avcodec/h264addpx_template: Fixes integer overflows

Fixes: signed integer overflow: 512 + 2147483491 cannot be represented in type 'int' Fixes: 4780/clusterfuzz-testcase-minimized-4709066174627840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/h264addpx_template: Fixes integer overflows
Fixes: signed integer overflow: 512 + 2147483491 cannot be represented in type 'int' Fixes: 4780/clusterfuzz-testcase-minimized-4709066174627840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
d6945aee · Michael Niedermayer · 0e62a237 · d6945aee
Commit d6945aee authored Jan 07, 2018 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 12 deletions

h264addpx_template.c libavcodec/h264addpx_template.c +12 -12

No files found.
--- a/libavcodec/h264addpx_template.c
+++ b/libavcodec/h264addpx_template.c
@@ -35,10 +35,10 @@ static void FUNCC(ff_h264_add_pixels4)(uint8_t *_dst, int16_t *_src, int stride)
    stride /= sizeof(pixel);
    for (i = 0; i < 4; i++) {
-        dst[0] += src[0];
+        dst[0] += (unsigned)src[0];
-        dst[1] += src[1];
+        dst[1] += (unsigned)src[1];
-        dst[2] += src[2];
+        dst[2] += (unsigned)src[2];
-        dst[3] += src[3];
+        dst[3] += (unsigned)src[3];
        dst += stride;
        src += 4;
@@ -55,14 +55,14 @@ static void FUNCC(ff_h264_add_pixels8)(uint8_t *_dst, int16_t *_src, int stride)
    stride /= sizeof(pixel);
    for (i = 0; i < 8; i++) {
-        dst[0] += src[0];
+        dst[0] += (unsigned)src[0];
-        dst[1] += src[1];
+        dst[1] += (unsigned)src[1];
-        dst[2] += src[2];
+        dst[2] += (unsigned)src[2];
-        dst[3] += src[3];
+        dst[3] += (unsigned)src[3];
-        dst[4] += src[4];
+        dst[4] += (unsigned)src[4];
-        dst[5] += src[5];
+        dst[5] += (unsigned)src[5];
-        dst[6] += src[6];
+        dst[6] += (unsigned)src[6];
-        dst[7] += src[7];
+        dst[7] += (unsigned)src[7];
        dst += stride;
        src += 8;