avcodec/cavsdec: Fix runtime error: signed integer overflow: 31 + 2147483640 cannot...
authorMichael Niedermayer <michael@niedermayer.cc>
Fri, 12 May 2017 22:42:29 +0000 (00:42 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Fri, 12 May 2017 22:43:07 +0000 (00:43 +0200)
Fixes: 1506/clusterfuzz-testcase-minimized-5401272918212608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/cavsdec.c

index eb2464f..800c1af 100644 (file)
@@ -684,7 +684,7 @@ static int decode_mb_i(AVSContext *h, int cbp_code)
     }
     h->cbp = cbp_tab[cbp_code][0];
     if (h->cbp && !h->qp_fixed)
-        h->qp = (h->qp + get_se_golomb(gb)) & 63; //qp_delta
+        h->qp = (h->qp + (unsigned)get_se_golomb(gb)) & 63; //qp_delta
 
     /* luma intra prediction interleaved with residual decode/transform/add */
     for (block = 0; block < 4; block++) {