From: Jerome Jiang <jianj@google.com>
Date: Mon, 11 Mar 2019 22:13:19 +0000 (-0700)
Subject: vp9-decoder: use long int for buffer offset.
X-Git-Tag: v1.8.1~202^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=59578327a5eb4231786198ee9d35e0f55ff6ec7a;p=libvpx

vp9-decoder: use long int for buffer offset.

integer overflow when frame size too big.

BUG=webm:1603

Change-Id: Ifbb81b5fb6a2043d09d403e7c50ab8d7bf125dca
---

diff --git a/vp9/common/vp9_reconinter.c b/vp9/common/vp9_reconinter.c
index a108a6515..0834c722f 100644
--- a/vp9/common/vp9_reconinter.c
+++ b/vp9/common/vp9_reconinter.c
@@ -178,7 +178,7 @@ static void build_inter_predictors(MACROBLOCKD *xd, int plane, int block,
       xs = sf->x_step_q4;
       ys = sf->y_step_q4;
     } else {
-      pre = pre_buf->buf + (y * pre_buf->stride + x);
+      pre = pre_buf->buf + ((int64_t)y * pre_buf->stride + x);
       scaled_mv.row = mv_q4.row;
       scaled_mv.col = mv_q4.col;
       xs = ys = 16;
diff --git a/vp9/common/vp9_reconinter.h b/vp9/common/vp9_reconinter.h
index 992e30c34..12b545831 100644
--- a/vp9/common/vp9_reconinter.h
+++ b/vp9/common/vp9_reconinter.h
@@ -74,11 +74,12 @@ void vp9_highbd_build_inter_predictor(
     int bd);
 #endif
 
-static INLINE int scaled_buffer_offset(int x_offset, int y_offset, int stride,
-                                       const struct scale_factors *sf) {
+static INLINE int64_t scaled_buffer_offset(int x_offset, int y_offset,
+                                           int stride,
+                                           const struct scale_factors *sf) {
   const int x = sf ? sf->scale_value_x(x_offset, sf) : x_offset;
   const int y = sf ? sf->scale_value_y(y_offset, sf) : y_offset;
-  return y * stride + x;
+  return (int64_t)y * stride + x;
 }
 
 static INLINE void setup_pred_plane(struct buf_2d *dst, uint8_t *src,