From 4e5523c98597a417eb43555933b1075d18ec5f8b Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 8 May 2025 23:46:04 +0200
Subject: [PATCH] avcodec/hevc/ps: Fix dependant layer id check

Fixes: shift exponent 49 is too large for 32-bit type 'int'
Fixes: 398060145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5023082406543360

Reviewed-by: James Almer <jamrial@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/hevc/ps.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/hevc/ps.c b/libavcodec/hevc/ps.c
index 24f4218931..4b021ea9c1 100644
--- a/libavcodec/hevc/ps.c
+++ b/libavcodec/hevc/ps.c
@@ -652,8 +652,8 @@ static int decode_vps_ext(GetBitContext *gb, AVCodecContext *avctx, HEVCVPS *vps
 
     /* Consequence of established layer dependencies */
     if (layer1_id_included &&
-        layer1_id_included != ((1 << vps->layer_id_in_nuh[0]) |
-                               (1 << vps->layer_id_in_nuh[1]))) {
+        layer1_id_included != ((1ULL << vps->layer_id_in_nuh[0]) |
+                               (1ULL << vps->layer_id_in_nuh[1]))) {
             av_log(avctx, AV_LOG_ERROR,
                    "Dependent layer not included in layer ID?\n");
             return AVERROR_PATCHWELCOME;