[FFmpeg-cvslog] avcodec/4xm: Fix signed integer overflows in idct()
Michael Niedermayer
git at videolan.org
Mon Jul 8 12:40:21 EEST 2019
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Thu Jun 27 00:15:03 2019 +0200| [2bbea155bf7c6ce6d5ae53cc41e44798cad2f39c] | committer: Michael Niedermayer
avcodec/4xm: Fix signed integer overflows in idct()
Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int'
Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2bbea155bf7c6ce6d5ae53cc41e44798cad2f39c
---
libavcodec/4xm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c
index 89120aa8fb..8382159bde 100644
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -158,7 +158,7 @@ typedef struct FourXContext {
#define FIX_1_847759065 121095
#define FIX_2_613125930 171254
-#define MULTIPLY(var, const) (((var) * (const)) >> 16)
+#define MULTIPLY(var, const) ((int)((var) * (unsigned)(const)) >> 16)
static void idct(int16_t block[64])
{
More information about the ffmpeg-cvslog
mailing list