Commit fe0fbef9 authored by Mathis Rosenhauer's avatar Mathis Rosenhauer

Fix #10 ubsan issue in decoding

parent 4efbc51a
...@@ -68,7 +68,7 @@ ...@@ -68,7 +68,7 @@
static void flush_##KIND(struct aec_stream *strm) \ static void flush_##KIND(struct aec_stream *strm) \
{ \ { \
uint32_t *flush_end, *bp, half_d; \ uint32_t *flush_end, *bp, half_d; \
int32_t data, m; \ uint32_t xmax, d, data, m; \
struct internal_state *state = strm->state; \ struct internal_state *state = strm->state; \
\ \
flush_end = state->rsip; \ flush_end = state->rsip; \
...@@ -87,11 +87,11 @@ ...@@ -87,11 +87,11 @@
} \ } \
\ \
data = state->last_out; \ data = state->last_out; \
xmax = state->xmax; \
\ \
if (state->xmin == 0) { \ if (state->xmin == 0) { \
uint32_t xmax, med, d; \ uint32_t med; \
med = state->xmax / 2 + 1; \ med = state->xmax / 2 + 1; \
xmax = state->xmax; \
\ \
for (bp = state->flush_start; bp < flush_end; bp++) { \ for (bp = state->flush_start; bp < flush_end; bp++) { \
uint32_t mask; \ uint32_t mask; \
...@@ -101,36 +101,33 @@ ...@@ -101,36 +101,33 @@
mask = (data & med)?xmax:0; \ mask = (data & med)?xmax:0; \
\ \
/*in this case: xmax - data == xmax ^ data */ \ /*in this case: xmax - data == xmax ^ data */ \
if (half_d <= (mask ^ (uint32_t)data)) { \ if (half_d <= (mask ^ data)) { \
data += (d >> 1)^(~((d & 1) - 1)); \ data += (d >> 1)^(~((d & 1) - 1)); \
} else { \ } else { \
data = mask ^ d; \ data = mask ^ d; \
} \ } \
put_##KIND(strm, (uint32_t)data); \ put_##KIND(strm, data); \
} \ } \
state->last_out = data; \ state->last_out = data; \
} else { \ } else { \
int32_t xmax, d; \
xmax = state->xmax; \
\
for (bp = state->flush_start; bp < flush_end; bp++) { \ for (bp = state->flush_start; bp < flush_end; bp++) { \
d = *bp; \ d = *bp; \
half_d = ((uint32_t)d >> 1) + (d & 1); \ half_d = (d >> 1) + (d & 1); \
\ \
if (data < 0) { \ if ((int32_t)data < 0) { \
if (half_d <= xmax + (uint32_t)data + 1) { \ if (half_d <= xmax + data + 1) { \
data += ((uint32_t)d >> 1)^(~((d & 1) - 1)); \ data += (d >> 1)^(~((d & 1) - 1)); \
} else { \ } else { \
data = d - xmax - 1; \ data = d - xmax - 1; \
} \ } \
} else { \ } else { \
if (half_d <= xmax - (uint32_t)data) { \ if (half_d <= xmax - data) { \
data += ((uint32_t)d >> 1)^(~((d & 1) - 1)); \ data += (d >> 1)^(~((d & 1) - 1)); \
} else { \ } else { \
data = xmax - d; \ data = xmax - d; \
} \ } \
} \ } \
put_##KIND(strm, (uint32_t)data); \ put_##KIND(strm, data); \
} \ } \
state->last_out = data; \ state->last_out = data; \
} \ } \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment