From 57f7e5caa324fd760aa9e134ee963e9936083c59 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri, 18 Dec 2020 00:31:08 +0100
Subject: avcodec/simple_idct: Fix undefined integer overflow in idct4row()

Fixes: signed integer overflow: -1498310196 - 902891776 cannot be represented in type 'int'
Fixes: 28445/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5075163389493248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/simple_idct.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'libavcodec/simple_idct.c')

diff --git a/libavcodec/simple_idct.c b/libavcodec/simple_idct.c
index 3b2e736538..0ef167491a 100644
--- a/libavcodec/simple_idct.c
+++ b/libavcodec/simple_idct.c
@@ -175,7 +175,8 @@ static inline void idct4col_add(uint8_t *dest, ptrdiff_t line_size, const int16_
 #define R_SHIFT 11
 static inline void idct4row(int16_t *row)
 {
-    int c0, c1, c2, c3, a0, a1, a2, a3;
+    unsigned c0, c1, c2, c3;
+    int a0, a1, a2, a3;
 
     a0 = row[0];
     a1 = row[1];
-- 
cgit v1.2.3