avcodec/takdec: Fix integer overflow in decode_subframe()
authorMichael Niedermayer <michael@niedermayer.cc>
Thu, 27 Jul 2017 21:49:26 +0000 (23:49 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Sat, 29 Jul 2017 12:18:34 +0000 (14:18 +0200)
commit38d9a782a585f82e8ee543d8e806a6a282322e5c
treebac70026c03c71eda68776c201bce621f07463a3
parent6de5ec8ef818774c58a1c4cd9548534be0e54ecc
avcodec/takdec: Fix integer overflow in decode_subframe()

Fixes: runtime error: signed integer overflow: -536870912 - 1972191120 cannot be represented in type 'int'
Fixes: 2711/clusterfuzz-testcase-minimized-4975142398590976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c630d159ffe8a9822e81f9c041652762b37e068)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/takdec.c