virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Code Issues Releases Activity

avcodec/truemotion2: fix integer overflows in tm2_low_chroma()

Browse Source 
Fixes: 11295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-4888953459572736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ae39d7956)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2018-11-17 00:38:53 +01:00
parent 0e11b29834
commit 040aa14074
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/truemotion2.c
View File

@ -480,7 +480,7 @@ static inline void tm2_high_chroma(int *data, int stride, int *last, unsigned *C
}
}
static inline void tm2_low_chroma(int *data, int stride, int *clast, int *CD, int *deltas, int bx)
static inline void tm2_low_chroma(int *data, int stride, int *clast, unsigned *CD, int *deltas, int bx)
{
int t;
int l;
@ -490,8 +490,8 @@ static inline void tm2_low_chroma(int *data, int stride, int *clast, int *CD, in
prev = clast[-3];
else
prev = 0;
t = (CD[0] + CD[1]) >> 1;
l = (prev - CD[0] - CD[1] + clast[1]) >> 1;
t = (int)(CD[0] + CD[1]) >> 1;
l = (int)(prev - CD[0] - CD[1] + clast[1]) >> 1;
CD[1] = CD[0] + CD[1] - t;
CD[0] = t;
clast[0] = l;