avcodec/dxtory: Fix negative shift in dxtory_decode_v1_410()

Fixes: left shift of negative value -256
Fixes: 25460/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5073252341514240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/dxtory.c b/libavcodec/dxtory.c
index 157e4b3ed2f8b8a5b44523357d4756243ef556a4..a82532c467c18c0d2e9672be68b5627799442b7e 100644 (file)
--- a/libavcodec/dxtory.c
+++ b/libavcodec/dxtory.c
@@ -177,10 +177,10 @@ static int dxtory_decode_v1_410(AVCodecContext *avctx, AVFrame *pic,
             V[huvborder] = src[1] + 0x80;
             src += 2;
         }
-        Y1 += pic->linesize[0] << 2;
-        Y2 += pic->linesize[0] << 2;
-        Y3 += pic->linesize[0] << 2;
-        Y4 += pic->linesize[0] << 2;
+        Y1 += pic->linesize[0] * 4;
+        Y2 += pic->linesize[0] * 4;
+        Y3 += pic->linesize[0] * 4;
+        Y4 += pic->linesize[0] * 4;
         U  += pic->linesize[1];
         V  += pic->linesize[2];
     }