avcodec/bonk: Use unsigned in predictor_calc_error() to avoid undefined overflows

Fixes: signed integer overflow: 22 * -2107998208 cannot be represented in type 'int'
Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2022-11-05 20:03:52 +01:00
parent 024c5b4ab4
commit f4df49eb48
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 1 additions and 1 deletions

View File

@ -273,7 +273,7 @@ static int predictor_calc_error(int *k, int *state, int order, int error)
*state_ptr = &(state[order-2]); *state_ptr = &(state[order-2]);
for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) { for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) {
int k_value = *k_ptr, state_value = *state_ptr; unsigned k_value = *k_ptr, state_value = *state_ptr;
x -= shift_down(k_value * state_value, LATTICE_SHIFT); x -= shift_down(k_value * state_value, LATTICE_SHIFT);
state_ptr[1] = state_value + shift_down(k_value * x, LATTICE_SHIFT); state_ptr[1] = state_value + shift_down(k_value * x, LATTICE_SHIFT);