avcodec/h264_direct: Fix overflow in POC comparission
authorMichael Niedermayer <michael@niedermayer.cc>
Wed, 13 Feb 2019 23:05:34 +0000 (00:05 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Sun, 24 Mar 2019 09:39:03 +0000 (10:39 +0100)
Fixes: runtime error: signed integer overflow: 2147421862 - -33624063 cannot be represented in type 'int'
Fixes: 12885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5733516975800320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5ccf296e74725bc8bdfbfe500d0482daa200b6f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/h264_direct.c

index cbb8466..1fe902e 100644 (file)
@@ -142,8 +142,8 @@ void ff_h264_direct_ref_list_init(const H264Context *const h, H264SliceContext *
             av_log(h->avctx, AV_LOG_ERROR, "co located POCs unavailable\n");
             sl->col_parity = 1;
         } else
-        sl->col_parity = (FFABS(col_poc[0] - cur_poc) >=
-                          FFABS(col_poc[1] - cur_poc));
+            sl->col_parity = (FFABS(col_poc[0] - (int64_t)cur_poc) >=
+                              FFABS(col_poc[1] - (int64_t)cur_poc));
         ref1sidx =
         sidx     = sl->col_parity;
     // FL -> FL & differ parity