avcodec/jpegls: Check A[Q] for overflow in ff_jpegls_update_state_regular()

Fixes: Timeout
Fixes: 30912/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5556235476795392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/jpegls.h b/libavcodec/jpegls.h
index 16372bd39d69dc077d224f79dd369985bcb26116..aac67bbe3197a295c478c020edc85135d302dd90 100644 (file)
--- a/libavcodec/jpegls.h
+++ b/libavcodec/jpegls.h
@@ -95,7 +95,7 @@ static inline void ff_jpegls_downscale_state(JLSState *state, int Q)
 static inline int ff_jpegls_update_state_regular(JLSState *state,
                                                  int Q, int err)
 {
-    if(FFABS(err) > 0xFFFF)
+    if(FFABS(err) > 0xFFFF || FFABS(err) > INT_MAX - state->A[Q])
         return -0x10000;
     state->A[Q] += FFABS(err);
     err         *= state->twonear;