avcodec/g729postfilter: Clip gain before scaling with AGC_FAC1

The fixed point integer reference specifies the multiplication used to have 16bit input and clips so we need to clip the input The floating point implementation does not seem to do that. Fixes: signed integer overflow: 6317568 * 410 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5700189272932352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 years ago · 82d4c7b95e
parent 22e51e95ac
commit 82d4c7b95e
1 changed files with 1 additions and 0 deletions
--- a/libavcodec/g729postfilter.c
+++ b/libavcodec/g729postfilter.c
@ -600,6 +600,7 @@ int16_t ff_g729_adaptive_gain_control(int gain_before, int gain_after, int16_t *
            gain = ((gain_before - gain_after) << 14) / gain_after + 0x4000;
            gain = bidir_sal(gain, exp_after - exp_before);
        }
+        gain = av_clip_int16(gain);
        gain = (gain * G729_AGC_FAC1 + 0x4000) >> 15; // gain * (1-0.9875)
    } else
        gain = 0;