From: James Zern <jzern@google.com>
Date: Sat, 15 Feb 2020 01:36:47 +0000 (-0800)
Subject: vp8,GetSigned: silence unsigned int overflow warning
X-Git-Tag: v1.9.0-rc1~76
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9cfcac1cb3b2e765c24706a9e966859d588bc4ef;p=libvpx

vp8,GetSigned: silence unsigned int overflow warning

in non-conformant fuzzed bitstreams the calculation of br->value may
overflow. this is defined behavior and harmless in that the stream is
already corrupt.

BUG=b/148271109

Change-Id: I3668ada57e0bd68cea86b82917fb03c19ac1283d
---

diff --git a/vp8/decoder/detokenize.c b/vp8/decoder/detokenize.c
index b350bafbc..1c77873f0 100644
--- a/vp8/decoder/detokenize.c
+++ b/vp8/decoder/detokenize.c
@@ -11,6 +11,7 @@
 #include "vp8/common/blockd.h"
 #include "onyxd_int.h"
 #include "vpx_mem/vpx_mem.h"
+#include "vpx_ports/compiler_attributes.h"
 #include "vpx_ports/mem.h"
 #include "detokenize.h"
 
@@ -52,7 +53,10 @@ static const uint8_t kZigzag[16] = { 0, 1,  4,  8,  5, 2,  3,  6,
 /* for const-casting */
 typedef const uint8_t (*ProbaArray)[NUM_CTX][NUM_PROBAS];
 
-static int GetSigned(BOOL_DECODER *br, int value_to_sign) {
+// With corrupt / fuzzed streams the calculation of br->value may overflow. See
+// b/148271109.
+static VPX_NO_UNSIGNED_OVERFLOW_CHECK int GetSigned(BOOL_DECODER *br,
+                                                    int value_to_sign) {
   int split = (br->range + 1) >> 1;
   VP8_BD_VALUE bigsplit = (VP8_BD_VALUE)split << (VP8_BD_VALUE_SIZE - 8);
   int v;