RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/mobiclip: Bound planar prediction value 

Fixes: signed integer overflow: 2 * 1073741952 cannot be represented in type 'int'
Fixes: 26765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6594926936326144
Fixes: 29663/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5169789012148224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-10-31 13:38:47 +01:00
parent a0ceb0cdd4
commit 3a24000e72
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/mobiclip.c
View File

@ -848,7 +848,7 @@ static int predict_intra(AVCodecContext *avctx, AVFrame *frame, int ax, int ay,
uint8_t *left = frame->data[plane] + ay * frame->linesize[plane] + FFMAX(ax - 1, 0);
int bottommost = frame->data[plane][(ay + size - 1) * frame->linesize[plane] + FFMAX(ax - 1, 0)];
int rightmost = frame->data[plane][FFMAX(ay - 1, 0) * frame->linesize[plane] + ax + size - 1];
int avg = (bottommost + rightmost + 1) / 2 + 2 * get_se_golomb(gb);
int avg = (bottommost + rightmost + 1) / 2 + 2 * av_clip(get_se_golomb(gb), -(1<<16), 1<<16);
int r6 = adjust(avg - bottommost, size);
int r9 = adjust(avg - rightmost, size);
int shift = adjust(size, size) == 8 ? 3 : 2;