g729d_voice_decision(int onset, int prev_voice_decision, const in
static int32_t scalarproduct_int16_c(const int16_t * v1, const int16_t * v2, int order)
{
- int res = 0;
+ int64_t res = 0;
while (order--)
res += *v1++ * *v2++;
+ if (res > INT32_MAX) return INT32_MAX;
+ else if (res < INT32_MIN) return INT32_MIN;
+
return res;
}
View Lorry Controller Status