From 28dc6e729137ba7927f46ba15c337417b8708fe8 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 21 Feb 2017 03:14:49 +0100
Subject: [PATCH] avcodec/simple_idct: Fix runtime error: left shift of
 negative value -6395

Fixes: 633/clusterfuzz-testcase-4553133554401280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/simple_idct.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/simple_idct.c b/libavcodec/simple_idct.c
index 0711e167a5..65b2911447 100644
--- a/libavcodec/simple_idct.c
+++ b/libavcodec/simple_idct.c
@@ -66,8 +66,8 @@ static inline void idct4col_put(uint8_t *dest, int line_size, const int16_t *col
     a1 = col[8*2];
     a2 = col[8*4];
     a3 = col[8*6];
-    c0 = ((a0 + a2) << (CN_SHIFT - 1)) + (1 << (C_SHIFT - 1));
-    c2 = ((a0 - a2) << (CN_SHIFT - 1)) + (1 << (C_SHIFT - 1));
+    c0 = ((a0 + a2) * (1 << CN_SHIFT - 1)) + (1 << (C_SHIFT - 1));
+    c2 = ((a0 - a2) * (1 << CN_SHIFT - 1)) + (1 << (C_SHIFT - 1));
     c1 = a1 * C1 + a3 * C2;
     c3 = a1 * C2 - a3 * C1;
     dest[0] = av_clip_uint8((c0 + c1) >> C_SHIFT);