GitHub/libvpx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Avoid overflow in calc_iframe_target_size

Browse Source 
The changed product was observed to attempt to multiply 1800 by 2500000,
which overflows unsigned 32 bits. Converting to unsigned 64 bits first
and testing whether the final result fits in 32 bits solves the problem.

BUG=b:179686142

Change-Id: I5d27317bf14b0311b739144c451d8e172db01945
This commit is contained in:
Jorge E. Moreira
2021-06-30 11:33:51 -07:00
parent 40e7b4a5be
commit 5f345a9246
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
vp8/encoder/ratectrl.c
+6 -2
View File
@@ -349,8 +349,12 @@ static void calc_iframe_target_size(VP8_COMP *cpi) {
}
if (cpi->oxcf.rc_max_intra_bitrate_pct) {
unsigned int max_rate =
cpi->per_frame_bandwidth * cpi->oxcf.rc_max_intra_bitrate_pct / 100;
unsigned int max_rate;
// This product may overflow unsigned int
uint64_t product = cpi->per_frame_bandwidth;
product *= cpi->oxcf.rc_max_intra_bitrate_pct;
product /= 100;
max_rate = (unsigned int)VPXMIN(INT_MAX, product);
if (target > max_rate) target = max_rate;
}