avcodec/mpeg12dec: Fix integer overflow

Fixes: signal_sigabrt_7ffff6ac8cc9_686_cov_1897408623_microsoft_new_way_to_shove_mpeg2_in_asf.dvr_ms Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpeg12dec: Fix integer overflow
Fixes: signal_sigabrt_7ffff6ac8cc9_686_cov_1897408623_microsoft_new_way_to_shove_mpeg2_in_asf.dvr_ms Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
86352243 · Michael Niedermayer · d9b56895 · 86352243
Commit 86352243 authored Sep 02, 2015 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

mpeg12dec.c libavcodec/mpeg12dec.c +2 -2

No files found.
--- a/libavcodec/mpeg12dec.c
+++ b/libavcodec/mpeg12dec.c
@@ -1490,7 +1490,7 @@ static void mpeg_decode_sequence_extension(Mpeg1Context *s1)
    s->width  |= (horiz_size_ext << 12);
    s->height |= (vert_size_ext  << 12);
    bit_rate_ext = get_bits(&s->gb, 12);  /* XXX: handle it */
-    s->bit_rate += (bit_rate_ext << 18) * 400;
+    s->bit_rate += (bit_rate_ext << 18) * 400LL;
    check_marker(&s->gb, "after bit rate extension");
    s->avctx->rc_buffer_size += get_bits(&s->gb, 8) * 1024 * 16 << 10;
@@ -2175,7 +2175,7 @@ static int mpeg1_decode_sequence(AVCodecContext *avctx,
               "frame_rate_index %d is invalid\n", s->frame_rate_index);
        s->frame_rate_index = 1;
    }
-    s->bit_rate = get_bits(&s->gb, 18) * 400;
+    s->bit_rate = get_bits(&s->gb, 18) * 400LL;
    if (check_marker(&s->gb, "in sequence header") == 0) {
        return AVERROR_INVALIDDATA;
    }