Message ID | 20170316020250.15175-2-michael@niedermayer.cc |
---|---|
State | Accepted |
Headers | show |
> > + > + if (pocdiff0 != (int)pocdiff0) > + avpriv_request_sample(sl->h264->avctx, "pocdiff0 overflow\n"); > + > Do you think this condition will actually happen in the real world apart from in glitchy live streams? Kieran
On Thu, Mar 16, 2017 at 11:41:12AM +0000, Kieran Kunhya wrote: > > > > + > > + if (pocdiff0 != (int)pocdiff0) > > + avpriv_request_sample(sl->h264->avctx, "pocdiff0 overflow\n"); > > + > > > > Do you think this condition will actually happen in the real world apart > from in glitchy live streams? I dont really know, do you prefer a AV_LOG_DEBUG ? [...]
On Thu, 16 Mar 2017 at 15:37 Michael Niedermayer <michael@niedermayer.cc> wrote: > On Thu, Mar 16, 2017 at 11:41:12AM +0000, Kieran Kunhya wrote: > > > > > > + > > > + if (pocdiff0 != (int)pocdiff0) > > > + avpriv_request_sample(sl->h264->avctx, "pocdiff0 > overflow\n"); > > > + > > > > > > > Do you think this condition will actually happen in the real world apart > > from in glitchy live streams? > > I dont really know, do you prefer a AV_LOG_DEBUG ? > IMO yes Kieran
On Thu, Mar 16, 2017 at 06:54:36PM +0000, Kieran Kunhya wrote: > On Thu, 16 Mar 2017 at 15:37 Michael Niedermayer <michael@niedermayer.cc> > wrote: > > > On Thu, Mar 16, 2017 at 11:41:12AM +0000, Kieran Kunhya wrote: > > > > > > > > + > > > > + if (pocdiff0 != (int)pocdiff0) > > > > + avpriv_request_sample(sl->h264->avctx, "pocdiff0 > > overflow\n"); > > > > + > > > > > > > > > > Do you think this condition will actually happen in the real world apart > > > from in glitchy live streams? > > > > I dont really know, do you prefer a AV_LOG_DEBUG ? > > > > IMO yes changed and applied thx [...]
diff --git a/libavcodec/h264_direct.c b/libavcodec/h264_direct.c index 66e54479d1..dac9f9d1a8 100644 --- a/libavcodec/h264_direct.c +++ b/libavcodec/h264_direct.c @@ -48,8 +48,13 @@ static int get_scale_factor(H264SliceContext *sl, if (td == 0 || sl->ref_list[0][i].parent->long_ref) { return 256; } else { - int tb = av_clip_int8(poc - poc0); + int64_t pocdiff0 = poc - (int64_t)poc0; + int tb = av_clip_int8(pocdiff0); int tx = (16384 + (FFABS(td) >> 1)) / td; + + if (pocdiff0 != (int)pocdiff0) + avpriv_request_sample(sl->h264->avctx, "pocdiff0 overflow\n"); + return av_clip_intp2((tb * tx + 32) >> 6, 10); } }
Fixes: 864/clusterfuzz-testcase-4774385942528000 See: [FFmpeg-devel] [PATCH 1/2] avcodec/h264_direct: Fix runtime error: signed integer overflow: 2147483647 - -14133 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/h264_direct.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)