virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

avcodec/mobiclip: Fix multiple integer overflows

Browse Source 
Fixes: signed integer overflow: 872415232 * 7 cannot be represented in type 'int'
Fixes: signed integer overflow: -2013265888 + -1744830464 cannot be represented in type 'int'
Fixes: 25834/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5471406434025472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-09-29 22:43:13 +02:00
parent 2be3eb7f77
commit 0aa1645140
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libavcodec/mobiclip.c
View File

@ -407,12 +407,12 @@ static int setup_qtables(AVCodecContext *avctx, int quantizer)
return 0;
}
static void inverse4(int *rs)
static void inverse4(unsigned *rs)
{
int a = rs[0] + rs[2];
int b = rs[0] - rs[2];
int c = rs[1] + (rs[3] >> 1);
int d = (rs[1] >> 1) - rs[3];
unsigned a = rs[0] + rs[2];
unsigned b = rs[0] - rs[2];
unsigned c = rs[1] + ((int)rs[3] >> 1);
unsigned d = ((int)rs[1] >> 1) - rs[3];
rs[0] = a + c;
rs[1] = b + d;
@ -519,7 +519,7 @@ static int add_coefficients(AVCodecContext *avctx, AVFrame *frame,
if (pos >= size * size)
return AVERROR_INVALIDDATA;
qval = qtab[pos];
mat[ztab[pos]] = qval * level;
mat[ztab[pos]] = qval *(unsigned)level;
if (last)
break;