avcodec/xvididct: Fix integer overflow in MULT()

Fixes: signed integer overflow: 23170 * 95058 cannot be represented in type 'int' Fixes: 20295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5800212870463488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2020-01-31 23:43:57 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-04-07 18:24:14 +0200
commit: 7ccb576191e91b393041b14917f1b681ec75ed3b (patch)
tree: d0b10600cb0c4d4e936f1b72b4212b81a34f2c94 /libavcodec/xvididct.c
parent: 187161d62f35c8b613c4a6739b0a6dfa9a24da60 (diff)
download: ffmpeg-7ccb576191e91b393041b14917f1b681ec75ed3b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/xvididct.c b/libavcodec/xvididct.c
index d8f3dd7072..14116bd6d3 100644
--- a/libavcodec/xvididct.c
+++ b/libavcodec/xvididct.c
@@ -142,7 +142,7 @@ static int idct_row(short *in, const int *const tab, int rnd)
 #define TAN3  0xAB0E
 #define SQRT2 0x5A82
 
-#define MULT(c, x, n)  (((c) * (x)) >> (n))
+#define MULT(c, x, n)  ((unsigned)((int)((c) * (unsigned)(x)) >> (n)))
 // 12b version => #define MULT(c,x, n)  ((((c) >> 3) * (x)) >> ((n) - 3))
 // 12b zero-testing version:
author	Michael Niedermayer <michael@niedermayer.cc>	2020-01-31 23:43:57 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-04-07 18:24:14 +0200
commit	7ccb576191e91b393041b14917f1b681ec75ed3b (patch)
tree	d0b10600cb0c4d4e936f1b72b4212b81a34f2c94 /libavcodec/xvididct.c
parent	187161d62f35c8b613c4a6739b0a6dfa9a24da60 (diff)
download	ffmpeg-7ccb576191e91b393041b14917f1b681ec75ed3b.tar.gz