avcodec/takdec: Fix integer overflow in decode_subframe()
authorMichael Niedermayer <michael@niedermayer.cc>
Thu, 27 Jul 2017 21:49:26 +0000 (23:49 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Sat, 29 Jul 2017 12:18:35 +0000 (14:18 +0200)
commit43d7b1e42fd7b5e9d9f79bfe1171791a9b7566c3
tree097296c6e02f311eb55c308b208631e2836d4a0d
parent81c940b151016fb6f363e6ce621c591bbb58bacf
avcodec/takdec: Fix integer overflow in decode_subframe()

Fixes: runtime error: signed integer overflow: -536870912 - 1972191120 cannot be represented in type 'int'
Fixes: 2711/clusterfuzz-testcase-minimized-4975142398590976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c630d159ffe8a9822e81f9c041652762b37e068)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/takdec.c