avcodec/fic: Check coefficients

Fixes: signed integer overflow: 1258291200 * 2 cannot be represented in type 'int'
Fixes: 1413/clusterfuzz-testcase-minimized-5923451770503168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/fic.c b/libavcodec/fic.c
index 3805f70..613b306 100644 (file)
--- a/libavcodec/fic.c
+++ b/libavcodec/fic.c
@@ -150,9 +150,13 @@ static int fic_decode_block(FICContext *ctx, GetBitContext *gb,
     if (num_coeff > 64)
         return AVERROR_INVALIDDATA;
 
-    for (i = 0; i < num_coeff; i++)
-        block[ff_zigzag_direct[i]] = get_se_golomb(gb) *
+    for (i = 0; i < num_coeff; i++) {
+        int v = get_se_golomb(gb);
+        if (v < -2048 || v > 2048)
+             return AVERROR_INVALIDDATA;
+        block[ff_zigzag_direct[i]] = v *
                                      ctx->qmat[ff_zigzag_direct[i]];
+    }
 
     fic_idct_put(dst, stride, block);