aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2017-05-08 12:04:09 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2017-05-17 20:35:20 +0200
commit386767ecea4c1f2a9756879c8ad7037d8cda97a7 (patch)
tree388d8569e875d92560f82827c4a03327091e2e59
parent6b334460defe5995f2510d11d372e58cdccd37e2 (diff)
downloadffmpeg-386767ecea4c1f2a9756879c8ad7037d8cda97a7.tar.gz
avcodec/hqxdsp: Fix multiple runtime error: signed integer overflow: 248220 * 21407 cannot be represented in type 'int' in idct_col()
Fixes: 1405/clusterfuzz-testcase-minimized-5011491835084800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5d5118f81bd51b9c33500616b3c637123e8e4691) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavcodec/hqxdsp.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/libavcodec/hqxdsp.c b/libavcodec/hqxdsp.c
index feff9c0b68..04a65e7767 100644
--- a/libavcodec/hqxdsp.c
+++ b/libavcodec/hqxdsp.c
@@ -39,18 +39,18 @@ static inline void idct_col(int16_t *blk, const uint8_t *quant)
s6 = (int) blk[6 * 8] * quant[6 * 8];
s7 = (int) blk[7 * 8] * quant[7 * 8];
- t0 = (s3 * 19266 + s5 * 12873) >> 15;
- t1 = (s5 * 19266 - s3 * 12873) >> 15;
- t2 = ((s7 * 4520 + s1 * 22725) >> 15) - t0;
- t3 = ((s1 * 4520 - s7 * 22725) >> 15) - t1;
+ t0 = (int)(s3 * 19266U + s5 * 12873U) >> 15;
+ t1 = (int)(s5 * 19266U - s3 * 12873U) >> 15;
+ t2 = ((int)(s7 * 4520U + s1 * 22725U) >> 15) - t0;
+ t3 = ((int)(s1 * 4520U - s7 * 22725U) >> 15) - t1;
t4 = t0 * 2 + t2;
t5 = t1 * 2 + t3;
t6 = t2 - t3;
t7 = t3 * 2 + t6;
t8 = (t6 * 11585) >> 14;
t9 = (t7 * 11585) >> 14;
- tA = (s2 * 8867 - s6 * 21407) >> 14;
- tB = (s6 * 8867 + s2 * 21407) >> 14;
+ tA = (int)(s2 * 8867U - s6 * 21407U) >> 14;
+ tB = (int)(s6 * 8867U + s2 * 21407U) >> 14;
tC = (s0 >> 1) - (s4 >> 1);
tD = (s4 >> 1) * 2 + tC;
tE = tC - (tA >> 1);