Commit 92da2309 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/diracdec: Fixes integer overflow

Fixes: runtime error: signed integer overflow: 340018243 * 27 cannot be represented in type 'int'
Fixes: 2861/clusterfuzz-testcase-minimized-5361070510178304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent 1e6cab87
...@@ -442,7 +442,7 @@ static av_cold int dirac_decode_end(AVCodecContext *avctx) ...@@ -442,7 +442,7 @@ static av_cold int dirac_decode_end(AVCodecContext *avctx)
static inline int coeff_unpack_golomb(GetBitContext *gb, int qfactor, int qoffset) static inline int coeff_unpack_golomb(GetBitContext *gb, int qfactor, int qoffset)
{ {
int coeff = dirac_get_se_golomb(gb); int coeff = dirac_get_se_golomb(gb);
const int sign = FFSIGN(coeff); const unsigned sign = FFSIGN(coeff);
if (coeff) if (coeff)
coeff = sign*((sign * coeff * qfactor + qoffset) >> 2); coeff = sign*((sign * coeff * qfactor + qoffset) >> 2);
return coeff; return coeff;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment