From 3ee68a677d67981b82040d4f57771cfc4b334b88 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 10 Jul 2019 00:04:02 +0200
Subject: [PATCH] avcodec/aacdec_template: fix integer overflow in
 imdct_and_windowing()

Fixes: signed integer overflow: 2147483645 + 4 cannot be represented in type 'int'
Fixes: 15418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5685269069561856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit da93e2b14218c4ab0fda60e21882a4633aac5748)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/aacdec_template.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
index 1e7afcc17b..6000fd890f 100644
--- a/libavcodec/aacdec_template.c
+++ b/libavcodec/aacdec_template.c
@@ -2551,7 +2551,7 @@ static void imdct_and_windowing(AACContext *ac, SingleChannelElement *sce)
         ac->mdct.imdct_half(&ac->mdct, buf, in);
 #if USE_FIXED
         for (i=0; i<1024; i++)
-          buf[i] = (buf[i] + 4) >> 3;
+          buf[i] = (buf[i] + 4LL) >> 3;
 #endif /* USE_FIXED */
     }