avcodec/vp9block: fix runtime error: signed integer overflow: 196675 * 20670...

avcodec/vp9block: fix runtime error: signed integer overflow: 196675 * 20670 cannot be represented in type 'int' Fixes: 1710/clusterfuzz-testcase-minimized-4837032931098624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/vp9block: fix runtime error: signed integer overflow: 196675 * 20670...
avcodec/vp9block: fix runtime error: signed integer overflow: 196675 * 20670 cannot be represented in type 'int' Fixes: 1710/clusterfuzz-testcase-minimized-4837032931098624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
d4ee7678 · Michael Niedermayer · ec2b76aa · d4ee7678
Commit d4ee7678 authored May 21, 2017 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

vp9block.c libavcodec/vp9block.c +2 -2

No files found.
--- a/libavcodec/vp9block.c
+++ b/libavcodec/vp9block.c
@@ -915,9 +915,9 @@ skip_eob:
        if (!--band_left)
            band_left = band_counts[++band];
        if (is_tx32x32)
-            STORE_COEF(coef, rc, ((vp8_rac_get(c) ? -val : val) * qmul[!!i]) / 2);
+            STORE_COEF(coef, rc, (int)((vp8_rac_get(c) ? -val : val) * (unsigned)qmul[!!i]) / 2);
        else
-            STORE_COEF(coef, rc, (vp8_rac_get(c) ? -val : val) * qmul[!!i]);
+            STORE_COEF(coef, rc, (vp8_rac_get(c) ? -val : val) * (unsigned)qmul[!!i]);
        nnz = (1 + cache[nb[i][0]] + cache[nb[i][1]]) >> 1;
        tp = p[band][nnz];
    } while (++i < n_coeffs);