avcodec/jpegls: Check A[Q] for overflow in ff_jpegls_update_state_regular()

Fixes: Timeout Fixes: 30912/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5556235476795392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2021-03-02 20:07:13 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2021-03-14 23:29:51 +0100
commit: 8a3fea802a3e4274dbe084d372ec8aeab3932b3e (patch)
tree: 46bb38977bd31dcdacfc1124b06e4ea1cc1a2a97 /libavcodec/jpegls.h
parent: 337984c13327bc67e1e9e3e9bfd743cfbfbc42f8 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/jpegls.h b/libavcodec/jpegls.h
index 16372bd39d..aac67bbe31 100644
--- a/libavcodec/jpegls.h
+++ b/libavcodec/jpegls.h
@@ -95,7 +95,7 @@ static inline void ff_jpegls_downscale_state(JLSState *state, int Q)
 static inline int ff_jpegls_update_state_regular(JLSState *state,
                                                  int Q, int err)
 {
-    if(FFABS(err) > 0xFFFF)
+    if(FFABS(err) > 0xFFFF || FFABS(err) > INT_MAX - state->A[Q])
         return -0x10000;
     state->A[Q] += FFABS(err);
     err         *= state->twonear;
author	Michael Niedermayer <michael@niedermayer.cc>	2021-03-02 20:07:13 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2021-03-14 23:29:51 +0100
commit	8a3fea802a3e4274dbe084d372ec8aeab3932b3e (patch)
tree	46bb38977bd31dcdacfc1124b06e4ea1cc1a2a97 /libavcodec/jpegls.h
parent	337984c13327bc67e1e9e3e9bfd743cfbfbc42f8 (diff)