avcodec/smacker: Fix integer overflows in pred[] in smka_decode_frame()

Fixes: signed integer overflow: -2147481503 + -32732 cannot be represented in type 'int' Fixes: 17782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5769672225456128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a76897e19c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-10 17:39:56 +00:00 · 2019-10-01 00:10:47 +02:00 · 2019-10-01 00:10:47 +02:00 · a3e5542744
commit a3e5542744
parent 7755265387
1 changed files with 2 additions and 2 deletions
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@ -735,7 +735,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
                    return AVERROR_INVALIDDATA;
                }
                val |= h[3].values[res] << 8;
-                pred[1] += sign_extend(val, 16);
+                pred[1] += (unsigned)sign_extend(val, 16);
                *samples++ = pred[1];
            } else {
                if(vlc[0].table)
@ -756,7 +756,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
                    return AVERROR_INVALIDDATA;
                }
                val |= h[1].values[res] << 8;
-                pred[0] += sign_extend(val, 16);
+                pred[0] += (unsigned)sign_extend(val, 16);
                *samples++ = pred[0];
            }
        }