avcodec/truemotion2: Fix integer overflow in TM2_RECALC_BLOCK()

Fixes: signed integer overflow: 1477974040 - -1877995504 cannot be represented in type 'int' Fixes: 4861/clusterfuzz-testcase-minimized-4570316383715328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 56a53340ed4cc55898e49c07081311ebb2816630) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2018-01-20 04:10:50 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2018-01-31 23:47:15 +0100
commit: 25f7121c7b98b3d188e4896d5bdd83ac7da903fe (patch)
tree: 84196022a0a09474a6b47c017e68684cc8f2ce47
parent: b9948d52756a883afb1e7cebf9740f1094e1f3f3 (diff)
download: ffmpeg-25f7121c7b98b3d188e4896d5bdd83ac7da903fe.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/truemotion2.c b/libavcodec/truemotion2.c
index 3f98c860b5..b77df57baa 100644
--- a/libavcodec/truemotion2.c
+++ b/libavcodec/truemotion2.c
@@ -433,8 +433,8 @@ static inline int GET_TOK(TM2Context *ctx,int type)
 
 /* recalculate last and delta values for next blocks */
 #define TM2_RECALC_BLOCK(CHR, stride, last, CD) {\
-    CD[0] = CHR[1] - last[1];\
-    CD[1] = (int)CHR[stride + 1] - (int)CHR[1];\
+    CD[0] = (unsigned)CHR[         1] - (unsigned)last[1];\
+    CD[1] = (unsigned)CHR[stride + 1] - (unsigned) CHR[1];\
     last[0] = (int)CHR[stride + 0];\
     last[1] = (int)CHR[stride + 1];}
author	Michael Niedermayer <michael@niedermayer.cc>	2018-01-20 04:10:50 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2018-01-31 23:47:15 +0100
commit	25f7121c7b98b3d188e4896d5bdd83ac7da903fe (patch)
tree	84196022a0a09474a6b47c017e68684cc8f2ce47
parent	b9948d52756a883afb1e7cebf9740f1094e1f3f3 (diff)
download	ffmpeg-25f7121c7b98b3d188e4896d5bdd83ac7da903fe.tar.gz