From b20c71409b24460983ba5d9afa0716714f9e0f7d Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 6 May 2017 12:10:59 +0200
Subject: [PATCH] avcodec/fic: Fix multiple left shift of negative value -15

Fixes: 1356/clusterfuzz-testcase-minimized-6008489086287872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/fic.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/fic.c b/libavcodec/fic.c
index 2bec3d7b03..3805f70722 100644
--- a/libavcodec/fic.c
+++ b/libavcodec/fic.c
@@ -95,8 +95,8 @@ static av_always_inline void fic_idct(int16_t *blk, int step, int shift, int rnd
     const int t7 = t3 - t1;
     const int t8 =  17734 * blk[2 * step] - 42813 * blk[6 * step];
     const int t9 =  17734 * blk[6 * step] + 42814 * blk[2 * step];
-    const int tA = (blk[0 * step] - blk[4 * step] << 15) + rnd;
-    const int tB = (blk[0 * step] + blk[4 * step] << 15) + rnd;
+    const int tA = (blk[0 * step] - blk[4 * step]) * 32768 + rnd;
+    const int tB = (blk[0 * step] + blk[4 * step]) * 32768 + rnd;
     blk[0 * step] = (  t4       + t9 + tB) >> shift;
     blk[1 * step] = (  t6 + t7  + t8 + tA) >> shift;
     blk[2 * step] = (  t6 - t7  - t8 + tA) >> shift;