0015c-flac.git-b02e159.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Sun, 24 Nov 2019 03:14:50 +0000 (+1100)
Subject: libFLAC/bitreader.c: Fix shift invoking undefined behaviour
X-Git-Url: http://git.xiph.org/?p=flac.git;a=commitdiff_plain;h=b02e1593525f63aaa4c671e034ff8f0cdc641e46
libFLAC/bitreader.c: Fix shift invoking undefined behaviour
Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19067
Testcase: fuzzer_decoder-5725157960450048
---
diff --git a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c
index e94f8b01..79cb5cc4 100644
--- a/src/libFLAC/bitreader.c
+++ b/src/libFLAC/bitreader.c
@@ -405,7 +405,8 @@ FLAC__bool FLAC__bitreader_read_raw_uint32(FLAC__BitReader *br, FLAC__uint32 *va
const brword word = br->buffer[br->consumed_words];
const brword mask = br->consumed_bits < FLAC__BITS_PER_WORD ? FLAC__WORD_ALL_ONES >> br->consumed_bits : 0;
if(bits < n) {
- *val = (FLAC__uint32)((word & mask) >> (n-bits)); /* The result has <= 32 non-zero bits */
+ uint32_t shift = n - bits;
+ *val = shift < FLAC__BITS_PER_WORD ? (FLAC__uint32)((word & mask) >> shift) : 0; /* The result has <= 32 non-zero bits */
br->consumed_bits += bits;
return true;
}
@@ -670,7 +671,7 @@ FLAC__bool FLAC__bitreader_read_unary_unsigned(FLAC__BitReader *br, uint32_t *va
*val = 0;
while(1) {
while(br->consumed_words < br->words) { /* if we've not consumed up to a partial tail word... */
- brword b = br->buffer[br->consumed_words] << br->consumed_bits;
+ brword b = br->consumed_bits < FLAC__BITS_PER_WORD ? br->buffer[br->consumed_words] << br->consumed_bits : 0;
if(b) {
i = COUNT_ZERO_MSBS(b);
*val += i;