[FFmpeg-cvslog] avcodec/h264idct_template: Fix several runtime error: signed integer overflow
Michael Niedermayer
git at videolan.org
Wed Feb 22 23:30:29 EET 2017
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Feb 22 22:07:35 2017 +0100| [ec849f637e8548ec6c9b6329334944c7c81df443] | committer: Michael Niedermayer
avcodec/h264idct_template: Fix several runtime error: signed integer overflow
Fixes: 652/clusterfuzz-testcase-6174944410992640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec849f637e8548ec6c9b6329334944c7c81df443
---
libavcodec/h264idct_template.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/libavcodec/h264idct_template.c b/libavcodec/h264idct_template.c
index a90c407..c00900b 100644
--- a/libavcodec/h264idct_template.c
+++ b/libavcodec/h264idct_template.c
@@ -289,15 +289,15 @@ void FUNCC(ff_h264_chroma422_dc_dequant_idct)(int16_t *_block, int qmul){
for(i=0; i<2; i++){
const int offset= x_offset[i];
- const int z0= temp[2*0+i] + temp[2*2+i];
- const int z1= temp[2*0+i] - temp[2*2+i];
- const int z2= temp[2*1+i] - temp[2*3+i];
- const int z3= temp[2*1+i] + temp[2*3+i];
-
- block[stride*0+offset]= ((z0 + z3)*qmul + 128) >> 8;
- block[stride*1+offset]= ((z1 + z2)*qmul + 128) >> 8;
- block[stride*2+offset]= ((z1 - z2)*qmul + 128) >> 8;
- block[stride*3+offset]= ((z0 - z3)*qmul + 128) >> 8;
+ const SUINT z0= temp[2*0+i] + temp[2*2+i];
+ const SUINT z1= temp[2*0+i] - temp[2*2+i];
+ const SUINT z2= temp[2*1+i] - temp[2*3+i];
+ const SUINT z3= temp[2*1+i] + temp[2*3+i];
+
+ block[stride*0+offset]= (int)((z0 + z3)*qmul + 128) >> 8;
+ block[stride*1+offset]= (int)((z1 + z2)*qmul + 128) >> 8;
+ block[stride*2+offset]= (int)((z1 - z2)*qmul + 128) >> 8;
+ block[stride*3+offset]= (int)((z0 - z3)*qmul + 128) >> 8;
}
}
More information about the ffmpeg-cvslog
mailing list