avcodec/mobiclip: Avoid undefined integer overflow in MV computation

Fixes: signed integer overflow: 1 + 2147483647 cannot be represented in type 'int' Fixes: 30877/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-4775601145774080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2021-03-02 00:19:21 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2021-03-03 11:40:40 +0100
commit: 4dc039b4c7c74567af4a31ab1d212139f5225b69 (patch)
tree: 8af2c23667b2cc94f808e970322e1dbdf449bbae /libavcodec/mobiclip.c
parent: 53d739db4e528388fae89459e887a633ffbce12c (diff)
download: ffmpeg-4dc039b4c7c74567af4a31ab1d212139f5225b69.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/mobiclip.c b/libavcodec/mobiclip.c
index e5c6617325..9392ab947e 100644
--- a/libavcodec/mobiclip.c
+++ b/libavcodec/mobiclip.c
@@ -1091,8 +1091,8 @@ static int predict_motion(AVCodecContext *avctx,
             sidx += 6;
 
         if (index > 0) {
-            mv.x = mv.x + get_se_golomb(gb);
-            mv.y = mv.y + get_se_golomb(gb);
+            mv.x = mv.x + (unsigned)get_se_golomb(gb);
+            mv.y = mv.y + (unsigned)get_se_golomb(gb);
         }
         if (mv.x >= INT_MAX || mv.y >= INT_MAX)
             return AVERROR_INVALIDDATA;
author	Michael Niedermayer <michael@niedermayer.cc>	2021-03-02 00:19:21 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2021-03-03 11:40:40 +0100
commit	4dc039b4c7c74567af4a31ab1d212139f5225b69 (patch)
tree	8af2c23667b2cc94f808e970322e1dbdf449bbae /libavcodec/mobiclip.c
parent	53d739db4e528388fae89459e887a633ffbce12c (diff)
download	ffmpeg-4dc039b4c7c74567af4a31ab1d212139f5225b69.tar.gz