avcodec/bonk: Fix undefined overflow in predictor_calc_error()

Fixes: signed integer overflow: -2146469728 - 1488954 cannot be represented in type 'int' Fixes: 62490/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5612782399389696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2023-10-05 14:17:05 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2023-10-16 01:05:07 +0200
commit: cd66606a8f9124a75a126d579c18f263b874d3a5 (patch)
tree: cf2f2c6a5c35b312bc8f362ba28e62b0b3c44970
parent: ef3b42738b8081982498f5fb6b24593996045777 (diff)
download: ffmpeg-cd66606a8f9124a75a126d579c18f263b874d3a5.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
index 6cd6a0af61..65679e5fb6 100644
--- a/libavcodec/bonk.c
+++ b/libavcodec/bonk.c
@@ -270,7 +270,7 @@ static inline int shift(int a, int b)
 
 static int predictor_calc_error(int *k, int *state, int order, int error)
 {
-    int i, x = error - shift_down(k[order-1] * (unsigned)state[order-1], LATTICE_SHIFT);
+    int i, x = error - (unsigned)shift_down(k[order-1] * (unsigned)state[order-1], LATTICE_SHIFT);
     int *k_ptr = &(k[order-2]),
         *state_ptr = &(state[order-2]);
author	Michael Niedermayer <michael@niedermayer.cc>	2023-10-05 14:17:05 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2023-10-16 01:05:07 +0200
commit	cd66606a8f9124a75a126d579c18f263b874d3a5 (patch)
tree	cf2f2c6a5c35b312bc8f362ba28e62b0b3c44970
parent	ef3b42738b8081982498f5fb6b24593996045777 (diff)
download	ffmpeg-cd66606a8f9124a75a126d579c18f263b874d3a5.tar.gz