From eec70d9fbeb7f7d0d060326e3f881bca27f99b17 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 Aug 2019 17:49:15 +0200 Subject: [PATCH] avcodec/takdec: Fix integer overflow in decorrelate() Fixes: signed integer overflow: -2424832 - 2145653689 cannot be represented in type 'int' Fixes: 16138/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5643451346976768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit f1192736494a5b16717de66da4a3d3c6af0e9a7a) Signed-off-by: Michael Niedermayer --- libavcodec/takdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/takdec.c b/libavcodec/takdec.c index 0439a3ac9b..4fb5825532 100644 --- a/libavcodec/takdec.c +++ b/libavcodec/takdec.c @@ -653,7 +653,7 @@ static int decorrelate(TAKDecContext *s, int c1, int c2, int length) s->residues[i ] * s->filter[0]; } - v = av_clip_intp2(v >> 10, 13) * (1 << dshift) - *p1; + v = av_clip_intp2(v >> 10, 13) * (1U << dshift) - *p1; *p1++ = v; }