avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
authorMichael Niedermayer <michael@niedermayer.cc>
Tue, 5 Jun 2018 00:17:24 +0000 (02:17 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Mon, 16 Jul 2018 17:06:27 +0000 (19:06 +0200)
commitbb6d47cf35836640309cf933a3d6a4bf1eec3ced
treed18373503a4b870e05d8ef5b7f6c48b022d04b34
parent0f1e6771d03c4f5b998bced9c8dfc8cf4180a999
avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()

Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int'
Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 936f4a2c2e14ec753e8835f2e820b4cd9aec9a56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/mjpegdec.c