avcodec/nuv: widen buf_size type

Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int' Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5740176118906880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2020-05-10 19:09:47 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-05-12 01:00:28 +0200
commit: 1ac106bf5625de6aec31a34319298032e988f349 (patch)
tree: be84d093dc74330d351d9dfb95f0d55c10c7a22f /libavcodec/nuv.c
parent: fabeef22d9793a834dba4cee5aafbf0494b9ce4f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/nuv.c b/libavcodec/nuv.c
index 7958000ae8..3ceaaac4e9 100644
--- a/libavcodec/nuv.c
+++ b/libavcodec/nuv.c
@@ -126,7 +126,7 @@ static int codec_reinit(AVCodecContext *avctx, int width, int height,
         get_quant_quality(c, quality);
     if (width != c->width || height != c->height) {
         // also reserve space for a possible additional header
-        int buf_size = height * width * 3 / 2
+        int64_t buf_size = height * (int64_t)width * 3 / 2
                      + FFMAX(AV_LZO_OUTPUT_PADDING, AV_INPUT_BUFFER_PADDING_SIZE)
                      + RTJPEG_HEADER_SIZE;
         if (buf_size > INT_MAX/8)
author	Michael Niedermayer <michael@niedermayer.cc>	2020-05-10 19:09:47 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-05-12 01:00:28 +0200
commit	1ac106bf5625de6aec31a34319298032e988f349 (patch)
tree	be84d093dc74330d351d9dfb95f0d55c10c7a22f /libavcodec/nuv.c
parent	fabeef22d9793a834dba4cee5aafbf0494b9ce4f (diff)