From 504d5804ac5337f35d16aacbef5f7eb5348434e9 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 23 May 2017 03:43:51 +0200
Subject: [PATCH] avcodec/g723_1: Fix runtime error: signed integer overflow:
 -1013481472 + -1139123755 cannot be represented in type 'int'

See: LsptoA() and L_add()
Fixes: 1758/clusterfuzz-testcase-minimized-6054857184116736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/g723_1.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/g723_1.c b/libavcodec/g723_1.c
index 78ce922266..1deff495de 100644
--- a/libavcodec/g723_1.c
+++ b/libavcodec/g723_1.c
@@ -150,8 +150,8 @@ static void lsp2lpc(int16_t *lpc)
      * each iteration for a final scaling factor of Q25
      */
     for (i = 2; i < LPC_ORDER / 2; i++) {
-        f1[i + 1] = f1[i - 1] + MULL2(f1[i], lpc[2 * i]);
-        f2[i + 1] = f2[i - 1] + MULL2(f2[i], lpc[2 * i + 1]);
+        f1[i + 1] = av_clipl_int32(f1[i - 1] + (int64_t)MULL2(f1[i], lpc[2 * i]));
+        f2[i + 1] = av_clipl_int32(f2[i - 1] + (int64_t)MULL2(f2[i], lpc[2 * i + 1]));
 
         for (j = i; j >= 2; j--) {
             f1[j] = MULL2(f1[j - 1], lpc[2 * i]) +