1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

avcodec/h264_slice: fix undefined integer overflow with POC in error concealment

Alternatively the POC could be changed to 64bit. the large values seem to be within what is allowed.

Fixes: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int'
Fixes: 26076/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5711127201447936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-10-07 23:22:59 +02:00
parent cc072f7353
commit 182d7a7427

View File

@ -1606,7 +1606,7 @@ static int h264_field_start(H264Context *h, const H264SliceContext *sl,
prev->f->format,
prev->f->width,
prev->f->height);
h->short_ref[0]->poc = prev->poc + 2;
h->short_ref[0]->poc = prev->poc + 2U;
} else if (!h->frame_recovered && !h->avctx->hwaccel)
ff_color_frame(h->short_ref[0]->f, c);
h->short_ref[0]->frame_num = h->poc.prev_frame_num;