From 1be49cee34eb588d70c2bf4c46dc23539fd71b53 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 17 Feb 2018 04:20:54 +0100
Subject: avcodec/h264: Increase field_poc to 64bit in ff_h264_init_poc() to
 detect overflows

Fixes: Integer overflow
Fixes: 5746/clusterfuzz-testcase-minimized-6270097623613440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/h264_parse.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'libavcodec/h264_parse.c')

diff --git a/libavcodec/h264_parse.c b/libavcodec/h264_parse.c
index fee28d90d9..6cbef5a13d 100644
--- a/libavcodec/h264_parse.c
+++ b/libavcodec/h264_parse.c
@@ -271,7 +271,7 @@ int ff_h264_init_poc(int pic_field_poc[2], int *pic_poc,
                      int picture_structure, int nal_ref_idc)
 {
     const int max_frame_num = 1 << sps->log2_max_frame_num;
-    int field_poc[2];
+    int64_t field_poc[2];
 
     pc->frame_num_offset = pc->prev_frame_num_offset;
     if (pc->frame_num < pc->prev_frame_num)
@@ -337,6 +337,10 @@ int ff_h264_init_poc(int pic_field_poc[2], int *pic_poc,
         field_poc[1] = poc;
     }
 
+    if (   field_poc[0] != (int)field_poc[0]
+        || field_poc[1] != (int)field_poc[1])
+        return AVERROR_INVALIDDATA;
+
     if (picture_structure != PICT_BOTTOM_FIELD)
         pic_field_poc[0] = field_poc[0];
     if (picture_structure != PICT_TOP_FIELD)
-- 
cgit v1.2.3