avcodec/ralf: Fix integer overflow in decode_channel()

Fixes: signed integer overflow: -1094995519 * 64 cannot be represented in type 'int' Fixes: 17030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5640695838146560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2019-09-14 14:26:49 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2019-09-28 18:35:27 +0200
commit: fbb314b6f2c2b77608442966f28aac20343a1cae (patch)
tree: 592126201a948d5bea39d17ea89b7a8e73217381 /libavcodec/ralf.c
parent: e75e7fe1601b97c31e3ce90473ab71b9a0667573 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/ralf.c b/libavcodec/ralf.c
index 75c9371b95..006ab46414 100644
--- a/libavcodec/ralf.c
+++ b/libavcodec/ralf.c
@@ -300,8 +300,8 @@ static int decode_channel(RALFContext *ctx, GetBitContext *gb, int ch,
         t = get_vlc2(gb, code_vlc->table, code_vlc->bits, 2);
         code1 = t / range2;
         code2 = t % range2;
-        dst[i]     = extend_code(gb, code1, range, 0) * (1 << add_bits);
-        dst[i + 1] = extend_code(gb, code2, range, 0) * (1 << add_bits);
+        dst[i]     = extend_code(gb, code1, range, 0) * (1U << add_bits);
+        dst[i + 1] = extend_code(gb, code2, range, 0) * (1U << add_bits);
         if (add_bits) {
             dst[i]     |= get_bits(gb, add_bits);
             dst[i + 1] |= get_bits(gb, add_bits);
author	Michael Niedermayer <michael@niedermayer.cc>	2019-09-14 14:26:49 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2019-09-28 18:35:27 +0200
commit	fbb314b6f2c2b77608442966f28aac20343a1cae (patch)
tree	592126201a948d5bea39d17ea89b7a8e73217381 /libavcodec/ralf.c
parent	e75e7fe1601b97c31e3ce90473ab71b9a0667573 (diff)