From 4d33873c2990b8d6096f60fef384f0efc4482b55 Mon Sep 17 00:00:00 2001
From: Vittorio Giovara <vittorio.giovara@gmail.com>
Date: Sun, 9 Mar 2014 17:15:26 +0100
Subject: [PATCH] hevc: make pps/sps ids unsigned where necessary

Fixes integer overflow and out of array accesses.
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
---
 libavcodec/hevc.h    | 2 +-
 libavcodec/hevc_ps.c | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
index accfcb6107..1197d08193 100644
--- a/libavcodec/hevc.h
+++ b/libavcodec/hevc.h
@@ -463,7 +463,7 @@ typedef struct HEVCSPS {
 } HEVCSPS;
 
 typedef struct HEVCPPS {
-    int sps_id; ///< seq_parameter_set_id
+    unsigned int sps_id; ///< seq_parameter_set_id
 
     uint8_t sign_data_hiding_flag;
 
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index c4c7ee2223..5e5d4a77e5 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -609,8 +609,8 @@ int ff_hevc_decode_nal_sps(HEVCContext *s)
 {
     const AVPixFmtDescriptor *desc;
     GetBitContext *gb = &s->HEVClc.gb;
-    int ret    = 0;
-    int sps_id = 0;
+    int ret = 0;
+    unsigned int sps_id = 0;
     int log2_diff_max_min_transform_block_size;
     int bit_depth_chroma, start, vui_present, sublayer_ordering_info;
     int i;
@@ -988,8 +988,8 @@ int ff_hevc_decode_nal_pps(HEVCContext *s)
     int pic_area_in_ctbs, pic_area_in_min_cbs, pic_area_in_min_tbs;
     int log2_diff_ctb_min_tb_size;
     int i, j, x, y, ctb_addr_rs, tile_id;
-    int ret    = 0;
-    int pps_id = 0;
+    int ret = 0;
+    unsigned int pps_id = 0;
 
     AVBufferRef *pps_buf;
     HEVCPPS *pps = av_mallocz(sizeof(*pps));