RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/vvc_parser: Avoid undefined overflow in POC computation 

The comments to the function say that it does not implement the spec and
instead follows VTM.
This patch is quite likely not the right solution and more intended to show
the issue to people knowing the specific part of VTM ...

Fixes: signed integer overflow: 2147483392 + 256 cannot be represented in type 'int'
Fixes: 60505/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6216675924770816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2023-07-27 01:59:15 +02:00
parent 9ee87245c5
commit f1954ff8d1
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/vvc_parser.c
View File

@ -225,10 +225,10 @@ static void get_slice_poc(VVCParserContext *s, int *poc,
} else {
if ((poc_lsb < prev_poc_lsb) && ((prev_poc_lsb - poc_lsb) >=
(max_poc_lsb / 2)))
poc_msb = prev_poc_msb + max_poc_lsb;
poc_msb = prev_poc_msb + (unsigned)max_poc_lsb;
else if ((poc_lsb > prev_poc_lsb) && ((poc_lsb - prev_poc_lsb) >
(max_poc_lsb / 2)))
poc_msb = prev_poc_msb - max_poc_lsb;
poc_msb = prev_poc_msb - (unsigned)max_poc_lsb;
else
poc_msb = prev_poc_msb;
}