From 0ecda4fbce8e77152e9b450c4efa8c1b81c8982e Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 9 Apr 2023 14:48:37 +0200
Subject: [PATCH] avcodec/rka: Fix signed integer overflow in decode_filter()

Fixes: signed integer overflow: -631553 * 32768 cannot be represented in type 'int'
Fixes: 57814/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-4614661233573888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/rka.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/rka.c b/libavcodec/rka.c
index 2212e3f930..3e86d83819 100644
--- a/libavcodec/rka.c
+++ b/libavcodec/rka.c
@@ -737,7 +737,7 @@ static int decode_filter(RKAContext *s, ChContext *ctx, ACoder *ac, int off, uns
                 }
                 ctx->buf0[off] = ctx->buf1[off] + ctx->buf0[off + -1];
             } else {
-                val *= 1 << ctx->cmode;
+                val *= 1U << ctx->cmode;
                 sum += ctx->buf0[off + -1] + val;
                 switch (s->bps) {
                 case 16: sum = av_clip_int16(sum); break;