avcodec/smacker: Fix integer overflows in pred[] in smka_decode_frame()

Fixes: signed integer overflow: -2147481503 + -32732 cannot be represented in type 'int'
Fixes: 17782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5769672225456128
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index a81c5e3e6c1a294a066e89ccade15308bdba004c..4c208311552ea383d01b38c5d1ebc8c13bbf8d1f 100644 (file)
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -746,7 +746,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
                     goto error;
                 }
                 val |= h[3].values[res] << 8;
-                pred[1] += sign_extend(val, 16);
+                pred[1] += (unsigned)sign_extend(val, 16);
                 *samples++ = pred[1];
             } else {
                 if(vlc[0].table)
@@ -769,7 +769,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
                     goto error;
                 }
                 val |= h[1].values[res] << 8;
-                pred[0] += sign_extend(val, 16);
+                pred[0] += (unsigned)sign_extend(val, 16);
                 *samples++ = pred[0];
             }
         }