Fixes: 945/clusterfuzz-testcase-
6037937588273152
Fixes: integer overflow
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
if (get_bits_left(gb) <= 0)
goto error;
} else {
- int mid = (base * 2 + add + 1) >> 1;
+ int mid = (base * 2U + add + 1) >> 1;
while (add > c->error_limit) {
if (get_bits_left(gb) <= 0)
goto error;
base = mid;
} else
add = mid - base - 1;
- mid = (base * 2 + add + 1) >> 1;
+ mid = (base * 2U + add + 1) >> 1;
}
ret = mid;
}