[FFmpeg-cvslog] avcodec/bink: Fix integer overflow in unquantize_dct_coeffs()
Michael Niedermayer
git at videolan.org
Wed Jun 26 20:12:33 EEST 2019
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Tue Jun 18 14:28:17 2019 +0200| [62ad08cef993f7a103b6d3a5498f6fa49190e085] | committer: Michael Niedermayer
avcodec/bink: Fix integer overflow in unquantize_dct_coeffs()
Fixes: signed integer overflow: -3447 * 2883584 cannot be represented in type 'int'
Fixes: 15265/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5088311799971840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62ad08cef993f7a103b6d3a5498f6fa49190e085
---
libavcodec/bink.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/bink.c b/libavcodec/bink.c
index 8392bbeeb0..d18c0ceae4 100644
--- a/libavcodec/bink.c
+++ b/libavcodec/bink.c
@@ -702,15 +702,15 @@ static int read_dct_coeffs(BinkContext *c, GetBitContext *gb, int32_t block[64],
return quant_idx;
}
-static void unquantize_dct_coeffs(int32_t block[64], const int32_t quant[64],
+static void unquantize_dct_coeffs(int32_t block[64], const uint32_t quant[64],
int coef_count, int coef_idx[64],
const uint8_t *scan)
{
int i;
- block[0] = (block[0] * quant[0]) >> 11;
+ block[0] = (int)(block[0] * quant[0]) >> 11;
for (i = 0; i < coef_count; i++) {
int idx = coef_idx[i];
- block[scan[idx]] = (block[scan[idx]] * quant[idx]) >> 11;
+ block[scan[idx]] = (int)(block[scan[idx]] * quant[idx]) >> 11;
}
}
More information about the ffmpeg-cvslog
mailing list