On Tue, Feb 04, 2025 at 12:16:59AM -0300, James Almer wrote:
> On 2/3/2025 11:58 PM, Michael Niedermayer wrote:
> > Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
> > Fixes: 390646659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-5040277374435328
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >   libavcodec/osq.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/libavcodec/osq.c b/libavcodec/osq.c
> > index 83b4a9d618d..5c7826778dc 100644
> > --- a/libavcodec/osq.c
> > +++ b/libavcodec/osq.c
> > @@ -190,7 +190,7 @@ static uint32_t get_urice(GetBitContext *gb, int k)
> >   static int32_t get_srice(GetBitContext *gb, int x)
> >   {
> > -    int32_t y = get_urice(gb, x);
> > +    uint32_t y = get_urice(gb, x);
> >       return get_bits1(gb) ? -y : y;
> 
> Does -y here work as intended now that y is unsigned?

why would it not ?

subtraction is the same operation for signed (twos complement) and unsigned

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The worst form of inequality is to try to make unequal things equal.
-- Aristotle