mirror of https://git.ffmpeg.org/ffmpeg.git
avcodec/hevc_ps: Avoid signed overflow before check on QP
Fixes: signed integer overflow: -2147483648 - 5 cannot be represented in type 'int' Fixes: 58066/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5312995835379712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
parent
69eb8197af
commit
bf3f91c425
|
|
@ -1529,9 +1529,9 @@ static int pps_scc_extension(GetBitContext *gb, AVCodecContext *avctx,
|
||||||
pps->pps_curr_pic_ref_enabled_flag = get_bits1(gb);
|
pps->pps_curr_pic_ref_enabled_flag = get_bits1(gb);
|
||||||
if (pps->residual_adaptive_colour_transform_enabled_flag = get_bits1(gb)) {
|
if (pps->residual_adaptive_colour_transform_enabled_flag = get_bits1(gb)) {
|
||||||
pps->pps_slice_act_qp_offsets_present_flag = get_bits1(gb);
|
pps->pps_slice_act_qp_offsets_present_flag = get_bits1(gb);
|
||||||
pps->pps_act_y_qp_offset = get_se_golomb_long(gb) - 5;
|
pps->pps_act_y_qp_offset = get_se_golomb(gb) - 5;
|
||||||
pps->pps_act_cb_qp_offset = get_se_golomb_long(gb) - 5;
|
pps->pps_act_cb_qp_offset = get_se_golomb(gb) - 5;
|
||||||
pps->pps_act_cr_qp_offset = get_se_golomb_long(gb) - 3;
|
pps->pps_act_cr_qp_offset = get_se_golomb(gb) - 3;
|
||||||
|
|
||||||
#define CHECK_QP_OFFSET(name) (pps->pps_act_ ## name ## _qp_offset <= -12 || \
|
#define CHECK_QP_OFFSET(name) (pps->pps_act_ ## name ## _qp_offset <= -12 || \
|
||||||
pps->pps_act_ ## name ## _qp_offset >= 12)
|
pps->pps_act_ ## name ## _qp_offset >= 12)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue