[FFmpeg-cvslog] avcodec/vvc_parser: Avoid undefined overflow in POC computation
Michael Niedermayer
git at videolan.org
Sat Sep 23 00:54:16 EEST 2023
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Thu Jul 27 01:59:15 2023 +0200| [f1954ff8d13b7d72cbdfe9515b7ae130d65bc2b0] | committer: Michael Niedermayer
avcodec/vvc_parser: Avoid undefined overflow in POC computation
The comments to the function say that it does not implement the spec and
instead follows VTM.
This patch is quite likely not the right solution and more intended to show
the issue to people knowing the specific part of VTM ...
Fixes: signed integer overflow: 2147483392 + 256 cannot be represented in type 'int'
Fixes: 60505/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6216675924770816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f1954ff8d13b7d72cbdfe9515b7ae130d65bc2b0
---
libavcodec/vvc_parser.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/vvc_parser.c b/libavcodec/vvc_parser.c
index 3951ebe50a..c661595e1e 100644
--- a/libavcodec/vvc_parser.c
+++ b/libavcodec/vvc_parser.c
@@ -225,10 +225,10 @@ static void get_slice_poc(VVCParserContext *s, int *poc,
} else {
if ((poc_lsb < prev_poc_lsb) && ((prev_poc_lsb - poc_lsb) >=
(max_poc_lsb / 2)))
- poc_msb = prev_poc_msb + max_poc_lsb;
+ poc_msb = prev_poc_msb + (unsigned)max_poc_lsb;
else if ((poc_lsb > prev_poc_lsb) && ((poc_lsb - prev_poc_lsb) >
(max_poc_lsb / 2)))
- poc_msb = prev_poc_msb - max_poc_lsb;
+ poc_msb = prev_poc_msb - (unsigned)max_poc_lsb;
else
poc_msb = prev_poc_msb;
}
More information about the ffmpeg-cvslog
mailing list