From dfd1f2ff70714a4598c10430fe1f740187e0b019 Mon Sep 17 00:00:00 2001 From: Shivaansh Agrawal Date: Tue, 28 Jul 2020 21:01:38 +0530 Subject: [PATCH] Decoder: Fix integer overflow in poc calculation Passed error and standard compliance tests with integer and address sanitizers. Bug: 143791063 Test: POC in bug description Change-Id: Idbba64cfb397b8af3ccd5770ce115fadd0d9112c --- decoder/ih264d_parse_pslice.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/decoder/ih264d_parse_pslice.c b/decoder/ih264d_parse_pslice.c index 9b9256b..43979dc 100644 --- a/decoder/ih264d_parse_pslice.c +++ b/decoder/ih264d_parse_pslice.c @@ -1494,7 +1494,11 @@ WORD32 ih264d_mark_err_slice_skip(dec_struct_t * ps_dec, ps_dec->p_motion_compensate = ih264d_motion_compensate_bp; if(ps_dec->ps_cur_pic != NULL) - poc = ps_dec->ps_cur_pic->i4_poc + 2; + { + poc = ps_dec->ps_cur_pic->i4_poc; + if (poc <= INT32_MAX - 2) + poc += 2; + } j = -1; for(i = 0; i < MAX_NUM_PIC_PARAMS; i++)