aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2020-01-31 23:43:57 +0100
committerMichael Niedermayer <michael@niedermayer.cc>2020-07-03 12:10:24 +0200
commit092f21af2b57871fc0b255093b975359fd50d8ef (patch)
treebdf60ec3d8ca9b4bb8926699988e8fa5474b4425
parente5f325a1ddd7702f8f302709a0578009c58ddad0 (diff)
downloadffmpeg-092f21af2b57871fc0b255093b975359fd50d8ef.tar.gz
avcodec/xvididct: Fix integer overflow in MULT()
Fixes: signed integer overflow: 23170 * 95058 cannot be represented in type 'int' Fixes: 20295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5800212870463488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7ccb576191e91b393041b14917f1b681ec75ed3b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavcodec/xvididct.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/xvididct.c b/libavcodec/xvididct.c
index d8f3dd7072..14116bd6d3 100644
--- a/libavcodec/xvididct.c
+++ b/libavcodec/xvididct.c
@@ -142,7 +142,7 @@ static int idct_row(short *in, const int *const tab, int rnd)
#define TAN3 0xAB0E
#define SQRT2 0x5A82
-#define MULT(c, x, n) (((c) * (x)) >> (n))
+#define MULT(c, x, n) ((unsigned)((int)((c) * (unsigned)(x)) >> (n)))
// 12b version => #define MULT(c,x, n) ((((c) >> 3) * (x)) >> ((n) - 3))
// 12b zero-testing version: