aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2020-01-31 23:43:57 +0100
committerMichael Niedermayer <michael@niedermayer.cc>2020-05-19 17:17:36 +0200
commit85b921c4dcf27046945c7c80cbab0986c1631ec8 (patch)
tree4a1534aa4590fe0272ae7d10b97a7f94ead4b55d
parent21be7407af6eea8229bb40540ff8daa6ff60879b (diff)
downloadffmpeg-85b921c4dcf27046945c7c80cbab0986c1631ec8.tar.gz
avcodec/xvididct: Fix integer overflow in MULT()
Fixes: signed integer overflow: 23170 * 95058 cannot be represented in type 'int' Fixes: 20295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5800212870463488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7ccb576191e91b393041b14917f1b681ec75ed3b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat
-rw-r--r--libavcodec/xvididct.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/xvididct.c b/libavcodec/xvididct.c
index d8f3dd7072..14116bd6d3 100644
--- a/libavcodec/xvididct.c
+++ b/libavcodec/xvididct.c
@@ -142,7 +142,7 @@ static int idct_row(short *in, const int *const tab, int rnd)
#define TAN3 0xAB0E
#define SQRT2 0x5A82
-#define MULT(c, x, n) (((c) * (x)) >> (n))
+#define MULT(c, x, n) ((unsigned)((int)((c) * (unsigned)(x)) >> (n)))
// 12b version => #define MULT(c,x, n) ((((c) >> 3) * (x)) >> ((n) - 3))
// 12b zero-testing version:
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 08:17:38 +0000