libFLAC/bitreader.c: Fix shift invoking undefined behaviour
authorErik de Castro Lopo <erikd@mega-nerd.com>
Sun, 25 Aug 2019 07:50:36 +0000 (17:50 +1000)
committerErik de Castro Lopo <erikd@mega-nerd.com>
Sun, 15 Sep 2019 20:18:07 +0000 (06:18 +1000)
Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16464
Testcase: fuzzer_decoder-5663276452544512

src/libFLAC/bitreader.c

index 62e1199..5e4b591 100644 (file)
@@ -119,8 +119,10 @@ static inline void crc16_update_word_(FLAC__BitReader *br, brword word)
 {
        register uint32_t crc = br->read_crc16;
 
-       for( ; br->crc16_align < FLAC__BITS_PER_WORD; br->crc16_align += 8)
-               crc = FLAC__CRC16_UPDATE((uint32_t)((word >> (FLAC__BITS_PER_WORD-8-br->crc16_align)) & 0xff), crc);
+       for ( ; br->crc16_align < FLAC__BITS_PER_WORD ; br->crc16_align += 8) {
+               uint32_t shift = FLAC__BITS_PER_WORD - 8 - br->crc16_align ;
+               crc = FLAC__CRC16_UPDATE ((uint32_t) (shift < FLAC__BITS_PER_WORD ? (word >> shift) & 0xff : 0), crc);
+       }
 
        br->read_crc16 = crc;
        br->crc16_align = 0;