From e0916c7fb5da031138014000e6f3a7599db0c348 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri, 31 Jan 2020 23:43:57 +0100
Subject: [PATCH] avcodec/xvididct: Fix integer overflow in MULT()

Fixes: signed integer overflow: 23170 * 95058 cannot be represented in type 'int'
Fixes: 20295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5800212870463488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ccb576191e91b393041b14917f1b681ec75ed3b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/xvididct.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/xvididct.c b/libavcodec/xvididct.c
index 1f96ccc35c..cf6963c282 100644
--- a/libavcodec/xvididct.c
+++ b/libavcodec/xvididct.c
@@ -142,7 +142,7 @@ static int idct_row(short *in, const int *const tab, int rnd)
 #define TAN3  0xAB0E
 #define SQRT2 0x5A82
 
-#define MULT(c, x, n)  (((c) * (x)) >> (n))
+#define MULT(c, x, n)  ((unsigned)((int)((c) * (unsigned)(x)) >> (n)))
 // 12b version => #define MULT(c,x, n)  ((((c) >> 3) * (x)) >> ((n) - 3))
 // 12b zero-testing version: