avcodec/dxtory: Fix undefined shift with negative linesize

Fixes: left shift of negative value -128
Fixes: 30746/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5906271469436928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/dxtory.c b/libavcodec/dxtory.c
index 7143a11e2e4915638b81518f09eed2de9e4636ce..f314bcec753e00f8d2d6aec27ccfd5fd2b86d41e 100644 (file)
--- a/libavcodec/dxtory.c
+++ b/libavcodec/dxtory.c
@@ -264,8 +264,8 @@ static int dxtory_decode_v1_420(AVCodecContext *avctx, AVFrame *pic,
             V[huvborder] = src[3] + 0x80;
             src += 4;
         }
-        Y1 += pic->linesize[0] << 1;
-        Y2 += pic->linesize[0] << 1;
+        Y1 += pic->linesize[0] * 2;
+        Y2 += pic->linesize[0] * 2;
         U  += pic->linesize[1];
         V  += pic->linesize[2];
     }