avcodec/smacker: Fix integer overflows in pred[] in smka_decode_frame()

Fixes: signed integer overflow: -2147481503 + -32732 cannot be represented in type 'int' Fixes: 17782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5769672225456128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-10-01 00:10:47 +02:00 · 2019-10-01 00:10:47 +02:00 · a76897e19c
parent 8c69310477
commit a76897e19c
1 changed files with 2 additions and 2 deletions
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@ -746,7 +746,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
                    goto error;
                }
                val |= h[3].values[res] << 8;
-                pred[1] += sign_extend(val, 16);
+                pred[1] += (unsigned)sign_extend(val, 16);
                *samples++ = pred[1];
            } else {
                if(vlc[0].table)
@ -769,7 +769,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
                    goto error;
                }
                val |= h[1].values[res] << 8;
-                pred[0] += sign_extend(val, 16);
+                pred[0] += (unsigned)sign_extend(val, 16);
                *samples++ = pred[0];
            }
        }