From e7dda51150b73e5fbdccf4c2d3a72e356980fba3 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 3 Jun 2018 01:33:54 +0200
Subject: [PATCH] avcodec/opus_silk: Change silk_lsf2lpc() slightly toward
 silk/NLSF2A.c

Fixes: runtime error: signed integer overflow: -1440457022 - 785819492 cannot be represented in type 'int'
Fixes: 7700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OPUS_fuzzer-6595838684954624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/opus_silk.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavcodec/opus_silk.c b/libavcodec/opus_silk.c
index 344333cc18..2fcbf3b9d3 100644
--- a/libavcodec/opus_silk.c
+++ b/libavcodec/opus_silk.c
@@ -239,8 +239,10 @@ static void silk_lsf2lpc(const int16_t nlsf[16], float lpcf[16], int order)
 
     /* reconstruct A(z) */
     for (k = 0; k < order>>1; k++) {
-        lpc32[k]         = -p[k + 1] - p[k] - q[k + 1] + q[k];
-        lpc32[order-k-1] = -p[k + 1] - p[k] + q[k + 1] - q[k];
+        int32_t p_tmp = p[k + 1] + p[k];
+        int32_t q_tmp = q[k + 1] - q[k];
+        lpc32[k]         = -q_tmp - p_tmp;
+        lpc32[order-k-1] =  q_tmp - p_tmp;
     }
 
     /* limit the range of the LPC coefficients to each fit within an int16_t */