avcodec/hevc_ps: Fix runtime error: signed integer overflow: 2147483628 + 256 cannot...
authorMichael Niedermayer <michael@niedermayer.cc>
Wed, 31 May 2017 20:02:07 +0000 (22:02 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Mon, 5 Jun 2017 21:16:54 +0000 (23:16 +0200)
Fixes: 1909/clusterfuzz-testcase-minimized-6732072662073344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6726328f7940a76c43b4d97ac37ababf363d042f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/hevc_ps.c

index 14f908e..d8782cd 100644 (file)
@@ -720,7 +720,7 @@ static int scaling_list_data(GetBitContext *gb, AVCodecContext *avctx, ScalingLi
                                   ff_hevc_diag_scan8x8_x[i];
 
                     scaling_list_delta_coef = get_se_golomb(gb);
-                    next_coef = (next_coef + scaling_list_delta_coef + 256) % 256;
+                    next_coef = (next_coef + 256U + scaling_list_delta_coef) % 256;
                     sl->sl[size_id][matrix_id][pos] = next_coef;
                 }
             }