From 2898bc522da6adebda5cbbd9036defe22e3b9bcf Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 15 Mar 2017 02:58:16 +0100 Subject: avcodec/h264idct_template: fix multiple runtime error: signed integer overflow Fixes: 857/clusterfuzz-testcase-5319093760557056 Benchmark changes from 335->333 (so if its not a random fluctuation then it would be faster) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/h264idct_template.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264idct_template.c b/libavcodec/h264idct_template.c index c62716090c..229a9ac36b 100644 --- a/libavcodec/h264idct_template.c +++ b/libavcodec/h264idct_template.c @@ -304,7 +304,7 @@ void FUNCC(ff_h264_chroma422_dc_dequant_idct)(int16_t *_block, int qmul){ void FUNCC(ff_h264_chroma_dc_dequant_idct)(int16_t *_block, int qmul){ const int stride= 16*2; const int xStride= 16; - int a,b,c,d,e; + SUINT a,b,c,d,e; dctcoef *block = (dctcoef*)_block; a= block[stride*0 + xStride*0]; @@ -317,8 +317,8 @@ void FUNCC(ff_h264_chroma_dc_dequant_idct)(int16_t *_block, int qmul){ b= c-d; c= c+d; - block[stride*0 + xStride*0]= ((a+c)*qmul) >> 7; - block[stride*0 + xStride*1]= ((e+b)*qmul) >> 7; - block[stride*1 + xStride*0]= ((a-c)*qmul) >> 7; - block[stride*1 + xStride*1]= ((e-b)*qmul) >> 7; + block[stride*0 + xStride*0]= (int)((a+c)*qmul) >> 7; + block[stride*0 + xStride*1]= (int)((e+b)*qmul) >> 7; + block[stride*1 + xStride*0]= (int)((a-c)*qmul) >> 7; + block[stride*1 + xStride*1]= (int)((e-b)*qmul) >> 7; } -- cgit v1.2.3