From a76897e19ca96127e07f5acc5a773b904dcf6124 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 1 Oct 2019 00:10:47 +0200
Subject: [PATCH] avcodec/smacker: Fix integer overflows in pred[] in
 smka_decode_frame()

Fixes: signed integer overflow: -2147481503 + -32732 cannot be represented in type 'int'
Fixes: 17782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5769672225456128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/smacker.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index a81c5e3e6c..4c20831155 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -746,7 +746,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
                     goto error;
                 }
                 val |= h[3].values[res] << 8;
-                pred[1] += sign_extend(val, 16);
+                pred[1] += (unsigned)sign_extend(val, 16);
                 *samples++ = pred[1];
             } else {
                 if(vlc[0].table)
@@ -769,7 +769,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
                     goto error;
                 }
                 val |= h[1].values[res] << 8;
-                pred[0] += sign_extend(val, 16);
+                pred[0] += (unsigned)sign_extend(val, 16);
                 *samples++ = pred[0];
             }
         }