mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
avcodec/vvc_parser: Avoid undefined overflow in POC computation
The comments to the function say that it does not implement the spec and instead follows VTM. This patch is quite likely not the right solution and more intended to show the issue to people knowing the specific part of VTM ... Fixes: signed integer overflow: 2147483392 + 256 cannot be represented in type 'int' Fixes: 60505/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6216675924770816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
9ee87245c5
commit
f1954ff8d1
@ -225,10 +225,10 @@ static void get_slice_poc(VVCParserContext *s, int *poc,
|
|||||||
} else {
|
} else {
|
||||||
if ((poc_lsb < prev_poc_lsb) && ((prev_poc_lsb - poc_lsb) >=
|
if ((poc_lsb < prev_poc_lsb) && ((prev_poc_lsb - poc_lsb) >=
|
||||||
(max_poc_lsb / 2)))
|
(max_poc_lsb / 2)))
|
||||||
poc_msb = prev_poc_msb + max_poc_lsb;
|
poc_msb = prev_poc_msb + (unsigned)max_poc_lsb;
|
||||||
else if ((poc_lsb > prev_poc_lsb) && ((poc_lsb - prev_poc_lsb) >
|
else if ((poc_lsb > prev_poc_lsb) && ((poc_lsb - prev_poc_lsb) >
|
||||||
(max_poc_lsb / 2)))
|
(max_poc_lsb / 2)))
|
||||||
poc_msb = prev_poc_msb - max_poc_lsb;
|
poc_msb = prev_poc_msb - (unsigned)max_poc_lsb;
|
||||||
else
|
else
|
||||||
poc_msb = prev_poc_msb;
|
poc_msb = prev_poc_msb;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user