avcodec/aacdec_template: fix integer overflow in imdct_and_windowing()

Fixes: signed integer overflow: 2147483645 + 4 cannot be represented in type 'int' Fixes: 15418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5685269069561856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit da93e2b14218c4ab0fda60e21882a4633aac5748) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2019-07-10 00:04:02 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2019-12-02 19:41:49 +0100
commit: 3ee68a677d67981b82040d4f57771cfc4b334b88 (patch)
tree: 375a1a0fc60f150ba0cbec8fee9d5ff9f6a85e61
parent: a1233d39c62bb90ea40120685d049e6afa52d700 (diff)
download: ffmpeg-3ee68a677d67981b82040d4f57771cfc4b334b88.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
index 1e7afcc17b..6000fd890f 100644
--- a/libavcodec/aacdec_template.c
+++ b/libavcodec/aacdec_template.c
@@ -2551,7 +2551,7 @@ static void imdct_and_windowing(AACContext *ac, SingleChannelElement *sce)
         ac->mdct.imdct_half(&ac->mdct, buf, in);
 #if USE_FIXED
         for (i=0; i<1024; i++)
-          buf[i] = (buf[i] + 4) >> 3;
+          buf[i] = (buf[i] + 4LL) >> 3;
 #endif /* USE_FIXED */
     }
author	Michael Niedermayer <michael@niedermayer.cc>	2019-07-10 00:04:02 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:49 +0100
commit	3ee68a677d67981b82040d4f57771cfc4b334b88 (patch)
tree	375a1a0fc60f150ba0cbec8fee9d5ff9f6a85e61
parent	a1233d39c62bb90ea40120685d049e6afa52d700 (diff)
download	ffmpeg-3ee68a677d67981b82040d4f57771cfc4b334b88.tar.gz