diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2019-09-28 21:19:26 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2019-10-20 19:57:51 +0200 |
commit | 6fdeb208172dc95b29b965a0cc365ca0925e151e (patch) | |
tree | 688e08d06c50b20eed694dd6b5d7f6e0350712a4 /libavcodec/vc1_block.c | |
parent | fe63ace98ecaff1fffe9a9841f2581d8939a68b2 (diff) | |
download | ffmpeg-6fdeb208172dc95b29b965a0cc365ca0925e151e.tar.gz |
avcodec/vc1_block: Fixes integer overflow in vc1_decode_i_block_adv()
Fixes: signed integer overflow: 62220 * 262144 cannot be represented in type 'int'
Fixes: 17145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5667394743173120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/vc1_block.c')
-rw-r--r-- | libavcodec/vc1_block.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/vc1_block.c b/libavcodec/vc1_block.c index f1c9f41f30..4c6dfaf6bf 100644 --- a/libavcodec/vc1_block.c +++ b/libavcodec/vc1_block.c @@ -846,7 +846,7 @@ static int vc1_decode_i_block_adv(VC1Context *v, int16_t block[64], int n, q2 = FFABS(q2) * 2 + ((q2 < 0) ? 0 : v->halfpq) - 1; if (q2 && q1 != q2) { for (k = 1; k < 8; k++) - block[k << sh] += (ac_val[k] * q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; + block[k << sh] += (int)(ac_val[k] * (unsigned)q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; } else { for (k = 1; k < 8; k++) block[k << sh] += ac_val[k]; |