Commit b315a3cf authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/sbrdsp_fixed: Fix assertion failure in sbr_sum_square_c()

This also increases the range of input values supported as well as
decreasing the operation dependencies in the main loop, improving
speed on modern CPUs.

Fixes part of: 2045/clusterfuzz-testcase-minimized-6751255865065472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent 6019d721
...@@ -34,38 +34,47 @@ ...@@ -34,38 +34,47 @@
static SoftFloat sbr_sum_square_c(int (*x)[2], int n) static SoftFloat sbr_sum_square_c(int (*x)[2], int n)
{ {
SoftFloat ret; SoftFloat ret;
uint64_t accu = 0, round; uint64_t accu, round;
int i, nz; uint64_t accu0 = 0, accu1 = 0, accu2 = 0, accu3 = 0;
int i, nz, nz0;
unsigned u; unsigned u;
for (i = 0; i < n; i += 2) { for (i = 0; i < n; i += 2) {
// Larger values are inavlid and could cause overflows of accu. // Larger values are inavlid and could cause overflows of accu.
av_assert2(FFABS(x[i + 0][0]) >> 29 == 0); av_assert2(FFABS(x[i + 0][0]) >> 30 == 0);
accu += (int64_t)x[i + 0][0] * x[i + 0][0]; accu0 += (int64_t)x[i + 0][0] * x[i + 0][0];
av_assert2(FFABS(x[i + 0][1]) >> 29 == 0); av_assert2(FFABS(x[i + 0][1]) >> 30 == 0);
accu += (int64_t)x[i + 0][1] * x[i + 0][1]; accu1 += (int64_t)x[i + 0][1] * x[i + 0][1];
av_assert2(FFABS(x[i + 1][0]) >> 29 == 0); av_assert2(FFABS(x[i + 1][0]) >> 30 == 0);
accu += (int64_t)x[i + 1][0] * x[i + 1][0]; accu2 += (int64_t)x[i + 1][0] * x[i + 1][0];
av_assert2(FFABS(x[i + 1][1]) >> 29 == 0); av_assert2(FFABS(x[i + 1][1]) >> 30 == 0);
accu += (int64_t)x[i + 1][1] * x[i + 1][1]; accu3 += (int64_t)x[i + 1][1] * x[i + 1][1];
} }
nz0 = 15;
while ((accu0|accu1|accu2|accu3) >> 62) {
accu0 >>= 1;
accu1 >>= 1;
accu2 >>= 1;
accu3 >>= 1;
nz0 --;
}
accu = accu0 + accu1 + accu2 + accu3;
u = accu >> 32; u = accu >> 32;
if (u == 0) { if (u) {
nz = 1; nz = 33;
} else {
nz = -1;
while (u < 0x80000000U) { while (u < 0x80000000U) {
u <<= 1; u <<= 1;
nz++; nz--;
} }
nz = 32 - nz; } else
} nz = 1;
round = 1ULL << (nz-1); round = 1ULL << (nz-1);
u = ((accu + round) >> nz); u = ((accu + round) >> nz);
u >>= 1; u >>= 1;
ret = av_int2sf(u, 15 - nz); ret = av_int2sf(u, nz0 - nz);
return ret; return ret;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment