ref: 5945f34f53cb344d2bb50af8757920f14d5d1a10
parent: 48a7486ae52d7427577fb44856fe6377b7d724f7
author: Janne Grunau <janne-vlc@jannau.net>
date: Wed Nov 7 11:58:39 EST 2018
coef/dequant: clip coefs before and after dequantization Fixes #142 and a signed overflow in decode_coefs during dequantization with /clusterfuzz-testcase-minimized-dav1d_fuzzer-5691270664552448. Credits to oss-fuzz and Thierry.
--- a/src/recon_tmpl.c
+++ b/src/recon_tmpl.c
@@ -241,11 +241,15 @@
i, rc, tok - 15, tok, ts->msac.rng);
}
- // dequant
+ // coefficient parsing, see 5.11.39
+ tok &= 0xfffff;
+
+ // dequant, see 7.12.3
cul_level += tok;
- tok *= dq;
- tok >>= dq_shift;
- cf[rc] = sign ? -tok : tok;
+ tok = (((int64_t)dq * tok) & 0xffffff) >> dq_shift;
+ cf[rc] = iclip(sign ? -tok : tok,
+ -(1 << (7 + BITDEPTH)),
+ (1 << (7 + BITDEPTH)) - 1);
}
// context