RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-01-19 22:01:00 +00:00
Code Issues Projects Releases Wiki Activity

avcodec/bink: Fix integer overflow in unquantize_dct_coeffs()

Browse Source 
Fixes: signed integer overflow: -3447 * 2883584 cannot be represented in type 'int'
Fixes: 15265/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5088311799971840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2019-06-18 14:28:17 +02:00
parent 1889e3166c
commit 62ad08cef9
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/bink.c
View File

@ -702,15 +702,15 @@ static int read_dct_coeffs(BinkContext *c, GetBitContext *gb, int32_t block[64],
return quant_idx;
}
static void unquantize_dct_coeffs(int32_t block[64], const int32_t quant[64],
static void unquantize_dct_coeffs(int32_t block[64], const uint32_t quant[64],
int coef_count, int coef_idx[64],
const uint8_t *scan)
{
int i;
block[0] = (block[0] * quant[0]) >> 11;
block[0] = (int)(block[0] * quant[0]) >> 11;
for (i = 0; i < coef_count; i++) {
int idx = coef_idx[i];
block[scan[idx]] = (block[scan[idx]] * quant[idx]) >> 11;
block[scan[idx]] = (int)(block[scan[idx]] * quant[idx]) >> 11;
}
}