diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2018-01-07 04:12:57 +0100 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2018-04-13 00:35:15 +0200 |
commit | e4afafaa7effe5086373790639c1d0a962d4d007 (patch) | |
tree | adad49a0c7af705972daff2a64931e7ef93004f4 | |
parent | d81bfc042cea588213d7ce2162d9c7fd1b23b98f (diff) | |
download | ffmpeg-e4afafaa7effe5086373790639c1d0a962d4d007.tar.gz |
avcodec/jpeg2000dsp: Fix integer overflows in ict_int()
Fixes: signed integer overflow: 46802 * -71230 cannot be represented in type 'int'
Fixes: 4756/clusterfuzz-testcase-minimized-4812495563784192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b3192c64b5bdcb0474cda437d2d5f9421d68811e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavcodec/jpeg2000dsp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/jpeg2000dsp.c b/libavcodec/jpeg2000dsp.c index 85a12d0e9b..90e73b1e20 100644 --- a/libavcodec/jpeg2000dsp.c +++ b/libavcodec/jpeg2000dsp.c @@ -64,9 +64,9 @@ static void ict_int(void *_src0, void *_src1, void *_src2, int csize) int i; for (i = 0; i < csize; i++) { - i0 = *src0 + *src2 + (((26345 * *src2) + (1 << 15)) >> 16); + i0 = *src0 + *src2 + ((int)((26345U * *src2) + (1 << 15)) >> 16); i1 = *src0 - ((int)(((unsigned)i_ict_params[1] * *src1) + (1 << 15)) >> 16) - - (((i_ict_params[2] * *src2) + (1 << 15)) >> 16); + - ((int)(((unsigned)i_ict_params[2] * *src2) + (1 << 15)) >> 16); i2 = *src0 + (2 * *src1) + ((int)((-14942U * *src1) + (1 << 15)) >> 16); *src0++ = i0; *src1++ = i1; |