avcodec/rka: Fix signed integer overflow in decode_filter()

Fixes: signed integer overflow: -631553 * 32768 cannot be represented in type 'int' Fixes: 57814/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-4614661233573888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2023-04-09 14:48:37 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2023-04-14 17:56:44 +0200
commit: 0ecda4fbce8e77152e9b450c4efa8c1b81c8982e (patch)
tree: a571b873cc711bd75c2a2d5bde9bdd45ece2eaa8 /libavcodec
parent: 80ac1fd1483a4b3c92a6e59d24cb050dfecb90df (diff)
download: ffmpeg-0ecda4fbce8e77152e9b450c4efa8c1b81c8982e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/rka.c b/libavcodec/rka.c
index 2212e3f930..3e86d83819 100644
--- a/libavcodec/rka.c
+++ b/libavcodec/rka.c
@@ -737,7 +737,7 @@ static int decode_filter(RKAContext *s, ChContext *ctx, ACoder *ac, int off, uns
                 }
                 ctx->buf0[off] = ctx->buf1[off] + ctx->buf0[off + -1];
             } else {
-                val *= 1 << ctx->cmode;
+                val *= 1U << ctx->cmode;
                 sum += ctx->buf0[off + -1] + val;
                 switch (s->bps) {
                 case 16: sum = av_clip_int16(sum); break;
author	Michael Niedermayer <michael@niedermayer.cc>	2023-04-09 14:48:37 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2023-04-14 17:56:44 +0200
commit	0ecda4fbce8e77152e9b450c4efa8c1b81c8982e (patch)
tree	a571b873cc711bd75c2a2d5bde9bdd45ece2eaa8 /libavcodec
parent	80ac1fd1483a4b3c92a6e59d24cb050dfecb90df (diff)
download	ffmpeg-0ecda4fbce8e77152e9b450c4efa8c1b81c8982e.tar.gz