Skip to content

F
ffmpeg.wasm-core
Commit 66941993 authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

avcodec/svq3: Fix multiple runtime error: signed integer overflow: 44161 *... 

avcodec/svq3: Fix multiple runtime error: signed integer overflow: 44161 * 61694 cannot be represented in type 'int'

Fixes: 1382/clusterfuzz-testcase-minimized-6013445293998080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpegSigned-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent 1121d927
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 5 deletions
libavcodec/svq3.c
View file @ 66941993
......@@ -223,7 +223,7 @@ static int svq3_decode_end(AVCodecContext *avctx);
static void svq3_luma_dc_dequant_idct_c(int16_t *output, int16_t *input, int qp)
{
const int qmul = svq3_dequant_coeff[qp];
const unsigned qmul = svq3_dequant_coeff[qp];
#define stride 16
int i;
int temp[16];
......@@ -248,10 +248,10 @@ static void svq3_luma_dc_dequant_idct_c(int16_t *output, int16_t *input, int qp)
const int z2 = 7 * temp[4 * 1 + i] - 17 * temp[4 * 3 + i];
const int z3 = 17 * temp[4 * 1 + i] + 7 * temp[4 * 3 + i];
output[stride * 0 + offset] = (z0 + z3) * qmul + 0x80000 >> 20;
output[stride * 2 + offset] = (z1 + z2) * qmul + 0x80000 >> 20;
output[stride * 8 + offset] = (z1 - z2) * qmul + 0x80000 >> 20;
output[stride * 10 + offset] = (z0 - z3) * qmul + 0x80000 >> 20;
output[stride * 0 + offset] = (int)((z0 + z3) * qmul + 0x80000) >> 20;
output[stride * 2 + offset] = (int)((z1 + z2) * qmul + 0x80000) >> 20;
output[stride * 8 + offset] = (int)((z1 - z2) * qmul + 0x80000) >> 20;
output[stride * 10 + offset] = (int)((z0 - z3) * qmul + 0x80000) >> 20;
}
}
#undef stride
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment