From e04108dfa6d13d171b0e1b5646cc10ce51050bed Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon, 20 Feb 2017 20:22:26 +0100
Subject: [PATCH] avcodec/dca_xll: signed integer overflow: 255251 * 32768
 cannot be represented in type 'int'

Fixes: 627/clusterfuzz-testcase-5020897033322496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/dca_xll.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/dca_xll.c b/libavcodec/dca_xll.c
index 1320aaf28f..435f84ed7e 100644
--- a/libavcodec/dca_xll.c
+++ b/libavcodec/dca_xll.c
@@ -1446,11 +1446,11 @@ int ff_dca_xll_filter_frame(DCAXllDecoder *s, AVFrame *frame)
         if (frame->format == AV_SAMPLE_FMT_S16P) {
             int16_t *plane = (int16_t *)frame->extended_data[i];
             for (k = 0; k < nsamples; k++)
-                plane[k] = av_clip_int16(samples[k] * (1 << shift));
+                plane[k] = av_clip_int16(samples[k] * (SUINT)(1 << shift));
         } else {
             int32_t *plane = (int32_t *)frame->extended_data[i];
             for (k = 0; k < nsamples; k++)
-                plane[k] = clip23(samples[k] * (1 << shift)) * (1 << 8);
+                plane[k] = clip23(samples[k] * (SUINT)(1 << shift)) * (1 << 8);
         }
     }