avcodec/jpeglsdec: Fix k=16 in ls_get_code_regular()

Fixes: Timeout
Fixes: left shift of 33046 by 16 places cannot be represented in type 'int'
Fixes: 29258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-4889231489105920
Fixes: 29515/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-6161940391002112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c
index ef97bdb297b220aa55afc27be0ca6cdd099530a0..69980eaa49781812bfb518ba59128068325f874c 100644 (file)
--- a/libavcodec/jpeglsdec.c
+++ b/libavcodec/jpeglsdec.c
@@ -149,7 +149,7 @@ static inline int ls_get_code_regular(GetBitContext *gb, JLSState *state, int Q)
 {
     int k, ret;
 
-    for (k = 0; (state->N[Q] << k) < state->A[Q]; k++)
+    for (k = 0; ((unsigned)state->N[Q] << k) < state->A[Q]; k++)
         ;
 
 #ifdef JLS_BROKEN