From e8f5a93e5fff4371bd49f451238681c704cf0fa4 Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Tue, 20 Nov 2018 08:53:34 +0100 Subject: film_grain: replace left shift of a signed value with a multiplication Fixes an undefined left shift of a negative value in clusterfuzz-testcase-minimized-dav1d_fuzzer-5707215277654016. Credits to oss-fuzz. --- src/film_grain_tmpl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/film_grain_tmpl.c b/src/film_grain_tmpl.c index df826ee..6a32702 100644 --- a/src/film_grain_tmpl.c +++ b/src/film_grain_tmpl.c @@ -418,7 +418,7 @@ static void apply_to_row_uv(Dav1dPicture *const out, const Dav1dPicture *const i int combined = avg * data->uv_luma_mult[uv] + \ *src * data->uv_mult[uv]; \ val = iclip_pixel( (combined >> 6) + \ - (data->uv_offset[uv] << (BITDEPTH - 8)) ); \ + (data->uv_offset[uv] * (1 << (BITDEPTH - 8))) ); \ } \ \ int noise = round2(scaling[ val ] * (grain), data->scaling_shift); \ -- cgit v1.2.3