avcodec/alsdec: fix mantisse shift

Fixes: shift exponent -1 is negative
Fixes: 16039/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5656825657032704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index d4451482a4bdcf163c990e17584c9ac35949dad7..e1449a72a5f0668ff7ca7373f823765a869e68ed 100644 (file)
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -1404,7 +1404,11 @@ static SoftFloat_IEEE754 multiply(SoftFloat_IEEE754 a, SoftFloat_IEEE754 b) {
         }
     }
 
-    mantissa = (unsigned int)(mantissa_temp >> cutoff_bit_count);
+    if (cutoff_bit_count >= 0) {
+        mantissa = (unsigned int)(mantissa_temp >> cutoff_bit_count);
+    } else {
+        mantissa = (unsigned int)(mantissa_temp <<-cutoff_bit_count);
+    }
 
     // Need one more shift?
     if (mantissa & 0x01000000ul) {