On Sat, Jun 15, 2019 at 03:07:13PM +0000, Song, Ruiling wrote: > > -----Original Message----- > > From: ffmpeg-devel [mailto:ffmpeg-devel-boun...@ffmpeg.org] On Behalf > > Of Michael Niedermayer > > Sent: Friday, June 14, 2019 2:33 AM > > To: FFmpeg development discussions and patches <ffmpeg- > > de...@ffmpeg.org> > > Subject: [FFmpeg-devel] [PATCH 2/4] avcodec/hevc_ps: Fix integer overflow > > with num_tile_rows > > > > Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in > > type 'int' > > Fixes: 14880/clusterfuzz-testcase-minimized- > > ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5130977304641536 > > > > Found-by: continuous fuzzing process https://github.com/google/oss- > > fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavcodec/hevc_ps.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c > > index 80df417e4f..0ed6682bb4 100644 > > --- a/libavcodec/hevc_ps.c > > +++ b/libavcodec/hevc_ps.c > > @@ -1596,7 +1596,7 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb, > > AVCodecContext *avctx, > > if (pps->num_tile_rows <= 0 || > > pps->num_tile_rows >= sps->height) { > > av_log(avctx, AV_LOG_ERROR, "num_tile_rows_minus1 out of > > range: %d\n", > > - pps->num_tile_rows - 1); > > + pps->num_tile_rows - 1U); > I think the machine code generated here should be the same, right? > So you just tell fuzzer "I am doing subtraction between unsigned numbers", to > make it happy?
its likely the same machine code, yes. A compiler might produce different code that break in case of the overflow though ... thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB When the tyrant has disposed of foreign enemies by conquest or treaty, and there is nothing more to fear from them, then he is always stirring up some war or other, in order that the people may require a leader. -- Plato
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
