avcodec/jpeg2000dsp: Fix integer overflows in ict_int()

Fixes: signed integer overflow: 46802 * -71230 cannot be represented in type 'int' Fixes: 4756/clusterfuzz-testcase-minimized-4812495563784192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b3192c64b5bdcb0474cda437d2d5f9421d68811e) Signed-off-by: Michael Niedermayer <[email protected]>
author: Michael Niedermayer <[email protected]> 2018-01-07 04:12:57 +0100
committer: Michael Niedermayer <[email protected]> 2018-02-19 02:40:54 +0100
commit: 3cad8e730e06ab66bce5a160263452334c09dc68 (patch)
tree: 9a817328447980c738c570182cdeecf2af5e6d57
parent: 06325d77bf12dead2126e42cf89a7fd601691a5f (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/jpeg2000dsp.c b/libavcodec/jpeg2000dsp.c
index 85a12d0e9b..90e73b1e20 100644
--- a/libavcodec/jpeg2000dsp.c
+++ b/libavcodec/jpeg2000dsp.c
@@ -64,9 +64,9 @@ static void ict_int(void *_src0, void *_src1, void *_src2, int csize)
     int i;
 
     for (i = 0; i < csize; i++) {
-        i0 = *src0 + *src2 + (((26345 * *src2) + (1 << 15)) >> 16);
+        i0 = *src0 + *src2 + ((int)((26345U * *src2) + (1 << 15)) >> 16);
         i1 = *src0 - ((int)(((unsigned)i_ict_params[1] * *src1) + (1 << 15)) >> 16)
-                   - (((i_ict_params[2] * *src2) + (1 << 15)) >> 16);
+                   - ((int)(((unsigned)i_ict_params[2] * *src2) + (1 << 15)) >> 16);
         i2 = *src0 + (2 * *src1) + ((int)((-14942U * *src1) + (1 << 15)) >> 16);
         *src0++ = i0;
         *src1++ = i1;
author	Michael Niedermayer <[email protected]>	2018-01-07 04:12:57 +0100
committer	Michael Niedermayer <[email protected]>	2018-02-19 02:40:54 +0100
commit	3cad8e730e06ab66bce5a160263452334c09dc68 (patch)
tree	9a817328447980c738c570182cdeecf2af5e6d57
parent	06325d77bf12dead2126e42cf89a7fd601691a5f (diff)