ref: e8f5a93e5fff4371bd49f451238681c704cf0fa4
parent: 5098b23ab3a98dc2202449dd3bd0c06902c4ff64
author: Janne Grunau <janne-vlc@jannau.net>
date: Tue Nov 20 03:53:34 EST 2018
film_grain: replace left shift of a signed value with a multiplication Fixes an undefined left shift of a negative value in clusterfuzz-testcase-minimized-dav1d_fuzzer-5707215277654016. Credits to oss-fuzz.
--- a/src/film_grain_tmpl.c
+++ b/src/film_grain_tmpl.c
@@ -418,7 +418,7 @@
int combined = avg * data->uv_luma_mult[uv] + \
*src * data->uv_mult[uv]; \
val = iclip_pixel( (combined >> 6) + \
- (data->uv_offset[uv] << (BITDEPTH - 8)) ); \
+ (data->uv_offset[uv] * (1 << (BITDEPTH - 8))) ); \
} \
\
int noise = round2(scaling[ val ] * (grain), data->scaling_shift); \