ffmpeg | branch: master | Michael Niedermayer <[email protected]> | Fri Mar 10 15:24:52 2017 +0100| [a557ae8d52ce1cfaf3be5cdb13728b7b2b9512b9] | committer: Michael Niedermayer
avcodec/h264_direct: Fix runtime error: signed integer overflow: 2147483647 - -14133 cannot be represented in type 'int' Fixes: 755/clusterfuzz-testcase-5369072516595712 See: [FFmpeg-devel] [PATCH 1/2] avcodec/h264_direct: Fix runtime error: signed integer overflow: 2147483647 - -14133 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a557ae8d52ce1cfaf3be5cdb13728b7b2b9512b9 --- libavcodec/h264_direct.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264_direct.c b/libavcodec/h264_direct.c index cbb8466..66e5447 100644 --- a/libavcodec/h264_direct.c +++ b/libavcodec/h264_direct.c @@ -39,7 +39,12 @@ static int get_scale_factor(H264SliceContext *sl, int poc, int poc1, int i) { int poc0 = sl->ref_list[0][i].poc; - int td = av_clip_int8(poc1 - poc0); + int64_t pocdiff = poc1 - (int64_t)poc0; + int td = av_clip_int8(pocdiff); + + if (pocdiff != (int)pocdiff) + avpriv_request_sample(sl->h264->avctx, "pocdiff overflow\n"); + if (td == 0 || sl->ref_list[0][i].parent->long_ref) { return 256; } else { _______________________________________________ ffmpeg-cvslog mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
