From d0d20f16ce4de0d814b7dac28fa18c666b7a8a85 Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Mon, 19 Jun 2023 23:47:07 -0300
Subject: [PATCH] avformat/evcdec: use an unsigned type for nalu_size

But ensure the value returned by evc_read_nal_unit_length() fits in an int.
Should prevent integer overflows later in the code.

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavformat/evcdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/evcdec.c b/libavformat/evcdec.c
index 842258d229..ef743028ae 100644
--- a/libavformat/evcdec.c
+++ b/libavformat/evcdec.c
@@ -181,7 +181,7 @@ fail:
 static int evc_read_packet(AVFormatContext *s, AVPacket *pkt)
 {
     int ret;
-    int32_t nalu_size;
+    uint32_t nalu_size;
     int au_end_found = 0;
     EVCDemuxContext *const c = s->priv_data;
 
@@ -200,7 +200,7 @@ static int evc_read_packet(AVFormatContext *s, AVPacket *pkt)
             return ret;
 
         nalu_size = read_nal_unit_length((const uint8_t *)&buf, EVC_NALU_LENGTH_PREFIX_SIZE);
-        if (nalu_size <= 0)
+        if (!nalu_size || nalu_size > INT_MAX)
             return AVERROR_INVALIDDATA;
 
         avio_seek(s->pb, -EVC_NALU_LENGTH_PREFIX_SIZE, SEEK_CUR);