VIDEO: Fix an integer overflow when dequantizing the DCT coeffs

See https://github.com/FFmpeg/FFmpeg/commit/2968bedf129558024ea87a1aabc4aa2d3a5bcb6e

3 files changed, 21 insertions, 21 deletions

diff --git a/video/bink_decoder.cpp b/video/bink_decoder.cpp
index 6fca2c11c8..0f33d21f81 100644
--- a/video/bink_decoder.cpp
+++ b/video/bink_decoder.cpp
@@ -679,8 +679,8 @@ void BinkDecoder::BinkVideoTrack::blockScaledRun(DecodeContext &ctx) {
 }
 
 void BinkDecoder::BinkVideoTrack::blockScaledIntra(DecodeContext &ctx) {
-	int16 block[64];
-	memset(block, 0, 64 * sizeof(int16));
+	int32 block[64];
+	memset(block, 0, 64 * sizeof(int32));
 
 	block[0] = getBundleValue(kSourceIntraDC);
 
@@ -688,7 +688,7 @@ void BinkDecoder::BinkVideoTrack::blockScaledIntra(DecodeContext &ctx) {
 
 	IDCT(block);
 
-	int16 *src   = block;
+	int32 *src   = block;
 	byte  *dest1 = ctx.dest;
 	byte  *dest2 = ctx.dest + ctx.pitch;
 	for (int j = 0; j < 8; j++, dest1 += (ctx.pitch << 1) - 16, dest2 += (ctx.pitch << 1) - 16, src += 8) {
@@ -824,8 +824,8 @@ void BinkDecoder::BinkVideoTrack::blockResidue(DecodeContext &ctx) {
 }
 
 void BinkDecoder::BinkVideoTrack::blockIntra(DecodeContext &ctx) {
-	int16 block[64];
-	memset(block, 0, 64 * sizeof(int16));
+	int32 block[64];
+	memset(block, 0, 64 * sizeof(int32));
 
 	block[0] = getBundleValue(kSourceIntraDC);
 
@@ -845,8 +845,8 @@ void BinkDecoder::BinkVideoTrack::blockFill(DecodeContext &ctx) {
 void BinkDecoder::BinkVideoTrack::blockInter(DecodeContext &ctx) {
 	blockMotion(ctx);
 
-	int16 block[64];
-	memset(block, 0, 64 * sizeof(int16));
+	int32 block[64];
+	memset(block, 0, 64 * sizeof(int32));
 
 	block[0] = getBundleValue(kSourceInterDC);
 
@@ -1081,7 +1081,7 @@ void BinkDecoder::BinkVideoTrack::readDCS(VideoFrame &video, Bundle &bundle, int
 }
 
 /** Reads 8x8 block of DCT coefficients. */
-void BinkDecoder::BinkVideoTrack::readDCTCoeffs(VideoFrame &video, int16 *block, bool isIntra) {
+void BinkDecoder::BinkVideoTrack::readDCTCoeffs(VideoFrame &video, int32 *block, bool isIntra) {
 	int coefCount = 0;
 	int coefIdx[64];
 
@@ -1169,7 +1169,7 @@ void BinkDecoder::BinkVideoTrack::readDCTCoeffs(VideoFrame &video, int16 *block,
 	}
 
 	uint8 quantIdx = video.bits->getBits(4);
-	const uint32 *quant = isIntra ? binkIntraQuant[quantIdx] : binkInterQuant[quantIdx];
+	const int32 *quant = isIntra ? binkIntraQuant[quantIdx] : binkInterQuant[quantIdx];
 	block[0] = (block[0] * quant[0]) >> 11;
 
 	for (int i = 0; i < coefCount; i++) {
@@ -1308,7 +1308,7 @@ void BinkDecoder::BinkVideoTrack::readResidue(VideoFrame &video, int16 *block, i
 #define MUNGE_ROW(x) (((x) + 0x7F)>>8)
 #define IDCT_ROW(dest,src) IDCT_TRANSFORM(dest,0,1,2,3,4,5,6,7,0,1,2,3,4,5,6,7,MUNGE_ROW,src)
 
-static inline void IDCTCol(int16 *dest, const int16 *src) {
+static inline void IDCTCol(int32 *dest, const int32 *src) {
 	if ((src[8] | src[16] | src[24] | src[32] | src[40] | src[48] | src[56]) == 0) {
 		dest[ 0] =
 		dest[ 8] =
@@ -1323,9 +1323,9 @@ static inline void IDCTCol(int16 *dest, const int16 *src) {
 	}
 }
 
-void BinkDecoder::BinkVideoTrack::IDCT(int16 *block) {
+void BinkDecoder::BinkVideoTrack::IDCT(int32 *block) {
 	int i;
-	int16 temp[64];
+	int32 temp[64];
 
 	for (i = 0; i < 8; i++)
 		IDCTCol(&temp[i], &block[i]);
@@ -1334,7 +1334,7 @@ void BinkDecoder::BinkVideoTrack::IDCT(int16 *block) {
 	}
 }
 
-void BinkDecoder::BinkVideoTrack::IDCTAdd(DecodeContext &ctx, int16 *block) {
+void BinkDecoder::BinkVideoTrack::IDCTAdd(DecodeContext &ctx, int32 *block) {
 	int i, j;
 
 	IDCT(block);
@@ -1344,9 +1344,9 @@ void BinkDecoder::BinkVideoTrack::IDCTAdd(DecodeContext &ctx, int16 *block) {
 			 dest[j] += block[j];
 }
 
-void BinkDecoder::BinkVideoTrack::IDCTPut(DecodeContext &ctx, int16 *block) {
+void BinkDecoder::BinkVideoTrack::IDCTPut(DecodeContext &ctx, int32 *block) {
 	int i;
-	int16 temp[64];
+	int32 temp[64];
 	for (i = 0; i < 8; i++)
 		IDCTCol(&temp[i], &block[i]);
 	for (i = 0; i < 8; i++) {
diff --git a/video/bink_decoder.h b/video/bink_decoder.h
index 68dd994115..29d16020b1 100644
--- a/video/bink_decoder.h
+++ b/video/bink_decoder.h
@@ -314,13 +314,13 @@ private:
 		void readPatterns    (VideoFrame &video, Bundle &bundle);
 		void readColors      (VideoFrame &video, Bundle &bundle);
 		void readDCS         (VideoFrame &video, Bundle &bundle, int startBits, bool hasSign);
-		void readDCTCoeffs   (VideoFrame &video, int16 *block, bool isIntra);
+		void readDCTCoeffs   (VideoFrame &video, int32 *block, bool isIntra);
 		void readResidue     (VideoFrame &video, int16 *block, int masksCount);
 
 		// Bink video IDCT
-		void IDCT(int16 *block);
-		void IDCTPut(DecodeContext &ctx, int16 *block);
-		void IDCTAdd(DecodeContext &ctx, int16 *block);
+		void IDCT(int32 *block);
+		void IDCTPut(DecodeContext &ctx, int32 *block);
+		void IDCTAdd(DecodeContext &ctx, int32 *block);
 	};
 
 	class BinkAudioTrack : public AudioTrack {
diff --git a/video/binkdata.h b/video/binkdata.h
index dc72f7eacd..fd72d53f5c 100644
--- a/video/binkdata.h
+++ b/video/binkdata.h
@@ -247,7 +247,7 @@ static const uint8 binkPatterns[16][64] = {
 }
 };
 
-static const uint32 binkIntraQuant[16][64] = {
+static const int32 binkIntraQuant[16][64] = {
 {
 	0x010000, 0x016315, 0x01E83D, 0x02A535, 0x014E7B, 0x016577, 0x02F1E6, 0x02724C,
 	0x010000, 0x00EEDA, 0x024102, 0x017F9B, 0x00BE80, 0x00611E, 0x01083C, 0x00A552,
@@ -410,7 +410,7 @@ static const uint32 binkIntraQuant[16][64] = {
 },
 };
 
-static const uint32 binkInterQuant[16][64] = {
+static const int32 binkInterQuant[16][64] = {
 {
 	0x010000, 0x017946, 0x01A5A9, 0x0248DC, 0x016363, 0x0152A7, 0x0243EC, 0x0209EA,
 	0x012000, 0x00E248, 0x01BBDA, 0x015CBC, 0x00A486, 0x0053E0, 0x00F036, 0x008095,