avcodec/mlp: Fix multiple runtime error: left shift of negative value -1

author Michael Niedermayer <michael@niedermayer.cc>

Sat, 13 May 2017 12:39:26 +0000 (14:39 +0200)

committer Michael Niedermayer <michael@niedermayer.cc>

Sat, 13 May 2017 13:54:33 +0000 (15:54 +0200)
author Michael Niedermayer <michael@niedermayer.cc>
Sat, 13 May 2017 12:39:26 +0000 (14:39 +0200)
committer Michael Niedermayer <michael@niedermayer.cc>
Sat, 13 May 2017 13:54:33 +0000 (15:54 +0200)
diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c

index 7cad5d1..b471f0d 100644 (file)
--- a/libavcodec/mlpdec.c
+++ b/libavcodec/mlpdec.c
@@ -684,7 +684,7 @@ static int read_filter_params(MLPDecodeContext *m, GetBitContext *gbp,
          }
  
          for (i = 0; i < order; i++)
-            fcoeff[i] = get_sbits(gbp, coeff_bits) << coeff_shift;
+            fcoeff[i] = get_sbits(gbp, coeff_bits) * (1 << coeff_shift);
  
          if (get_bits1(gbp)) {
              int state_bits, state_shift;
@@ -999,8 +999,8 @@ static void generate_2_noise_channels(MLPDecodeContext *m, unsigned int substr)
  
      for (i = 0; i < s->blockpos; i++) {
          uint16_t seed_shr7 = seed >> 7;
-        m->sample_buffer[i][maxchan+1] = ((int8_t)(seed >> 15)) << s->noise_shift;
-        m->sample_buffer[i][maxchan+2] = ((int8_t) seed_shr7)   << s->noise_shift;
+        m->sample_buffer[i][maxchan+1] = ((int8_t)(seed >> 15)) * (1 << s->noise_shift);
+        m->sample_buffer[i][maxchan+2] = ((int8_t) seed_shr7)   * (1 << s->noise_shift);
  
          seed = (seed << 16) ^ seed_shr7 ^ (seed_shr7 << 5);
      }
diff --git a/libavcodec/mlpdsp.c b/libavcodec/mlpdsp.c

index 3ae8c37..2fc453c 100644 (file)
--- a/libavcodec/mlpdsp.c
+++ b/libavcodec/mlpdsp.c
@@ -113,8 +113,8 @@ int32_t ff_mlp_pack_output(int32_t lossless_check_data,
      for (i = 0; i < blockpos; i++) {
          for (out_ch = 0; out_ch <= max_matrix_channel; out_ch++) {
              int mat_ch = ch_assign[out_ch];
-            int32_t sample = sample_buffer[i][mat_ch]
-                          << output_shift[mat_ch];
+            int32_t sample = sample_buffer[i][mat_ch] *
+                          (1 << output_shift[mat_ch]);
              lossless_check_data ^= (sample & 0xffffff) << mat_ch;
              if (is32)
                  *data_32++ = sample << 8;
author	Michael Niedermayer <michael@niedermayer.cc>
	Sat, 13 May 2017 12:39:26 +0000 (14:39 +0200)
committer	Michael Niedermayer <michael@niedermayer.cc>
	Sat, 13 May 2017 13:54:33 +0000 (15:54 +0200)
libavcodec/mlpdec.c		patch \| blob \| history
libavcodec/mlpdsp.c		patch \| blob \| history