From 548459080b1bd698a2e475e5d177b6e7d2538537 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon, 8 May 2017 21:32:56 +0200
Subject: [PATCH] avcodec/fic: Check coefficients

Fixes: signed integer overflow: 1258291200 * 2 cannot be represented in type 'int'
Fixes: 1413/clusterfuzz-testcase-minimized-5923451770503168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/fic.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavcodec/fic.c b/libavcodec/fic.c
index 3805f70722..613b306af5 100644
--- a/libavcodec/fic.c
+++ b/libavcodec/fic.c
@@ -150,9 +150,13 @@ static int fic_decode_block(FICContext *ctx, GetBitContext *gb,
     if (num_coeff > 64)
         return AVERROR_INVALIDDATA;
 
-    for (i = 0; i < num_coeff; i++)
-        block[ff_zigzag_direct[i]] = get_se_golomb(gb) *
+    for (i = 0; i < num_coeff; i++) {
+        int v = get_se_golomb(gb);
+        if (v < -2048 || v > 2048)
+             return AVERROR_INVALIDDATA;
+        block[ff_zigzag_direct[i]] = v *
                                      ctx->qmat[ff_zigzag_direct[i]];
+    }
 
     fic_idct_put(dst, stride, block);
 
-- 
2.11.0