avcodec/mlpdec: Fix runtime error: left shift of negative value -1
authorMichael Niedermayer <michael@niedermayer.cc>
Tue, 16 May 2017 22:53:32 +0000 (00:53 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Tue, 16 May 2017 22:54:00 +0000 (00:54 +0200)
Fixes: 1636/clusterfuzz-testcase-minimized-5310494757879808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/mlpdec.c

index fa4347f..eaf1aa7 100644 (file)
@@ -701,7 +701,7 @@ static int read_filter_params(MLPDecodeContext *m, GetBitContext *gbp,
             /* TODO: Check validity of state data. */
 
             for (i = 0; i < order; i++)
-                fp->state[i] = state_bits ? get_sbits(gbp, state_bits) << state_shift : 0;
+                fp->state[i] = state_bits ? get_sbits(gbp, state_bits) * (1 << state_shift) : 0;
         }
     }