From cd6ac013a00373126bf3d313743d39b5edd5428a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon, 17 Jan 2022 14:16:39 +0100
Subject: [PATCH] avcodec/cfhd: Avoid signed integer overflow in coeff

Fixes: signed integer overflow: 15244032 * 256 cannot be represented in type 'int'
Fixes: 43504/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4865014842916864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/cfhd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
index 008a6360b6..ac7826250f 100644
--- a/libavcodec/cfhd.c
+++ b/libavcodec/cfhd.c
@@ -838,7 +838,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
                             const uint16_t q = s->quantisation;
 
                             for (i = 0; i < run; i++) {
-                                *coeff_data |= coeff * 256;
+                                *coeff_data |= coeff * 256U;
                                 *coeff_data++ *= q;
                             }
                         } else {
@@ -869,7 +869,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
                             const uint16_t q = s->quantisation;
 
                             for (i = 0; i < run; i++) {
-                                *coeff_data |= coeff * 256;
+                                *coeff_data |= coeff * 256U;
                                 *coeff_data++ *= q;
                             }
                         } else {