avcodec/ralf: Fix integer overflow in decode_channel()

Fixes: signed integer overflow: -1094995519 * 64 cannot be represented in type 'int' Fixes: 17030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5640695838146560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit fbb314b6f2c2b77608442966f28aac20343a1cae) Signed-off-by: Michael Niedermayer <[email protected]>
author: Michael Niedermayer <[email protected]> 2019-09-14 14:26:49 +0200
committer: Michael Niedermayer <[email protected]> 2020-01-06 11:30:43 +0100
commit: 6b9a6088d6355819b0ab6e57d11100e7976511a7 (patch)
tree: 793c128ec18c04c1aff87202359d0d71cc23ba51
parent: d3f88922496217491d7fa22b00fbe5f9b12e5494 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/ralf.c b/libavcodec/ralf.c
index 75c9371b95..006ab46414 100644
--- a/libavcodec/ralf.c
+++ b/libavcodec/ralf.c
@@ -300,8 +300,8 @@ static int decode_channel(RALFContext *ctx, GetBitContext *gb, int ch,
         t = get_vlc2(gb, code_vlc->table, code_vlc->bits, 2);
         code1 = t / range2;
         code2 = t % range2;
-        dst[i]     = extend_code(gb, code1, range, 0) * (1 << add_bits);
-        dst[i + 1] = extend_code(gb, code2, range, 0) * (1 << add_bits);
+        dst[i]     = extend_code(gb, code1, range, 0) * (1U << add_bits);
+        dst[i + 1] = extend_code(gb, code2, range, 0) * (1U << add_bits);
         if (add_bits) {
             dst[i]     |= get_bits(gb, add_bits);
             dst[i + 1] |= get_bits(gb, add_bits);
author	Michael Niedermayer <[email protected]>	2019-09-14 14:26:49 +0200
committer	Michael Niedermayer <[email protected]>	2020-01-06 11:30:43 +0100
commit	6b9a6088d6355819b0ab6e57d11100e7976511a7 (patch)
tree	793c128ec18c04c1aff87202359d0d71cc23ba51
parent	d3f88922496217491d7fa22b00fbe5f9b12e5494 (diff)