The G729 reference decoder clips after each individual operation and keeps track if overflow
occurred (in the fixed point implementation), this here is
simpler and faster but not 1:1 the same what the reference does.
Non fuzzed samples which trigger any such overflow are welcome, so
the need and impact of different clipping solutions can be evaluated.
Fixes: signed integer overflow: 1271483721 + 1073676289 cannot be represented in type 'int'
Fixes: 18617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5137705679978496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
static int32_t scalarproduct_int16_c(const int16_t * v1, const int16_t * v2, int order)
{
- int res = 0;
+ int64_t res = 0;
while (order--)
res += *v1++ * *v2++;
+ if (res > INT32_MAX) return INT32_MAX;
+ else if (res < INT32_MIN) return INT32_MIN;
+
return res;
}