Browse code
avcodec/dirac_dwt: Fix integer overflows in COMPOSE_DAUB97*
Fixes: 4478/clusterfuzz-testcase-minimized-4752113767809024
Fixes: runtime error: signed integer overflow: -2147483626 + -319489 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5e9a13a5a33bf7566591216e335f2529612100bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer authored on 2017/12/03 05:48:04Showing 1 changed files
| ... | ... |
@@ -108,16 +108,16 @@ void ff_spatial_idwt_slice2(DWTContext *d, int y); |
| 108 | 108 |
((unsigned)b4 + ((int)(-2*(b0+(unsigned)b8) + 10*(b1+(unsigned)b7) - 25*(b2+(unsigned)b6) + 81*(b3+(unsigned)b5) + 128) >> 8)) |
| 109 | 109 |
|
| 110 | 110 |
#define COMPOSE_DAUB97iL1(b0, b1, b2)\ |
| 111 |
- (b1 - ((int)(1817*(b0 + (unsigned)b2) + 2048) >> 12)) |
|
| 111 |
+ ((unsigned)(b1) - ((int)(1817*(b0 + (unsigned)b2) + 2048) >> 12)) |
|
| 112 | 112 |
|
| 113 | 113 |
#define COMPOSE_DAUB97iH1(b0, b1, b2)\ |
| 114 |
- (b1 - ((int)( 113*(b0 + (unsigned)b2) + 64) >> 7)) |
|
| 114 |
+ ((unsigned)(b1) - ((int)( 113*(b0 + (unsigned)b2) + 64) >> 7)) |
|
| 115 | 115 |
|
| 116 | 116 |
#define COMPOSE_DAUB97iL0(b0, b1, b2)\ |
| 117 |
- (b1 + ((int)( 217*(b0 + (unsigned)b2) + 2048) >> 12)) |
|
| 117 |
+ ((unsigned)(b1) + ((int)( 217*(b0 + (unsigned)b2) + 2048) >> 12)) |
|
| 118 | 118 |
|
| 119 | 119 |
#define COMPOSE_DAUB97iH0(b0, b1, b2)\ |
| 120 |
- (b1 + ((int)(6497*(b0 + (unsigned)b2) + 2048) >> 12)) |
|
| 120 |
+ ((unsigned)(b1) + ((int)(6497*(b0 + (unsigned)b2) + 2048) >> 12)) |
|
| 121 | 121 |
|
| 122 | 122 |
|
| 123 | 123 |
#endif /* AVCODEC_DWT_H */ |