avcodec/wavarc: fix integer overflow in decode_5elp() block type 2

Fixes: signed integer overflow: 2097152000 + 107142979 cannot be represented in type 'int' Fixes: 67919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5955101769400320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2024-04-26 05:08:38 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2024-05-06 03:00:41 +0200
commit: a2ec2bd49317ab16a3c30c0824efc580ea9a8aef (patch)
tree: e93a1491167a34dbfe1ee009f121bd39ab32020a
parent: 1330a73ccadd855542ac4386f75fd72ff0ab5ea1 (diff)
download: ffmpeg-a2ec2bd49317ab16a3c30c0824efc580ea9a8aef.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c
index b4b26958e6..93b76c43e8 100644
--- a/libavcodec/wavarc.c
+++ b/libavcodec/wavarc.c
@@ -689,7 +689,7 @@ static int decode_5elp(AVCodecContext *avctx,
                 for (int o = 0; o < order; o++)
                     sum += s->filter[ch][o] * (unsigned)samples[n + 70 - o - 1];
 
-                samples[n + 70] += ac_out[n] + (sum >> 4);
+                samples[n + 70] += ac_out[n] + (unsigned)(sum >> 4);
             }
 
             for (int n = 0; n < 70; n++)
author	Michael Niedermayer <michael@niedermayer.cc>	2024-04-26 05:08:38 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2024-05-06 03:00:41 +0200
commit	a2ec2bd49317ab16a3c30c0824efc580ea9a8aef (patch)
tree	e93a1491167a34dbfe1ee009f121bd39ab32020a
parent	1330a73ccadd855542ac4386f75fd72ff0ab5ea1 (diff)
download	ffmpeg-a2ec2bd49317ab16a3c30c0824efc580ea9a8aef.tar.gz