avcodec/bonk: Fix integer overflow in predictor_calc_error()

Fixes: signed integer overflow: -2147483300 - 12285 cannot be represented in type 'int' Fixes: 59462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5714298807386112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2023-06-03 02:00:51 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2023-09-14 22:00:17 +0200
commit: 2b25a5168e562676b299ef0f5a086e046833de4c (patch)
tree: 58ef4ae06ec44ecb3ae4297f495ac41158415be2
parent: c012d1f2bb8735f2b17ce88cd8181d2ffc989b02 (diff)
download: ffmpeg-2b25a5168e562676b299ef0f5a086e046833de4c.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
index fbea91c750..6cd6a0af61 100644
--- a/libavcodec/bonk.c
+++ b/libavcodec/bonk.c
@@ -277,7 +277,7 @@ static int predictor_calc_error(int *k, int *state, int order, int error)
     for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) {
         unsigned k_value = *k_ptr, state_value = *state_ptr;
 
-        x -= shift_down(k_value * (unsigned)state_value, LATTICE_SHIFT);
+        x -= (unsigned) shift_down(k_value * (unsigned)state_value, LATTICE_SHIFT);
         state_ptr[1] = state_value + shift_down(k_value * x, LATTICE_SHIFT);
     }
author	Michael Niedermayer <michael@niedermayer.cc>	2023-06-03 02:00:51 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2023-09-14 22:00:17 +0200
commit	2b25a5168e562676b299ef0f5a086e046833de4c (patch)
tree	58ef4ae06ec44ecb3ae4297f495ac41158415be2
parent	c012d1f2bb8735f2b17ce88cd8181d2ffc989b02 (diff)
download	ffmpeg-2b25a5168e562676b299ef0f5a086e046833de4c.tar.gz