Fixes: signed integer overflow: 2147480546 + 4096 cannot be represented in type 'int'
Fixes: 16280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5123442566758400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9d3ddef519e88c40c05be8cb94cd9e71c0957ec7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
... | ... |
@@ -1266,7 +1266,7 @@ static void do_apply_filter(APEContext *ctx, int version, APEFilter *f, |
1266 | 1266 |
f->delay - order, |
1267 | 1267 |
f->adaptcoeffs - order, |
1268 | 1268 |
order, APESIGN(*data)); |
1269 |
- res = (res + (1 << (fracbits - 1))) >> fracbits; |
|
1269 |
+ res = (int)(res + (1U << (fracbits - 1))) >> fracbits; |
|
1270 | 1270 |
res += *data; |
1271 | 1271 |
*data++ = res; |
1272 | 1272 |
|