[FFmpeg-devel] [PATCH] avcodec/xvididct: Fix integer overflow in idct_row()
Michael Niedermayer
michael at niedermayer.cc
Fri Sep 8 01:13:11 EEST 2023
Fixes: signed integer overflow: 1871429831 + 343006811 cannot be represented in type 'int'
Fixes: 61784/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5372151001120768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/xvididct.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/xvididct.c b/libavcodec/xvididct.c
index 43ea927437..dcea32210a 100644
--- a/libavcodec/xvididct.c
+++ b/libavcodec/xvididct.c
@@ -114,7 +114,7 @@ static int idct_row(short *in, const int *const tab, int rnd)
in[5] = a1;
in[6] = a1;
} else {
- const int k = c4 * in[0] + rnd;
+ const unsigned int k = c4 * in[0] + rnd;
const unsigned int a0 = k + c2 * in[2] + c4 * in[4] + c6 * in[6];
const unsigned int a1 = k + c6 * in[2] - c4 * in[4] - c2 * in[6];
const unsigned int a2 = k - c6 * in[2] - c4 * in[4] + c2 * in[6];
--
2.17.1
More information about the ffmpeg-devel
mailing list