[FFmpeg-cvslog] avcodec/truemotion2: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

Fri Jun 2 03:11:11 EEST 2017

ffmpeg | branch: release/3.3 | Michael Niedermayer <michael at niedermayer.cc> | Sun May 28 21:54:02 2017 +0200| [722cc62baa982d4aa0648421e399750c2b84bafa] | committer: Michael Niedermayer

avcodec/truemotion2: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c9e884f3d98df85bf7f2cf30d71877b22929fdcb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=722cc62baa982d4aa0648421e399750c2b84bafa
---

 libavcodec/truemotion2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/truemotion2.c b/libavcodec/truemotion2.c
index 245a32a8d7..4f0e52dbf7 100644
--- a/libavcodec/truemotion2.c
+++ b/libavcodec/truemotion2.c
@@ -272,7 +272,7 @@ static int tm2_read_deltas(TM2Context *ctx, int stream_id)
     for (i = 0; i < d; i++) {
         v = get_bits_long(&ctx->gb, mb);
         if (v & (1 << (mb - 1)))
-            ctx->deltas[stream_id][i] = v - (1 << mb);
+            ctx->deltas[stream_id][i] = v - (1U << mb);
         else
             ctx->deltas[stream_id][i] = v;
     }

