avcodec/ralf: Fix integer overflows with the filter coefficient in decode_channel()

Fixes: signed integer overflow: 1145975808 - -1146173210 cannot be represented in type 'int' Fixes: 18616/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5121296757424128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 721624c2f67545989626ba4413f7b8dbd7dff678) Signed-off-by: Michael Niedermayer <[email protected]>
author: Michael Niedermayer <[email protected]> 2019-11-05 22:27:04 +0100
committer: Michael Niedermayer <[email protected]> 2019-12-06 20:30:58 +0100
commit: 971a6493da7be448279be52121f2ae98e09ace8b (patch)
tree: 83d0e13a8363c8a0e3b890ad20b9e9f72a08d820
parent: 33fff42d8d982537a85a22cc78332a819af82d3f (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/ralf.c b/libavcodec/ralf.c
index 819fbe8654..8bac5a22b0 100644
--- a/libavcodec/ralf.c
+++ b/libavcodec/ralf.c
@@ -264,8 +264,8 @@ static int decode_channel(RALFContext *ctx, GetBitContext *gb, int ch,
             t = get_vlc2(gb, vlc[cmode].table, vlc[cmode].bits, 2);
             t = extend_code(gb, t, 21, add_bits);
             if (!cmode)
-                coeff -= 12 << add_bits;
-            coeff = t - coeff;
+                coeff -= 12U << add_bits;
+            coeff = (unsigned)t - coeff;
             ctx->filter[i] = coeff;
 
             cmode = coeff >> add_bits;
author	Michael Niedermayer <[email protected]>	2019-11-05 22:27:04 +0100
committer	Michael Niedermayer <[email protected]>	2019-12-06 20:30:58 +0100
commit	971a6493da7be448279be52121f2ae98e09ace8b (patch)
tree	83d0e13a8363c8a0e3b890ad20b9e9f72a08d820
parent	33fff42d8d982537a85a22cc78332a819af82d3f (diff)