From 1703013cb7f06bb6304cbf3c5fd650d8076ee295 Mon Sep 17 00:00:00 2001
From: Mans Rullgard <mans@mansr.com>
Date: Sat, 8 Oct 2011 01:51:37 +0100
Subject: [PATCH] avidec: fix signed overflow in avi_sync()

Keeping byte values read from the file as unsigned is consistent
with how they are subsequently used and avoids an undefined left
shift by 24 when bit 7 is set.

Signed-off-by: Mans Rullgard <mans@mansr.com>
---
 libavformat/avidec.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 81f72d336f..da92353b00 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -843,7 +843,8 @@ static int avi_sync(AVFormatContext *s, int exit_early)
 {
     AVIContext *avi = s->priv_data;
     AVIOContext *pb = s->pb;
-    int n, d[8];
+    int n;
+    unsigned int d[8];
     unsigned int size;
     int64_t i, sync;
 
@@ -860,7 +861,7 @@ start_sync:
 
         n= get_stream_idx(d+2);
 //av_log(s, AV_LOG_DEBUG, "%X %X %X %X %X %X %X %X %"PRId64" %d %d\n", d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], i, size, n);
-        if(i + (uint64_t)size > avi->fsize || d[0]<0)
+        if(i + (uint64_t)size > avi->fsize || d[0] > 127)
             continue;
 
         //parse ix##