From df01a29c1b15850e350c977d1b96f83f30faa0ae Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 19 May 2016 03:15:41 +0200
Subject: avcodec/exr: Fix potential integer overflow

Fixes CID1361949

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/exr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libavcodec/exr.c')

diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index ac6b598777..2c4f15efb0 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1025,7 +1025,7 @@ static int decode_block(AVCodecContext *avctx, void *tdata,
 
         td->ysize = FFMIN(s->tile_attr.ySize, s->ydelta - tileY * s->tile_attr.ySize);
         td->xsize = FFMIN(s->tile_attr.xSize, s->xdelta - tileX * s->tile_attr.xSize);
-        uncompressed_size = s->current_channel_offset * td->ysize * td->xsize;
+        uncompressed_size = s->current_channel_offset * (uint64_t)td->ysize * td->xsize;
 
         if (col) { /* not the first tile of the line */
             bxmin = 0; axmax = 0; /* doesn't add pixel at the left of the datawindow */
-- 
cgit v1.2.3