[FFmpeg-cvslog] avcodec/4xm: Fix signed integer overflows in idct()

Michael Niedermayer git at videolan.org
Mon Jul 8 12:40:21 EEST 2019


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Thu Jun 27 00:15:03 2019 +0200| [2bbea155bf7c6ce6d5ae53cc41e44798cad2f39c] | committer: Michael Niedermayer

avcodec/4xm: Fix signed integer overflows in idct()

Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int'
Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2bbea155bf7c6ce6d5ae53cc41e44798cad2f39c
---

 libavcodec/4xm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c
index 89120aa8fb..8382159bde 100644
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -158,7 +158,7 @@ typedef struct FourXContext {
 #define FIX_1_847759065 121095
 #define FIX_2_613125930 171254
 
-#define MULTIPLY(var, const) (((var) * (const)) >> 16)
+#define MULTIPLY(var, const) ((int)((var) * (unsigned)(const)) >> 16)
 
 static void idct(int16_t block[64])
 {



More information about the ffmpeg-cvslog mailing list