avcodec/rv34: Fix runtime error: signed integer overflow: -2 + -2147483648 cannot...

author Michael Niedermayer <michael@niedermayer.cc>

Tue, 21 Feb 2017 23:42:23 +0000 (00:42 +0100)

committer Michael Niedermayer <michael@niedermayer.cc>

Wed, 22 Feb 2017 01:42:48 +0000 (02:42 +0100)
author Michael Niedermayer <michael@niedermayer.cc>
Tue, 21 Feb 2017 23:42:23 +0000 (00:42 +0100)
committer Michael Niedermayer <michael@niedermayer.cc>
Wed, 22 Feb 2017 01:42:48 +0000 (02:42 +0100)
diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c

index aca8382..f1c93cf 100644 (file)
--- a/libavcodec/rv34.c
+++ b/libavcodec/rv34.c
@@ -866,6 +866,11 @@ static int rv34_decode_mv(RV34DecContext *r, int block_type)
      for(i = 0; i < num_mvs[block_type]; i++){
          r->dmv[i][0] = get_interleaved_se_golomb(gb);
          r->dmv[i][1] = get_interleaved_se_golomb(gb);
+        if (r->dmv[i][0] == INVALID_VLC ||
+            r->dmv[i][1] == INVALID_VLC) {
+            r->dmv[i][0] = r->dmv[i][1] = 0;
+            return AVERROR_INVALIDDATA;
+        }
      }
      switch(block_type){
      case RV34_MB_TYPE_INTRA:
author	Michael Niedermayer <michael@niedermayer.cc>
	Tue, 21 Feb 2017 23:42:23 +0000 (00:42 +0100)
committer	Michael Niedermayer <michael@niedermayer.cc>
	Wed, 22 Feb 2017 01:42:48 +0000 (02:42 +0100)