From a6fb07d5ba3a0a1561c7e354ce9b8fbf6b404c04 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri, 5 May 2017 03:24:40 +0200
Subject: [PATCH] avcodec/cavsdec: Fix undefined behavior from integer overflow

Fixes: 1335/clusterfuzz-testcase-minimized-5566961566089216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a0e5f7f363555d2befafb1c9e1579dbe0a2fbca7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/cavsdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c
index fed7043c12..8842346c25 100644
--- a/libavcodec/cavsdec.c
+++ b/libavcodec/cavsdec.c
@@ -465,7 +465,7 @@ static inline void mv_pred_direct(AVSContext *h, cavs_vector *pmv_fw,
                                   cavs_vector *col_mv)
 {
     cavs_vector *pmv_bw = pmv_fw + MV_BWD_OFFS;
-    int den = h->direct_den[col_mv->ref];
+    unsigned den = h->direct_den[col_mv->ref];
     int m = FF_SIGNBIT(col_mv->x);
 
     pmv_fw->dist = h->dist[1];