From b12444fe72173ab52b6479708cfd12cb889ca300 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri, 8 Sep 2023 00:13:11 +0200
Subject: [PATCH] avcodec/xvididct: Fix integer overflow in idct_row()

Fixes: signed integer overflow: 1871429831 + 343006811 cannot be represented in type 'int'
Fixes: 61784/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5372151001120768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/xvididct.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/xvididct.c b/libavcodec/xvididct.c
index 43ea927437..dcea32210a 100644
--- a/libavcodec/xvididct.c
+++ b/libavcodec/xvididct.c
@@ -114,7 +114,7 @@ static int idct_row(short *in, const int *const tab, int rnd)
         in[5] = a1;
         in[6] = a1;
     } else {
-        const int k  = c4 * in[0] + rnd;
+        const unsigned int k  = c4 * in[0] + rnd;
         const unsigned int a0 = k + c2 * in[2] + c4 * in[4] + c6 * in[6];
         const unsigned int a1 = k + c6 * in[2] - c4 * in[4] - c2 * in[6];
         const unsigned int a2 = k - c6 * in[2] - c4 * in[4] + c2 * in[6];