From cf818be4f2f1e06bf63da3a6b55a4c3620952070 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 2 Sep 2015 20:43:25 +0200 Subject: [PATCH] avcodec/truemotion1: Fix undefined behavior (left shift of negative value) Fixes: asan_heap-oob_26f6853_862_cov_585961513_sonic3dblast_intro-partial.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/truemotion1.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/truemotion1.c b/libavcodec/truemotion1.c index eed3a37bba..14c964da38 100644 --- a/libavcodec/truemotion1.c +++ b/libavcodec/truemotion1.c @@ -215,7 +215,7 @@ static int make_cdt16_entry(int p1, int p2, int16_t *cdt) b = cdt[p2]; r = cdt[p1] << 11; lo = b + r; - return (lo + (lo << 16)) << 1; + return (lo + (lo * (1 << 16))) * 2; } static int make_ydt24_entry(int p1, int p2, int16_t *ydt) @@ -224,7 +224,7 @@ static int make_ydt24_entry(int p1, int p2, int16_t *ydt) lo = ydt[p1]; hi = ydt[p2]; - return (lo + (hi << 8) + (hi << 16)) << 1; + return (lo + (hi * (1 << 8)) + (hi * (1 << 16))) * 2; } static int make_cdt24_entry(int p1, int p2, int16_t *cdt) @@ -232,8 +232,8 @@ static int make_cdt24_entry(int p1, int p2, int16_t *cdt) int r, b; b = cdt[p2]; - r = cdt[p1]<<16; - return (b+r) << 1; + r = cdt[p1] * (1 << 16); + return (b+r) * 2; } static void gen_vector_table15(TrueMotion1Context *s, const uint8_t *sel_vector_table)