avcodec/dts2pts_bsf: Avoid poc overflows in cmp_find()

Fixes: signed integer overflow: -2147483648 - 5 cannot be represented in type 'int' Fixes: 54242/clusterfuzz-testcase-minimized-ffmpeg_BSF_DTS2PTS_fuzzer-472928339243827 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]>
galaxia4Eva · Dec 27, 2022 · aee0f32 · aee0f32
1 parent 64a04fc
commit aee0f32
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/libavcodec/dts2pts_bsf.c b/libavcodec/dts2pts_bsf.c
@@ -90,9 +90,11 @@ static int cmp_insert(const void *key, const void *node)
 
 static int cmp_find(const void *key, const void *node)
 {
-    int ret = ((const DTS2PTSFrame *)key)->poc - ((const DTS2PTSNode *) node)->poc;
+    const DTS2PTSFrame * key1 = key;
+    const DTS2PTSNode  *node1 = node;
+    int ret = FFDIFFSIGN(key1->poc, node1->poc);
     if (!ret)
-        ret = ((const DTS2PTSFrame *)key)->gop - ((const DTS2PTSNode *) node)->gop;
+        ret = key1->gop - node1->gop;
     return ret;
 }