From 4c0931688683348201d1c4434787f359a4d05e0b Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 2 Mar 2021 20:07:13 +0100
Subject: [PATCH] avcodec/jpegls: Check A[Q] for overflow in
 ff_jpegls_update_state_regular()

Fixes: Timeout
Fixes: 30912/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5556235476795392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a3fea802a3e4274dbe084d372ec8aeab3932b3e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/jpegls.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/jpegls.h b/libavcodec/jpegls.h
index 6b89b2afa3..a317871225 100644
--- a/libavcodec/jpegls.h
+++ b/libavcodec/jpegls.h
@@ -99,7 +99,7 @@ static inline void ff_jpegls_downscale_state(JLSState *state, int Q)
 static inline int ff_jpegls_update_state_regular(JLSState *state,
                                                  int Q, int err)
 {
-    if(FFABS(err) > 0xFFFF)
+    if(FFABS(err) > 0xFFFF || FFABS(err) > INT_MAX - state->A[Q])
         return -0x10000;
     state->A[Q] += FFABS(err);
     err         *= state->twonear;