shithub: dav1d

Download patch

ref: 5945f34f53cb344d2bb50af8757920f14d5d1a10
parent: 48a7486ae52d7427577fb44856fe6377b7d724f7
author: Janne Grunau <[email protected]>
date: Wed Nov 7 11:58:39 EST 2018

coef/dequant: clip coefs before and after dequantization

Fixes #142 and a signed overflow in decode_coefs during dequantization
with /clusterfuzz-testcase-minimized-dav1d_fuzzer-5691270664552448.
Credits to oss-fuzz and Thierry.

--- a/src/recon_tmpl.c
+++ b/src/recon_tmpl.c
@@ -241,11 +241,15 @@
                    i, rc, tok - 15, tok, ts->msac.rng);
         }
 
-        // dequant
+        // coefficient parsing, see 5.11.39
+        tok &= 0xfffff;
+
+        // dequant, see 7.12.3
         cul_level += tok;
-        tok *= dq;
-        tok >>= dq_shift;
-        cf[rc] = sign ? -tok : tok;
+        tok = (((int64_t)dq * tok) & 0xffffff) >> dq_shift;
+        cf[rc] = iclip(sign ? -tok : tok,
+                       -(1 << (7 + BITDEPTH)),
+                       (1 << (7 + BITDEPTH)) - 1);
     }
 
     // context