From 4dc039b4c7c74567af4a31ab1d212139f5225b69 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 2 Mar 2021 00:19:21 +0100 Subject: [PATCH] avcodec/mobiclip: Avoid undefined integer overflow in MV computation Fixes: signed integer overflow: 1 + 2147483647 cannot be represented in type 'int' Fixes: 30877/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-4775601145774080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/mobiclip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mobiclip.c b/libavcodec/mobiclip.c index e5c6617325..9392ab947e 100644 --- a/libavcodec/mobiclip.c +++ b/libavcodec/mobiclip.c @@ -1091,8 +1091,8 @@ static int predict_motion(AVCodecContext *avctx, sidx += 6; if (index > 0) { - mv.x = mv.x + get_se_golomb(gb); - mv.y = mv.y + get_se_golomb(gb); + mv.x = mv.x + (unsigned)get_se_golomb(gb); + mv.y = mv.y + (unsigned)get_se_golomb(gb); } if (mv.x >= INT_MAX || mv.y >= INT_MAX) return AVERROR_INVALIDDATA;