avcodec/bonk: Use unsigned in predictor_calc_error() to avoid undefined overflows

Fixes: signed integer overflow: 22 * -2107998208 cannot be represented in type 'int' Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2022-11-05 20:03:52 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2022-11-10 21:14:22 +0100
commit: f4df49eb483fc49026a8d5578983376347d8e532 (patch)
tree: c7fab26b571c599d15fdc2521efad95263495567 /libavcodec/bonk.c
parent: 024c5b4ab436b9e035517e4181dc3499e7095290 (diff)
download: ffmpeg-f4df49eb483fc49026a8d5578983376347d8e532.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
index 409694f710..c3ad80ec73 100644
--- a/libavcodec/bonk.c
+++ b/libavcodec/bonk.c
@@ -273,7 +273,7 @@ static int predictor_calc_error(int *k, int *state, int order, int error)
         *state_ptr = &(state[order-2]);
 
     for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) {
-        int k_value = *k_ptr, state_value = *state_ptr;
+        unsigned k_value = *k_ptr, state_value = *state_ptr;
 
         x -= shift_down(k_value * state_value, LATTICE_SHIFT);
         state_ptr[1] = state_value + shift_down(k_value * x, LATTICE_SHIFT);
author	Michael Niedermayer <michael@niedermayer.cc>	2022-11-05 20:03:52 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2022-11-10 21:14:22 +0100
commit	f4df49eb483fc49026a8d5578983376347d8e532 (patch)
tree	c7fab26b571c599d15fdc2521efad95263495567 /libavcodec/bonk.c
parent	024c5b4ab436b9e035517e4181dc3499e7095290 (diff)
download	ffmpeg-f4df49eb483fc49026a8d5578983376347d8e532.tar.gz